{
    "summary": {
        "snap": {
            "added": [],
            "removed": [],
            "diff": []
        },
        "deb": {
            "added": [],
            "removed": [],
            "diff": [
                "apparmor",
                "bind9-dnsutils",
                "bind9-host",
                "bind9-libs:riscv64",
                "distro-info-data",
                "libapparmor1:riscv64"
            ]
        }
    },
    "diff": {
        "deb": [
            {
                "name": "apparmor",
                "from_version": {
                    "source_package_name": "apparmor",
                    "source_package_version": "5.0.0~alpha1-0ubuntu8",
                    "version": "5.0.0~alpha1-0ubuntu8"
                },
                "to_version": {
                    "source_package_name": "apparmor",
                    "source_package_version": "5.0.0~alpha1-0ubuntu8.1",
                    "version": "5.0.0~alpha1-0ubuntu8.1"
                },
                "cves": [],
                "launchpad_bugs_fixed": [
                    2122161
                ],
                "changes": [
                    {
                        "cves": [],
                        "log": [
                            "",
                            "  * Add patch to fix Flatpak breakage caused by fusermount3 denials",
                            "    (LP: #2122161):",
                            "    - d/p/u/profiles-add-rules-to-fix-flatpaks-with-fuse3-17.patch",
                            ""
                        ],
                        "package": "apparmor",
                        "version": "5.0.0~alpha1-0ubuntu8.1",
                        "urgency": "medium",
                        "distributions": "questing",
                        "launchpad_bugs_fixed": [
                            2122161
                        ],
                        "author": "Ryan Lee <ryan.lee@canonical.com>",
                        "date": "Thu, 09 Oct 2025 10:44:07 -0700"
                    }
                ],
                "notes": null,
                "is_version_downgrade": false
            },
            {
                "name": "bind9-dnsutils",
                "from_version": {
                    "source_package_name": "bind9",
                    "source_package_version": "1:9.20.11-1ubuntu2",
                    "version": "1:9.20.11-1ubuntu2"
                },
                "to_version": {
                    "source_package_name": "bind9",
                    "source_package_version": "1:9.20.11-1ubuntu2.1",
                    "version": "1:9.20.11-1ubuntu2.1"
                },
                "cves": [
                    {
                        "cve": "CVE-2025-8677",
                        "url": "https://ubuntu.com/security/CVE-2025-8677",
                        "cve_description": "Resource exhaustion via malformed DNSKEY handling",
                        "cve_priority": "medium",
                        "cve_public_date": "2025-10-22"
                    },
                    {
                        "cve": "CVE-2025-40778",
                        "url": "https://ubuntu.com/security/CVE-2025-40778",
                        "cve_description": "Cache poisoning attacks with unsolicited RRs",
                        "cve_priority": "medium",
                        "cve_public_date": "2025-10-22"
                    },
                    {
                        "cve": "CVE-2025-40780",
                        "url": "https://ubuntu.com/security/CVE-2025-40780",
                        "cve_description": "Cache poisoning due to weak PRNG",
                        "cve_priority": "medium",
                        "cve_public_date": "2025-10-22"
                    }
                ],
                "launchpad_bugs_fixed": [],
                "changes": [
                    {
                        "cves": [
                            {
                                "cve": "CVE-2025-8677",
                                "url": "https://ubuntu.com/security/CVE-2025-8677",
                                "cve_description": "Resource exhaustion via malformed DNSKEY handling",
                                "cve_priority": "medium",
                                "cve_public_date": "2025-10-22"
                            },
                            {
                                "cve": "CVE-2025-40778",
                                "url": "https://ubuntu.com/security/CVE-2025-40778",
                                "cve_description": "Cache poisoning attacks with unsolicited RRs",
                                "cve_priority": "medium",
                                "cve_public_date": "2025-10-22"
                            },
                            {
                                "cve": "CVE-2025-40780",
                                "url": "https://ubuntu.com/security/CVE-2025-40780",
                                "cve_description": "Cache poisoning due to weak PRNG",
                                "cve_priority": "medium",
                                "cve_public_date": "2025-10-22"
                            }
                        ],
                        "log": [
                            "",
                            "  * SECURITY UPDATE: Resource exhaustion via malformed DNSKEY handling",
                            "    - debian/patches/CVE-2025-8677.patch: count invalid keys as validation",
                            "      failures in lib/dns/validator.c.",
                            "    - CVE-2025-8677",
                            "  * SECURITY UPDATE: Cache poisoning attacks with unsolicited RRs",
                            "    - debian/patches/CVE-2025-40778.patch: no longer accept DNAME records",
                            "      or extraneous NS records in the AUTHORITY section unless these are",
                            "      received via spoofing-resistant transport in doc/arm/reference.rst,",
                            "      lib/dns/include/dns/message.h, lib/dns/message.c, lib/dns/resolver.c.",
                            "    - CVE-2025-40778",
                            "  * SECURITY UPDATE: Cache poisoning due to weak PRNG",
                            "    - debian/patches/CVE-2025-40780.patch: change internal random generator",
                            "      to a cryptographically secure pseudo-random generator in",
                            "      configure.ac, lib/isc/Makefile.am, lib/isc/hash.c, lib/isc/hashmap.c,",
                            "      lib/isc/include/isc/nonce.h, lib/isc/include/isc/random.h,",
                            "      lib/isc/random.c, tests/isc/random_test.c.",
                            "    - CVE-2025-40780",
                            ""
                        ],
                        "package": "bind9",
                        "version": "1:9.20.11-1ubuntu2.1",
                        "urgency": "medium",
                        "distributions": "questing-security",
                        "launchpad_bugs_fixed": [],
                        "author": "Marc Deslauriers <marc.deslauriers@ubuntu.com>",
                        "date": "Tue, 21 Oct 2025 07:57:20 -0400"
                    }
                ],
                "notes": null,
                "is_version_downgrade": false
            },
            {
                "name": "bind9-host",
                "from_version": {
                    "source_package_name": "bind9",
                    "source_package_version": "1:9.20.11-1ubuntu2",
                    "version": "1:9.20.11-1ubuntu2"
                },
                "to_version": {
                    "source_package_name": "bind9",
                    "source_package_version": "1:9.20.11-1ubuntu2.1",
                    "version": "1:9.20.11-1ubuntu2.1"
                },
                "cves": [
                    {
                        "cve": "CVE-2025-8677",
                        "url": "https://ubuntu.com/security/CVE-2025-8677",
                        "cve_description": "Resource exhaustion via malformed DNSKEY handling",
                        "cve_priority": "medium",
                        "cve_public_date": "2025-10-22"
                    },
                    {
                        "cve": "CVE-2025-40778",
                        "url": "https://ubuntu.com/security/CVE-2025-40778",
                        "cve_description": "Cache poisoning attacks with unsolicited RRs",
                        "cve_priority": "medium",
                        "cve_public_date": "2025-10-22"
                    },
                    {
                        "cve": "CVE-2025-40780",
                        "url": "https://ubuntu.com/security/CVE-2025-40780",
                        "cve_description": "Cache poisoning due to weak PRNG",
                        "cve_priority": "medium",
                        "cve_public_date": "2025-10-22"
                    }
                ],
                "launchpad_bugs_fixed": [],
                "changes": [
                    {
                        "cves": [
                            {
                                "cve": "CVE-2025-8677",
                                "url": "https://ubuntu.com/security/CVE-2025-8677",
                                "cve_description": "Resource exhaustion via malformed DNSKEY handling",
                                "cve_priority": "medium",
                                "cve_public_date": "2025-10-22"
                            },
                            {
                                "cve": "CVE-2025-40778",
                                "url": "https://ubuntu.com/security/CVE-2025-40778",
                                "cve_description": "Cache poisoning attacks with unsolicited RRs",
                                "cve_priority": "medium",
                                "cve_public_date": "2025-10-22"
                            },
                            {
                                "cve": "CVE-2025-40780",
                                "url": "https://ubuntu.com/security/CVE-2025-40780",
                                "cve_description": "Cache poisoning due to weak PRNG",
                                "cve_priority": "medium",
                                "cve_public_date": "2025-10-22"
                            }
                        ],
                        "log": [
                            "",
                            "  * SECURITY UPDATE: Resource exhaustion via malformed DNSKEY handling",
                            "    - debian/patches/CVE-2025-8677.patch: count invalid keys as validation",
                            "      failures in lib/dns/validator.c.",
                            "    - CVE-2025-8677",
                            "  * SECURITY UPDATE: Cache poisoning attacks with unsolicited RRs",
                            "    - debian/patches/CVE-2025-40778.patch: no longer accept DNAME records",
                            "      or extraneous NS records in the AUTHORITY section unless these are",
                            "      received via spoofing-resistant transport in doc/arm/reference.rst,",
                            "      lib/dns/include/dns/message.h, lib/dns/message.c, lib/dns/resolver.c.",
                            "    - CVE-2025-40778",
                            "  * SECURITY UPDATE: Cache poisoning due to weak PRNG",
                            "    - debian/patches/CVE-2025-40780.patch: change internal random generator",
                            "      to a cryptographically secure pseudo-random generator in",
                            "      configure.ac, lib/isc/Makefile.am, lib/isc/hash.c, lib/isc/hashmap.c,",
                            "      lib/isc/include/isc/nonce.h, lib/isc/include/isc/random.h,",
                            "      lib/isc/random.c, tests/isc/random_test.c.",
                            "    - CVE-2025-40780",
                            ""
                        ],
                        "package": "bind9",
                        "version": "1:9.20.11-1ubuntu2.1",
                        "urgency": "medium",
                        "distributions": "questing-security",
                        "launchpad_bugs_fixed": [],
                        "author": "Marc Deslauriers <marc.deslauriers@ubuntu.com>",
                        "date": "Tue, 21 Oct 2025 07:57:20 -0400"
                    }
                ],
                "notes": null,
                "is_version_downgrade": false
            },
            {
                "name": "bind9-libs:riscv64",
                "from_version": {
                    "source_package_name": "bind9",
                    "source_package_version": "1:9.20.11-1ubuntu2",
                    "version": "1:9.20.11-1ubuntu2"
                },
                "to_version": {
                    "source_package_name": "bind9",
                    "source_package_version": "1:9.20.11-1ubuntu2.1",
                    "version": "1:9.20.11-1ubuntu2.1"
                },
                "cves": [
                    {
                        "cve": "CVE-2025-8677",
                        "url": "https://ubuntu.com/security/CVE-2025-8677",
                        "cve_description": "Resource exhaustion via malformed DNSKEY handling",
                        "cve_priority": "medium",
                        "cve_public_date": "2025-10-22"
                    },
                    {
                        "cve": "CVE-2025-40778",
                        "url": "https://ubuntu.com/security/CVE-2025-40778",
                        "cve_description": "Cache poisoning attacks with unsolicited RRs",
                        "cve_priority": "medium",
                        "cve_public_date": "2025-10-22"
                    },
                    {
                        "cve": "CVE-2025-40780",
                        "url": "https://ubuntu.com/security/CVE-2025-40780",
                        "cve_description": "Cache poisoning due to weak PRNG",
                        "cve_priority": "medium",
                        "cve_public_date": "2025-10-22"
                    }
                ],
                "launchpad_bugs_fixed": [],
                "changes": [
                    {
                        "cves": [
                            {
                                "cve": "CVE-2025-8677",
                                "url": "https://ubuntu.com/security/CVE-2025-8677",
                                "cve_description": "Resource exhaustion via malformed DNSKEY handling",
                                "cve_priority": "medium",
                                "cve_public_date": "2025-10-22"
                            },
                            {
                                "cve": "CVE-2025-40778",
                                "url": "https://ubuntu.com/security/CVE-2025-40778",
                                "cve_description": "Cache poisoning attacks with unsolicited RRs",
                                "cve_priority": "medium",
                                "cve_public_date": "2025-10-22"
                            },
                            {
                                "cve": "CVE-2025-40780",
                                "url": "https://ubuntu.com/security/CVE-2025-40780",
                                "cve_description": "Cache poisoning due to weak PRNG",
                                "cve_priority": "medium",
                                "cve_public_date": "2025-10-22"
                            }
                        ],
                        "log": [
                            "",
                            "  * SECURITY UPDATE: Resource exhaustion via malformed DNSKEY handling",
                            "    - debian/patches/CVE-2025-8677.patch: count invalid keys as validation",
                            "      failures in lib/dns/validator.c.",
                            "    - CVE-2025-8677",
                            "  * SECURITY UPDATE: Cache poisoning attacks with unsolicited RRs",
                            "    - debian/patches/CVE-2025-40778.patch: no longer accept DNAME records",
                            "      or extraneous NS records in the AUTHORITY section unless these are",
                            "      received via spoofing-resistant transport in doc/arm/reference.rst,",
                            "      lib/dns/include/dns/message.h, lib/dns/message.c, lib/dns/resolver.c.",
                            "    - CVE-2025-40778",
                            "  * SECURITY UPDATE: Cache poisoning due to weak PRNG",
                            "    - debian/patches/CVE-2025-40780.patch: change internal random generator",
                            "      to a cryptographically secure pseudo-random generator in",
                            "      configure.ac, lib/isc/Makefile.am, lib/isc/hash.c, lib/isc/hashmap.c,",
                            "      lib/isc/include/isc/nonce.h, lib/isc/include/isc/random.h,",
                            "      lib/isc/random.c, tests/isc/random_test.c.",
                            "    - CVE-2025-40780",
                            ""
                        ],
                        "package": "bind9",
                        "version": "1:9.20.11-1ubuntu2.1",
                        "urgency": "medium",
                        "distributions": "questing-security",
                        "launchpad_bugs_fixed": [],
                        "author": "Marc Deslauriers <marc.deslauriers@ubuntu.com>",
                        "date": "Tue, 21 Oct 2025 07:57:20 -0400"
                    }
                ],
                "notes": null,
                "is_version_downgrade": false
            },
            {
                "name": "distro-info-data",
                "from_version": {
                    "source_package_name": "distro-info-data",
                    "source_package_version": "0.66",
                    "version": "0.66"
                },
                "to_version": {
                    "source_package_name": "distro-info-data",
                    "source_package_version": "0.66ubuntu0.1",
                    "version": "0.66ubuntu0.1"
                },
                "cves": [],
                "launchpad_bugs_fixed": [
                    2126961
                ],
                "changes": [
                    {
                        "cves": [],
                        "log": [
                            "",
                            "  * Update the bookworm EoL",
                            "  * Add Ubuntu 26.04 LTS \"Resolute Raccoon\" (LP: #2126961)",
                            ""
                        ],
                        "package": "distro-info-data",
                        "version": "0.66ubuntu0.1",
                        "urgency": "medium",
                        "distributions": "questing",
                        "launchpad_bugs_fixed": [
                            2126961
                        ],
                        "author": "Florent 'Skia' Jacquet <florent.jacquet@canonical.com>",
                        "date": "Fri, 10 Oct 2025 10:43:53 +0100"
                    }
                ],
                "notes": null,
                "is_version_downgrade": false
            },
            {
                "name": "libapparmor1:riscv64",
                "from_version": {
                    "source_package_name": "apparmor",
                    "source_package_version": "5.0.0~alpha1-0ubuntu8",
                    "version": "5.0.0~alpha1-0ubuntu8"
                },
                "to_version": {
                    "source_package_name": "apparmor",
                    "source_package_version": "5.0.0~alpha1-0ubuntu8.1",
                    "version": "5.0.0~alpha1-0ubuntu8.1"
                },
                "cves": [],
                "launchpad_bugs_fixed": [
                    2122161
                ],
                "changes": [
                    {
                        "cves": [],
                        "log": [
                            "",
                            "  * Add patch to fix Flatpak breakage caused by fusermount3 denials",
                            "    (LP: #2122161):",
                            "    - d/p/u/profiles-add-rules-to-fix-flatpaks-with-fuse3-17.patch",
                            ""
                        ],
                        "package": "apparmor",
                        "version": "5.0.0~alpha1-0ubuntu8.1",
                        "urgency": "medium",
                        "distributions": "questing",
                        "launchpad_bugs_fixed": [
                            2122161
                        ],
                        "author": "Ryan Lee <ryan.lee@canonical.com>",
                        "date": "Thu, 09 Oct 2025 10:44:07 -0700"
                    }
                ],
                "notes": null,
                "is_version_downgrade": false
            }
        ],
        "snap": []
    },
    "added": {
        "deb": [],
        "snap": []
    },
    "removed": {
        "deb": [],
        "snap": []
    },
    "notes": "Changelog diff for Ubuntu 25.10 questing image from release image serial 20251007 to 20251022",
    "from_series": "questing",
    "to_series": "questing",
    "from_serial": "20251007",
    "to_serial": "20251022",
    "from_manifest_filename": "release_manifest.previous",
    "to_manifest_filename": "manifest.current"
}