{ "summary": { "snap": { "added": [], "removed": [], "diff": [] }, "deb": { "added": [], "removed": [], "diff": [ "bsdextrautils", "bsdutils", "eject", "fdisk", "libblkid1:ppc64el", "libfdisk1:ppc64el", "libmount1:ppc64el", "libnss3:ppc64el", "libsmartcols1:ppc64el", "libuuid1:ppc64el", "mount", "util-linux", "uuid-runtime" ] } }, "diff": { "deb": [ { "name": "bsdextrautils", "from_version": { "source_package_name": "util-linux", "source_package_version": "2.39.1-4ubuntu2.1", "version": "2.39.1-4ubuntu2.1" }, "to_version": { "source_package_name": "util-linux", "source_package_version": "2.39.1-4ubuntu2.2", "version": "2.39.1-4ubuntu2.2" }, "cves": [ { "cve": "CVE-2024-28085", "url": "https://ubuntu.com/security/CVE-2024-28085", "cve_description": "wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users' terminals through argv. (Specifically, escape sequences received from stdin are blocked, but escape sequences received from argv are not blocked.) There may be plausible scenarios where this leads to account takeover.", "cve_priority": "medium", "cve_public_date": "2024-03-27 19:15:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2024-28085", "url": "https://ubuntu.com/security/CVE-2024-28085", "cve_description": "wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users' terminals through argv. (Specifically, escape sequences received from stdin are blocked, but escape sequences received from argv are not blocked.) There may be plausible scenarios where this leads to account takeover.", "cve_priority": "medium", "cve_public_date": "2024-03-27 19:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: Improper neutralization of escape sequences in wall", " - debian/rules: build with --disable-use-tty-group to properly remove", " setgid bit from both wall and write.", " - CVE-2024-28085", "" ], "package": "util-linux", "version": "2.39.1-4ubuntu2.2", "urgency": "medium", "distributions": "mantic-security", "launchpad_bugs_fixed": [], "author": "Marc Deslauriers ", "date": "Tue, 09 Apr 2024 11:31:56 -0400" } ], "notes": null }, { "name": "bsdutils", "from_version": { "source_package_name": "util-linux", "source_package_version": "2.39.1-4ubuntu2.1", "version": "1:2.39.1-4ubuntu2.1" }, "to_version": { "source_package_name": "util-linux", "source_package_version": "2.39.1-4ubuntu2.2", "version": "1:2.39.1-4ubuntu2.2" }, "cves": [ { "cve": "CVE-2024-28085", "url": "https://ubuntu.com/security/CVE-2024-28085", "cve_description": "wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users' terminals through argv. (Specifically, escape sequences received from stdin are blocked, but escape sequences received from argv are not blocked.) There may be plausible scenarios where this leads to account takeover.", "cve_priority": "medium", "cve_public_date": "2024-03-27 19:15:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2024-28085", "url": "https://ubuntu.com/security/CVE-2024-28085", "cve_description": "wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users' terminals through argv. (Specifically, escape sequences received from stdin are blocked, but escape sequences received from argv are not blocked.) There may be plausible scenarios where this leads to account takeover.", "cve_priority": "medium", "cve_public_date": "2024-03-27 19:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: Improper neutralization of escape sequences in wall", " - debian/rules: build with --disable-use-tty-group to properly remove", " setgid bit from both wall and write.", " - CVE-2024-28085", "" ], "package": "util-linux", "version": "2.39.1-4ubuntu2.2", "urgency": "medium", "distributions": "mantic-security", "launchpad_bugs_fixed": [], "author": "Marc Deslauriers ", "date": "Tue, 09 Apr 2024 11:31:56 -0400" } ], "notes": null }, { "name": "eject", "from_version": { "source_package_name": "util-linux", "source_package_version": "2.39.1-4ubuntu2.1", "version": "2.39.1-4ubuntu2.1" }, "to_version": { "source_package_name": "util-linux", "source_package_version": "2.39.1-4ubuntu2.2", "version": "2.39.1-4ubuntu2.2" }, "cves": [ { "cve": "CVE-2024-28085", "url": "https://ubuntu.com/security/CVE-2024-28085", "cve_description": "wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users' terminals through argv. (Specifically, escape sequences received from stdin are blocked, but escape sequences received from argv are not blocked.) There may be plausible scenarios where this leads to account takeover.", "cve_priority": "medium", "cve_public_date": "2024-03-27 19:15:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2024-28085", "url": "https://ubuntu.com/security/CVE-2024-28085", "cve_description": "wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users' terminals through argv. (Specifically, escape sequences received from stdin are blocked, but escape sequences received from argv are not blocked.) There may be plausible scenarios where this leads to account takeover.", "cve_priority": "medium", "cve_public_date": "2024-03-27 19:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: Improper neutralization of escape sequences in wall", " - debian/rules: build with --disable-use-tty-group to properly remove", " setgid bit from both wall and write.", " - CVE-2024-28085", "" ], "package": "util-linux", "version": "2.39.1-4ubuntu2.2", "urgency": "medium", "distributions": "mantic-security", "launchpad_bugs_fixed": [], "author": "Marc Deslauriers ", "date": "Tue, 09 Apr 2024 11:31:56 -0400" } ], "notes": null }, { "name": "fdisk", "from_version": { "source_package_name": "util-linux", "source_package_version": "2.39.1-4ubuntu2.1", "version": "2.39.1-4ubuntu2.1" }, "to_version": { "source_package_name": "util-linux", "source_package_version": "2.39.1-4ubuntu2.2", "version": "2.39.1-4ubuntu2.2" }, "cves": [ { "cve": "CVE-2024-28085", "url": "https://ubuntu.com/security/CVE-2024-28085", "cve_description": "wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users' terminals through argv. (Specifically, escape sequences received from stdin are blocked, but escape sequences received from argv are not blocked.) There may be plausible scenarios where this leads to account takeover.", "cve_priority": "medium", "cve_public_date": "2024-03-27 19:15:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2024-28085", "url": "https://ubuntu.com/security/CVE-2024-28085", "cve_description": "wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users' terminals through argv. (Specifically, escape sequences received from stdin are blocked, but escape sequences received from argv are not blocked.) There may be plausible scenarios where this leads to account takeover.", "cve_priority": "medium", "cve_public_date": "2024-03-27 19:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: Improper neutralization of escape sequences in wall", " - debian/rules: build with --disable-use-tty-group to properly remove", " setgid bit from both wall and write.", " - CVE-2024-28085", "" ], "package": "util-linux", "version": "2.39.1-4ubuntu2.2", "urgency": "medium", "distributions": "mantic-security", "launchpad_bugs_fixed": [], "author": "Marc Deslauriers ", "date": "Tue, 09 Apr 2024 11:31:56 -0400" } ], "notes": null }, { "name": "libblkid1:ppc64el", "from_version": { "source_package_name": "util-linux", "source_package_version": "2.39.1-4ubuntu2.1", "version": "2.39.1-4ubuntu2.1" }, "to_version": { "source_package_name": "util-linux", "source_package_version": "2.39.1-4ubuntu2.2", "version": "2.39.1-4ubuntu2.2" }, "cves": [ { "cve": "CVE-2024-28085", "url": "https://ubuntu.com/security/CVE-2024-28085", "cve_description": "wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users' terminals through argv. (Specifically, escape sequences received from stdin are blocked, but escape sequences received from argv are not blocked.) There may be plausible scenarios where this leads to account takeover.", "cve_priority": "medium", "cve_public_date": "2024-03-27 19:15:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2024-28085", "url": "https://ubuntu.com/security/CVE-2024-28085", "cve_description": "wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users' terminals through argv. (Specifically, escape sequences received from stdin are blocked, but escape sequences received from argv are not blocked.) There may be plausible scenarios where this leads to account takeover.", "cve_priority": "medium", "cve_public_date": "2024-03-27 19:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: Improper neutralization of escape sequences in wall", " - debian/rules: build with --disable-use-tty-group to properly remove", " setgid bit from both wall and write.", " - CVE-2024-28085", "" ], "package": "util-linux", "version": "2.39.1-4ubuntu2.2", "urgency": "medium", "distributions": "mantic-security", "launchpad_bugs_fixed": [], "author": "Marc Deslauriers ", "date": "Tue, 09 Apr 2024 11:31:56 -0400" } ], "notes": null }, { "name": "libfdisk1:ppc64el", "from_version": { "source_package_name": "util-linux", "source_package_version": "2.39.1-4ubuntu2.1", "version": "2.39.1-4ubuntu2.1" }, "to_version": { "source_package_name": "util-linux", "source_package_version": "2.39.1-4ubuntu2.2", "version": "2.39.1-4ubuntu2.2" }, "cves": [ { "cve": "CVE-2024-28085", "url": "https://ubuntu.com/security/CVE-2024-28085", "cve_description": "wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users' terminals through argv. (Specifically, escape sequences received from stdin are blocked, but escape sequences received from argv are not blocked.) There may be plausible scenarios where this leads to account takeover.", "cve_priority": "medium", "cve_public_date": "2024-03-27 19:15:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2024-28085", "url": "https://ubuntu.com/security/CVE-2024-28085", "cve_description": "wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users' terminals through argv. (Specifically, escape sequences received from stdin are blocked, but escape sequences received from argv are not blocked.) There may be plausible scenarios where this leads to account takeover.", "cve_priority": "medium", "cve_public_date": "2024-03-27 19:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: Improper neutralization of escape sequences in wall", " - debian/rules: build with --disable-use-tty-group to properly remove", " setgid bit from both wall and write.", " - CVE-2024-28085", "" ], "package": "util-linux", "version": "2.39.1-4ubuntu2.2", "urgency": "medium", "distributions": "mantic-security", "launchpad_bugs_fixed": [], "author": "Marc Deslauriers ", "date": "Tue, 09 Apr 2024 11:31:56 -0400" } ], "notes": null }, { "name": "libmount1:ppc64el", "from_version": { "source_package_name": "util-linux", "source_package_version": "2.39.1-4ubuntu2.1", "version": "2.39.1-4ubuntu2.1" }, "to_version": { "source_package_name": "util-linux", "source_package_version": "2.39.1-4ubuntu2.2", "version": "2.39.1-4ubuntu2.2" }, "cves": [ { "cve": "CVE-2024-28085", "url": "https://ubuntu.com/security/CVE-2024-28085", "cve_description": "wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users' terminals through argv. (Specifically, escape sequences received from stdin are blocked, but escape sequences received from argv are not blocked.) There may be plausible scenarios where this leads to account takeover.", "cve_priority": "medium", "cve_public_date": "2024-03-27 19:15:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2024-28085", "url": "https://ubuntu.com/security/CVE-2024-28085", "cve_description": "wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users' terminals through argv. (Specifically, escape sequences received from stdin are blocked, but escape sequences received from argv are not blocked.) There may be plausible scenarios where this leads to account takeover.", "cve_priority": "medium", "cve_public_date": "2024-03-27 19:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: Improper neutralization of escape sequences in wall", " - debian/rules: build with --disable-use-tty-group to properly remove", " setgid bit from both wall and write.", " - CVE-2024-28085", "" ], "package": "util-linux", "version": "2.39.1-4ubuntu2.2", "urgency": "medium", "distributions": "mantic-security", "launchpad_bugs_fixed": [], "author": "Marc Deslauriers ", "date": "Tue, 09 Apr 2024 11:31:56 -0400" } ], "notes": null }, { "name": "libnss3:ppc64el", "from_version": { "source_package_name": "nss", "source_package_version": "2:3.92-1", "version": "2:3.92-1" }, "to_version": { "source_package_name": "nss", "source_package_version": "2:3.98-0ubuntu0.23.10.1", "version": "2:3.98-0ubuntu0.23.10.1" }, "cves": [ { "cve": "CVE-2023-5388", "url": "https://ubuntu.com/security/CVE-2023-5388", "cve_description": "NSS was susceptible to a timing side-channel attack when performing RSA decryption. This attack could potentially allow an attacker to recover the private data. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9.", "cve_priority": "medium", "cve_public_date": "2024-03-19 12:15:00 UTC" }, { "cve": "CVE-2023-6135", "url": "https://ubuntu.com/security/CVE-2023-6135", "cve_description": "Multiple NSS NIST curves were susceptible to a side-channel attack known as \"Minerva\". This attack could potentially allow an attacker to recover the private key. This vulnerability affects Firefox < 121.", "cve_priority": "medium", "cve_public_date": "2023-12-19 14:15:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2023-5388", "url": "https://ubuntu.com/security/CVE-2023-5388", "cve_description": "NSS was susceptible to a timing side-channel attack when performing RSA decryption. This attack could potentially allow an attacker to recover the private data. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9.", "cve_priority": "medium", "cve_public_date": "2024-03-19 12:15:00 UTC" }, { "cve": "CVE-2023-6135", "url": "https://ubuntu.com/security/CVE-2023-6135", "cve_description": "Multiple NSS NIST curves were susceptible to a side-channel attack known as \"Minerva\". This attack could potentially allow an attacker to recover the private key. This vulnerability affects Firefox < 121.", "cve_priority": "medium", "cve_public_date": "2023-12-19 14:15:00 UTC" } ], "log": [ "", " * Updated to upstream 3.98 to fix security issues and get a new CA", " certificate bundle.", " - CVE-2023-5388: timing issue in RSA operations", " - CVE-2023-6135: side-channel in multiple NSS NIST curves", " * debian/libnss3.symbols: added new symbol.", "" ], "package": "nss", "version": "2:3.98-0ubuntu0.23.10.1", "urgency": "medium", "distributions": "mantic-security", "launchpad_bugs_fixed": [], "author": "Marc Deslauriers ", "date": "Thu, 21 Mar 2024 09:44:10 -0400" } ], "notes": null }, { "name": "libsmartcols1:ppc64el", "from_version": { "source_package_name": "util-linux", "source_package_version": "2.39.1-4ubuntu2.1", "version": "2.39.1-4ubuntu2.1" }, "to_version": { "source_package_name": "util-linux", "source_package_version": "2.39.1-4ubuntu2.2", "version": "2.39.1-4ubuntu2.2" }, "cves": [ { "cve": "CVE-2024-28085", "url": "https://ubuntu.com/security/CVE-2024-28085", "cve_description": "wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users' terminals through argv. (Specifically, escape sequences received from stdin are blocked, but escape sequences received from argv are not blocked.) There may be plausible scenarios where this leads to account takeover.", "cve_priority": "medium", "cve_public_date": "2024-03-27 19:15:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2024-28085", "url": "https://ubuntu.com/security/CVE-2024-28085", "cve_description": "wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users' terminals through argv. (Specifically, escape sequences received from stdin are blocked, but escape sequences received from argv are not blocked.) There may be plausible scenarios where this leads to account takeover.", "cve_priority": "medium", "cve_public_date": "2024-03-27 19:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: Improper neutralization of escape sequences in wall", " - debian/rules: build with --disable-use-tty-group to properly remove", " setgid bit from both wall and write.", " - CVE-2024-28085", "" ], "package": "util-linux", "version": "2.39.1-4ubuntu2.2", "urgency": "medium", "distributions": "mantic-security", "launchpad_bugs_fixed": [], "author": "Marc Deslauriers ", "date": "Tue, 09 Apr 2024 11:31:56 -0400" } ], "notes": null }, { "name": "libuuid1:ppc64el", "from_version": { "source_package_name": "util-linux", "source_package_version": "2.39.1-4ubuntu2.1", "version": "2.39.1-4ubuntu2.1" }, "to_version": { "source_package_name": "util-linux", "source_package_version": "2.39.1-4ubuntu2.2", "version": "2.39.1-4ubuntu2.2" }, "cves": [ { "cve": "CVE-2024-28085", "url": "https://ubuntu.com/security/CVE-2024-28085", "cve_description": "wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users' terminals through argv. (Specifically, escape sequences received from stdin are blocked, but escape sequences received from argv are not blocked.) There may be plausible scenarios where this leads to account takeover.", "cve_priority": "medium", "cve_public_date": "2024-03-27 19:15:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2024-28085", "url": "https://ubuntu.com/security/CVE-2024-28085", "cve_description": "wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users' terminals through argv. (Specifically, escape sequences received from stdin are blocked, but escape sequences received from argv are not blocked.) There may be plausible scenarios where this leads to account takeover.", "cve_priority": "medium", "cve_public_date": "2024-03-27 19:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: Improper neutralization of escape sequences in wall", " - debian/rules: build with --disable-use-tty-group to properly remove", " setgid bit from both wall and write.", " - CVE-2024-28085", "" ], "package": "util-linux", "version": "2.39.1-4ubuntu2.2", "urgency": "medium", "distributions": "mantic-security", "launchpad_bugs_fixed": [], "author": "Marc Deslauriers ", "date": "Tue, 09 Apr 2024 11:31:56 -0400" } ], "notes": null }, { "name": "mount", "from_version": { "source_package_name": "util-linux", "source_package_version": "2.39.1-4ubuntu2.1", "version": "2.39.1-4ubuntu2.1" }, "to_version": { "source_package_name": "util-linux", "source_package_version": "2.39.1-4ubuntu2.2", "version": "2.39.1-4ubuntu2.2" }, "cves": [ { "cve": "CVE-2024-28085", "url": "https://ubuntu.com/security/CVE-2024-28085", "cve_description": "wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users' terminals through argv. (Specifically, escape sequences received from stdin are blocked, but escape sequences received from argv are not blocked.) There may be plausible scenarios where this leads to account takeover.", "cve_priority": "medium", "cve_public_date": "2024-03-27 19:15:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2024-28085", "url": "https://ubuntu.com/security/CVE-2024-28085", "cve_description": "wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users' terminals through argv. (Specifically, escape sequences received from stdin are blocked, but escape sequences received from argv are not blocked.) There may be plausible scenarios where this leads to account takeover.", "cve_priority": "medium", "cve_public_date": "2024-03-27 19:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: Improper neutralization of escape sequences in wall", " - debian/rules: build with --disable-use-tty-group to properly remove", " setgid bit from both wall and write.", " - CVE-2024-28085", "" ], "package": "util-linux", "version": "2.39.1-4ubuntu2.2", "urgency": "medium", "distributions": "mantic-security", "launchpad_bugs_fixed": [], "author": "Marc Deslauriers ", "date": "Tue, 09 Apr 2024 11:31:56 -0400" } ], "notes": null }, { "name": "util-linux", "from_version": { "source_package_name": "util-linux", "source_package_version": "2.39.1-4ubuntu2.1", "version": "2.39.1-4ubuntu2.1" }, "to_version": { "source_package_name": "util-linux", "source_package_version": "2.39.1-4ubuntu2.2", "version": "2.39.1-4ubuntu2.2" }, "cves": [ { "cve": "CVE-2024-28085", "url": "https://ubuntu.com/security/CVE-2024-28085", "cve_description": "wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users' terminals through argv. (Specifically, escape sequences received from stdin are blocked, but escape sequences received from argv are not blocked.) There may be plausible scenarios where this leads to account takeover.", "cve_priority": "medium", "cve_public_date": "2024-03-27 19:15:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2024-28085", "url": "https://ubuntu.com/security/CVE-2024-28085", "cve_description": "wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users' terminals through argv. (Specifically, escape sequences received from stdin are blocked, but escape sequences received from argv are not blocked.) There may be plausible scenarios where this leads to account takeover.", "cve_priority": "medium", "cve_public_date": "2024-03-27 19:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: Improper neutralization of escape sequences in wall", " - debian/rules: build with --disable-use-tty-group to properly remove", " setgid bit from both wall and write.", " - CVE-2024-28085", "" ], "package": "util-linux", "version": "2.39.1-4ubuntu2.2", "urgency": "medium", "distributions": "mantic-security", "launchpad_bugs_fixed": [], "author": "Marc Deslauriers ", "date": "Tue, 09 Apr 2024 11:31:56 -0400" } ], "notes": null }, { "name": "uuid-runtime", "from_version": { "source_package_name": "util-linux", "source_package_version": "2.39.1-4ubuntu2.1", "version": "2.39.1-4ubuntu2.1" }, "to_version": { "source_package_name": "util-linux", "source_package_version": "2.39.1-4ubuntu2.2", "version": "2.39.1-4ubuntu2.2" }, "cves": [ { "cve": "CVE-2024-28085", "url": "https://ubuntu.com/security/CVE-2024-28085", "cve_description": "wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users' terminals through argv. (Specifically, escape sequences received from stdin are blocked, but escape sequences received from argv are not blocked.) There may be plausible scenarios where this leads to account takeover.", "cve_priority": "medium", "cve_public_date": "2024-03-27 19:15:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2024-28085", "url": "https://ubuntu.com/security/CVE-2024-28085", "cve_description": "wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users' terminals through argv. (Specifically, escape sequences received from stdin are blocked, but escape sequences received from argv are not blocked.) There may be plausible scenarios where this leads to account takeover.", "cve_priority": "medium", "cve_public_date": "2024-03-27 19:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: Improper neutralization of escape sequences in wall", " - debian/rules: build with --disable-use-tty-group to properly remove", " setgid bit from both wall and write.", " - CVE-2024-28085", "" ], "package": "util-linux", "version": "2.39.1-4ubuntu2.2", "urgency": "medium", "distributions": "mantic-security", "launchpad_bugs_fixed": [], "author": "Marc Deslauriers ", "date": "Tue, 09 Apr 2024 11:31:56 -0400" } ], "notes": null } ], "snap": [] }, "added": { "deb": [], "snap": [] }, "removed": { "deb": [], "snap": [] }, "notes": "Changelog diff for Ubuntu 23.10 mantic image from release image serial 20240410 to 20240412.1", "from_series": "mantic", "to_series": "mantic", "from_serial": "20240410", "to_serial": "20240412.1", "from_manifest_filename": "release_manifest.previous", "to_manifest_filename": "manifest.current" }