One Hat Cyber Team

View File Name : ChangeLog

23/05/2025, commit https://git.launchpad.net/snap-core18/tree/74bb5585b7c696c20e4e7ca7faff13d2be218d8b

[ Changes in the core18 snap ]

Alfonso Sánchez-Beato (5):
      hooks: purge packages before creating list of included packages
      hook-tests: remove packages purged in previous change
      tools/generate-changelog.py: fix some flake8 warnings
      tools/generate-changelog.py: ESM is not in changelogs.ubuntu.com
      Makefile: copy ESM sources to the chroot

Philip Meulengracht (1):
      SECURITY.md: add security documentation for the core18 snap

[ Changes in primed packages ]

apparmor, libapparmor1:amd64 (built from apparmor) updated from 2.12-4ubuntu5.3 to 2.12-4ubuntu5.3+esm1:

  apparmor (2.12-4ubuntu5.3+esm1) bionic; urgency=medium

    [ Pedro Principeza ]
    * debian/patches/parser-fix-parser-failing-to-handle-errors-when-
      setting-up-work.patch: Fix parser failing to handle errors when
      setting up work (LP: #1815294)

    [ Steve Beattie ]
    * d/p/u/parser-fix-handling-of-failed-symlink-traversal.patch: report
      failure when a symlnk fails to resolve, also don't short circuit
      processing a directory when a symlink fails to resolve
    * d/p/u/parser-convert_error_tests_to_python_and_add_tests.patch:
      update error/warning tests to their modern python form and add tests
      that cover the parser failing to set an error code when passed files
      that do not exist (LP: #1815294)

   -- Pedro Principeza <pedro.principeza@canonical.com>  Tue, 13 Jun 2023 14:19:14 +0000

libdns-export1100, libisc-export169:amd64 (built from bind9) updated from 1:9.11.3+dfsg-1ubuntu1.18 to 1:9.11.3+dfsg-1ubuntu1.19+esm4:

  bind9 (1:9.11.3+dfsg-1ubuntu1.19+esm4) bionic-security; urgency=medium

    * SECURITY UPDATE: BIND's database will be slow if a very large number of
      - debian/patches/CVE-2024-1737-*.patch: fixes adding limits to the number
        of RRs in RRSets in configure, lib/dns/rbtdb.c, lib/dns/rdataslab.c.
      - CVE-2024-1737
    * SECURITY UPDATE: SIG(0) can be used to exhaust CPU resources
       - debian/patches/CVE-2024-1975.patch: fixes in bin/named/client.c,
         bin/tests/system/tsiggss/authsock.pl,
         bin/tests/system/tsiggss/clean.sh,
         bin/tests/system/tsiggss/tests.sh,
         bin/tests/system/upforwd/tests.sh,
         lib/dns/message.c.
      - CVE-2024-1975

   -- Leonidas Da Silva Barbosa <leo.barbosa@canonical.com>  Mon, 29 Jul 2024 07:39:23 -0300

  bind9 (1:9.11.3+dfsg-1ubuntu1.19+esm3) bionic-security; urgency=medium

    * SECURITY UPDATE: DoS via DNSSEC KeyTrap
      - debian/patches/CVE-2023-50387-50868.patch: improve the validation
        process to avoid excessive CPU consumption.
      - CVE-2023-50387
    * SECURITY UPDATE: DoS via Closest Encloser Proof
      - debian/patches/CVE-2023-50387-50868.patch: improve the validation
        process to avoid excessive CPU consumption.
      - CVE-2023-50868
    * debian/libdns1100.symbols: add symbols for the new function
      dst_key_fromdns_ex().

   -- Allen Huang <allen.huang@canonical.com>  Tue, 02 Apr 2024 13:06:07 +0100

  bind9 (1:9.11.3+dfsg-1ubuntu1.19+esm2) bionic-security; urgency=medium

    * SECURITY UPDATE: DoS via recusive packet parsing
      - debian/patches/CVE-2023-3341.patch: add a max depth check to
        lib/isccc/include/isccc/result.h, lib/isccc/result.c, lib/isccc/cc.c.
      - CVE-2023-3341

   -- Ian Constantin <ian.constantin@canonical.com>  Tue, 03 Oct 2023 10:15:19 +0300

  bind9 (1:9.11.3+dfsg-1ubuntu1.19+esm1) bionic-security; urgency=medium

    * SECURITY UPDATE: excessive memory consumption when processing RRsets
      queries with named resolvers
      - debian/patches/CVE-2023-2828.patch: improve the overmem cleaning process
        to prevent the cache going over the configured limit.
      - CVE-2023-2828

   -- Camila Camargo de Matos <camila.camargodematos@canonical.com>  Wed, 12 Jul 2023 11:36:16 -0300

  bind9 (1:9.11.3+dfsg-1ubuntu1.19) bionic; urgency=medium

    * d/bind9.service: restart the bind9 service on failure.
      (LP: #2006054)

   -- Athos Ribeiro <athos.ribeiro@canonical.com>  Fri, 03 Mar 2023 12:42:18 -0300

python3-configobj (built from configobj) updated from 5.0.6-2 to 5.0.6-2ubuntu0.18.04.1~esm1:

  configobj (5.0.6-2ubuntu0.18.04.1~esm1) bionic-security; urgency=medium

    * SECURITY UPDATE: ReDoS
      - debian/patches/CVE-2023-26112.patch: updates regex that can cause
        catastrophic backtracking when a match fails in validate.py and adds a
        test in tests/test_validate_errors.py.
      - CVE-2023-26112

   -- Ian Constantin <ian.constantin@canonical.com>  Fri, 20 Sep 2024 15:03:01 +0300

libelf1:amd64 (built from elfutils) updated from 0.170-0.4ubuntu0.1 to 0.170-0.4ubuntu0.1+esm1:

  elfutils (0.170-0.4ubuntu0.1+esm1) bionic-security; urgency=medium

    * SECURITY UPDATE: infinite loop via a crafted file
      - debian/patches/CVE-2021-33294.patch: fix bounds checks and replace
        asserts with errors in src/readelf.c.
      - CVE-2021-33294
    * SECURITY UPDATE: heap-based buffer overwrite and reachable assertion 
      - debian/patches/CVE-2020-21047.patch: fix bounds checks and replace
        asserts with errors in libcpu/i386_data.h and libcpu/i386_disasm.c.
      - CVE-2020-21047

   -- Camila Camargo de Matos <camila.camargodematos@canonical.com>  Mon, 28 Aug 2023 14:25:32 -0300

libexpat1:amd64 (built from expat) updated from 2.2.5-3ubuntu0.9 to 2.2.5-3ubuntu0.9+esm2:

  expat (2.2.5-3ubuntu0.9+esm2) bionic-security; urgency=medium

    * SECURITY UPDATE: denial-of-service via XML_ResumeParser
      - debian/patches/CVE-2024-50602-1.patch: Make function XML_StopParser of
        lib/xmlparse.c refuse to stop/suspend an unstarted parser
      - debian/patches/CVE-2024-50602-2.patch: Add XML_PARSING case to parser
        state in function XML_StopParser of lib/xmlparse.c
      - debian/patches/CVE-2024-50602-3.patch: Add tests for CVE-2024-50602 to
        tests/runtests.c
      - CVE-2024-50602 

   -- Nicolas Campuzano Jimenez <nicolas.campuzano@canonical.com>  Sun, 01 Dec 2024 22:48:28 -0500

  expat (2.2.5-3ubuntu0.9+esm1) bionic-security; urgency=medium

    * SECURITY UPDATE: invalid input length
      - CVE-2024-45490-*.patch: adds a check to the XML_ParseBuffer function of
        expat/lib/xmlparse.c to identify and error out if a negative length is
        provided.
      - CVE-2024-45490
    * SECURITY UPDATE: integer overflow
      - CVE-2024-45491.patch: adds a check to the dtdCopy function of
        expat/lib/xmlparse.c to detect and prevent an integer overflow.
      - CVE-2024-45491
    * SECURITY UPDATE: integer overflow
      - CVE-2024-45492.patch: adds a check to the nextScaffoldPart function of
        expat/lib/xmlparse.c to detect and prevent an integer overflow.
      - CVE-2024-45492

   -- Ian Constantin <ian.constantin@canonical.com>  Tue, 10 Sep 2024 13:17:48 +0300

gdbserver (built from gdb) updated from 8.1.1-0ubuntu1 to 8.1.1-0ubuntu1+esm1:

  gdb (8.1.1-0ubuntu1+esm1) bionic-security; urgency=medium

    * SECURITY UPDATE: stack buffer overflow
      - debian/patches/CVE-2023-39128.patch: Avoid buffer overflow in
        ada_decode
      - CVE-2023-39128
    * SECURITY UPDATE: use after free
      - debian/patches/CVE-2023-39129-1.patch: Verify COFF symbol
        stringtab offset
      - debian/patches/CVE-2023-39129-2.patch: Fix gdb/coffread.c build on
        32bit architectures
      - debian/patches/CVE-2023-39129-3.patch: Use hex_string in
        gdb/coffread.c instead of PRIxPTR
      - CVE-2023-39129
    * SECURITY UPDATE: heap buffer overflow
      - debian/patches/CVE-2023-39130.patch: gdb: warn unused result for
        bfd IO functions
      - CVE-2023-39130

   -- Bruce Cable <bruce.cable@canonical.com>  Thu, 13 Jun 2024 13:15:46 +1000

libglib2.0-0:amd64 (built from glib2.0) updated from 2.56.4-0ubuntu0.18.04.9 to 2.56.4-0ubuntu0.18.04.9+esm4:

  glib2.0 (2.56.4-0ubuntu0.18.04.9+esm4) bionic-security; urgency=medium

    * SECURITY UPDATE: Buffer overflow
      - debian/patches/CVE-2024-52533.patch: fix a single byte buffer
        overflow in connect messages in gio/gsocks4aproxy.c.
      - CVE-2024-52533

   -- Leonidas Da Silva Barbosa <leo.barbosa@canonical.com>  Thu, 14 Nov 2024 05:50:53 -0300

  glib2.0 (2.56.4-0ubuntu0.18.04.9+esm3) bionic-security; urgency=medium

    [ Marc Deslauriers ]
    * SECURITY UPDATE: multiple GVariant security issues
      - debian/patches/gvariant-security-*.patch: backported upstream fixes
        for GVariant normalization issues.
      - CVE-2023-29499, CVE-2023-32611, CVE-2023-32636, CVE-2023-32643,
        CVE-2023-32665

   -- Camila Camargo de Matos <camila.camargodematos@canonical.com>  Thu, 05 Oct 2023 15:13:43 -0300

libc-bin, libc6:amd64, libc6:i386, multiarch-support (built from glibc) updated from 2.27-3ubuntu1.6 to 2.27-3ubuntu1.6+esm4:

  glibc (2.27-3ubuntu1.6+esm4) bionic-security; urgency=medium

    * SECURITY UPDATE: Buffer overflow in the assert function.
      - debian/patches/any/CVE-2025-0395.patch: Change total to ALIGN_UP
        calculation and include libc-pointer-arith.h in assert/assert.c and
        sysdeps/posix/libc_fatal.c.
      - CVE-2025-0395

   -- Hlib Korzhynskyy <hlib.korzhynskyy@canonical.com>  Thu, 30 Jan 2025 09:40:47 -0330

  glibc (2.27-3ubuntu1.6+esm3) bionic-security; urgency=medium

    * SECURITY UPDATE: Memory leak
      - debian/patches/CVE-2024-33599.patch: CVE-2024-33599: nscd: Stack-
        based buffer overflow in netgroup cache (bug 31677)
      - CVE-2024-33599
    * SECURITY UPDATE: Null pointer dereferences
      - debian/patches/CVE-2024-33600_1.patch: CVE-2024-33600: nscd: Avoid
        null pointer crashes after notfound response (bug 31678)
      - debian/patches/CVE-2024-33600_2.patch: CVE-2024-33600: nscd: Do
        not send missing not-found response in addgetnetgrentX (bug 31678)
      - debian/patches/CVE-2024-33601_33602.patch: CVE-2024-33601, CVE-
        2024-33602: nscd: netgroup: Use two buffers in addgetnetgrentX (bug
        31680)
      - CVE-2024-33600
      - CVE-2024-33601
      - CVE-2024-33602

   -- Paulo Flabiano Smorigo <pfsmorigo@canonical.com>  Mon, 06 May 2024 17:36:36 -0300

  glibc (2.27-3ubuntu1.6+esm2) bionic-security; urgency=medium

    * SECURITY UPDATE: OOB write in iconv plugin ISO-2022-CN-EXT
      - debian/patches/any/CVE-2024-2961.patch: fix out-of-bound writes when
        writing escape sequence in iconvdata/Makefile,
        iconvdata/iso-2022-cn-ext.c, iconvdata/tst-iconv-iso-2022-cn-ext.c.
      - CVE-2024-2961

   -- Leonidas Da Silva Barbosa <leo.barbosa@canonical.com>  Thu, 25 Apr 2024 07:02:23 -0300

  glibc (2.27-3ubuntu1.6+esm1) bionic-security; urgency=medium

    * SECURITY UPDATE: use-after-free through getcanonname_r plugin call
      - debian/patches/any/CVE-2023-4806.patch: copy h_name over and free it at
        the end (getaddrinfo).
      - CVE-2023-4806
    * SECURITY UPDATE: use-after-free in gaih_inet function
      - debian/patches/any/CVE-2023-4813.patch: simplify allocations and fix
        merge and continue actions.
      - CVE-2023-4813

   -- Camila Camargo de Matos <camila.camargodematos@canonical.com>  Wed, 22 Nov 2023 07:54:33 -0300

libgnutls30:amd64 (built from gnutls28) updated from 3.5.18-1ubuntu1.6 to 3.5.18-1ubuntu1.6+esm1:

  gnutls28 (3.5.18-1ubuntu1.6+esm1) bionic-security; urgency=medium

    * SECURITY UPDATE: observable response time discrepancy in RSA-PSK key
      exchange
      - debian/patches/CVE-2023-5981-pre0.patch: use the appropriate level of
        randomness for each operation (nettle/pk).
      - debian/patches/CVE-2023-5981-pre1.patch: always use
        _gnutls_switch_lib_state (pk).
      - debian/patches/CVE-2023-5981-pre2.patch: new nettle rsa decryption
        function that is side-channel silent.
      - debian/patches/CVE-2023-5981.patch: side-step potential side-channel
        (auth/rsa_psk).
    * debian/libgnutls30.symbols: add gnutls_privkey_decrypt_data2 to symbols
      file.

   -- Camila Camargo de Matos <camila.camargodematos@canonical.com>  Wed, 13 Dec 2023 08:18:19 -0300

python3-jinja2 (built from jinja2) updated from 2.10-1ubuntu0.18.04.1 to 2.10-1ubuntu0.18.04.1+esm5:

  jinja2 (2.10-1ubuntu0.18.04.1+esm5) bionic-security; urgency=medium

    * SECURITY REGRESSION: Arbitrary code execution via |attr filter bypass
      - debian/patches/CVE-2025-27516.patch: Replace getattr_static with an
        equivalent Python 2 compatible function
      - CVE-2025-27516

   -- John Breton <john.breton@canonical.com>  Wed, 12 Mar 2025 12:51:15 -0400

  jinja2 (2.10-1ubuntu0.18.04.1+esm4) bionic-security; urgency=medium

    * SECURITY UPDATE: Arbitrary code execution via |attr filter bypass
      - debian/patches/CVE-2025-27516.patch: attr filter uses env.getattr
      - CVE-2025-27516

   -- John Breton <john.breton@canonical.com>  Mon, 10 Mar 2025 12:47:06 -0400

  jinja2 (2.10-1ubuntu0.18.04.1+esm3) bionic-security; urgency=medium

    * SECURITY UPDATE: arbitrary code execution issue in jinja compiler
      - debian/patches/CVE-2024-56201.patch: f-string syntax handling in code
        generation improved in jinja2/compiler.py.
      - debian/patches/CVE-2024-56326.patch: oversight on calls to str.format
        adjusted in jinja2/sandbox.py.
      - CVE-2024-56201
      - CVE-2024-56326 

   -- Evan Caville <evan.caville@canonical.com>  Fri, 10 Jan 2025 13:09:32 +1000

  jinja2 (2.10-1ubuntu0.18.04.1+esm2) bionic-security; urgency=medium

    * SECURITY UPDATE: Cross-Site scripting in xmlattr filter
      - debian/patches/CVE-2024-34064.patch: disallow invalid characters 
        in keys to xmlattr filter
      - CVE-2024-34064

   -- Nick Galanis <nick.galanis@canonical.com>  Tue, 21 May 2024 12:19:12 +0100

  jinja2 (2.10-1ubuntu0.18.04.1+esm1) bionic-security; urgency=medium

    * SECURITY UPDATE: regular expression DoS
      - debian/patches/CVE-2020-28493.patch: rewrite regex match for
        punctuation in urlize() in jinja2/utils.py.
      - CVE-2020-28493
    * SECURITY UPDATE: Cross-Site scripting
      - debian/patches/CVE-2024-22195.patch: disallow keys with spaces
        in jinja2/filters.py, tests/test_filters.py.
      - CVE-2024-22195

   -- Leonidas Da Silva Barbosa <leo.barbosa@canonical.com>  Wed, 17 Jan 2024 11:04:59 -0300

libgssapi-krb5-2:amd64, libk5crypto3:amd64, libkrb5-3:amd64, libkrb5support0:amd64 (built from krb5) updated from 1.16-2ubuntu0.4 to 1.16-2ubuntu0.4+esm3:

  krb5 (1.16-2ubuntu0.4+esm3) bionic-security; urgency=medium

    * SECURITY UPDATE: Use of MD5-based message authentication over plaintext
      communications could lead to forgery attacks.
      - debian/patches/CVE-2024-3596.patch: Secure Response Authenticator
        by adding support for the Message-Authenticator attribute in non-EAP
        authentication methods.
      - debian/patches/0020-Fix-t-otp.py-for-pyrad2.2.patch: Fix message
        authentication test by adding a Service-Type entry to the
        radius_attributes dictionary in tests/t_otp.py. Message-Authenticator
        attribute support requires pyrad >= 2.2, which also requires
        Service-Type attribute to be defined.
      - CVE-2024-3596
    * Update libk5crypto3 symbols: add k5_hmac_md5 symbol.

   -- Nicolas Campuzano Jimenez <nicolas.campuzano@canonical.com>  Tue, 28 Jan 2025 16:29:51 -0500

  krb5 (1.16-2ubuntu0.4+esm2) bionic-security; urgency=medium

    * SECURITY UPDATE: Invalid token requests
      - debian/patches/CVE-2024-37370.patch: Fix vulnerabilities in GSS
      message token handling
      - CVE-2024-37370
      - CVE-2024-37371

   -- Bruce Cable <bruce.cable@canonical.com>  Mon, 15 Jul 2024 13:47:58 +1000

  krb5 (1.16-2ubuntu0.4+esm1) bionic-security; urgency=medium

    * SECURITY UPDATE: freeing of uninitialized memory
      - debian/patches/CVE-2023-36054.patch: ensure array count consistency in
        kadm5 RPC.
      - CVE-2023-36054

   -- Camila Camargo de Matos <camila.camargodematos@canonical.com>  Tue, 24 Oct 2023 13:51:03 -0300

less (built from less) updated from 487-0.1 to 487-0.1ubuntu0.1~esm2:

  less (487-0.1ubuntu0.1~esm2) bionic-security; urgency=medium

    * SECURITY UPDATE: Arbitrary command execution
      - debian/patches/CVE-2024-32487.patch: Fix bug when viewing a file
        whose name contains a newline.
      - CVE-2024-32487

   -- Fabian Toepfer <fabian.toepfer@canonical.com>  Sun, 28 Apr 2024 13:42:19 +0200

  less (487-0.1ubuntu0.1~esm1) bionic-security; urgency=medium

    * SECURITY UPDATE: Unsafe call and Possibly arbitrary code execution
      - debian/patches/CVE-2022-48624.patch: add shell-quote
        the filename when invoking LESSCLOSE in filename.c.
      - CVE-2022-48624

   -- Leonidas Da Silva Barbosa <leo.barbosa@canonical.com>  Fri, 23 Feb 2024 13:37:55 -0300

libcap2:amd64 (built from libcap2) updated from 1:2.25-1.2 to 1:2.25-1.2ubuntu0.1~esm1:

  libcap2 (1:2.25-1.2ubuntu0.1~esm1) bionic-security; urgency=medium

     * SECURITY UPDATE: integer overflow in _libcap_strdup()
      - debian/patches/CVE-2023-2603.patch: properly handle large strings in
        libcap/cap_alloc.c.
      - CVE-2023-2603

   -- Leonidas Da Silva Barbosa <leo.barbosa@canonical.com>  Thu, 15 Jun 2023 12:56:19 -0300

libncurses5:amd64, libncursesw5:amd64, libtinfo5:amd64, ncurses-base, ncurses-bin (built from ncurses) updated from 6.1-1ubuntu1.18.04.1 to 6.1-1ubuntu1.18.04.1+esm2:

  ncurses (6.1-1ubuntu1.18.04.1+esm2) bionic-security; urgency=medium

    * SECURITY UPDATE: Uninitialized memory
      - debian/patches/CVE-2023-50495.patch: Check return value of
        _nc_save_str(), in special case for tic where extended capabilities
        are processed but the terminal description was not initialized.
      - CVE-2023-50495

   -- Paulo Flabiano Smorigo <pfsmorigo@canonical.com>  Wed, 06 Mar 2024 11:37:58 -0300

  ncurses (6.1-1ubuntu1.18.04.1+esm1) bionic-security; urgency=medium

    * SECURITY UPDATE: buffer overflow vulnerability
      - debian/patches/CVE-2020-19189.diff: check length when converting
        from old AIX box_chars_1 capability in parse_entry.c.
      - CVE-2020-19189

   -- Fabian Toepfer <fabian.toepfer@canonical.com>  Tue, 24 Oct 2023 12:19:20 +0200

openssh-client, openssh-server, openssh-sftp-server (built from openssh) updated from 1:7.6p1-4ubuntu0.7 to 1:7.6p1-4ubuntu0.7+esm4:

  openssh (1:7.6p1-4ubuntu0.7+esm4) bionic-security; urgency=medium

    * SECURITY UPDATE: MitM with VerifyHostKeyDNS option
      - debian/patches/CVE-2025-26465.patch: fix error code handling in
        krl.c, sshconnect2.c.
      - CVE-2025-26465

   -- Leonidas Da Silva Barbosa <leo.barbosa@canonical.com>  Tue, 18 Feb 2025 10:44:19 -0300

  openssh (1:7.6p1-4ubuntu0.7+esm3) bionic-security; urgency=medium

    * SECURITY UPDATE: Prefix truncation attack on BPP
      - debian/patches/CVE-2023-48795-pre.patch: prevent sshd from sending a
        SSH_MSG_EXT_INFO for REKEX in kex.c, kex.h.
      - debian/patches/CVE-2023-48795.patch: implement "strict key exchange"
        in PROTOCOL, kex.c, kex.h, packet.c, sshconnect2.c, sshd.c.
      - CVE-2023-48795
    * SECURITY UPDATE: command injection via shell metacharacters
      - debian/patches/CVE-2023-51385.patch: ban user/hostnames with most
        shell metacharacters in ssh.c.
      - CVE-2023-51385

   -- Leonidas Da Silva Barbosa <leo.barbosa@canonical.com>  Thu, 14 Dec 2023 16:23:32 -0300

  openssh (1:7.6p1-4ubuntu0.7+esm2) bionic-security; urgency=medium

    [ Marc Deslauriers ]
    * SECURITY UPDATE: information leak in algorithm negotiation (LP: #2030275)
      - debian/patches/CVE-2020-14145-mitigation.patch: tweak the client
        hostkey preference ordering algorithm in sshconnect2.c.
      - Note: This update does not solve CVE-2020-14145, but does mitigate
        the issue in the specific scenario where the user has a key that
        matches the best-preference default algorithm.

   -- Nishit Majithia <nishit.majithia@canonical.com>  Mon, 07 Aug 2023 17:19:03 +0530

  openssh (1:7.6p1-4ubuntu0.7+esm1) bionic-security; urgency=medium

    * SECURITY UPDATE: remote code execution relating to PKCS#11 providers
      - debian/patches/CVE-2023-38408-1.patch: terminate process if requested
        to load a PKCS#11 provider that isn't a PKCS#11 provider in
        ssh-pkcs11.c.
      - CVE-2023-38408

   -- Leonidas Da Silva Barbosa <leo.barbosa@canonical.com>  Fri, 28 Jul 2023 12:12:31 -0300

libssl1.1:amd64, openssl (built from openssl) updated from 1.1.1-1ubuntu2.1~18.04.23 to 1.1.1-1ubuntu2.1~18.04.23+esm5:

  openssl (1.1.1-1ubuntu2.1~18.04.23+esm5) bionic-security; urgency=medium

    * SECURITY UPDATE: Implicit rejection for RSA PKCS#1 (LP: #2054090)
      - debian/patches/rsa-dsa-add-missing-private-key.patch: make RSA
        and DSA operations throw MISSING_PRIVATE_KEY if needed in
        crypto/dsa/dsa_err.c, crypto/dsa/dsa_ossl.c, crypto/ec/ecdh_ossl.c,
        crypto/ec/ecdsa_ossl.c, crypto/err/openssl.txt,
        crypto/rsa/rsa_err.c, crypto/rsa/rsa_ossl.c,
        include/openssl/dsaerr.h and include/openssl/rsaerr.h
      - debian/patches/openssl-1.1.1-pkcs1-implicit-rejection.patch:
        Return deterministic random output instead of an error in case
        there is a padding error in crypto/cms/cms_env.c,
        crypto/pkcs7/pk7_doit.c, crypto/rsa/rsa_locl.h,
        crypto/rsa/rsa_ossl.c, crypto/rsa/rsa_pk1.c, crypto/rsa/rsa_pmeth.c,
        doc/man1/pkeyutl.pod, doc/man1/rsautl.pod,
        doc/man3/EVP_PKEY_CTX_ctrl.pod, doc/man3/EVP_PKEY_decrypt.pod,
        doc/man3/RSA_padding_add_PKCS1_type_1.pod,
        doc/man3/RSA_public_encrypt.pod, include/openssl/rsa.h and
        test/recipes/30-test_evp_data/evppkey.txt.

   -- David Fernandez Gonzalez <david.fernandezgonzalez@canonical.com>  Fri, 16 Feb 2024 16:57:43 +0100

  openssl (1.1.1-1ubuntu2.1~18.04.23+esm4) bionic-security; urgency=medium

    [ Marc Deslauriers ]
    * SECURITY UPDATE: Excessive time spent in DH check / generation with
      large Q parameter value
      - debian/patches/CVE-2023-5678.patch: make DH_check_pub_key() and
        DH_generate_key() safer yet in crypto/dh/dh_check.c,
        crypto/dh/dh_err.c, crypto/dh/dh_key.c, crypto/err/openssl.txt,
        include/openssl/dh.h, include/openssl/dherr.h.
      - CVE-2023-5678
    * SECURITY UPDATE: PKCS12 Decoding crashes
      - debian/patches/CVE-2024-0727.patch: add NULL checks where ContentInfo
        data can be NULL in crypto/pkcs12/p12_add.c,
        crypto/pkcs12/p12_mutl.c, crypto/pkcs12/p12_npas.c,
        crypto/pkcs7/pk7_mime.c.
      - CVE-2024-0727

   -- Ian Constantin <ian.constantin@canonical.com>  Wed, 07 Feb 2024 16:19:13 +0200

  openssl (1.1.1-1ubuntu2.1~18.04.23+esm3) bionic-security; urgency=medium

    * SECURITY UPDATE: denial of service
      - debian/patches/CVE-2023-3446.patch: adds check to prevent the testing of
        an excessively large modulus in DH_check().
      - CVE-2023-3446
    * SECURITY UPDATE: denial of service
      - debian/patches/CVE-2023-3817.patch: adds check to prevent the testing of
        invalid q values in DH_check().
      - CVE-2023-3817

   -- Ian Constantin <ian.constantin@canonical.com>  Thu, 19 Oct 2023 12:31:19 +0300

  openssl (1.1.1-1ubuntu2.1~18.04.23+esm2) bionic; urgency=medium

    * Fix SSL errors due to "too many key updates" (LP: #2035112)
      - d/p/lp2035112-dont-restrict-number-of-keyupdate.patch

   -- Heitor Alves de Siqueira <halves@canonical.com>  Mon, 25 Sep 2023 16:58:29 +0000

  openssl (1.1.1-1ubuntu2.1~18.04.23+esm1) bionic; urgency=medium

    * Include support for OPENSSL_NO_ATEXIT functionality introduced in
      OpenSSL 1.1.1b which prevents OpenSSL from being cleaned up when exit() is
      called. This prevents .NET applications from segfaulting
      - d/p/lp1983100-0001-Implement-OPENSSL_INIT_NO_ATEXIT.patch
      (LP: #1983100)

   -- Tom Moyer <tom.moyer@canonical.com>  Wed, 05 Jul 2023 16:10:39 +0000

libssl1.0.0:amd64 (built from openssl1.0) updated from 1.0.2n-1ubuntu5.13 to 1.0.2n-1ubuntu5.13+esm1:

  openssl1.0 (1.0.2n-1ubuntu5.13+esm1) bionic-security; urgency=medium

    * SECURITY UPDATE: denial of service via large DH parameters
      - debian/patches/CVE-2023-3446.patch: Fix DH_check() excessive time
        with over sized modulus
      - debian/patches/CVE-2023-3817.patch: DH_check(): Do not try
        checking q properties if it is obviously invalid
      - debian/patches/CVE-2023-5678.patch: Make DH_check_pub_key() and
        DH_generate_key() safer yet
      - CVE-2023-3446
      - CVE-2023-3817
      - CVE-2023-5678
    * SECURITY UPDATE: denial of service via NULL pointer dereference
      - CVE-2024-0727
      - debian/patches/CVE-2024-0727.patch: Add NULL checks where
        ContentInfo data can be NULL

   -- Giampaolo Fresi Roglia <giampaolo.fresi.roglia@canonical.com>  Thu, 21 Mar 2024 11:18:27 +0100

libpam-modules-bin, libpam-modules:amd64, libpam-runtime, libpam0g:amd64 (built from pam) updated from 1.1.8-3.6ubuntu2.18.04.6 to 1.1.8-3.6ubuntu2.18.04.6+esm1:

  pam (1.1.8-3.6ubuntu2.18.04.6+esm1) bionic-security; urgency=medium

    [ Marc Deslauriers ]
    * SECURITY UPDATE: pam_namespace local denial of service
      - debian/patches-applied/CVE-2024-22365.patch: use O_DIRECTORY to
        prevent local DoS situations in modules/pam_namespace/pam_namespace.c.
      - CVE-2024-22365

   -- Ian Constantin <ian.constantin@canonical.com>  Tue, 19 Mar 2024 17:24:05 +0200

libprocps6:amd64, procps (built from procps) updated from 2:3.3.12-3ubuntu1.2 to 2:3.3.12-3ubuntu1.2+esm1:

  procps (2:3.3.12-3ubuntu1.2+esm1) bionic-security; urgency=medium

    * SECURITY UPDATE: heap-based buffer overflow
      - debian/patches/CVE-2023-4016: replace the use of malloc() with calloc()
        in ps/parser.c to prevent the potential for an arithmetic overflow when
        allocating memory.
      - CVE-2023-4016

   -- Ian Constantin <ian.constantin@canonical.com>  Tue, 31 Oct 2023 13:35:42 +0200

python3-cryptography (built from python-cryptography) updated from 2.1.4-1ubuntu1.4 to 2.1.4-1ubuntu1.4+esm1:

  python-cryptography (2.1.4-1ubuntu1.4+esm1) bionic-security; urgency=medium

    * SECURITY UPDATE: exposure of confidential data
      - debian/patches/CVE-2023-50782.patch: update bindings in
        src/_cffi_src/openssl/rsa.py to be compatible with new openssl version
        1.1.1-1ubuntu2.1~18.04.23+esm5, which fixes the issue by changing 
        PKCS#1 v1.5 RSA to return random output instead of an exception when 
        detecting wrong padding
      - CVE-2023-50782 

   -- Jorge Sancho Larraz <jorge.sancho.larraz@canonical.com>  Thu, 29 Feb 2024 12:40:24 +0100

python3-idna (built from python-idna) updated from 2.6-1 to 2.6-1ubuntu0.1~esm1:

  python-idna (2.6-1ubuntu0.1~esm1) bionic-security; urgency=medium

    * SECURITY UPDATE: resource exhaustion
      - debian/patches/CVE-2024-3651.patch: checks input before processing
      - CVE-2024-3651 

   -- Jorge Sancho Larraz <jorge.sancho.larraz@canonical.com>  Fri, 10 May 2024 11:37:39 +0200

python3-pkg-resources (built from python-setuptools) updated from 39.0.1-2ubuntu0.1 to 39.0.1-2ubuntu0.1+esm1:

  python-setuptools (39.0.1-2ubuntu0.1+esm1) bionic-security; urgency=medium

    * SECURITY UPDATE: remote code execution via package download functions
      - debian/patches/CVE-2024-6345.patch: modernize and fix VCS handling
        to prevent code injection in setuptools/package_index.py and
        setuptools/tests/test_packageindex.py.
      - CVE-2024-6345

   -- Vyom Yadav <vyom.yadav@canonical.com>  Tue, 10 Sep 2024 19:49:28 +0530

python3-urllib3 (built from python-urllib3) updated from 1.22-1ubuntu0.18.04.2 to 1.22-1ubuntu0.18.04.2+esm2:

  python-urllib3 (1.22-1ubuntu0.18.04.2+esm2) bionic-security; urgency=medium

    * SECURITY UPDATE: The Proxy-Authorization header is not correctly stripped
      when redirecting to a different host.
      - debian/patches/CVE-2024-37891.patch: Add "Proxy-Authorization" to
        DEFAULT_REDIRECT_HEADERS_BLACKLIST in urllib3/util/retry.py. Add header
        to tests.
      - CVE-2024-37891

   -- Hlib Korzhynskyy <hlib.korzhynskyy@canonical.com>  Thu, 17 Oct 2024 14:01:34 -0230

  python-urllib3 (1.22-1ubuntu0.18.04.2+esm1) bionic-security; urgency=medium

     * SECURITY UPDATE: http authorization header leakage via http redirect
      - debian/patches/CVE-2018-25091.patch: removes the authorization 
        header from the http request when the client is redirected to a 
        different origin.
      - CVE-2018-25091
    * SECURITY UPDATE: http cookie leakage via http redirect
      - debian/patches/CVE-2023-43804.patch: removes the cookie from the 
        http request when the client is redirected to a different origin.
      - CVE-2023-43804
    * SECURITY UPDATE: http body leakage via http redirect
      - debian/patches/CVE-2023-45803.patch: removes the body from the 
        http request when the client is is redirected to a different origin
        and the http verb is changed to GET.
      - CVE-2023-45803 

   -- Jorge Sancho Larraz <jorge.sancho.larraz@canonical.com>  Wed, 25 Oct 2023 12:57:52 +0200

libpython3.6-minimal:amd64, libpython3.6-stdlib:amd64, python3.6, python3.6-minimal (built from python3.6) updated from 3.6.9-1~18.04ubuntu1.12 to 3.6.9-1~18.04ubuntu1.13+esm4:

  python3.6 (3.6.9-1~18.04ubuntu1.13+esm4) bionic-security; urgency=medium

    * SECURITY UPDATE: IPv6 and IPvFuture hosts parsing correction
      - debian/patches/CVE-2025-0938.patch: gh-105704: Disallow square
        brackets (`[` and `]`) in domain names for parsed URLs (GH-129418)
      - CVE-2025-0938

   -- John Breton <john.breton@canonical.com>  Wed, 14 May 2025 21:34:07 +0200

  python3.6 (3.6.9-1~18.04ubuntu1.13+esm3) bionic-security; urgency=medium

    * SECURITY UPDATE: Incorrect IPv6 and IPvFuture validation
      - debian/patches/CVE-2024-11168.patch: 00444: Security fix for CVE-
        2024-11168 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8
        Content-Transfer-Encoding: 8bit
      - CVE-2024-11168
    * SECURITY UPDATE: Command injection
      - debian/patches/CVE-2024-9287.patch: 00443: gh-124651: Quote
        template strings in `venv` activation scripts
      - CVE-2024-9287
    * SECURITY UPDATE: ReDoS via tar archives
      - debian/patches/CVE-2024-6232.patch: [CVE-2024-6232] Remove
        backtracking when parsing tarfile headers
      - CVE-2024-6232

   -- John Breton <john.breton@canonical.com>  Thu, 01 May 2025 14:38:51 -0400

  python3.6 (3.6.9-1~18.04ubuntu1.13+esm2) bionic-security; urgency=medium

    * SECURITY UPDATE: User-after-free
      - debian/patches/CVE-2022-48560.patch: Fix posible crash in heapq with
        custom comparison operators in  Modules/_heapqmodule.c,
        Lib/test/test_heapq.py.
      - CVE-2022-48560
    * SECURITY UPDATE: xml external entity processing
      - debian/patches/CVE-2022-48565.patch: rejects XML entity declarations
        in plist files.
      - CVE-2022-48565
    * SECURITY UPDATE: breaking of constant-time guarantee for crypto ops
      - debian/patches/CVE-2022-48566.patch: adds ``volatile`` to the
        accumulator variable result in ``hmac.compare_digest``, making
        constant-time-defeating optimizations less likely.
      - CVE-2022-48566
    * SECURITY UPDATE: Zip-Bombs with overlap entries
      - debian/patches/CVE-2024-0450.patch: Protect zipfile from
        "quoted-overlap" zipbomb. Raise BadZipFile when try to read an
        entry that overlaps with other entry or central directory.
      - CVE-2024-0450

   -- Allen Huang <allen.huang@canonical.com>  Thu, 11 Apr 2024 10:35:16 +0100

  python3.6 (3.6.9-1~18.04ubuntu1.13+esm1) bionic-security; urgency=medium

    * SECURITY UPDATE: denial of service
      - debian/patches/CVE-2022-48564.patch: Prevent some possible DoS attacks
        via providing invalid Plist files in plistlib.py.
      - CVE-2022-48564
    * SECURITY UPDATE: TLS handshake bypass
      - debian/patches/CVE-2023-40217.patch: avoid ssl pre-close flaw in ssl.py.
      - CVE-2023-40217

   -- Fabian Toepfer <fabian.toepfer@canonical.com>  Wed, 22 Nov 2023 11:38:54 +0100

  python3.6 (3.6.9-1~18.04ubuntu1.13) bionic-security; urgency=medium

    * SECURITY UPDATE: Possible Bypass Blocklisting
      - debian/patches/CVE-2023-24329-2.patch: adds a complementary patch/fix
        for CVE-2023-24329 that was partially fixed before. This patch starts
        stripping C0 control and space chars in 'urlsplit' in Lib/urllib/parse.py,
        Lib/test/test_urlparse.py.
      - CVE-2023-24329

   -- Leonidas Da Silva Barbosa <leo.barbosa@canonical.com>  Wed, 24 May 2023 12:28:26 -0300

python3-requests (built from requests) updated from 2.18.4-2ubuntu0.1 to 2.18.4-2ubuntu0.1+esm1:

  requests (2.18.4-2ubuntu0.1+esm1) bionic-security; urgency=medium

    * SECURITY UPDATE: Unintended leak of Proxy-Authorization header
      - debian/patches/CVE-2023-32681.patch: don't attach header to redirects
        with an HTTPS destination in requests/sessions.py,
        tests/test_requests.py.
      - CVE-2023-32681

   -- Leonidas Da Silva Barbosa <leo.barbosa@canonical.com>  Mon, 12 Jun 2023 10:08:05 -0300

login, passwd (built from shadow) updated from 1:4.5-1ubuntu2.5 to 1:4.5-1ubuntu2.5+esm1:

  shadow (1:4.5-1ubuntu2.5+esm1) bionic-security; urgency=medium

    * SECURITY UPDATE: unsanitized buffer leading to a password leak during
      gpasswd new password operation
      - debian/patches/CVE-2023-4641.patch: fix password leak in gpasswd.
      - CVE-2023-4641

   -- Camila Camargo de Matos <camila.camargodematos@canonical.com>  Tue, 06 Feb 2024 09:31:54 -0300

libsqlite3-0:amd64 (built from sqlite3) updated from 3.22.0-1ubuntu0.7 to 3.22.0-1ubuntu0.7+esm1:

  sqlite3 (3.22.0-1ubuntu0.7+esm1) bionic-security; urgency=medium

    * SECURITY UPDATE: heap overflow in sessionReadRecord
      - debian/patches/CVE-2023-7104.patch: fix a buffer overread in the
        sessions extension that could occur when processing a corrupt
        changeset in ext/session/sqlite3session.c.
      - CVE-2023-7104

   -- Octavio Galland <octavio.galland@canonical.com>  Mon, 24 Jun 2024 16:19:52 -0300

libpam-systemd:amd64, libsystemd0:amd64, libudev1:amd64, systemd, systemd-sysv, udev (built from systemd) updated from 237-3ubuntu10.57 to 237-3ubuntu10.57+esm2:

  systemd (237-3ubuntu10.57+esm2) bionic; urgency=medium

    * Fix systemd mount units failing during boot (LP: #1837227)
      - d/p/lp1837227/0001-core-properly-reset-all-ExecStatus-structures-when-e.patch
      - d/p/lp1837227/0002-mount-flush-out-cycle-state-on-DEAD-MOUNTED-only-not.patch
      - d/p/lp1837227/0003-mount-rescan-proc-self-mountinfo-before-processing-w.patch
      - d/p/lp1837227/0004-mount-mark-an-existing-mounting-unit-from-proc-self-.patch
      - d/p/lp1837227/0005-core-mount-adjust-deserialized-state-based-on-proc-s.patch
    * Fix FTBFS for test-fs-util symlink failures (LP: #2077176)
      - d/p/lp2077176/0001-fs-util-introduce-fchmod_opath.patch
      - d/p/lp2077176/0002-fs-util-introduce-fchmod_and_chown.patch
      - d/p/lp2077176/0003-fs-util-beef-up-chmod_and_chown-a-bit.patch
      - d/p/lp2077176/0004-fs-util-change-chmod_and_chown-to-not-complain-if-st.patch
      - d/p/lp2077176/0005-fs-util-rewrite-chmod_and_chown.patch
      - d/p/lp2077176/0006-fs-util-no-need-for-fchmod_and_chown-to-access-proc-.patch
      - d/p/lp2077176/0007-tree-wide-port-various-places-over-to-use-chmod_and_.patch
      - d/p/lp2077176/0008-test-fs-util-don-t-validate-mode-of-symlinks.patch

   -- Heitor Alves de Siqueira <halves@canonical.com>  Fri, 16 Aug 2024 14:54:17 +0000

  systemd (237-3ubuntu10.57+esm1) bionic; urgency=medium

    * d/p/lp2024864-add-missing-null-check.patch:
      - Add NULL check on link_drop_foreign_request (LP: #2024864)

   -- Tiago Pasqualini <tiago.pasqualini@canonical.com>  Fri, 23 Jun 2023 16:51:01 -0300

tar (built from tar) updated from 1.29b-2ubuntu0.4 to 1.29b-2ubuntu0.4+esm1:

  tar (1.29b-2ubuntu0.4+esm1) bionic-security; urgency=medium

    * SECURITY UPDATE: stack overflow via crafted xattr (LP: #2029464)
      - debian/patches/CVE-2023-39804.patch: allocate xattr keys and values
        on the heap rather than the stack in src/xheader.c
      - CVE-2023-39804

   -- Alex Murray <alex.murray@canonical.com>  Tue, 05 Dec 2023 15:48:12 +1030

tzdata (built from tzdata) updated from 2023c-0ubuntu0.18.04 to 2025b-0ubuntu0.18.04+esm1:

  tzdata (2025b-0ubuntu0.18.04+esm1) bionic-security; urgency=medium

    * New upstream release (LP: #2104284):
      - New America/Coyhaique zone for Aysén Region in Chile, which moves
        from -04/-03 to -03. It will not change its clocks on 2025-04-05.
      - Improve historical data for Iran
    * Add America/Coyhaique to tzdata.install and debconf templates
    * Update English, French and Spanish debconf translations for Coyhaique
    * Add autopkgtest test case for 2025b release

   -- Benjamin Drung <bdrung@ubuntu.com>  Wed, 02 Apr 2025 14:18:23 +0200

  tzdata (2025a-0ubuntu0.18.04+esm1) bionic-security; urgency=medium

    * New upstream release 2024b (LP: #2079966):
      - Improve historical data for Mexico, Mongolia, and Portugal.
      - System V names are now obsolescent (reverted, see below).
      - The main data form now uses %z.
      - Asia/Choibalsan is now an alias for Asia/Ulaanbaatar
    * New upstream release 2025a (LP: #2095233):
      - Paraguay adopts permanent -03 starting spring 2024
      - No leap second on 2025-06-30
    * Add autopkgtest test case for 2024b release
    * Move UNIX System V zones back from backzone to backwards file
      to keep them unchanged for the stable release updates.
    * Build the timezone data from rearguard.zi
    * Test debconf configuration with autopkgtest
    * Make remaining legacy timezones selectable in debconf (LP: #2070285)
    * Add autopkgtest test case for 2025a release
    * Override lintian's unused-debconf-template
    * debian/rules: remove unused VERSION variable

   -- Benjamin Drung <bdrung@ubuntu.com>  Wed, 05 Mar 2025 23:17:37 +0100

  tzdata (2024a-0ubuntu0.18.04.1+esm1) bionic-security; urgency=medium

    * Do not replace CET, CST6CDT, EET, EST*, HST, MET, MST*, PST8PDT, WET.
      The replacements differed in using daylight saving. (LP: #2055718)
    * Allow ziguard.awk to generate timezone symlinks that point to symlinks
      to fix (at least) the timezone symlinks Africa/Asmera,
      Antarctica/South_Pole, Iceland, Pacific/Ponape, and Pacific/Truk.
    * Correct timezone updates on tzdata configuration:
      - Fix updating US/Indiana-Starke to America/Indiana/Knox
      - Update Mideast/Riyadh8[789] to Asia/Riyadh
      - Update America/Fort_Wayne and America/Indianapolis
        to America/Indiana/Indianapolis
      - Update America/Knox_IN to America/Indiana/Knox
      - Update America/Louisville to America/Kentucky/Louisville
    * Test convert_timezone for consistency

   -- Benjamin Drung <bdrung@ubuntu.com>  Fri, 26 Jul 2024 13:36:06 +0200

  tzdata (2024a-0ubuntu0.18.04+esm1) bionic-security; urgency=medium

    * New upstream version (LP: #2052739):
      - Kazakhstan unifies on UTC+5 beginning 2024-03-01.
      - Palestine springs forward a week later after Ramadan.
      - zic no longer pretends to support indefinite-past DST.
      - localtime no longer mishandles Ciudad Juárez in 2422.
    * Add autopkgtest test case for 2024a release

   -- Benjamin Drung <bdrung@ubuntu.com>  Wed, 21 Feb 2024 14:57:40 +0100

  tzdata (2023d-0ubuntu0.18.04+esm1) bionic-security; urgency=medium

    * New upstream version (LP: #2047314):
      - Ittoqqortoormiit, Greenland changes time zones on 2024-03-31.
      - Vostok, Antarctica changed time zones on 2023-12-18.
      - Casey, Antarctica changed time zones five times since 2020.
      - Code and data fixes for Palestine timestamps starting in 2072.
      - A new data file zonenow.tab for timestamps starting now.
    * Install zonenow.tab in tzdata
    * Add autopkgtest test case for 2023d release
    * Refresh make-systemv.patch

   -- Benjamin Drung <bdrung@ubuntu.com>  Tue, 02 Jan 2024 21:38:35 +0100

vim-common, vim-tiny, xxd (built from vim) updated from 2:8.0.1453-1ubuntu1.13 to 2:8.0.1453-1ubuntu1.13+esm12:

  vim (2:8.0.1453-1ubuntu1.13+esm12) bionic-security; urgency=medium

    * SECURITY UPDATE: Use after free when redirecting display command to
      register.
      - debian/patches/CVE-2025-26603.patch: Change redir_reg check to use
        vim_strchr command check in ./src/ops.c.
      - CVE-2025-26603

   -- Hlib Korzhynskyy <hlib.korzhynskyy@canonical.com>  Wed, 02 Apr 2025 15:33:34 -0230

  vim (2:8.0.1453-1ubuntu1.13+esm11) bionic-security; urgency=medium

    * SECURITY UPDATE: Use after free when closing a buffer.
      - debian/patches/CVE-2024-47814.patch: Add buf_locked() in src/buffer.c.
        Abort autocommands editing a file when buf_locked() in src/ex_cmds.c.
        Add buf_locked() in src/proto/buffer.pro.
      - CVE-2024-47814
    * debian/patches/skip_spell_tests.patch: Skip failing tests.

   -- Hlib Korzhynskyy <hlib.korzhynskyy@canonical.com>  Wed, 20 Nov 2024 13:04:22 -0330

  vim (2:8.0.1453-1ubuntu1.13+esm10) bionic-security; urgency=medium

    * SECURITY UPDATE: buffer overflow
      - debian/patches/CVE-2024-43802.patch: check buflen before advancing
        offset.
      - CVE-2024-43802

   -- Vyom Yadav <vyom.yadav@canonical.com>  Wed, 25 Sep 2024 10:37:23 +0530

  vim (2:8.0.1453-1ubuntu1.13+esm9) bionic-security; urgency=medium

    * SECURITY UPDATE: use after free
      - debian/patches/CVE-2024-41957.patch: set tagname to NULL
        after being freed
      - CVE-2024-41957
    * SECURITY UPDATE: use after free
      - debian/patches/CVE-2024-43374.patch: add lock to keep
        reference valid
      - CVE-2024-43374

   -- Bruce Cable <bruce.cable@canonical.com>  Tue, 27 Aug 2024 15:40:33 +1000

  vim (2:8.0.1453-1ubuntu1.13+esm8) bionic-security; urgency=medium

    * SECURITY UPDATE: stack based buffer overflow
      - debian/patches/CVE-2024-22667.patch: passes error buffer length down
        through option callback functions.
      - CVE-2024-22667

   -- Ian Constantin <ian.constantin@canonical.com>  Thu, 14 Mar 2024 14:18:43 +0200

  vim (2:8.0.1453-1ubuntu1.13+esm7) bionic-security; urgency=medium

    * SECURITY UPDATE: NULL pointer dereference
      - debian/patches/CVE-2022-1725.patch: Check for regexp program becoming NULL
        in more places.
      - CVE-2022-1725
    * SECURITY UPDATE: denial of service
      - debian/patches/CVE-2022-1771.patch: Limit recursion of getcmdline().
      - CVE-2022-1771
    * SECURITY UPDATE: out of bounds write vulnerability
      - debian/patches/CVE-2022-1897.patch: Disallow undo when in a substitute
        command.
      - CVE-2022-1897
    * SECURITY UPDATE: out-of-bounds write
      - debian/patches/CVE-2022-2000.patch: addresses the potential for an
        overflow by adding a bounds check and truncating the message if needed.
      - CVE-2022-2000
    * SECURITY UPDATE: use-after-free vulnerability
      - debian/patches/CVE-2023-46246.patch: Check that the return value from the
        vim_str2nr() function is not larger than INT_MAX and if yes, bail out with
        an error.
      - CVE-2023-46246
    * SECURITY UPDATE: use-after-free vulnerability
      - debian/patches/CVE-2023-48231.patch: If the current window structure is
        no longer valid, fail and return before attempting to set win->w_closing
        variable.
      - CVE-2023-48231
    * SECURITY UPDATE: integer overflow
      - debian/patches/CVE-2023-48233.patch: If the count after the :s command is
        larger than what fits into a (signed) long variable, abort with
        e_value_too_large.
      - CVE-2023-48233
    * SECURITY UPDATE: integer overflow
      - debian/patches/CVE-2023-48234.patch: When getting the count for a normal z
        command, it may overflow for large counts given. So verify, that we can
        safely store the result in a long.
      - CVE-2023-48234
    * SECURITY UPDATE: integer overflow
      - debian/patches/CVE-2023-48235.patch: When parsing relative ex addresses
        one may unintentionally cause an overflow (because LONG_MAX - lnum will
        overflow for negative addresses).
      - CVE-2023-48235
    * SECURITY UPDATE: integer overflow
      - debian/patches/CVE-2023-48236.patch: When using the z= command, we may
        overflow the count with values larger than MAX_INT. So verify that we do
        not overflow and in case when an overflow is detected, simply return 0.
      - CVE-2023-48236
    * SECURITY UPDATE: integer overflow
      - debian/patches/CVE-2023-48237.patch: When shifting lines in operator
        pending mode and using a very large value, we may overflow the size of
        integer. Fix this by using a long variable, testing if the result would
        be larger than INT_MAX and if so, indent by INT_MAX value.
      - CVE-2023-48237

   -- Fabian Toepfer <fabian.toepfer@canonical.com>  Tue, 05 Dec 2023 18:30:44 +0100

  vim (2:8.0.1453-1ubuntu1.13+esm6) bionic-security; urgency=medium

    * SECURITY UPDATE: use-after-free vulnerability
      - debian/patches/CVE-2023-4733.patch: Verify oldwin pointer after
        reset_VIsual() in do_ecmd.
      - CVE-2023-4733
    * SECURITY UPDATE: out of bounds write vulnerability
      - debian/patches/CVE-2023-4735.patch: Add check for buffer size to avoid
        overflow in do_addsub.
      - CVE-2023-4735
    * SECURITY UPDATE: use-after-free vulnerability
      - debian/patches/CVE-2023-4750.patch: Check buffer is valid before
        accessing it.
      - CVE-2023-4750
    * SECURITY UPDATE: heap based buffer overflow vulnerability
      - debian/patches/CVE-2023-4751.patch: Stop Visual mode when using :ball
        to avoid illegal memory access.
      - CVE-2023-4751
    * SECURITY UPDATE: heap based buffer overflow vulnerability
      - debian/patches/CVE-2023-5344.patch: Add NULL at end of buffer in
        trunc_string.
      - CVE-2023-5344
    * SECURITY UPDATE: NULL pointer dereference
      - debian/patches/CVE-2023-5441.patch: skip gui_scroll when exmode_active
        in gui_do_scroll.
      - CVE-2023-5441

   -- Fabian Toepfer <fabian.toepfer@canonical.com>  Mon, 16 Oct 2023 20:16:18 +0200

  vim (2:8.0.1453-1ubuntu1.13+esm5) bionic-security; urgency=medium

    * SECURITY UPDATE: heap-based buffer overflow
      - debian/patches/CVE-2022-3234.patch: Check for replacing NUL after Tab.
      - CVE-2022-3234
    * SECURITY UPDATE: use after free memory issue
      - debian/patches/CVE-2022-3256.patch: Copy the mark before editing
        another buffer
      - debian/patches/CVE-2022-3352.patch: Disallow deleting the current
        buffer to avoid using freed memory
      - debian/patches/CVE-2022-3591.patch: Disallow navigating to a dummy
        buffer
      - debian/patches/CVE-2022-4292.patch: Bail out if the window no longer
        exists.
      - CVE-2022-3256
      - CVE-2022-3352
      - CVE-2022-3591
      - CVE-2022-4292
    * SECURITY UPDATE: stack-based buffer overflow
      - debian/patches/CVE-2022-3324.patch: Make sure the window width does
        not become negative
      - CVE-2022-3324
    * debian/patches/fix_flaky_tests.patch: fix some flaky tests

   -- Nishit Majithia <nishit.majithia@canonical.com>  Fri, 06 Oct 2023 14:00:55 +0530

  vim (2:8.0.1453-1ubuntu1.13+esm4) bionic-security; urgency=medium

    * SECURITY UPDATE: out-of-bounds write issue
      - debian/patches/CVE-2022-2598.patch: Make sure the line number does
        not go below one.
      - CVE-2022-2598
    * SECURITY UPDATE: use after free memory issue
      - debian/patches/CVE-2022-3099.patch: Do not check breakpoint for
        non-existing line
      - CVE-2022-3099

   -- Nishit Majithia <nishit.majithia@canonical.com>  Fri, 18 Aug 2023 09:37:41 +0530

apt: not primed anymore

debconf: not primed anymore

libapt-pkg5.0:amd64: not primed anymore