Ubuntu
dotnet6 package

  1. Bug #1999549
  2. Comment #7

Comment 7 for bug 1999549

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package dotnet6 - 6.0.113-0ubuntu1~22.04.1

---------------
dotnet6 (6.0.113-0ubuntu1~22.04.1) jammy-security; urgency=medium

  * New upstream release.
  * SECURITY UPDATE: denial of service
    - CVE-2023-21538: Parsing an empty HTTP response as a JSON.NET JObject
      causes a stack overflow and crashes a process.

 -- Ian Constantin <email address hidden> Mon, 09 Jan 2023 22:04:18 +0200