{ "summary": { "snap": { "added": [], "removed": [], "diff": [] }, "deb": { "added": [], "removed": [], "diff": [ "curl", "gcc-12-base", "libcurl4", "libgcc-s1", "libpython3.10-minimal", "libpython3.10-stdlib", "libstdc++6", "python3.10", "python3.10-minimal", "sosreport" ] } }, "diff": { "deb": [ { "name": "curl", "from_version": { "source_package_name": "curl", "source_package_version": "7.81.0-1ubuntu1.21", "version": "7.81.0-1ubuntu1.21" }, "to_version": { "source_package_name": "curl", "source_package_version": "7.81.0-1ubuntu1.23", "version": "7.81.0-1ubuntu1.23" }, "cves": [ { "cve": "CVE-2026-1965", "url": "https://ubuntu.com/security/CVE-2026-1965", "cve_description": "libcurl can in some circumstances reuse the wrong connection when asked to do an Negotiate-authenticated HTTP or HTTPS request.", "cve_priority": "medium", "cve_public_date": "2026-03-11 18:00:00 UTC" }, { "cve": "CVE-2026-3783", "url": "https://ubuntu.com/security/CVE-2026-3783", "cve_description": "When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer performs a redirect to a second URL, curl cwould leak that token to the second hostname under some circumstances.", "cve_priority": "medium", "cve_public_date": "2026-03-11 18:00:00 UTC" }, { "cve": "CVE-2026-3784", "url": "https://ubuntu.com/security/CVE-2026-3784", "cve_description": "", "cve_priority": "low", "cve_public_date": "2026-03-11 18:00:00 UTC" }, { "cve": "CVE-2025-0167", "url": "https://ubuntu.com/security/CVE-2025-0167", "cve_description": "When asked to use a `.netrc` file for credentials **and** to follow HTTP redirects, curl could leak the password used for the first host to the followed-to host under certain circumstances. This flaw only manifests itself if the netrc file has a `default` entry that omits both login and password. A rare circumstance.", "cve_priority": "low", "cve_public_date": "2025-02-05 10:15:00 UTC" }, { "cve": "CVE-2025-14017", "url": "https://ubuntu.com/security/CVE-2025-14017", "cve_description": "When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl, changing TLS options in one thread would inadvertently change them globally and therefore possibly also affect other concurrently setup transfers. Disabling certificate verification for a specific transfer could unintentionally disable the feature for other threads as well.", "cve_priority": "medium", "cve_public_date": "2026-01-08 10:15:00 UTC" }, { "cve": "CVE-2025-14524", "url": "https://ubuntu.com/security/CVE-2025-14524", "cve_description": "When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer performs a cross-protocol redirect to a second URL that uses an IMAP, LDAP, POP3 or SMTP scheme, curl might wrongly pass on the bearer token to the new target host.", "cve_priority": "low", "cve_public_date": "2026-01-08 10:15:00 UTC" }, { "cve": "CVE-2025-15079", "url": "https://ubuntu.com/security/CVE-2025-15079", "cve_description": "When doing SSH-based transfers using either SCP or SFTP, and setting the known_hosts file, libcurl could still mistakenly accept connecting to hosts *not present* in the specified file if they were added as recognized in the libssh *global* known_hosts file.", "cve_priority": "low", "cve_public_date": "2026-01-08 10:15:00 UTC" }, { "cve": "CVE-2025-15224", "url": "https://ubuntu.com/security/CVE-2025-15224", "cve_description": "When doing SSH-based transfers using either SCP or SFTP, and asked to do public key authentication, curl would wrongly still ask and authenticate using a locally running SSH agent.", "cve_priority": "low", "cve_public_date": "2026-01-08 10:15:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2026-1965", "url": "https://ubuntu.com/security/CVE-2026-1965", "cve_description": "libcurl can in some circumstances reuse the wrong connection when asked to do an Negotiate-authenticated HTTP or HTTPS request.", "cve_priority": "medium", "cve_public_date": "2026-03-11 18:00:00 UTC" }, { "cve": "CVE-2026-3783", "url": "https://ubuntu.com/security/CVE-2026-3783", "cve_description": "When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer performs a redirect to a second URL, curl cwould leak that token to the second hostname under some circumstances.", "cve_priority": "medium", "cve_public_date": "2026-03-11 18:00:00 UTC" }, { "cve": "CVE-2026-3784", "url": "https://ubuntu.com/security/CVE-2026-3784", "cve_description": "", "cve_priority": "low", "cve_public_date": "2026-03-11 18:00:00 UTC" }, { "cve": "CVE-2025-0167", "url": "https://ubuntu.com/security/CVE-2025-0167", "cve_description": "When asked to use a `.netrc` file for credentials **and** to follow HTTP redirects, curl could leak the password used for the first host to the followed-to host under certain circumstances. This flaw only manifests itself if the netrc file has a `default` entry that omits both login and password. A rare circumstance.", "cve_priority": "low", "cve_public_date": "2025-02-05 10:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: bad reuse of HTTP Negotiate connection", " - debian/patches/CVE-2026-1965-1.patch: fix reuse of connections using", " HTTP Negotiate in lib/url.c.", " - debian/patches/CVE-2026-1965-2.patch: fix copy and paste", " url_match_auth_nego mistake in lib/url.c.", " - CVE-2026-1965", " * SECURITY UPDATE: token leak with redirect and netrc", " - debian/patches/CVE-2026-3783.patch: only send bearer if auth is", " allowed in lib/http.c, tests/data/Makefile.inc, tests/data/test2006.", " - CVE-2026-3783", " * SECURITY UPDATE: wrong proxy connection reuse with credentials", " - debian/patches/CVE-2026-3784.patch: add additional tests in", " lib/url.c.", " - CVE-2026-3784", " * SECURITY UPDATE: netrc and default credential leak", " - debian/patches/CVE-2025-0167.patch: 'default' with no credentials is", " not a match in lib/netrc.c, tests/data/Makefile.inc,", " tests/data/test486.", " - CVE-2025-0167", "" ], "package": "curl", "version": "7.81.0-1ubuntu1.23", "urgency": "medium", "distributions": "jammy-security", "launchpad_bugs_fixed": [], "author": "Marc Deslauriers ", "date": "Tue, 10 Mar 2026 14:25:36 -0400" }, { "cves": [ { "cve": "CVE-2025-14017", "url": "https://ubuntu.com/security/CVE-2025-14017", "cve_description": "When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl, changing TLS options in one thread would inadvertently change them globally and therefore possibly also affect other concurrently setup transfers. Disabling certificate verification for a specific transfer could unintentionally disable the feature for other threads as well.", "cve_priority": "medium", "cve_public_date": "2026-01-08 10:15:00 UTC" }, { "cve": "CVE-2025-14524", "url": "https://ubuntu.com/security/CVE-2025-14524", "cve_description": "When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer performs a cross-protocol redirect to a second URL that uses an IMAP, LDAP, POP3 or SMTP scheme, curl might wrongly pass on the bearer token to the new target host.", "cve_priority": "low", "cve_public_date": "2026-01-08 10:15:00 UTC" }, { "cve": "CVE-2025-15079", "url": "https://ubuntu.com/security/CVE-2025-15079", "cve_description": "When doing SSH-based transfers using either SCP or SFTP, and setting the known_hosts file, libcurl could still mistakenly accept connecting to hosts *not present* in the specified file if they were added as recognized in the libssh *global* known_hosts file.", "cve_priority": "low", "cve_public_date": "2026-01-08 10:15:00 UTC" }, { "cve": "CVE-2025-15224", "url": "https://ubuntu.com/security/CVE-2025-15224", "cve_description": "When doing SSH-based transfers using either SCP or SFTP, and asked to do public key authentication, curl would wrongly still ask and authenticate using a locally running SSH agent.", "cve_priority": "low", "cve_public_date": "2026-01-08 10:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: multi-threaded TSL options leak", " - debian/patches/CVE-2025-14017.patch: call ldap_init() before", " setting the options in lib/ldap.c", " - CVE-2025-14017", " * SECURITY UPDATE: bearer token leak on cross-protocol redirect", " - debian/patches/CVE-2025-14524.patch: if redirected,", " require permission to use bearer in lib/curl_sasl.c", " - CVE-2025-14524", " * SECURITY UPDATE: ssh known_hosts validation bypass", " - debian/patches/CVE-2025-15079.patch: set both knownhosts", " options to the same file in lib/vssh/libssh.c", " - CVE-2025-15079", " * SECURITY UPDATE: improper local ssh agent authentication", " - debian/patches/CVE-2025-15224.patch: require private key", " or user-agent for public key auth in lib/vssh/libssh.c", " - CVE-2025-15224", "" ], "package": "curl", "version": "7.81.0-1ubuntu1.22", "urgency": "medium", "distributions": "jammy-security", "launchpad_bugs_fixed": [], "author": "Elise Hlady ", "date": "Wed, 18 Feb 2026 13:33:48 -0800" } ], "notes": null, "is_version_downgrade": false }, { "name": "gcc-12-base", "from_version": { "source_package_name": "gcc-12", "source_package_version": "12.3.0-1ubuntu1~22.04.2", "version": "12.3.0-1ubuntu1~22.04.2" }, "to_version": { "source_package_name": "gcc-12", "source_package_version": "12.3.0-1ubuntu1~22.04.3", "version": "12.3.0-1ubuntu1~22.04.3" }, "cves": [], "launchpad_bugs_fixed": [ 2101084 ], "changes": [ { "cves": [], "log": [ "", " * d/p/pr118976.diff: Fix memory corruption when executing 256-bit", " Scalable Vector Extensions code on 128-bit CPUs (LP: #2101084).", "" ], "package": "gcc-12", "version": "12.3.0-1ubuntu1~22.04.3", "urgency": "medium", "distributions": "jammy", "launchpad_bugs_fixed": [ 2101084 ], "author": "Vladimir Petko ", "date": "Sat, 20 Dec 2025 10:52:06 +1300" } ], "notes": null, "is_version_downgrade": false }, { "name": "libcurl4", "from_version": { "source_package_name": "curl", "source_package_version": "7.81.0-1ubuntu1.21", "version": "7.81.0-1ubuntu1.21" }, "to_version": { "source_package_name": "curl", "source_package_version": "7.81.0-1ubuntu1.23", "version": "7.81.0-1ubuntu1.23" }, "cves": [ { "cve": "CVE-2026-1965", "url": "https://ubuntu.com/security/CVE-2026-1965", "cve_description": "libcurl can in some circumstances reuse the wrong connection when asked to do an Negotiate-authenticated HTTP or HTTPS request.", "cve_priority": "medium", "cve_public_date": "2026-03-11 18:00:00 UTC" }, { "cve": "CVE-2026-3783", "url": "https://ubuntu.com/security/CVE-2026-3783", "cve_description": "When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer performs a redirect to a second URL, curl cwould leak that token to the second hostname under some circumstances.", "cve_priority": "medium", "cve_public_date": "2026-03-11 18:00:00 UTC" }, { "cve": "CVE-2026-3784", "url": "https://ubuntu.com/security/CVE-2026-3784", "cve_description": "", "cve_priority": "low", "cve_public_date": "2026-03-11 18:00:00 UTC" }, { "cve": "CVE-2025-0167", "url": "https://ubuntu.com/security/CVE-2025-0167", "cve_description": "When asked to use a `.netrc` file for credentials **and** to follow HTTP redirects, curl could leak the password used for the first host to the followed-to host under certain circumstances. This flaw only manifests itself if the netrc file has a `default` entry that omits both login and password. A rare circumstance.", "cve_priority": "low", "cve_public_date": "2025-02-05 10:15:00 UTC" }, { "cve": "CVE-2025-14017", "url": "https://ubuntu.com/security/CVE-2025-14017", "cve_description": "When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl, changing TLS options in one thread would inadvertently change them globally and therefore possibly also affect other concurrently setup transfers. Disabling certificate verification for a specific transfer could unintentionally disable the feature for other threads as well.", "cve_priority": "medium", "cve_public_date": "2026-01-08 10:15:00 UTC" }, { "cve": "CVE-2025-14524", "url": "https://ubuntu.com/security/CVE-2025-14524", "cve_description": "When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer performs a cross-protocol redirect to a second URL that uses an IMAP, LDAP, POP3 or SMTP scheme, curl might wrongly pass on the bearer token to the new target host.", "cve_priority": "low", "cve_public_date": "2026-01-08 10:15:00 UTC" }, { "cve": "CVE-2025-15079", "url": "https://ubuntu.com/security/CVE-2025-15079", "cve_description": "When doing SSH-based transfers using either SCP or SFTP, and setting the known_hosts file, libcurl could still mistakenly accept connecting to hosts *not present* in the specified file if they were added as recognized in the libssh *global* known_hosts file.", "cve_priority": "low", "cve_public_date": "2026-01-08 10:15:00 UTC" }, { "cve": "CVE-2025-15224", "url": "https://ubuntu.com/security/CVE-2025-15224", "cve_description": "When doing SSH-based transfers using either SCP or SFTP, and asked to do public key authentication, curl would wrongly still ask and authenticate using a locally running SSH agent.", "cve_priority": "low", "cve_public_date": "2026-01-08 10:15:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2026-1965", "url": "https://ubuntu.com/security/CVE-2026-1965", "cve_description": "libcurl can in some circumstances reuse the wrong connection when asked to do an Negotiate-authenticated HTTP or HTTPS request.", "cve_priority": "medium", "cve_public_date": "2026-03-11 18:00:00 UTC" }, { "cve": "CVE-2026-3783", "url": "https://ubuntu.com/security/CVE-2026-3783", "cve_description": "When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer performs a redirect to a second URL, curl cwould leak that token to the second hostname under some circumstances.", "cve_priority": "medium", "cve_public_date": "2026-03-11 18:00:00 UTC" }, { "cve": "CVE-2026-3784", "url": "https://ubuntu.com/security/CVE-2026-3784", "cve_description": "", "cve_priority": "low", "cve_public_date": "2026-03-11 18:00:00 UTC" }, { "cve": "CVE-2025-0167", "url": "https://ubuntu.com/security/CVE-2025-0167", "cve_description": "When asked to use a `.netrc` file for credentials **and** to follow HTTP redirects, curl could leak the password used for the first host to the followed-to host under certain circumstances. This flaw only manifests itself if the netrc file has a `default` entry that omits both login and password. A rare circumstance.", "cve_priority": "low", "cve_public_date": "2025-02-05 10:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: bad reuse of HTTP Negotiate connection", " - debian/patches/CVE-2026-1965-1.patch: fix reuse of connections using", " HTTP Negotiate in lib/url.c.", " - debian/patches/CVE-2026-1965-2.patch: fix copy and paste", " url_match_auth_nego mistake in lib/url.c.", " - CVE-2026-1965", " * SECURITY UPDATE: token leak with redirect and netrc", " - debian/patches/CVE-2026-3783.patch: only send bearer if auth is", " allowed in lib/http.c, tests/data/Makefile.inc, tests/data/test2006.", " - CVE-2026-3783", " * SECURITY UPDATE: wrong proxy connection reuse with credentials", " - debian/patches/CVE-2026-3784.patch: add additional tests in", " lib/url.c.", " - CVE-2026-3784", " * SECURITY UPDATE: netrc and default credential leak", " - debian/patches/CVE-2025-0167.patch: 'default' with no credentials is", " not a match in lib/netrc.c, tests/data/Makefile.inc,", " tests/data/test486.", " - CVE-2025-0167", "" ], "package": "curl", "version": "7.81.0-1ubuntu1.23", "urgency": "medium", "distributions": "jammy-security", "launchpad_bugs_fixed": [], "author": "Marc Deslauriers ", "date": "Tue, 10 Mar 2026 14:25:36 -0400" }, { "cves": [ { "cve": "CVE-2025-14017", "url": "https://ubuntu.com/security/CVE-2025-14017", "cve_description": "When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl, changing TLS options in one thread would inadvertently change them globally and therefore possibly also affect other concurrently setup transfers. Disabling certificate verification for a specific transfer could unintentionally disable the feature for other threads as well.", "cve_priority": "medium", "cve_public_date": "2026-01-08 10:15:00 UTC" }, { "cve": "CVE-2025-14524", "url": "https://ubuntu.com/security/CVE-2025-14524", "cve_description": "When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer performs a cross-protocol redirect to a second URL that uses an IMAP, LDAP, POP3 or SMTP scheme, curl might wrongly pass on the bearer token to the new target host.", "cve_priority": "low", "cve_public_date": "2026-01-08 10:15:00 UTC" }, { "cve": "CVE-2025-15079", "url": "https://ubuntu.com/security/CVE-2025-15079", "cve_description": "When doing SSH-based transfers using either SCP or SFTP, and setting the known_hosts file, libcurl could still mistakenly accept connecting to hosts *not present* in the specified file if they were added as recognized in the libssh *global* known_hosts file.", "cve_priority": "low", "cve_public_date": "2026-01-08 10:15:00 UTC" }, { "cve": "CVE-2025-15224", "url": "https://ubuntu.com/security/CVE-2025-15224", "cve_description": "When doing SSH-based transfers using either SCP or SFTP, and asked to do public key authentication, curl would wrongly still ask and authenticate using a locally running SSH agent.", "cve_priority": "low", "cve_public_date": "2026-01-08 10:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: multi-threaded TSL options leak", " - debian/patches/CVE-2025-14017.patch: call ldap_init() before", " setting the options in lib/ldap.c", " - CVE-2025-14017", " * SECURITY UPDATE: bearer token leak on cross-protocol redirect", " - debian/patches/CVE-2025-14524.patch: if redirected,", " require permission to use bearer in lib/curl_sasl.c", " - CVE-2025-14524", " * SECURITY UPDATE: ssh known_hosts validation bypass", " - debian/patches/CVE-2025-15079.patch: set both knownhosts", " options to the same file in lib/vssh/libssh.c", " - CVE-2025-15079", " * SECURITY UPDATE: improper local ssh agent authentication", " - debian/patches/CVE-2025-15224.patch: require private key", " or user-agent for public key auth in lib/vssh/libssh.c", " - CVE-2025-15224", "" ], "package": "curl", "version": "7.81.0-1ubuntu1.22", "urgency": "medium", "distributions": "jammy-security", "launchpad_bugs_fixed": [], "author": "Elise Hlady ", "date": "Wed, 18 Feb 2026 13:33:48 -0800" } ], "notes": null, "is_version_downgrade": false }, { "name": "libgcc-s1", "from_version": { "source_package_name": "gcc-12", "source_package_version": "12.3.0-1ubuntu1~22.04.2", "version": "12.3.0-1ubuntu1~22.04.2" }, "to_version": { "source_package_name": "gcc-12", "source_package_version": "12.3.0-1ubuntu1~22.04.3", "version": "12.3.0-1ubuntu1~22.04.3" }, "cves": [], "launchpad_bugs_fixed": [ 2101084 ], "changes": [ { "cves": [], "log": [ "", " * d/p/pr118976.diff: Fix memory corruption when executing 256-bit", " Scalable Vector Extensions code on 128-bit CPUs (LP: #2101084).", "" ], "package": "gcc-12", "version": "12.3.0-1ubuntu1~22.04.3", "urgency": "medium", "distributions": "jammy", "launchpad_bugs_fixed": [ 2101084 ], "author": "Vladimir Petko ", "date": "Sat, 20 Dec 2025 10:52:06 +1300" } ], "notes": null, "is_version_downgrade": false }, { "name": "libpython3.10-minimal", "from_version": { "source_package_name": "python3.10", "source_package_version": "3.10.12-1~22.04.14", "version": "3.10.12-1~22.04.14" }, "to_version": { "source_package_name": "python3.10", "source_package_version": "3.10.12-1~22.04.15", "version": "3.10.12-1~22.04.15" }, "cves": [ { "cve": "CVE-2025-15366", "url": "https://ubuntu.com/security/CVE-2025-15366", "cve_description": "The imaplib module, when passed a user-controlled command, can have additional commands injected using newlines. Mitigation rejects commands containing control characters.", "cve_priority": "medium", "cve_public_date": "2026-01-20 22:15:00 UTC" }, { "cve": "CVE-2025-15367", "url": "https://ubuntu.com/security/CVE-2025-15367", "cve_description": "The poplib module, when passed a user-controlled command, can have additional commands injected using newlines. Mitigation rejects commands containing control characters.", "cve_priority": "medium", "cve_public_date": "2026-01-20 22:15:00 UTC" }, { "cve": "CVE-2026-0865", "url": "https://ubuntu.com/security/CVE-2026-0865", "cve_description": "User-controlled header names and values containing newlines can allow injecting HTTP headers.", "cve_priority": "medium", "cve_public_date": "2026-01-20 22:15:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2025-15366", "url": "https://ubuntu.com/security/CVE-2025-15366", "cve_description": "The imaplib module, when passed a user-controlled command, can have additional commands injected using newlines. Mitigation rejects commands containing control characters.", "cve_priority": "medium", "cve_public_date": "2026-01-20 22:15:00 UTC" }, { "cve": "CVE-2025-15367", "url": "https://ubuntu.com/security/CVE-2025-15367", "cve_description": "The poplib module, when passed a user-controlled command, can have additional commands injected using newlines. Mitigation rejects commands containing control characters.", "cve_priority": "medium", "cve_public_date": "2026-01-20 22:15:00 UTC" }, { "cve": "CVE-2026-0865", "url": "https://ubuntu.com/security/CVE-2026-0865", "cve_description": "User-controlled header names and values containing newlines can allow injecting HTTP headers.", "cve_priority": "medium", "cve_public_date": "2026-01-20 22:15:00 UTC" } ], "log": [ "", " * SECURITY REGRESSION: Revert patch for CVE-2025-15366", " - debian/patches/CVE-2025-15366.patch: Reverted. Patch breaks RFC", " 9051 IMAP conformance and introduces behavior regressions avoided", " by upstream.", " - CVE-2025-15366", " * SECURITY REGRESSION: Revert patch for CVE-2025-15367", " - debian/patches/CVE-2025-15367.patch: Reverted to prevent behavior", " regressions, aligning with upstream backporting decisions.", " - CVE-2025-15367", " * SECURITY REGRESSION: Allow HTAB in wsgiref header values", " - debian/patches/CVE-2026-0865-2.patch: Permit HTAB in header values", " (excluding names) in Lib/wsgiref/headers.py, add test coverage.", " - CVE-2026-0865", "" ], "package": "python3.10", "version": "3.10.12-1~22.04.15", "urgency": "medium", "distributions": "jammy-security", "launchpad_bugs_fixed": [], "author": "Vyom Yadav ", "date": "Tue, 03 Mar 2026 17:26:32 +0530" } ], "notes": null, "is_version_downgrade": false }, { "name": "libpython3.10-stdlib", "from_version": { "source_package_name": "python3.10", "source_package_version": "3.10.12-1~22.04.14", "version": "3.10.12-1~22.04.14" }, "to_version": { "source_package_name": "python3.10", "source_package_version": "3.10.12-1~22.04.15", "version": "3.10.12-1~22.04.15" }, "cves": [ { "cve": "CVE-2025-15366", "url": "https://ubuntu.com/security/CVE-2025-15366", "cve_description": "The imaplib module, when passed a user-controlled command, can have additional commands injected using newlines. Mitigation rejects commands containing control characters.", "cve_priority": "medium", "cve_public_date": "2026-01-20 22:15:00 UTC" }, { "cve": "CVE-2025-15367", "url": "https://ubuntu.com/security/CVE-2025-15367", "cve_description": "The poplib module, when passed a user-controlled command, can have additional commands injected using newlines. Mitigation rejects commands containing control characters.", "cve_priority": "medium", "cve_public_date": "2026-01-20 22:15:00 UTC" }, { "cve": "CVE-2026-0865", "url": "https://ubuntu.com/security/CVE-2026-0865", "cve_description": "User-controlled header names and values containing newlines can allow injecting HTTP headers.", "cve_priority": "medium", "cve_public_date": "2026-01-20 22:15:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2025-15366", "url": "https://ubuntu.com/security/CVE-2025-15366", "cve_description": "The imaplib module, when passed a user-controlled command, can have additional commands injected using newlines. Mitigation rejects commands containing control characters.", "cve_priority": "medium", "cve_public_date": "2026-01-20 22:15:00 UTC" }, { "cve": "CVE-2025-15367", "url": "https://ubuntu.com/security/CVE-2025-15367", "cve_description": "The poplib module, when passed a user-controlled command, can have additional commands injected using newlines. Mitigation rejects commands containing control characters.", "cve_priority": "medium", "cve_public_date": "2026-01-20 22:15:00 UTC" }, { "cve": "CVE-2026-0865", "url": "https://ubuntu.com/security/CVE-2026-0865", "cve_description": "User-controlled header names and values containing newlines can allow injecting HTTP headers.", "cve_priority": "medium", "cve_public_date": "2026-01-20 22:15:00 UTC" } ], "log": [ "", " * SECURITY REGRESSION: Revert patch for CVE-2025-15366", " - debian/patches/CVE-2025-15366.patch: Reverted. Patch breaks RFC", " 9051 IMAP conformance and introduces behavior regressions avoided", " by upstream.", " - CVE-2025-15366", " * SECURITY REGRESSION: Revert patch for CVE-2025-15367", " - debian/patches/CVE-2025-15367.patch: Reverted to prevent behavior", " regressions, aligning with upstream backporting decisions.", " - CVE-2025-15367", " * SECURITY REGRESSION: Allow HTAB in wsgiref header values", " - debian/patches/CVE-2026-0865-2.patch: Permit HTAB in header values", " (excluding names) in Lib/wsgiref/headers.py, add test coverage.", " - CVE-2026-0865", "" ], "package": "python3.10", "version": "3.10.12-1~22.04.15", "urgency": "medium", "distributions": "jammy-security", "launchpad_bugs_fixed": [], "author": "Vyom Yadav ", "date": "Tue, 03 Mar 2026 17:26:32 +0530" } ], "notes": null, "is_version_downgrade": false }, { "name": "libstdc++6", "from_version": { "source_package_name": "gcc-12", "source_package_version": "12.3.0-1ubuntu1~22.04.2", "version": "12.3.0-1ubuntu1~22.04.2" }, "to_version": { "source_package_name": "gcc-12", "source_package_version": "12.3.0-1ubuntu1~22.04.3", "version": "12.3.0-1ubuntu1~22.04.3" }, "cves": [], "launchpad_bugs_fixed": [ 2101084 ], "changes": [ { "cves": [], "log": [ "", " * d/p/pr118976.diff: Fix memory corruption when executing 256-bit", " Scalable Vector Extensions code on 128-bit CPUs (LP: #2101084).", "" ], "package": "gcc-12", "version": "12.3.0-1ubuntu1~22.04.3", "urgency": "medium", "distributions": "jammy", "launchpad_bugs_fixed": [ 2101084 ], "author": "Vladimir Petko ", "date": "Sat, 20 Dec 2025 10:52:06 +1300" } ], "notes": null, "is_version_downgrade": false }, { "name": "python3.10", "from_version": { "source_package_name": "python3.10", "source_package_version": "3.10.12-1~22.04.14", "version": "3.10.12-1~22.04.14" }, "to_version": { "source_package_name": "python3.10", "source_package_version": "3.10.12-1~22.04.15", "version": "3.10.12-1~22.04.15" }, "cves": [ { "cve": "CVE-2025-15366", "url": "https://ubuntu.com/security/CVE-2025-15366", "cve_description": "The imaplib module, when passed a user-controlled command, can have additional commands injected using newlines. Mitigation rejects commands containing control characters.", "cve_priority": "medium", "cve_public_date": "2026-01-20 22:15:00 UTC" }, { "cve": "CVE-2025-15367", "url": "https://ubuntu.com/security/CVE-2025-15367", "cve_description": "The poplib module, when passed a user-controlled command, can have additional commands injected using newlines. Mitigation rejects commands containing control characters.", "cve_priority": "medium", "cve_public_date": "2026-01-20 22:15:00 UTC" }, { "cve": "CVE-2026-0865", "url": "https://ubuntu.com/security/CVE-2026-0865", "cve_description": "User-controlled header names and values containing newlines can allow injecting HTTP headers.", "cve_priority": "medium", "cve_public_date": "2026-01-20 22:15:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2025-15366", "url": "https://ubuntu.com/security/CVE-2025-15366", "cve_description": "The imaplib module, when passed a user-controlled command, can have additional commands injected using newlines. Mitigation rejects commands containing control characters.", "cve_priority": "medium", "cve_public_date": "2026-01-20 22:15:00 UTC" }, { "cve": "CVE-2025-15367", "url": "https://ubuntu.com/security/CVE-2025-15367", "cve_description": "The poplib module, when passed a user-controlled command, can have additional commands injected using newlines. Mitigation rejects commands containing control characters.", "cve_priority": "medium", "cve_public_date": "2026-01-20 22:15:00 UTC" }, { "cve": "CVE-2026-0865", "url": "https://ubuntu.com/security/CVE-2026-0865", "cve_description": "User-controlled header names and values containing newlines can allow injecting HTTP headers.", "cve_priority": "medium", "cve_public_date": "2026-01-20 22:15:00 UTC" } ], "log": [ "", " * SECURITY REGRESSION: Revert patch for CVE-2025-15366", " - debian/patches/CVE-2025-15366.patch: Reverted. Patch breaks RFC", " 9051 IMAP conformance and introduces behavior regressions avoided", " by upstream.", " - CVE-2025-15366", " * SECURITY REGRESSION: Revert patch for CVE-2025-15367", " - debian/patches/CVE-2025-15367.patch: Reverted to prevent behavior", " regressions, aligning with upstream backporting decisions.", " - CVE-2025-15367", " * SECURITY REGRESSION: Allow HTAB in wsgiref header values", " - debian/patches/CVE-2026-0865-2.patch: Permit HTAB in header values", " (excluding names) in Lib/wsgiref/headers.py, add test coverage.", " - CVE-2026-0865", "" ], "package": "python3.10", "version": "3.10.12-1~22.04.15", "urgency": "medium", "distributions": "jammy-security", "launchpad_bugs_fixed": [], "author": "Vyom Yadav ", "date": "Tue, 03 Mar 2026 17:26:32 +0530" } ], "notes": null, "is_version_downgrade": false }, { "name": "python3.10-minimal", "from_version": { "source_package_name": "python3.10", "source_package_version": "3.10.12-1~22.04.14", "version": "3.10.12-1~22.04.14" }, "to_version": { "source_package_name": "python3.10", "source_package_version": "3.10.12-1~22.04.15", "version": "3.10.12-1~22.04.15" }, "cves": [ { "cve": "CVE-2025-15366", "url": "https://ubuntu.com/security/CVE-2025-15366", "cve_description": "The imaplib module, when passed a user-controlled command, can have additional commands injected using newlines. Mitigation rejects commands containing control characters.", "cve_priority": "medium", "cve_public_date": "2026-01-20 22:15:00 UTC" }, { "cve": "CVE-2025-15367", "url": "https://ubuntu.com/security/CVE-2025-15367", "cve_description": "The poplib module, when passed a user-controlled command, can have additional commands injected using newlines. Mitigation rejects commands containing control characters.", "cve_priority": "medium", "cve_public_date": "2026-01-20 22:15:00 UTC" }, { "cve": "CVE-2026-0865", "url": "https://ubuntu.com/security/CVE-2026-0865", "cve_description": "User-controlled header names and values containing newlines can allow injecting HTTP headers.", "cve_priority": "medium", "cve_public_date": "2026-01-20 22:15:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2025-15366", "url": "https://ubuntu.com/security/CVE-2025-15366", "cve_description": "The imaplib module, when passed a user-controlled command, can have additional commands injected using newlines. Mitigation rejects commands containing control characters.", "cve_priority": "medium", "cve_public_date": "2026-01-20 22:15:00 UTC" }, { "cve": "CVE-2025-15367", "url": "https://ubuntu.com/security/CVE-2025-15367", "cve_description": "The poplib module, when passed a user-controlled command, can have additional commands injected using newlines. Mitigation rejects commands containing control characters.", "cve_priority": "medium", "cve_public_date": "2026-01-20 22:15:00 UTC" }, { "cve": "CVE-2026-0865", "url": "https://ubuntu.com/security/CVE-2026-0865", "cve_description": "User-controlled header names and values containing newlines can allow injecting HTTP headers.", "cve_priority": "medium", "cve_public_date": "2026-01-20 22:15:00 UTC" } ], "log": [ "", " * SECURITY REGRESSION: Revert patch for CVE-2025-15366", " - debian/patches/CVE-2025-15366.patch: Reverted. Patch breaks RFC", " 9051 IMAP conformance and introduces behavior regressions avoided", " by upstream.", " - CVE-2025-15366", " * SECURITY REGRESSION: Revert patch for CVE-2025-15367", " - debian/patches/CVE-2025-15367.patch: Reverted to prevent behavior", " regressions, aligning with upstream backporting decisions.", " - CVE-2025-15367", " * SECURITY REGRESSION: Allow HTAB in wsgiref header values", " - debian/patches/CVE-2026-0865-2.patch: Permit HTAB in header values", " (excluding names) in Lib/wsgiref/headers.py, add test coverage.", " - CVE-2026-0865", "" ], "package": "python3.10", "version": "3.10.12-1~22.04.15", "urgency": "medium", "distributions": "jammy-security", "launchpad_bugs_fixed": [], "author": "Vyom Yadav ", "date": "Tue, 03 Mar 2026 17:26:32 +0530" } ], "notes": null, "is_version_downgrade": false }, { "name": "sosreport", "from_version": { "source_package_name": "sosreport", "source_package_version": "4.9.2-0ubuntu0~22.04.1", "version": "4.9.2-0ubuntu0~22.04.1" }, "to_version": { "source_package_name": "sosreport", "source_package_version": "4.10.2-0ubuntu0~22.04.1", "version": "4.10.2-0ubuntu0~22.04.1" }, "cves": [], "launchpad_bugs_fixed": [ 2136302 ], "changes": [ { "cves": [], "log": [ "", " * New 4.10.2 upstream release. (LP: #2136302)", "", " * For more details, full release note is available here:", " - https://github.com/sosreport/sos/releases/tag/4.10.2", "", " * d/control: Add gpg to Recommends so that we are able to encrypt and", " decrypt sos reports", "", " * d/copyright: Aligned copyright with upstream Debian", "", " * Former patch, now fixed:", " - d/p/0002-component-Grab-tmpdir-from-policy.patch", "", " * Remaining patches:", " - d/p/0001-debian-change-tmp-dir-location.patch", "" ], "package": "sosreport", "version": "4.10.2-0ubuntu0~22.04.1", "urgency": "medium", "distributions": "jammy", "launchpad_bugs_fixed": [ 2136302 ], "author": "Dan Emmons ", "date": "Fri, 19 Dec 2025 17:58:00 +0000" } ], "notes": null, "is_version_downgrade": false } ], "snap": [] }, "added": { "deb": [], "snap": [] }, "removed": { "deb": [], "snap": [] }, "notes": "Changelog diff for Ubuntu 22.04 jammy image from release image serial 20260223 to 20260311", "from_series": "jammy", "to_series": "jammy", "from_serial": "20260223", "to_serial": "20260311", "from_manifest_filename": "release_manifest.previous", "to_manifest_filename": "manifest.current" }