JFIF   ( %!1!%)+...383,7(-.+  ++-+++++-++-++--+--+-+-------+-++-+--+---+++--+7+-+"F!1AQaq"2BRb#3Sr$CDsT&!Q1Aa"2Rbq ?򉄘ǷLR HR,nNb .&W)fJbMOYxj-\bT2(4CQ"qiC/ " %0Jl"e2V  0SDd2@TV^{cW&F͉x9#l,.XɳvRZ C8S 6ml!@!E! `FS!M #(d)Q lml1ml Ų&x(ʨ2NFmj@D<dN5UN˄uTB emLAy#` ` ` I!I 6āHBxL & J#7BQ.$hv h q+tC"EJ) 8R e2U2Y@j%6PF^4LnNBp"8)4JI-ֲvK ^؊)hz[T5˗",Rҥf8ڤS4ʘ!`D ` X+ L,(hl)*S##`6[`0*L T H*HA@I&&r1kr*r*)N$#L  1#ZFSl `[( ("((he`4 Ch [="A R / 0I`twCDcWh"i) cLad\BcLKHZ"ZEW$Ƚ@A~i^`S *A&h:+c Y6vϕGClRPs.`H`(@<$qDe pL@DpLX, E2MP A  `II m& AQ "AT rbg# g2!SiLj*3L \ G;TFL`K BMy 2S`YLh1 d >-"ZfD^Q DH" RAbEV#Lfq,(rETp64-IJ!*p4F$q;G8DQ/TKP2$jp3KW]FtLtƉ1ol]VBgػJH6 )h61GJR7Nj.Z4piJRDd]t]0dP]:N.b'⹙SvDSz]L,_#ugT&[~?cS^"{Bh{/=ۑxOk̳O59o dar793`)SeYM@\ "$E(Tm&)N2Ih)F5EDed(FS,Pa @!@#@lea HCD$11jCLJqcod S3yd*,lL+QEfsgW1nw)cT#dS HXkFJB"6(ʝH)H"#EZh:Y`khݳh%Sc<mlAko2]gDqQtro=3OƸU9_-t8UvW3sGəg*#:c)><"wc\ASmT|6Ę>9~#1Ƈ~ڒE1vVi# I MM#u$8W 5ǍfƬΜg*Qpi1ȩFOf۔S,/⎯(Lrմ`(Z LsbA \6 6dm[I=!r:REI.wgzG)ԇSbӑxuׇTyyL^e'x^ty4Z&eB]I|v59Jjhm;Ng񷫳n<ϞҼѝjk;׹DlY^ҍ\+x9V!j([cmS.NO6jxNζrm&oײizT$N>?~ Sl-:iڥk\at#E!CL`.O0a*w/WV7/r)DŽt7'Nĵ#7O1 ]{[/-2bA<$&Gm_4t)_>)mjG;V^'k59o>ɌM,ؾf9z6 4v_3T.5V/RD-5 %T5XTޫ4TaZ`U *ƱUƲ UG"5+sJJ2E9#܎kr2G3Bb,XM6H: ?@p!'\4V02aԙ) hbZ]:` ev3ʘ'}!ohȒ*TJjr[RFyQ*#{h{R]J]Lr-.D-.җfo$D ?X0%~1P.Og{cWϫ22&Ϭ_V.W3nmiOl}+!˫#`kR33aUb0-g:qmsέ+0HO|&nhOn+}n5QF_"gvLm/z'+r'n_oC语i|1}Gi|}_D~9JZ_%DVQp\koۅjAs~/c0ksUJi^W9W5!>?O:q|ˣSIB/&K<(lg(%Wg$|LW7vߤW߇q|jef3D H\S6(eJb*@&sTKTW/*@v:.N- @ITʓ1Zg&-eꓝM r]EMס{q$b]'7Z7N:O~lNlP7iͲk)$O^퉢<YSD*hr'Z#5e6t[Fdh AJǔP9P 1\R).Il+jI*,(ܢ22N*OwKFX gc?\mB7iA+εe8 "ġ/p5pW-$މ-[a 5ViAW/V{/&UsF./՞ҕ*)rZg.^_+gt_z-oAbqQn*WlHyZ*\TaEewlLR3ԹȭN}MM}aih"5ܕRT$:~'TcT|*)xGC>n+r{XU xuF"<~67у'fxlf`r3D*#Z1ђfH`2dIWo/qB| 63xxW6^m%Kvg>\>x>!H5Nr8J/FJ9Wx(Hou" S'kWاC\9ְ#^OaҮ+~gnkuЉ,aWU*1 읍jnb|e= :2.UL`Q}YS&gI.c=a`%j:C%2@^>])25/ܙ<lzwɛ)ݣS4h3=J tyϬ.E7 8ڞGZu\_JHsݢϑ}IZ"ӳ=X<Ɖ2{a:{7L+>V}c)*lo Yv&+|L;>+/Sj26K+澡*;>-s"}M2] Ig5aCL*r"&\} #^R.7_Mgf}.ߌy(}Z\gP&ʠHj%</{.]rߙQ`>;5g;u6dԛ %xb|oՋTJ5Ϥ(]XqP>f{Jk2,8'~ZU6tMQsg XKg^2ϓ3},[wo۴I|ܷ%[Ol\Pkr]Y//cg6U⧻/VПi8ys_n<\~cze!!H~x;QJZKȮ^ȧG|cS~8ji,Fo+,y~?pk)u /in3JmkX(Mj1N 4c Epc>BO *LfQO&` c;LjcYf 1ɻ)CLsY^Y5" lP/wuEln&dav,(;'W9ej ku`-KHI՟%ԁʁ 1\}?OjsF^Xn$Ё.օC>D:?I @aGE.ĩ1 $ et~T`߸Ir'RX.Zwc%~U=r>-UaFbǺ?R=Z?i'[ASS;siJrzy>nxu$[_B\4}:r'ҵj1_v-[;y?ֹ0I16 . M%4^!S&t ! h !zQð.bBT ?@]?CHq(rd!.$>/x+bnʎNN#w)` )*f!-ɂ\(طYLHzc`Uq7BfCcE0ԉ4Fم쏠ce5T r͸GVlФ?ѣ} mhrkly.Ts㷖)Mө S^%'g>wk%bP[}j~ǾV#K -Fgv켼ǨgɼeSz/6{M=BPZFu\Q75n3Iݤ.W9QfF{vJwF't[@iVj4G~KOnH߿_Do=.c.One?E+GfGN⧭H?4;u`ua|V-+j4?48n ɦ=-]puv&Jc}K>b%U x8pz6L8AXFsW]N55ҦbIWZQ7ï Ԗ3cjz匩ӺOTɖƴ%a'MI}cdR$ݚIζ̝ LIu>J3{^෠㜦˯xܿe\b"2y'x{ RDW b+o2KFhR0:U늞En>լRӉt Iڹ\ wշQEv"v;EJ)yl[5:F0=b4,\PqKtv4{bQz:>C7"8W#Zjdd| cjz%K %Z 9dD{=NFʳAƩtI)kS*s$`:A\ʬ*ֹ9{Nl|eJ١rQnM%z_#x_•TO><)kyD %GN<~y>vfǧB)F)c\lې(#\ h`fgfjTBdhhHL2Y0^ Y0^-"D!QaI15 m~ gՒd|;#gMn(P$l H.R2^PU")pN` N8󫅂OJ;^jz\uumJMF|ηq[]$Vrrt:Q^;QPkHՠ{]HwˆMuIr7!r&- j%"9LtUb56+^TWBqdhHAD7 HwKH^F3LIq #hK`]IWKiH?کǴeԥQ>g{^q^>HKoOB||8aݏS}{S_]ϸ/X~ܵw'OSPAf֩ܟ[>7 @[ֵ;G߇QU*Cթ *OKU^zz[fRnpcJX9u<iq8B]u8 ]I,;[G#2W.¸D8rPG Y%PBJ= wo;PJgx6;yB`3zZGPAͫy{5Nb_re*ONHR]Ji)U{Ӓ:qqɏ[mB4࢒I$ 2vpBADY`DIVAn"Bh$&&cMbdB 鮆wHR'E(ѸZA*H~{B M҅n\@N{7ISCp Vd( r+bg|ns:qg:|J|ɪV.UVaAS͓FyRuLѦT騬 `3􏳕{eo/Tz8DkW?,cl~TqLne֠[B*D +t 6˦S;5KjV3e WBrT.XSHm sl5F%NGM`Y )": J!W4]HTrPX2 QYɕ\m2VLd+`,^ѺiPztUGY6+cӧ6] U%u/ˈFOiB*nFF#ұJ Z/c')?Q͟5.8E~G6e<\?}GkhMFUظOqhEA - "`dQ#(4Ԧf VLmc@q5J8K; M^JZnn)9Zm\ qIJqS: i[9~Oaƒ]Z4F&+666( N]쁼LM(oyvUI/Χ[ھ]hTˉG".SeYgu;hRDtڬv=5 ׁqMS\Ȭi5D]1$*0UL1QY`QdLb[+z9";'yi`OT/4{@EZ'Y0>4I*d nM#5hі.vrM[]Ä;]\ʦS,叕DQZq0fӌI͋]TNK"#;?F;aURx_4WDm+F*0XJE@){ 1R-E2(@Qh l D rT.Q;[J;[`30`ɀ 2#=JeSsxRjG=`H rLJ@ Y$JaB2/x( "Id'6O0CI$:Ol+}I>[L|iK+]ZrH*2Aʶ uHRd)OrrbSx=5dmue1neܬ"e>Lw94勲u ҏ_4GuоJw]QtgSk(qW(6h|v= 1=P/\YZ|R>"*5W/ίR'o %R$5= .!VIRMf4*aR5nv% Usj:V Lj]Bn/TZ&.2„ܒBP)aYRʌW!#ErGf';tW$czI*\KI,c7Zc-ўj|p+-ђ{eg 2;R_{VLM]7sؒFmԻy853gҾqJG!E̤ӏqzs༿? U#R)ŧU(,>,&,-^e^۔.b EW^n<)\9.QeJuFiSh2"EL8yeCKQD\5R,D5.P]c1STt*ZFJ.T:N #%]M}khOe(͓iEMsɆ3( YF<"Ly^*[ry6.ɸm k݊iT%nM8 $Q#F# q 1*?% iS^4oܗ wWPS,aNޖxOxڽqp#F6&o,7LJuMΤK(Td{U Ƹf|q5U{3[FLNK6ӵQY5+'>Q3FSk).&:5z yZq/*q$d+Ge+$lO@Nڤy5eBvˌ䖥shS:JksgksF ꧸oi-FYxy9[Vȼĝ'_.[y2U*c?E+:TsWՀgOS> z75>ncߏ-Kz8ԋ,Ϧ70Z9_1h$Xiu10)0$+$! qsE4wRkh2*T.s%DH:`:=k.'WB{ ȮRGҷ7чVg)CHS}1ݍԳۂ<8g_4y*-Ml\]mZT)mJ~|k<6zWjf4'*u%RNRȉZA) .VLtp 4 V&mtJ#l˅;&{]8>TmhoLXOeD^_J>]jsSej﫦iOM SK([!Vc5zn-A@p]Ӄ \3kmK>#-sܧ?NLar@Js?…Xldny]݌E5•9.8hh69#7js׳R,'pqt:kgPhRԄ+ՕG9}="ֲ\kǁm R73pg$t3+o |o\]'ee5ɐ.7ѐ|ZعSF{qkx5-$Q h5*1yM$ 7)hJ2Kg`-hn*>)EYDIkBpȩAzfǪ>7O K#lߤg]:u~huُ۵u}(mjGIj܏6ES~/5CiRy|kVKGBޭ3;w /jꏈUu>iƪi:WRo'yr4C/?c:w!?\'?#Q:>u/?uEeuG*xY2)?־CAr*23_ץ}գk1%(_ _6aԗ _4 $ϗ+ϫɆzǾIgu?Y<#_xS>i\uɇ۽r}[ͫyRoWCC!H,iD։"Cj5 4] cTk2YZRBvRY~FqQt^RO-g"QP]Ih/t:ljs YӹqI] wqXp KV+8j} uu8PGP&zF:;8+ Sx9(. Q}:ƻWr,Ũ*'shfƧ-6__5,DH{* qp묘G MA}QRe{dyMucǨɾ7߈Avϩe͜jmUi p3\5,ާbf:o+7#ܾ~iU#up=}˄k{NV8m!ҌiptޜBvKi}!ש3UK)`igӞVMR'J[ky~g&6vǍ7ķ>uXd(3瓓[]QTTqnͮz1~_͓k俸0~Z1գ =18cL 5^lf^k^<ҲJɬcC-[^;J8j_q=WpeA_6 4.Ntc>Sv2Jf;G8. 5[,;ArSTˬmpmzjGe EoǩOgDWaGhz<|kT\$Q=u/ci˜S mN&Ok~'0,a} s + NC-G'(*>vw~&*wYG Ŷ K-L/$߮l/A/^:Z@X- Q-D2`@M2+w$Q"胊"47&+Dh'9Y* L7VhT+ -?K]Ik \Ϣgy) s v z)Z ˦2&ލ OjmG9@8F_u䊜r>3K%Yg-FFI]e+Kxkzװy"\Q4Ri'0+P=V&Sw3N/U|UEt*uS c M*tsBE 2ʃ@Kir(˫LRr璜Zy@].%NbXvz덟 hӰNMe#|g͒po9^licxB[e' {U? mlt%?霋ǒxZc X]ϗ15SeE{-Ӕi~DƯO|ë5a@G=%<ƧAs*+tzo, IpȔ|:X6J3Z5JXd]2 3%v*GvE@(S&SX7D0^{5t Z{ﮄsh- ]ɑqEV=^Ki9äBtI@&pEg*O<`F-}ǎ51H,<~qibQѓɳx#l$G9td1U+Sq%B[jOq+^ޏ7K >YY  $KK{*˝e"|$g"6v,,9.DaA,qэI~ܨ|kdv; hz2]x5{M5M~yלqTzUl9Mӏ.WVnkun !jzKO!v|& ;gۇ2BrI閵C tqHe[Zkގ=Q;OԶiᵞBcIU eN cOGz S__>.hNgG6).J$_Taѯ5^LqeB]O?A]H;ò{^0ٺuޚxB|:q'xu4"9Ο7k^eZ_fQOmzm̗{c3ٵKO|m*ek(8"yO(ٵ{LJb2Ǩkgg1_/qrDՆ[_l\ I~Bsc/x ),,̿@PFޞ>O)<<=5m=^x6}~6qoYGޣiY{uN+<,CǚwVxe~c!,5R4u/9In=G•^PF6ɼM򿶤$"\|78ؖYU cXFOKc4s-=6O<;.ϴ޶$q>e? qY}StirX?e/&R'ʑ[ѯMi{?8\g^>\!-VZCf.ȾzRWMh_{^H)mz}V%չM.EJUz7z>ZW6\BW~:W3!S_4~m ǚ! ;VeGKFڵ858Buj:ZZ(/H׭eav!$gpLV)țAJO~YBꤞ厅XJdjg{hR9~_f '5U+}W5%ZjzgTtozYD @%JK\qymeЪKIIp"xoz\B1$G)8Ԅ Jeyc".yyVBR-%BEA-k^Luj cYwԄ%X!e-4ZRḡlJvYsB԰˗0?RM\TlaߏVu4BmY!UyYylgd!m2$i=[hN,6)_~7͖CDF2zÕ{?l;Hܲk׋!/XAłrCXEI{]P[e! ?%Ktqܱ5! jַĞ*TvAG)fuxTҖV7~ 4=r! ob%jTwU$Bnqed䤿@0P&V]HJ)^YrޯĿbsY8=1! n}UD*7uƫi~!s[W{V9J;~Ӯ|[3s۷dڔIj?qJ'O,IkE]G(5\ۖ7)-g,ŶǗ=~e>k쐁%(g˦o[fxN_baGBm:܆VGЗ,G_D!/og,ҢVܤ_iS_~@ SkidSec Webshell

SkidSec WebShell

Server Address : 172.31.38.4

Web Server : Apache/2.4.58 (Ubuntu)

Uname : Linux ip-172-31-38-4 6.14.0-1017-aws #17~24.04.1-Ubuntu SMP Wed Nov 5 10:48:17 UTC 2025 x86_64

PHP Version : 7.4.33



Current Path : /snap/core22/2193/usr/share/doc/



Current File : //snap/core22/2193/usr/share/doc/ChangeLog
05/11/2025, commit https://github.com/canonical/core-base/tree/e66d98a0d2aa893b0907dd3bbe9db09c3d274c5d

[ Changes in the core22 snap ]

Philip Meulengracht (1):
      github: add fips release builds (#378)

[ Changes in primed packages ]

distro-info-data (built from distro-info-data) updated from 0.52ubuntu0.9 to 0.52ubuntu0.11:

  distro-info-data (0.52ubuntu0.11) jammy; urgency=medium

    * ubuntu.csv: remove eol-legacy field from resolute
      This version of distro-info does not know about eol-legacy.

   -- Nick Rosbrook <enr0n@ubuntu.com>  Fri, 10 Oct 2025 11:59:51 -0400

  distro-info-data (0.52ubuntu0.10) jammy; urgency=medium

    * Add Ubuntu 26.04 LTS "Resolute Raccoon" (LP: #2126961)
    * Correct date for forky
    * Correct estimation for trixie ELTS EoL to 10 years total support.
    * Update the bookworm EoL

   -- Florent 'Skia' Jacquet <florent.jacquet@canonical.com>  Fri, 10 Oct 2025 11:33:51 +0100

libssh-4:amd64 (built from libssh) updated from 0.9.6-2ubuntu0.22.04.4 to 0.9.6-2ubuntu0.22.04.5:

  libssh (0.9.6-2ubuntu0.22.04.5) jammy-security; urgency=medium

    * SECURITY UPDATE: NULL pointer dereference
      - debian/patches/CVE-2025-8114.patch: sets rc to SSH_ERROR prior to goto
        error in ssh_make_sessionid() of src/kex.c.
      - CVE-2025-8114

   -- Ian Constantin <ian.constantin@canonical.com>  Wed, 29 Oct 2025 14:58:26 +0200

09/10/2025, commit https://github.com/canonical/core-base/tree/6174ae97e09857c5e7e38f2a0599c7d2940acddf

[ Changes in the core22 snap ]

No detected changes for the core22 snap

[ Changes in primed packages ]

cloud-init (built from cloud-init) updated from 25.1.4-0ubuntu0~22.04.1 to 25.2-0ubuntu1~22.04.1:

  cloud-init (25.2-0ubuntu1~22.04.1) jammy; urgency=medium

    * refresh patches
      - d/p/cli-retain-file-argument-as-main-cmd-arg.patch
      - d/p/deprecation-version-boundary.patch
      - d/p/grub-dpkg-support.patch
      - d/p/keep-dhclient-as-priority-client.patch
      - d/p/no-nocloud-network.patch
      - d/p/no-remove-networkd-online.patch
      - d/p/no-single-process.patch
      - d/p/retain-ec2-default-net-update-events.patch
      - d/p/retain-old-groups.patch
      - d/p/revert-551f560d-cloud-config-after-snap-seeding.patch
    * add d/p/strip-invalid-mtu.patch
      - Provides backwards compatibility for an other invalid
        MTU in a netplan config. (GH-6239)
    * Upstream snapshot based on 25.2. (LP: #2120495).
      List of changes from upstream can be found at
      https://raw.githubusercontent.com/canonical/cloud-init/25.2/ChangeLog

   -- James Falcon <james.falcon@canonical.com>  Tue, 12 Aug 2025 14:48:04 -0500

dpkg (built from dpkg) updated from 1.21.1ubuntu2.3 to 1.21.1ubuntu2.6:

  dpkg (1.21.1ubuntu2.6) jammy-security; urgency=medium

    [ Joy Latten ]
    * SECURITY UPDATE:
    - Fix cleanup for control member with restricted directories. LP: #2122053
    - Fixes CVE-2025-6297

   -- Serge Hallyn <serge.hallyn@ubuntu.com>  Tue, 09 Sep 2025 15:09:16 -0500

libssl3:amd64, openssl (built from openssl) updated from 3.0.2-0ubuntu1.19 to 3.0.2-0ubuntu1.20:

  openssl (3.0.2-0ubuntu1.20) jammy-security; urgency=medium

    * SECURITY UPDATE: Out-of-bounds read & write in RFC 3211 KEK Unwrap
      - debian/patches/CVE-2025-9230.patch: fix incorrect check of unwrapped
        key size in crypto/cms/cms_pwri.c.
      - CVE-2025-9230

   -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Thu, 18 Sep 2025 08:06:16 -0400

libpam-systemd:amd64, libsystemd0:amd64, libudev1:amd64, systemd, systemd-sysv, systemd-timesyncd, udev (built from systemd) updated from 249.11-0ubuntu3.16 to 249.11-0ubuntu3.17:

  systemd (249.11-0ubuntu3.17) jammy; urgency=medium

    [ Nick Rosbrook ]
    * initramfs-tools: copy hwdb.bin to initramfs (LP: #2112237)
    * d/t/tests-in-lxd: drop patching workaround (LP: #2115263)
      - d/t/control: add Depends: dnsmasq-base
        (Revealed by test progressing past previous failure)

    [ Chengen Du ]
    * core/device: fix devlink handling (LP: #2100252)

   -- Nick Rosbrook <enr0n@ubuntu.com>  Tue, 26 Aug 2025 11:23:06 -0400

wpasupplicant (built from wpa) updated from 2:2.10-6ubuntu2.2 to 2:2.10-6ubuntu2.3:

  wpa (2:2.10-6ubuntu2.3) jammy; urgency=medium

    * Bump DEFAULT_BSS_MAX_COUNT to 1000 (LP: #2117180)

   -- Mitchell Augustin <mitchell.augustin@canonical.com>  Mon, 21 Jul 2025 18:13:31 -0500

23/09/2025, commit https://github.com/canonical/core-base/tree/6174ae97e09857c5e7e38f2a0599c7d2940acddf

[ Changes in the core22 snap ]

No detected changes for the core22 snap

[ Changes in primed packages ]

libc-bin, libc6:amd64, libc6:i386 (built from glibc) updated from 2.35-0ubuntu3.10 to 2.35-0ubuntu3.11:

  glibc (2.35-0ubuntu3.11) jammy-security; urgency=medium

    * SECURITY UPDATE: double-free in regcomp function
      - debian/patches/any/CVE-2025-8058.patch: fix double-free after
        allocation failure in regcomp in posix/Makefile, posix/regcomp.c,
        posix/tst-regcomp-bracket-free.c.
      - CVE-2025-8058

   -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Wed, 17 Sep 2025 11:26:08 -0400

22/08/2025, commit https://github.com/canonical/core-base/tree/6174ae97e09857c5e7e38f2a0599c7d2940acddf

[ Changes in the core22 snap ]

Alfonso Sánchez-Beato (3):
      .github/workflows: add release-manual action
      .github/workflows/tests.yaml: make sure to run on spread-enabled runners
      many: ser snap version from date tag if present

[ Changes in primed packages ]

gcc-12-base:amd64, gcc-12-base:i386, libgcc-s1:amd64, libgcc-s1:i386, libstdc++6:amd64 (built from gcc-12) updated from 12.3.0-1ubuntu1~22.04 to 12.3.0-1ubuntu1~22.04.2:

  gcc-12 (12.3.0-1ubuntu1~22.04.2) jammy-security; urgency=medium

    * SECURITY UPDATE: A missed hardening option in -fstack-protector for AArch64
      can lead to buffer overflows for dynamically allocated local variables 
      not being detected. (LP: #2054343)
      - d/p/CVE-2023-4039.diff: Address stack protector and stack clash
        protection weaknesses on AArch64. Taken from the gcc-12 branch. 
      - CVE-2023-4039
    * Move allocator base to avoid conflict with high-entropy ASLR for x86-64
      Linux. Patch taken from LLVM. Fixes ftbfs. (LP: #2107313)
      - d/p/lp2107313-asan-allocator-base.diff
    * aarch64: Fix loose ldpstp check. (LP: #2116909)
      - d/p/lp2116909-aarch64-fix-loose-ldpstp-check.diff

   -- Gerald Yang <gerald.yang@canonical.com>  Tue, 15 Jul 2025 03:45:40 +0000

libglib2.0-0:amd64 (built from glib2.0) updated from 2.72.4-0ubuntu2.5 to 2.72.4-0ubuntu2.6:

  glib2.0 (2.72.4-0ubuntu2.6) jammy; urgency=medium

    * Fix crash due to infinite recursion in MIME subclassing (LP: #2097496)

   -- Alessandro Astone <alessandro.astone@canonical.com>  Fri, 20 Jun 2025 15:38:50 +0200

libpython3.10-minimal:amd64, libpython3.10-stdlib:amd64, python3.10, python3.10-minimal (built from python3.10) updated from 3.10.12-1~22.04.10 to 3.10.12-1~22.04.11:

  python3.10 (3.10.12-1~22.04.11) jammy-security; urgency=medium

    * SECURITY UPDATE: Regular expression denial of service.
      - debian/patches/CVE-2025-6069.patch: Improve regex parsing in
        Lib/html/parser.py.
      - CVE-2025-6069
    * SECURITY UPDATE: Infinite loop when parsing tar archives.
      - debian/patches/CVE-2025-8194.patch: Raise exception when count < 0 in
        Lib/tarfile.py.
      - CVE-2025-8194

   -- Hlib Korzhynskyy <hlib.korzhynskyy@canonical.com>  Fri, 15 Aug 2025 12:02:43 -0230

30/07/2025, commit https://git.launchpad.net/snap-core22/tree/5915fa29307f6839820c681cf666367c164d1088

[ Changes in the core22 snap ]

No detected changes for the core22 snap

[ Changes in primed packages ]

cloud-init (built from cloud-init) updated from 25.1.2-0ubuntu0~22.04.2 to 25.1.4-0ubuntu0~22.04.1:

  cloud-init (25.1.4-0ubuntu0~22.04.1) jammy-security; urgency=medium

    * refresh patches:
      - d/p/revert-usr-lib-systemd-units.patch
    * Upstream snapshot based on 25.1.4.
      List of changes from upstream can be found at
      https://raw.githubusercontent.com/canonical/cloud-init/25.1.4/ChangeLog
      - Bugs fixed in this snapshot:
        + fix: disable cloud-init when non-x86 environments have no DMI-data
          and no strict datasources detected (LP: #2069607) (CVE-2024-6174)

   -- Chad Smith <chad.smith@canonical.com>  Tue, 24 Jun 2025 15:15:25 -0600

  cloud-init (25.1.3-0ubuntu0~22.04.1) jammy-security; urgency=medium

    * d/cloud-init-base.postinst: move existing hotplug-cmd fifo to root-only
      share dir (CVE-2024-11584)
    * Upstream security bugfix release based on 25.1.3.
      List of changes from upstream can be found at
      https://raw.githubusercontent.com/canonical/cloud-init/25.1.3/ChangeLog
      - Bugs fixed in this snapshot:
      - security: make hotplug socket only writable by root (LP: #2114229)
        (CVE-2024-11584)
      - security: make ds-identify behavior strict datasource discovery on
        non-x86 platforms without DMI data (LP: #2069607) (CVE-2024-6174)

   -- Chad Smith <chad.smith@canonical.com>  Thu, 12 Jun 2025 20:28:18 -0600

gnutls-bin, libgnutls30:amd64 (built from gnutls28) updated from 3.7.3-4ubuntu1.6 to 3.7.3-4ubuntu1.7:

  gnutls28 (3.7.3-4ubuntu1.7) jammy-security; urgency=medium

    * SECURITY UPDATE: double-free via otherName in the SAN
      - debian/patches/CVE-2025-32988.patch: avoid double free when exporting
        othernames in SAN in lib/x509/extensions.c.
      - CVE-2025-32988
    * SECURITY UPDATE: OOB read via malformed length field in SCT extension
      - debian/patches/CVE-2025-32989.patch: fix read buffer overrun in SCT
        timestamps in lib/x509/x509_ext.c.
      - CVE-2025-32989
    * SECURITY UPDATE: heap write overflow in certtool via invalid template
      - debian/patches/CVE-2025-32990.patch: avoid 1-byte write buffer
        overrun when parsing template in src/certtool-cfg.c,
        tests/cert-tests/Makefile.am, tests/cert-tests/template-test.sh,
        tests/cert-tests/templates/template-too-many-othernames.tmpl.
      - CVE-2025-32990
    * SECURITY UPDATE: NULL deref via missing PSK in TLS 1.3 handshake
      - debian/patches/CVE-2025-6395.patch: clear HSK_PSK_SELECTED when
        resetting binders in lib/handshake.c, lib/state.c, tests/Makefile.am,
        tests/tls13/hello_retry_request_psk.c.
      - CVE-2025-6395

   -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Fri, 11 Jul 2025 09:13:17 -0400

iputils-ping (built from iputils) updated from 3:20211215-1 to 3:20211215-1ubuntu0.1:

  iputils (3:20211215-1ubuntu0.1) jammy-security; urgency=medium

    * SECURITY UPDATE: DoS via crafted ICMP Echo Reply packet
      - debian/patches/CVE-2025-47268: fix signed 64-bit integer overflow in
        RTT calculation in iputils_common.h, ping/ping_common.c.
      - debian/patches/CVE-2025-48964.patch: fix moving average rtt
        calculation in iputils_common.h, ping/ping.h, ping/ping_common.c.
      - CVE-2025-47268
      - CVE-2025-48964

   -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Thu, 24 Jul 2025 07:51:44 -0400

perl-base (built from perl) updated from 5.34.0-3ubuntu1.4 to 5.34.0-3ubuntu1.5:

  perl (5.34.0-3ubuntu1.5) jammy-security; urgency=medium

    * SECURITY UPDATE: threads race condition in file operations
      - debian/patches/fixes/CVE-2025-40909-metaconfig.diff: check for
        fdopendir in regen-configure/U/perl/d_fdopendir.U.
      - debian/patches/fixes/CVE-2025-40909-1.diff: clone dirhandles without
        fchdir in Configure, Cross/config.sh-arm-linux,
        Cross/config.sh-arm-linux-n770, Porting/Glossary, Porting/config.sh,
        config_h.SH, configure.com, plan9/config_sh.sample, sv.c,
        t/op/threads-dirh.t, win32/config.gc, win32/config.vc.
      - debian/patches/fixes/CVE-2025-40909-2.diff: minor corrections in
        Cross/config.sh-arm-linux, Cross/config.sh-arm-linux-n770,
        config_h.SH,plan9/config_sh.sample.
      - debian/patches/fixes/CVE-2025-40909-3.diff: use PerlLIO_dup_cloexec
        in Perl_dirp_dup to set O_CLOEXEC in sv.c.
      - debian/patches/fixes/CVE-2025-40909-metaconfig-reorder.diff: slightly
        reorder Configure and config_h.SH to match metaconfig output in
        Configure, config_h.SH.
      - debian/patches/fixes/CVE-2025-40909-generated.diff: update generated
        files and checksums in uconfig.sh, uconfig64.sh, uconfig.h,
        NetWare/config.wc.
      - CVE-2025-40909

   -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Fri, 25 Jul 2025 13:26:40 -0400

libsqlite3-0:amd64 (built from sqlite3) updated from 3.37.2-2ubuntu0.4 to 3.37.2-2ubuntu0.5:

  sqlite3 (3.37.2-2ubuntu0.5) jammy-security; urgency=medium

    * SECURITY UPDATE: Memory corruption via number of aggregate terms
      - debian/patches/CVE-2025-6965.patch: raise an error right away if the
        number of aggregate terms in a query exceeds the maximum number of
        columns in src/expr.c, src/sqliteInt.h.
      - CVE-2025-6965

   -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Fri, 18 Jul 2025 11:17:24 -0400

08/07/2025, commit https://git.launchpad.net/snap-core22/tree/5915fa29307f6839820c681cf666367c164d1088

[ Changes in the core22 snap ]

Philip Meulengracht (1):
      tools: aggregate old changelogs

[ Changes in primed packages ]

gpgv (built from gnupg2) updated from 2.2.27-3ubuntu2.3 to 2.2.27-3ubuntu2.4:

  gnupg2 (2.2.27-3ubuntu2.4) jammy-security; urgency=medium

    * debian/patches/fix-key-validity-regression-due-to-CVE-2025-
      30258.patch:
      - Fix a key validity regression following patches for CVE-2025-30258,
        causing trusted "certify-only" primary keys to be ignored when checking
        signature on user IDs and computing key validity. This regression makes
        imported keys signed by a trusted "certify-only" key have an unknown
        validity (LP: #2114775).

   -- dcpi <dcpi@u22vm>  Wed, 25 Jun 2025 13:54:28 +0000

libssh-4:amd64 (built from libssh) updated from 0.9.6-2ubuntu0.22.04.3 to 0.9.6-2ubuntu0.22.04.4:

  libssh (0.9.6-2ubuntu0.22.04.4) jammy-security; urgency=medium

    * SECURITY UPDATE: Write beyond bounds in binary to base64 conversion
      functions
      - debian/patches/CVE-2025-4877.patch: prevent integer overflow and
        potential OOB.
      - CVE-2025-4877
    * SECURITY UPDATE: Use of uninitialized variable in
      privatekey_from_file()
      - debian/patches/CVE-2025-4878-1.patch: initialize pointers where
        possible.
      - debian/patches/CVE-2025-4878-2.patch: properly check return value to
        avoid NULL pointer dereference.
      - CVE-2025-4878
    * SECURITY UPDATE: OOB read in sftp_handle function
      - debian/patches/CVE-2025-5318.patch: fix possible buffer overrun.
      - CVE-2025-5318
    * SECURITY UPDATE: ssh_kdf() returns a success code on certain failures
      - debian/patches/CVE-2025-5372-pre1.patch: Reformat ssh_kdf().
      - debian/patches/CVE-2025-5372.patch: simplify error checking and
        handling of return codes in ssh_kdf().
      - CVE-2025-5372
    * SECURITY UPDATE: Missing packet filter may expose to variant of
      Terrapin attack
      - debian/patches/missing_packet_filter.patch: implement missing packet
        filter for DH GEX.
      - No CVE number

   -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Wed, 02 Jul 2025 14:48:47 -0400

libpam-modules-bin, libpam-modules:amd64, libpam-runtime, libpam0g:amd64 (built from pam) updated from 1.4.0-11ubuntu2.5 to 1.4.0-11ubuntu2.6:

  pam (1.4.0-11ubuntu2.6) jammy-security; urgency=medium

    * SECURITY UPDATE: privilege escalation via pam_namespace
      - debian/patches-applied/pam_namespace_170.patch: sync pam_namespace
        module to version 1.7.0.
      - debian/patches-applied/pam_namespace_post170-*.patch: add post-1.7.0
        changes from upstream git tree.
      - debian/patches-applied/pam_namespace_revert_abi.patch: revert ABI
        change to prevent unintended issues in running daemons.
      - debian/patches-applied/CVE-2025-6020-1.patch: fix potential privilege
        escalation.
      - debian/patches-applied/CVE-2025-6020-2.patch: add flags to indicate
        path safety.
      - debian/patches-applied/CVE-2025-6020-3.patch: secure_opendir: do not
        look at the group ownership.
      - debian/patches-applied/CVE-2024-22365.patch: removed, included in
        patch cluster above.
      - CVE-2025-6020

   -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Thu, 12 Jun 2025 10:45:28 -0400

python3-urllib3 (built from python-urllib3) updated from 1.26.5-1~exp1ubuntu0.2 to 1.26.5-1~exp1ubuntu0.3:

  python-urllib3 (1.26.5-1~exp1ubuntu0.3) jammy-security; urgency=medium

    * SECURITY UPDATE: Information disclosure through improperly disabled
      redirects.
      - debian/patches/CVE-2025-50181.patch: Add "retries" check and set retries
        to Retry.from_int(retries, redirect=False) as well as set
        raise_on_redirect in ./src/urllib3/poolmanager.py.
      - CVE-2025-50181

   -- Hlib Korzhynskyy <hlib.korzhynskyy@canonical.com>  Mon, 23 Jun 2025 17:07:25 -0230

libpython3.10-minimal:amd64, libpython3.10-stdlib:amd64, python3.10, python3.10-minimal (built from python3.10) updated from 3.10.12-1~22.04.9 to 3.10.12-1~22.04.10:

  python3.10 (3.10.12-1~22.04.10) jammy-security; urgency=medium

    * SECURITY UPDATE: incorrect address list folding
      - debian/patches/CVE-2025-1795-1.patch: don't encode list separators in
        Lib/email/_header_value_parser.py,
        Lib/test/test_email/test__header_value_parser.py.
      - debian/patches/CVE-2025-1795-2.patch: fix AttributeError in the email
        module in Lib/email/_header_value_parser.py,
        Lib/test/test_email/test__header_value_parser.py.
      - CVE-2025-1795
    * SECURITY UPDATE: DoS via bytes.decode with unicode_escape
      - debian/patches/CVE-2025-4516.patch: fix use-after-free in the
        unicode-escape decoder with an error handler in
        Include/cpython/bytesobject.h, Include/cpython/unicodeobject.h,
        Lib/test/test_codeccallbacks.py, Lib/test/test_codecs.py,
        Objects/bytesobject.c, Objects/unicodeobject.c,
        Parser/string_parser.c.
      - CVE-2025-4516

   -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Tue, 27 May 2025 13:12:29 -0400

python3-requests (built from requests) updated from 2.25.1+dfsg-2ubuntu0.1 to 2.25.1+dfsg-2ubuntu0.3:

  requests (2.25.1+dfsg-2ubuntu0.3) jammy-security; urgency=medium

    * SECURITY UPDATE: Information Leak
      - debian/patches/CVE-2024-47081.patch: Only use hostname to do netrc
        lookup instead of netloc
      - CVE-2024-47081

   -- Bruce Cable <bruce.cable@canonical.com>  Wed, 11 Jun 2025 13:27:31 +1000

sudo (built from sudo) updated from 1.9.9-1ubuntu2.4 to 1.9.9-1ubuntu2.5:

  sudo (1.9.9-1ubuntu2.5) jammy-security; urgency=medium

    * SECURITY UPDATE: Local Privilege Escalation via host option
      - debian/patches/CVE-2025-32462.patch: only allow specifying a host
        when listing privileges.
      - CVE-2025-32462

   -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Wed, 25 Jun 2025 08:48:23 -0400

12/06/2025, commit https://git.launchpad.net/snap-core22/tree/7c3b8a59559a1d01f35830501a6ef478213ae767

[ Changes in the core22 snap ]

No detected changes for the core22 snap

[ Changes in primed packages ]

libapt-pkg6.0:amd64 (built from apt) updated from 2.4.13 to 2.4.14:

  apt (2.4.14) jammy; urgency=medium

    * Fix buffer overflow, stack overflow, exponential complexity in
      apt-ftparchive Contents generation (LP: #2083697)
      - ftparchive: Mystrdup: Add safety check and bump buffer size
      - ftparchive: contents: Avoid exponential complexity and overflows
      - test framework: Improve valgrind support
      - test: Check that apt-ftparchive handles deep paths
      - increase valgrind cleanliness to make the tests pass
        - pkgcachegen: Use placement new to construct header
        - Workaround valgrind "invalid read" in ExtractTar::Go by moving large
          buffer from stack to heap. The large buffer triggered some bugs in
          valgrind stack clash protection handling.

   -- Julian Andres Klode <juliank@ubuntu.com>  Tue, 22 Oct 2024 15:09:58 +0200

cloud-init (built from cloud-init) updated from 24.4.1-0ubuntu0~22.04.2 to 25.1.2-0ubuntu0~22.04.2:

  cloud-init (25.1.2-0ubuntu0~22.04.2) jammy; urgency=medium

    * New bugfix release. (LP: #2113797)
      - Revert relocation of systemd units and service files from /usr/lib
        back to /lib so debhelper correctly enables cloud-init services in
        postinst

   -- Chad Smith <chad.smith@canonical.com>  Mon, 09 Jun 2025 17:00:37 -0600

  cloud-init (25.1.2-0ubuntu0~22.04.1) jammy; urgency=medium

    * Upstream snapshot based on 25.1.2. (LP: #2104165).
      List of changes from upstream can be found at
      https://raw.githubusercontent.com/canonical/cloud-init/25.1.2/ChangeLog

   -- James Falcon <james.falcon@canonical.com>  Fri, 02 May 2025 12:47:51 -0500

  cloud-init (25.1.1-0ubuntu1~22.04.1) jammy; urgency=medium

    * Drop cpicks which are now upstream:
      - d/p/cpick-d75840be-fix-retry-AWS-hotplug-for-async-IMDS-5995
      - d/p/cpick-84806336-chore-Add-feature-flag-for-manual-network-waiting
      - d/p/cpick-c60771d8-test-pytestify-test_url_helper.py
      - d/p/cpick-8810a2dc-test-Remove-CiTestCase-from-test_url_helper.py
      - d/p/cpick-582f16c1-test-add-OauthUrlHelper-tests
      - d/p/cpick-9311e066-fix-Update-OauthUrlHelper-to-use-readurl-exception_cb
    * refresh patches
      - d/p/deprecation-version-boundary.patch
      - d/p/no-single-process.patch
      - d/p/retain-ec2-default-net-update-events.patch
      - d/p/revert-551f560d-cloud-config-after-snap-seeding.patch
    * sort hunks within all patches (--sort on quilt refresh)
    * d/cloud-init.templates:
      - Move VMware before OVF. See GH-4030
      - Enable CloudCIX by default
    * Upstream snapshot based on 25.1.1.
      List of changes from upstream can be found at
      https://raw.githubusercontent.com/canonical/cloud-init/25.1.1/ChangeLog

   -- Chad Smith <chad.smith@canonical.com>  Tue, 25 Mar 2025 10:33:28 -0600

python3-pkg-resources, python3-setuptools (built from setuptools) updated from 59.6.0-1.2ubuntu0.22.04.2 to 59.6.0-1.2ubuntu0.22.04.3:

  setuptools (59.6.0-1.2ubuntu0.22.04.3) jammy-security; urgency=medium

    * SECURITY UPDATE: path traversal vulnerability
      - debian/patches/CVE-2025-47273-pre1.patch: Extract
        _resolve_download_filename with test.
      - debian/patches/CVE-2025-47273.patch: Add a check to ensure the name
        resolves relative to the tmpdir.
      - CVE-2025-47273

   -- Fabian Toepfer <fabian.toepfer@canonical.com>  Wed, 28 May 2025 19:13:58 +0200

libpam-systemd:amd64, libsystemd0:amd64, libudev1:amd64, systemd, systemd-sysv, systemd-timesyncd, udev (built from systemd) updated from 249.11-0ubuntu3.15 to 249.11-0ubuntu3.16:

  systemd (249.11-0ubuntu3.16) jammy-security; urgency=medium

    * SECURITY UPDATE: race condition in systemd-coredump
      - debian/patches/CVE_2025_4598_1.patch: coredump: get rid of
        _META_MANDATORY_MAX.
      - debian/patches/CVE_2025_4598_2.patch: coredump: use %d in kernel core
        pattern.
      - debian/patches/CVE_2025_4598_3.patch: coredump: get rid of a bogus
        assertion.
      - CVE-2025-4598

   -- Octavio Galland <octavio.galland@canonical.com>  Wed, 04 Jun 2025 11:17:43 -0300