New upstream microrelease .NET 9.0 final release
Bug #2087880 reported by
Dominik Viererbe
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | ||
---|---|---|---|---|---|---|
dotnet9 (Ubuntu) | Status tracked in Plucky | |||||
Oracular |
Fix Released
|
High
|
Dominik Viererbe | |||
Plucky |
Fix Released
|
High
|
Dominik Viererbe |
Bug Description
This is the tracking bug for the .NET 9.0 final release.
CVE References
Changed in dotnet9 (Ubuntu Oracular): | |
status: | New → In Progress |
assignee: | nobody → Dominik Viererbe (dviererbe) |
importance: | Undecided → High |
To post a comment you must log in.
This bug was fixed in the package dotnet9 - 9.0.100- 9.0.0-0ubuntu1~ 24.10.1
--------------- 9.0.0-0ubuntu1~ 24.10.1) oracular; urgency=medium
dotnet9 (9.0.100-
* New upstream release (LP: #2087880) eng/source_ build_artifact_ path.py: temporarily disable eng/dotnet- version. py: temporarily add '-rtm' to DEB_VERSION_ RUNTIME_ ONLY and DOTNET_ DEB_VERSION_ SDK_ONLY to fix
* SECURITY UPDATE: privilege escalation
- CVE-2024-43498: an authenticated attacker could create a malicious
extension and then wait for an authenticated user to create a new Visual
Studio project that uses that extension. The result is that the attacker
could gain the privileges of the user.
* SECURITY UPDATE: denial of service
- CVE-2024-43499: a remote unauthenticated attacker could exploit this
vulnerability by sending specially crafted requests to a .NET vulnerable
webapp or loading a specially crafted file into a vulnerable desktop app.
* debian/rules, debian/
strict RID matching to solve build issue on plucky due to binary copying
during archive opening.
* debian/
DOTNET_
version ordering issue with final release.
-- Dominik Viererbe <email address hidden> Fri, 08 Nov 2024 18:16:21 +0200