I verified these SRUs within a LXD container as follows (replacing jammy with kinetic to verify it as well):
lxc launch ubuntu:jammy jammy lxc shell jammy
# within the jammy environment # reproduce the vulnerability apt update apt install python3-macaroonbakery
# use the poc from comment 3 above vi poc.py
python3 poc.py
# observe traceback from NoneType exception
# now upgrade to the version in -proposed as per https://wiki.ubuntu.com/Testing/EnableProposed
cat <<EOF >/etc/apt/sources.list.d/ubuntu-$(lsb_release -cs)-proposed.list # Enable Ubuntu proposed archive deb http://archive.ubuntu.com/ubuntu/ $(lsb_release -cs)-proposed restricted main multiverse universe EOF
cat <<EOF >/etc/apt/preferences.d/proposed-updates # Configure apt to allow selective installs of packages from proposed Package: * Pin: release a=$(lsb_release -cs)-proposed Pin-Priority: 400 EOF
apt update
apt install python3-macaroonbakery/$(lsb_release -cs)-proposed
# no exception/traceback! hooray!
I verified these SRUs within a LXD container as follows (replacing jammy with kinetic to verify it as well):
lxc launch ubuntu:jammy jammy
lxc shell jammy
# within the jammy environment macaroonbakery
# reproduce the vulnerability
apt update
apt install python3-
# use the poc from comment 3 above
vi poc.py
python3 poc.py
# observe traceback from NoneType exception
# now upgrade to the version in -proposed as per https:/ /wiki.ubuntu. com/Testing/ EnableProposed
cat <<EOF >/etc/apt/ sources. list.d/ ubuntu- $(lsb_release -cs)-proposed.list archive. ubuntu. com/ubuntu/ $(lsb_release -cs)-proposed restricted main multiverse universe
# Enable Ubuntu proposed archive
deb http://
EOF
cat <<EOF >/etc/apt/ preferences. d/proposed- updates
# Configure apt to allow selective installs of packages from proposed
Package: *
Pin: release a=$(lsb_release -cs)-proposed
Pin-Priority: 400
EOF
apt update
apt install python3- macaroonbakery/ $(lsb_release -cs)-proposed
python3 poc.py
# no exception/ traceback! hooray!