{ "summary": { "snap": { "added": [], "removed": [], "diff": [] }, "deb": { "added": [], "removed": [], "diff": [ "bind9-dnsutils", "bind9-host", "bind9-libs", "coreutils", "distro-info-data", "libxml2", "open-vm-tools", "python3-distupgrade", "python3-update-manager", "ubuntu-pro-client", "ubuntu-pro-client-l10n", "ubuntu-release-upgrader-core", "update-manager-core" ] } }, "diff": { "deb": [ { "name": "bind9-dnsutils", "from_version": { "source_package_name": "bind9", "source_package_version": "1:9.20.4-3ubuntu1", "version": "1:9.20.4-3ubuntu1" }, "to_version": { "source_package_name": "bind9", "source_package_version": "1:9.20.4-3ubuntu1.1", "version": "1:9.20.4-3ubuntu1.1" }, "cves": [ { "cve": "CVE-2025-40775", "url": "https://ubuntu.com/security/CVE-2025-40775", "cve_description": "DNS message with invalid TSIG causes an assertion failure ", "cve_priority": "medium", "cve_public_date": "2025-05-21" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2025-40775", "url": "https://ubuntu.com/security/CVE-2025-40775", "cve_description": "DNS message with invalid TSIG causes an assertion failure ", "cve_priority": "medium", "cve_public_date": "2025-05-21" } ], "log": [ "", " * SECURITY UPDATE: message with invalid TSIG causes an assertion failure", " - debian/patches/CVE-2025-40775.patch: properly validate messages in", " lib/dns/include/dns/message.h, lib/dns/include/dns/tsig.h,", " lib/dns/message.c, lib/dns/tsig.c, tests/dns/tsig_test.c.", " - CVE-2025-40775", "" ], "package": "bind9", "version": "1:9.20.4-3ubuntu1.1", "urgency": "medium", "distributions": "plucky-security", "launchpad_bugs_fixed": [], "author": "Marc Deslauriers ", "date": "Tue, 20 May 2025 07:25:11 -0400" } ], "notes": null, "is_version_downgrade": false }, { "name": "bind9-host", "from_version": { "source_package_name": "bind9", "source_package_version": "1:9.20.4-3ubuntu1", "version": "1:9.20.4-3ubuntu1" }, "to_version": { "source_package_name": "bind9", "source_package_version": "1:9.20.4-3ubuntu1.1", "version": "1:9.20.4-3ubuntu1.1" }, "cves": [ { "cve": "CVE-2025-40775", "url": "https://ubuntu.com/security/CVE-2025-40775", "cve_description": "DNS message with invalid TSIG causes an assertion failure ", "cve_priority": "medium", "cve_public_date": "2025-05-21" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2025-40775", "url": "https://ubuntu.com/security/CVE-2025-40775", "cve_description": "DNS message with invalid TSIG causes an assertion failure ", "cve_priority": "medium", "cve_public_date": "2025-05-21" } ], "log": [ "", " * SECURITY UPDATE: message with invalid TSIG causes an assertion failure", " - debian/patches/CVE-2025-40775.patch: properly validate messages in", " lib/dns/include/dns/message.h, lib/dns/include/dns/tsig.h,", " lib/dns/message.c, lib/dns/tsig.c, tests/dns/tsig_test.c.", " - CVE-2025-40775", "" ], "package": "bind9", "version": "1:9.20.4-3ubuntu1.1", "urgency": "medium", "distributions": "plucky-security", "launchpad_bugs_fixed": [], "author": "Marc Deslauriers ", "date": "Tue, 20 May 2025 07:25:11 -0400" } ], "notes": null, "is_version_downgrade": false }, { "name": "bind9-libs", "from_version": { "source_package_name": "bind9", "source_package_version": "1:9.20.4-3ubuntu1", "version": "1:9.20.4-3ubuntu1" }, "to_version": { "source_package_name": "bind9", "source_package_version": "1:9.20.4-3ubuntu1.1", "version": "1:9.20.4-3ubuntu1.1" }, "cves": [ { "cve": "CVE-2025-40775", "url": "https://ubuntu.com/security/CVE-2025-40775", "cve_description": "DNS message with invalid TSIG causes an assertion failure ", "cve_priority": "medium", "cve_public_date": "2025-05-21" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2025-40775", "url": "https://ubuntu.com/security/CVE-2025-40775", "cve_description": "DNS message with invalid TSIG causes an assertion failure ", "cve_priority": "medium", "cve_public_date": "2025-05-21" } ], "log": [ "", " * SECURITY UPDATE: message with invalid TSIG causes an assertion failure", " - debian/patches/CVE-2025-40775.patch: properly validate messages in", " lib/dns/include/dns/message.h, lib/dns/include/dns/tsig.h,", " lib/dns/message.c, lib/dns/tsig.c, tests/dns/tsig_test.c.", " - CVE-2025-40775", "" ], "package": "bind9", "version": "1:9.20.4-3ubuntu1.1", "urgency": "medium", "distributions": "plucky-security", "launchpad_bugs_fixed": [], "author": "Marc Deslauriers ", "date": "Tue, 20 May 2025 07:25:11 -0400" } ], "notes": null, "is_version_downgrade": false }, { "name": "coreutils", "from_version": { "source_package_name": "coreutils", "source_package_version": "9.5-1ubuntu1", "version": "9.5-1ubuntu1" }, "to_version": { "source_package_name": "coreutils", "source_package_version": "9.5-1ubuntu1.25.04.1", "version": "9.5-1ubuntu1.25.04.1" }, "cves": [], "launchpad_bugs_fixed": [ 2103489 ], "changes": [ { "cves": [], "log": [ "", " * Modify d/rules to dh_auto_configure with --enable-systemd,", " and add libsystemd-dev as Build-Depends in d/control", " to solve LP: #2103489.", "" ], "package": "coreutils", "version": "9.5-1ubuntu1.25.04.1", "urgency": "medium", "distributions": "plucky", "launchpad_bugs_fixed": [ 2103489 ], "author": "Frank Heimes ", "date": "Thu, 24 Apr 2025 10:58:04 +0200" } ], "notes": null, "is_version_downgrade": false }, { "name": "distro-info-data", "from_version": { "source_package_name": "distro-info-data", "source_package_version": "0.63", "version": "0.63" }, "to_version": { "source_package_name": "distro-info-data", "source_package_version": "0.63ubuntu0.1", "version": "0.63ubuntu0.1" }, "cves": [], "launchpad_bugs_fixed": [ 2107391 ], "changes": [ { "cves": [], "log": [ "", " * Add Ubuntu 25.10 \"Questing Quokka\" (LP: #2107391)", " * Add Debian 15 \"Duke\"", "" ], "package": "distro-info-data", "version": "0.63ubuntu0.1", "urgency": "medium", "distributions": "plucky", "launchpad_bugs_fixed": [ 2107391 ], "author": "Benjamin Drung ", "date": "Wed, 23 Apr 2025 11:40:12 +0200" } ], "notes": null, "is_version_downgrade": false }, { "name": "libxml2", "from_version": { "source_package_name": "libxml2", "source_package_version": "2.12.7+dfsg+really2.9.14-0.4", "version": "2.12.7+dfsg+really2.9.14-0.4" }, "to_version": { "source_package_name": "libxml2", "source_package_version": "2.12.7+dfsg+really2.9.14-0.4ubuntu0.1", "version": "2.12.7+dfsg+really2.9.14-0.4ubuntu0.1" }, "cves": [ { "cve": "CVE-2025-32414", "url": "https://ubuntu.com/security/CVE-2025-32414", "cve_description": "In libxml2 before 2.13.8 and 2.14.x before 2.14.2, out-of-bounds memory access can occur in the Python API (Python bindings) because of an incorrect return value. This occurs in xmlPythonFileRead and xmlPythonFileReadRaw because of a difference between bytes and characters.", "cve_priority": "medium", "cve_public_date": "2025-04-08 03:15:00 UTC" }, { "cve": "CVE-2025-32415", "url": "https://ubuntu.com/security/CVE-2025-32415", "cve_description": "In libxml2 before 2.13.8 and 2.14.x before 2.14.2, xmlSchemaIDCFillNodeTables in xmlschemas.c has a heap-based buffer under-read. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a crafted XML schema must be used.", "cve_priority": "medium", "cve_public_date": "2025-04-17 17:15:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2025-32414", "url": "https://ubuntu.com/security/CVE-2025-32414", "cve_description": "In libxml2 before 2.13.8 and 2.14.x before 2.14.2, out-of-bounds memory access can occur in the Python API (Python bindings) because of an incorrect return value. This occurs in xmlPythonFileRead and xmlPythonFileReadRaw because of a difference between bytes and characters.", "cve_priority": "medium", "cve_public_date": "2025-04-08 03:15:00 UTC" }, { "cve": "CVE-2025-32415", "url": "https://ubuntu.com/security/CVE-2025-32415", "cve_description": "In libxml2 before 2.13.8 and 2.14.x before 2.14.2, xmlSchemaIDCFillNodeTables in xmlschemas.c has a heap-based buffer under-read. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a crafted XML schema must be used.", "cve_priority": "medium", "cve_public_date": "2025-04-17 17:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: OOB access in python API", " - debian/patches/CVE-2025-32414-pre1.patch: fix SAX driver with", " character streams in python/drv_libxml2.py.", " - debian/patches/CVE-2025-32414-1.patch: read at most len/4 characters", " in python/libxml.c.", " - debian/patches/CVE-2025-32414-2.patch: add a test in", " python/tests/Makefile.am, python/tests/unicode.py.", " - CVE-2025-32414", " * SECURITY UPDATE: heap under-read in xmlSchemaIDCFillNodeTables", " - debian/patches/CVE-2025-32415.patch: fix heap buffer overflow in", " xmlSchemaIDCFillNodeTables in xmlschemas.c.", " - CVE-2025-32415", "" ], "package": "libxml2", "version": "2.12.7+dfsg+really2.9.14-0.4ubuntu0.1", "urgency": "medium", "distributions": "plucky-security", "launchpad_bugs_fixed": [], "author": "Marc Deslauriers ", "date": "Thu, 24 Apr 2025 14:42:32 -0400" } ], "notes": null, "is_version_downgrade": false }, { "name": "open-vm-tools", "from_version": { "source_package_name": "open-vm-tools", "source_package_version": "2:12.5.0-1", "version": "2:12.5.0-1" }, "to_version": { "source_package_name": "open-vm-tools", "source_package_version": "2:12.5.0-1ubuntu0.1", "version": "2:12.5.0-1ubuntu0.1" }, "cves": [ { "cve": "CVE-2025-22247", "url": "https://ubuntu.com/security/CVE-2025-22247", "cve_description": "VMware Tools contains an insecure file handling vulnerability. A malicious actor with non-administrative privileges on a guest VM may tamper the local files to trigger insecure file operations within that VM.", "cve_priority": "medium", "cve_public_date": "2025-05-12 11:15:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2025-22247", "url": "https://ubuntu.com/security/CVE-2025-22247", "cve_description": "VMware Tools contains an insecure file handling vulnerability. A malicious actor with non-administrative privileges on a guest VM may tamper the local files to trigger insecure file operations within that VM.", "cve_priority": "medium", "cve_public_date": "2025-05-12 11:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: insecure file handling vulnerability", " - debian/patches/CVE-2025-22247.patch: properly check symlinks and path", " traversal chars in open-vm-tools/vgauth/common/VGAuthUtil.c,", " open-vm-tools/vgauth/common/VGAuthUtil.h,", " open-vm-tools/vgauth/common/prefs.h,", " open-vm-tools/vgauth/common/usercheck.c,", " open-vm-tools/vgauth/serviceImpl/alias.c,", " open-vm-tools/vgauth/serviceImpl/service.c,", " open-vm-tools/vgauth/serviceImpl/serviceInt.h.", " - CVE-2025-22247", "" ], "package": "open-vm-tools", "version": "2:12.5.0-1ubuntu0.1", "urgency": "medium", "distributions": "plucky-security", "launchpad_bugs_fixed": [], "author": "Marc Deslauriers ", "date": "Tue, 06 May 2025 08:15:20 -0400" } ], "notes": null, "is_version_downgrade": false }, { "name": "python3-distupgrade", "from_version": { "source_package_name": "ubuntu-release-upgrader", "source_package_version": "1:25.04.14", "version": "1:25.04.14" }, "to_version": { "source_package_name": "ubuntu-release-upgrader", "source_package_version": "1:25.04.16", "version": "1:25.04.16" }, "cves": [], "launchpad_bugs_fixed": [ 2110594, 2110970, 2107657, 2104859, 2106202 ], "changes": [ { "cves": [], "log": [ "", " * data: remove extraneous comma in data/DistUpgrade.cfg (LP: #2110594)", " * data: add KeyDependencies= section for ubuntustudio-desktop-core", " (LP: #2110970)", "" ], "package": "ubuntu-release-upgrader", "version": "1:25.04.16", "urgency": "medium", "distributions": "plucky", "launchpad_bugs_fixed": [ 2110594, 2110970 ], "author": "Nick Rosbrook ", "date": "Fri, 16 May 2025 07:58:55 -0400" }, { "cves": [], "log": [ "", " [ Nick Rosbrook ]", " * DistUpgradeController: exclude pre-write foreign packages from removal", " (LP: #2107657)", " * data: account for ubuntustudio-desktop-core (LP: #2104859)", " * Run pre-build.sh: updating mirrors.", "", " [ Julian Andres Klode ]", " * Only upgrade libc6 first if there are no unexpected changes (LP: #2106202)", "" ], "package": "ubuntu-release-upgrader", "version": "1:25.04.15", "urgency": "medium", "distributions": "plucky", "launchpad_bugs_fixed": [ 2107657, 2104859, 2106202 ], "author": "Nick Rosbrook ", "date": "Thu, 24 Apr 2025 11:20:23 -0400" } ], "notes": null, "is_version_downgrade": false }, { "name": "python3-update-manager", "from_version": { "source_package_name": "update-manager", "source_package_version": "1:25.04.4", "version": "1:25.04.4" }, "to_version": { "source_package_name": "update-manager", "source_package_version": "1:25.04.5", "version": "1:25.04.5" }, "cves": [], "launchpad_bugs_fixed": [ 2109339, 2109339, 2109340 ], "changes": [ { "cves": [], "log": [ "", " * test_update_origin.py: Update to noble, and packaged archive keys", " (LP: #2109339)", " * test_update_origin: close the dpkg status file when tearing down", " (also tracked in LP: #2109339)", " * Allow output on stderr in autopkgtests (LP: #2109340)", "" ], "package": "update-manager", "version": "1:25.04.5", "urgency": "medium", "distributions": "plucky", "launchpad_bugs_fixed": [ 2109339, 2109339, 2109340 ], "author": "Julian Andres Klode ", "date": "Fri, 25 Apr 2025 15:01:42 +0200" } ], "notes": null, "is_version_downgrade": false }, { "name": "ubuntu-pro-client", "from_version": { "source_package_name": "ubuntu-advantage-tools", "source_package_version": "35", "version": "35" }, "to_version": { "source_package_name": "ubuntu-advantage-tools", "source_package_version": "35.1ubuntu0", "version": "35.1ubuntu0" }, "cves": [], "launchpad_bugs_fixed": [ 2106660 ], "changes": [ { "cves": [], "log": [ "", " * apt: support ESM snapshots by adding snapshot URLs for ESM repositories", " to the authentication file (released in version 35)", " * lxd: store the configuration in /var/lib/ubuntu-advantage instead of", " /var/lib/ubuntu-pro (LP: #2106660)", "" ], "package": "ubuntu-advantage-tools", "version": "35.1ubuntu0", "urgency": "medium", "distributions": "plucky", "launchpad_bugs_fixed": [ 2106660 ], "author": "Renan Rodrigo ", "date": "Wed, 09 Apr 2025 13:19:50 -0300" } ], "notes": null, "is_version_downgrade": false }, { "name": "ubuntu-pro-client-l10n", "from_version": { "source_package_name": "ubuntu-advantage-tools", "source_package_version": "35", "version": "35" }, "to_version": { "source_package_name": "ubuntu-advantage-tools", "source_package_version": "35.1ubuntu0", "version": "35.1ubuntu0" }, "cves": [], "launchpad_bugs_fixed": [ 2106660 ], "changes": [ { "cves": [], "log": [ "", " * apt: support ESM snapshots by adding snapshot URLs for ESM repositories", " to the authentication file (released in version 35)", " * lxd: store the configuration in /var/lib/ubuntu-advantage instead of", " /var/lib/ubuntu-pro (LP: #2106660)", "" ], "package": "ubuntu-advantage-tools", "version": "35.1ubuntu0", "urgency": "medium", "distributions": "plucky", "launchpad_bugs_fixed": [ 2106660 ], "author": "Renan Rodrigo ", "date": "Wed, 09 Apr 2025 13:19:50 -0300" } ], "notes": null, "is_version_downgrade": false }, { "name": "ubuntu-release-upgrader-core", "from_version": { "source_package_name": "ubuntu-release-upgrader", "source_package_version": "1:25.04.14", "version": "1:25.04.14" }, "to_version": { "source_package_name": "ubuntu-release-upgrader", "source_package_version": "1:25.04.16", "version": "1:25.04.16" }, "cves": [], "launchpad_bugs_fixed": [ 2110594, 2110970, 2107657, 2104859, 2106202 ], "changes": [ { "cves": [], "log": [ "", " * data: remove extraneous comma in data/DistUpgrade.cfg (LP: #2110594)", " * data: add KeyDependencies= section for ubuntustudio-desktop-core", " (LP: #2110970)", "" ], "package": "ubuntu-release-upgrader", "version": "1:25.04.16", "urgency": "medium", "distributions": "plucky", "launchpad_bugs_fixed": [ 2110594, 2110970 ], "author": "Nick Rosbrook ", "date": "Fri, 16 May 2025 07:58:55 -0400" }, { "cves": [], "log": [ "", " [ Nick Rosbrook ]", " * DistUpgradeController: exclude pre-write foreign packages from removal", " (LP: #2107657)", " * data: account for ubuntustudio-desktop-core (LP: #2104859)", " * Run pre-build.sh: updating mirrors.", "", " [ Julian Andres Klode ]", " * Only upgrade libc6 first if there are no unexpected changes (LP: #2106202)", "" ], "package": "ubuntu-release-upgrader", "version": "1:25.04.15", "urgency": "medium", "distributions": "plucky", "launchpad_bugs_fixed": [ 2107657, 2104859, 2106202 ], "author": "Nick Rosbrook ", "date": "Thu, 24 Apr 2025 11:20:23 -0400" } ], "notes": null, "is_version_downgrade": false }, { "name": "update-manager-core", "from_version": { "source_package_name": "update-manager", "source_package_version": "1:25.04.4", "version": "1:25.04.4" }, "to_version": { "source_package_name": "update-manager", "source_package_version": "1:25.04.5", "version": "1:25.04.5" }, "cves": [], "launchpad_bugs_fixed": [ 2109339, 2109339, 2109340 ], "changes": [ { "cves": [], "log": [ "", " * test_update_origin.py: Update to noble, and packaged archive keys", " (LP: #2109339)", " * test_update_origin: close the dpkg status file when tearing down", " (also tracked in LP: #2109339)", " * Allow output on stderr in autopkgtests (LP: #2109340)", "" ], "package": "update-manager", "version": "1:25.04.5", "urgency": "medium", "distributions": "plucky", "launchpad_bugs_fixed": [ 2109339, 2109339, 2109340 ], "author": "Julian Andres Klode ", "date": "Fri, 25 Apr 2025 15:01:42 +0200" } ], "notes": null, "is_version_downgrade": false } ], "snap": [] }, "added": { "deb": [], "snap": [] }, "removed": { "deb": [], "snap": [] }, "notes": "Changelog diff for Ubuntu 25.04 plucky image from release image serial 20250424 to 20250521", "from_series": "plucky", "to_series": "plucky", "from_serial": "20250424", "to_serial": "20250521", "from_manifest_filename": "release_manifest.previous", "to_manifest_filename": "manifest.current" }