{ "summary": { "snap": { "added": [], "removed": [], "diff": [] }, "deb": { "added": [ "netplan-generator", "python3-netplan" ], "removed": [], "diff": [ "libnetplan0", "libpolkit-agent-1-0", "libpolkit-gobject-1-0", "netplan.io", "pkexec", "polkitd", "xxd" ] } }, "diff": { "deb": [ { "name": "libnetplan0", "from_version": { "source_package_name": "netplan.io", "source_package_version": "0.106.1-7ubuntu0.22.04.4", "version": "0.106.1-7ubuntu0.22.04.4" }, "to_version": { "source_package_name": "netplan.io", "source_package_version": "0.107.1-3ubuntu0.22.04.3", "version": "0.107.1-3ubuntu0.22.04.3" }, "cves": [ { "cve": "CVE-2022-4968", "url": "https://ubuntu.com/security/CVE-2022-4968", "cve_description": "netplan leaks the private key of wireguard to local users. Versions after 1.0 are not affected.", "cve_priority": "medium", "cve_public_date": "2024-06-07 01:15:00 UTC" } ], "launchpad_bugs_fixed": [ 2139598, 1988018, 2020409, 2058031 ], "changes": [ { "cves": [], "log": [ "", " * debian/patches/lp2139598-execute-udev-rules-before-sriov-apply-service.patch:", " execute udev rules before starting sriov apply service (LP: #2139598)", "" ], "package": "netplan.io", "version": "0.107.1-3ubuntu0.22.04.3", "urgency": "medium", "distributions": "jammy", "launchpad_bugs_fixed": [ 2139598 ], "author": "Robert Malz ", "date": "Tue, 03 Mar 2026 12:18:29 +0100" }, { "cves": [], "log": [ "", " * debian/patches/lp1988018: VF-LAG activation", " Fixes the order in which SR-IOV configuration is performed and", " cooperates with VF-LAG activation (LP: #1988018).", " * debian/patches/lp2020409:", " Enables setting the embedded-switch mode without having to define", " virtual functions (LP: #2020409).", " * debian/libnetplan0.symbols: New symbol _netplan_netdef_get_bond_mode.", "" ], "package": "netplan.io", "version": "0.107.1-3ubuntu0.22.04.2", "urgency": "medium", "distributions": "jammy", "launchpad_bugs_fixed": [ 1988018, 2020409 ], "author": "Danilo Egea Gondolfo ", "date": "Mon, 07 Oct 2024 10:57:38 +0100" }, { "cves": [ { "cve": "CVE-2022-4968", "url": "https://ubuntu.com/security/CVE-2022-4968", "cve_description": "netplan leaks the private key of wireguard to local users. Versions after 1.0 are not affected.", "cve_priority": "medium", "cve_public_date": "2024-06-07 01:15:00 UTC" } ], "log": [ "", " * Backport netplan.io 0.107.1-3 to 22.04 (LP: #2058031):", " - Support for \"dummy\" (`dummy-devices`) interfaces (LP: 1774203) (!361)", " - Support for \"veth\" (`virtual-ethernets`) interfaces (!368)", " - Add Python bindings for libnetplan (!385)", " - netplan: Handle command exceptions (!334)", " - WPA3 (personal) support (LP: 2023238) (!369)", " - Add all the commands to the bash completion file (LP: 1749869) (!326)", " - New submodule for state manipulation (!379)", " - commands/status: show routes from all routing tables (!390)", " - cli:status: Make rich pretty printing optional (!388)", " - libnetplan: expose dhcp4 and dhcp6 properties (!394)", " - Expose macaddress and DNS configuration from the netdef (!395)", " - libnetplan: expose the routes list in the netdef (!397)", " - NetworkManager: Wireguard private key flag support (!371)", " - Add a netplan_parser_load_keyfile() Python binding (!351)", " - keyfile parser: add support for all tunnel types (LP: 2016473) (!360)", " - parse-nm:wg: add support for reading the listen-port property (!372)", " - parse-nm: add support for VRF devices (!398)", " - Vlan keyfile parser support (!370)", " - Netplan docs rework (!333 & !337)", " - docs: Add a short netplan-everywhere howto (!325)", " - doc: make us of sphinx copybutton plugin (!354)", " - doc: Add Ubuntu Code of Conduct 2.0 (!355)", " - doc: Explanation about 00-network-manager-all.yaml (!378)", " - wifi: add support for WPA3-Enterprise (LP: 2029876) (!402)", " - wifi: support WPA2 and WPA3 Personal simultaneously (!404)", " - added mii-monitor-interval example (!411)", " - docs: Add \"Contribute Documentation\" how-to", " - auth: add support for LEAP and EAP-PWD (!415)", " - tests: Add autopkgtest for (LP: 1959570) (!419)", " - wifi: make it possible to have a psk and an eap password simultaneously", " (!416)", " - doc: Set-up some basic Doxygen project (!423)", " - doc: Make Sphinx to handle autodoxygen project, using breathe (!423)", " - doc: create libnetplan apidoc structure (!423)", " - inc: Start documenting public API (!423)", " - doc: Update 'Netplan everywhere' for 23.10 (!418)", " SECURITY UPDATE: weak permissions on secret files, command injection", " - d/p/lp2065738/0014-libnetplan-use-more-restrictive-file-permissions.patch:", " Use more restrictive file permissions to prevent unprivileged users to", " read sensitive data from back end files (LP: 2065738, 1987842)", " - CVE-2022-4968", " - d/p/lp2066258/0015-libnetplan-escape-control-characters.patch:", " Escape control characters in the parser and double quotes in backend", " files.", " - d/p/lp2066258/0016-backends-escape-file-paths.patch:", " Escape special characters in file paths.", " - d/p/lp2066258/0017-backends-escape-semicolons-in-service-units.patch:", " Escape isolated semicolons in systemd service units. (LP: 2066258)", " - debian/netplan-generator.postinst: Add a postinst maintainer script to", " call the generator. It's needed so the file permissions fixes will be", " applied automatically.", " Bug fixes:", " - Fix FTBFS on Fedora and refresh RPM packaging (!323)", " - parser: validate lacp-rate properly (LP: 1745648) (!324)", " - use meson-make-symlink.sh helper instead of install_symlink() (!327)", " - netplan: cli: fix typo from 'unkown' to 'unknown' (!328)", " - Handle duplication during parser second pass (LP: 2007682) (!329)", " - parse:ovs: Ignore deprecated OpenFlow1.6 protocol (LP: 1963735) (!332)", " - dbus: Build the copy path correctly (!331)", " - tests: add new spread based snapd integration test (!330)", " - Use controlled execution environment, to avoid failure if PATH is unset", " (LP: 1959570) (!336)", " - Some refactoring (!338)", " - netplan: adjust the maximum buffer size to 1MB (!340)", " - parse: use \"--\" with systemd-escape (!347)", " - docs: fix bridge parameters types and add examples (!346)", " - vrfs: skip policies parsing if list is NULL (LP: 2016427) (!341)", " - networkd: plug a memory leak (!344)", " - libnetplan: don't try to read from a NULL file (!342)", " - nm: return if write_routes() fails (!345)", " - parse: plug a memory leak (!348)", " - parse: set the backend on nm-devices to NM (!349)", " - parse: don't point to the wrong node on validation (!343)", " - rtd: set the OS and Python versions explicitly (!357)", " - Fix 8021x eap method parsing (LP: 2016625) (!358)", " - CI: update canonical/setup-lxd to v0.1.1 (!359)", " - CI: fix dch after adding the new 0.106.1 tag (!364)", " - Provide frequency to wpa_supplicant in adhoc mode (LP: 2020754) (!363)", " - Improve the coverage of the memory leak tests (!365)", " - Fix keyfile parsing of wireguard config (!366)", " - routes: fix metric rendering (LP: 2023681) (!367)", " - CI: add DebCI integration test (!362)", " - CI: initial NetworkManager autopkgtests (!374)", " - parse-nm: handle cloned-mac-address special cases (LP: 2026230) (!376)", " - Improve autopkgtest stability with systemd 253 & iproute 6.4 (!377)", " - Fixes for minor issues (!380)", " - tests:integration: Adopt for systemd v254 (Closes: #1041310) (!381)", " - parse: Downgrade NM passthrough warning to debug (!384)", " - Don't drop files with just global values (LP: 2027584) (!382)", " - Fixing Coverity issues (!383)", " - CLI: Refactoring to avoid namespace clash with public bindings (!387)", " - tests: fix test coverage report with newer python-coverage (!389)", " - github: add a scheduled action to run Coverity (!391)", " - github: only run the coverity workflow on our repository (!392)", " - Addressing a few issues found (!393)", " - Wireguard fixes (!352)", " - Fix a memory leak, an assert and an error message (!350)", " - ovs: don't allow peers with the same name (!353)", " - CI: make use of the canonical/setup-lxd action (!356)", " - test:ovs: Avoid NetworkManager taking contol, breaking a test", " - parse: allow COMMON_LINK_HANDLERS for VRFs (!401)", " - util: don't return a placeholder netdef in the iterator (!406)", " - tunnels/validation: do not error out if \"local\" is not defined (!407)", " - tests: add some integration tests without the local address (!407)", " - wireguard: ignore empty endpoints (LP: 2038811) (!414)", " - parse: improve the parsing of access-points (LP: 1809994) (!413)", " - wifi: replace the previously defined AP with the new one (!413)", " - doc: spelling check improvements (!417)", " - Fix permissions on folder '/run/NetworkManager/' (!422)", " - cli:try: avoid linting error for type hints (Closes: #1058524) (!422)", " - nm-parse: always read the PSK into the new psk variable (!416)", " - networkd: fix formatting (!424)", " - networkd: replace deprecated CriticalConnection= by KeepConfiguration=", " (!424)", " - networkd: move KeepConfiguration= into [Network] section", " - apply: bring \"lo\" back up if it's managed by NM (!408)", " - apply: don't assume the NM loopback connection is called \"lo\" (!408)", " Packaging restructuring:", " - Split netplan-generator into separate package to make the Python", " dependency optional.", " - Split python3-netplan bindings into a separate package", " * Add patches for bug fixes from netplan.io 1.0-1 and 1.0.1-1:", " - debian/patches/lp2041727:", " Check if ovsdb-server.service is active before displaying warning", " (LP: 2041727) (!421)", " - d/p/0004-tests-assert-generated-.service-files-in-assert_srio.patch,", " d/p/0005-tests-sriov-test-if-the-generated-netplan-rebind-ser.patch,", " d/p/0006-sriov-don-t-generate-duplicate-entries-in-the-rebind.patch:", " Don't generate duplicate entries in the netplan-sriov-rebind.service", " (!437)", " - d/p/0017-emitter-allow-unicode-characters-in-the-emitter.patch.", " Allow non-ascii characters in the YAML emitter (LP: 2071652) (!485).", " - d/p/0018-parse-do-not-escape-all-non-ascii-bytes.patch.", " Don't escape all non-ascii bytes (!486).", " * Drop patches not required for 22.04:", " - debian/patches/python-limited-stable-api.patch", " - d/p/sru-compat/0013-Keep-old-file-permission-for-backwards-compatibility.patch.", " From now on we want libnetplan to create files with tight permissions.", " * Add patches for SRU backwards compatibility:", " - 0014-Demote-lacp-rate-validation-error-to-warning-for-bac.patch:", " Convert the error to a warning in a new validation for the option", " 'lacp-rate' to prevent breaking existing setups", " * debian/control:", " - Drop python3-rich dependency to Suggests", " - Drop build dependency on systemd-dev", " * debian/netplan.io.preinst:", " - This preinst script is intended to cleanup the .pyc files from", " share/netplan/netplan. This directory is supposed to be removed after", " the upgrade from netplan.io 0.106.1 to 0.107.1, as the Python code", " was moved to it's own python3-netplan package, but it's left behind", " due to Python cached files.", " * Drop changes related to usr-merge and not required for 22.04", " - debian/netplan-generator.install", " - debian/netplan-generator.dirs", " - debian/netplan-generator.postinst", " - debian/netplan-generator.preinst", " * d/netplan-generator.lintian-overrides, d/netplan.io.lintian-overrides:", " - Drop overrides file. It wasn't really silencing any lintian warnings.", "" ], "package": "netplan.io", "version": "0.107.1-3ubuntu0.22.04.1", "urgency": "medium", "distributions": "jammy", "launchpad_bugs_fixed": [ 2058031 ], "author": "Danilo Egea Gondolfo ", "date": "Fri, 16 Aug 2024 17:59:32 +0100" } ], "notes": null, "is_version_downgrade": false }, { "name": "libpolkit-agent-1-0", "from_version": { "source_package_name": "policykit-1", "source_package_version": "0.105-33", "version": "0.105-33" }, "to_version": { "source_package_name": "policykit-1", "source_package_version": "0.105-33ubuntu0.1", "version": "0.105-33ubuntu0.1" }, "cves": [ { "cve": "CVE-2025-7519", "url": "https://ubuntu.com/security/CVE-2025-7519", "cve_description": "A flaw was found in polkit. When processing an XML policy with 32 or more nested elements in depth, an out-of-bounds write can be triggered. This issue can lead to a crash or other unexpected behavior, and arbitrary code execution is not discarded. To exploit this flaw, a high-privilege account is needed as it's required to place the malicious policy file properly.", "cve_priority": "low", "cve_public_date": "2025-07-14 14:15:00 UTC" }, { "cve": "CVE-2026-4897", "url": "https://ubuntu.com/security/CVE-2026-4897", "cve_description": "A flaw was found in polkit. A local user can exploit this by providing a specially crafted, excessively long input to the `polkit-agent-helper-1` setuid binary via standard input (stdin). This unbounded input can lead to an out-of-memory (OOM) condition, resulting in a Denial of Service (DoS) for the system.", "cve_priority": "medium", "cve_public_date": "2026-03-26 15:16:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2025-7519", "url": "https://ubuntu.com/security/CVE-2025-7519", "cve_description": "A flaw was found in polkit. When processing an XML policy with 32 or more nested elements in depth, an out-of-bounds write can be triggered. This issue can lead to a crash or other unexpected behavior, and arbitrary code execution is not discarded. To exploit this flaw, a high-privilege account is needed as it's required to place the malicious policy file properly.", "cve_priority": "low", "cve_public_date": "2025-07-14 14:15:00 UTC" }, { "cve": "CVE-2026-4897", "url": "https://ubuntu.com/security/CVE-2026-4897", "cve_description": "A flaw was found in polkit. A local user can exploit this by providing a specially crafted, excessively long input to the `polkit-agent-helper-1` setuid binary via standard input (stdin). This unbounded input can lead to an out-of-memory (OOM) condition, resulting in a Denial of Service (DoS) for the system.", "cve_priority": "medium", "cve_public_date": "2026-03-26 15:16:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: OOB write via nested elements in XML policy", " - debian/patches/CVE-2025-7519.patch: check depth in", " src/polkitbackend/polkitbackendactionpool.c.", " - CVE-2025-7519", " * SECURITY UPDATE: DoS via excessively long input", " - debian/patches/CVE-2026-4897.patch: fix getline() string overflow in", " src/polkitagent/polkitagenthelperprivate.c.", " - CVE-2026-4897", "" ], "package": "policykit-1", "version": "0.105-33ubuntu0.1", "urgency": "medium", "distributions": "jammy-security", "launchpad_bugs_fixed": [], "author": "Marc Deslauriers ", "date": "Fri, 10 Apr 2026 06:59:20 -0400" } ], "notes": null, "is_version_downgrade": false }, { "name": "libpolkit-gobject-1-0", "from_version": { "source_package_name": "policykit-1", "source_package_version": "0.105-33", "version": "0.105-33" }, "to_version": { "source_package_name": "policykit-1", "source_package_version": "0.105-33ubuntu0.1", "version": "0.105-33ubuntu0.1" }, "cves": [ { "cve": "CVE-2025-7519", "url": "https://ubuntu.com/security/CVE-2025-7519", "cve_description": "A flaw was found in polkit. When processing an XML policy with 32 or more nested elements in depth, an out-of-bounds write can be triggered. This issue can lead to a crash or other unexpected behavior, and arbitrary code execution is not discarded. To exploit this flaw, a high-privilege account is needed as it's required to place the malicious policy file properly.", "cve_priority": "low", "cve_public_date": "2025-07-14 14:15:00 UTC" }, { "cve": "CVE-2026-4897", "url": "https://ubuntu.com/security/CVE-2026-4897", "cve_description": "A flaw was found in polkit. A local user can exploit this by providing a specially crafted, excessively long input to the `polkit-agent-helper-1` setuid binary via standard input (stdin). This unbounded input can lead to an out-of-memory (OOM) condition, resulting in a Denial of Service (DoS) for the system.", "cve_priority": "medium", "cve_public_date": "2026-03-26 15:16:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2025-7519", "url": "https://ubuntu.com/security/CVE-2025-7519", "cve_description": "A flaw was found in polkit. When processing an XML policy with 32 or more nested elements in depth, an out-of-bounds write can be triggered. This issue can lead to a crash or other unexpected behavior, and arbitrary code execution is not discarded. To exploit this flaw, a high-privilege account is needed as it's required to place the malicious policy file properly.", "cve_priority": "low", "cve_public_date": "2025-07-14 14:15:00 UTC" }, { "cve": "CVE-2026-4897", "url": "https://ubuntu.com/security/CVE-2026-4897", "cve_description": "A flaw was found in polkit. A local user can exploit this by providing a specially crafted, excessively long input to the `polkit-agent-helper-1` setuid binary via standard input (stdin). This unbounded input can lead to an out-of-memory (OOM) condition, resulting in a Denial of Service (DoS) for the system.", "cve_priority": "medium", "cve_public_date": "2026-03-26 15:16:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: OOB write via nested elements in XML policy", " - debian/patches/CVE-2025-7519.patch: check depth in", " src/polkitbackend/polkitbackendactionpool.c.", " - CVE-2025-7519", " * SECURITY UPDATE: DoS via excessively long input", " - debian/patches/CVE-2026-4897.patch: fix getline() string overflow in", " src/polkitagent/polkitagenthelperprivate.c.", " - CVE-2026-4897", "" ], "package": "policykit-1", "version": "0.105-33ubuntu0.1", "urgency": "medium", "distributions": "jammy-security", "launchpad_bugs_fixed": [], "author": "Marc Deslauriers ", "date": "Fri, 10 Apr 2026 06:59:20 -0400" } ], "notes": null, "is_version_downgrade": false }, { "name": "netplan.io", "from_version": { "source_package_name": "netplan.io", "source_package_version": "0.106.1-7ubuntu0.22.04.4", "version": "0.106.1-7ubuntu0.22.04.4" }, "to_version": { "source_package_name": "netplan.io", "source_package_version": "0.107.1-3ubuntu0.22.04.3", "version": "0.107.1-3ubuntu0.22.04.3" }, "cves": [ { "cve": "CVE-2022-4968", "url": "https://ubuntu.com/security/CVE-2022-4968", "cve_description": "netplan leaks the private key of wireguard to local users. Versions after 1.0 are not affected.", "cve_priority": "medium", "cve_public_date": "2024-06-07 01:15:00 UTC" } ], "launchpad_bugs_fixed": [ 2139598, 1988018, 2020409, 2058031 ], "changes": [ { "cves": [], "log": [ "", " * debian/patches/lp2139598-execute-udev-rules-before-sriov-apply-service.patch:", " execute udev rules before starting sriov apply service (LP: #2139598)", "" ], "package": "netplan.io", "version": "0.107.1-3ubuntu0.22.04.3", "urgency": "medium", "distributions": "jammy", "launchpad_bugs_fixed": [ 2139598 ], "author": "Robert Malz ", "date": "Tue, 03 Mar 2026 12:18:29 +0100" }, { "cves": [], "log": [ "", " * debian/patches/lp1988018: VF-LAG activation", " Fixes the order in which SR-IOV configuration is performed and", " cooperates with VF-LAG activation (LP: #1988018).", " * debian/patches/lp2020409:", " Enables setting the embedded-switch mode without having to define", " virtual functions (LP: #2020409).", " * debian/libnetplan0.symbols: New symbol _netplan_netdef_get_bond_mode.", "" ], "package": "netplan.io", "version": "0.107.1-3ubuntu0.22.04.2", "urgency": "medium", "distributions": "jammy", "launchpad_bugs_fixed": [ 1988018, 2020409 ], "author": "Danilo Egea Gondolfo ", "date": "Mon, 07 Oct 2024 10:57:38 +0100" }, { "cves": [ { "cve": "CVE-2022-4968", "url": "https://ubuntu.com/security/CVE-2022-4968", "cve_description": "netplan leaks the private key of wireguard to local users. Versions after 1.0 are not affected.", "cve_priority": "medium", "cve_public_date": "2024-06-07 01:15:00 UTC" } ], "log": [ "", " * Backport netplan.io 0.107.1-3 to 22.04 (LP: #2058031):", " - Support for \"dummy\" (`dummy-devices`) interfaces (LP: 1774203) (!361)", " - Support for \"veth\" (`virtual-ethernets`) interfaces (!368)", " - Add Python bindings for libnetplan (!385)", " - netplan: Handle command exceptions (!334)", " - WPA3 (personal) support (LP: 2023238) (!369)", " - Add all the commands to the bash completion file (LP: 1749869) (!326)", " - New submodule for state manipulation (!379)", " - commands/status: show routes from all routing tables (!390)", " - cli:status: Make rich pretty printing optional (!388)", " - libnetplan: expose dhcp4 and dhcp6 properties (!394)", " - Expose macaddress and DNS configuration from the netdef (!395)", " - libnetplan: expose the routes list in the netdef (!397)", " - NetworkManager: Wireguard private key flag support (!371)", " - Add a netplan_parser_load_keyfile() Python binding (!351)", " - keyfile parser: add support for all tunnel types (LP: 2016473) (!360)", " - parse-nm:wg: add support for reading the listen-port property (!372)", " - parse-nm: add support for VRF devices (!398)", " - Vlan keyfile parser support (!370)", " - Netplan docs rework (!333 & !337)", " - docs: Add a short netplan-everywhere howto (!325)", " - doc: make us of sphinx copybutton plugin (!354)", " - doc: Add Ubuntu Code of Conduct 2.0 (!355)", " - doc: Explanation about 00-network-manager-all.yaml (!378)", " - wifi: add support for WPA3-Enterprise (LP: 2029876) (!402)", " - wifi: support WPA2 and WPA3 Personal simultaneously (!404)", " - added mii-monitor-interval example (!411)", " - docs: Add \"Contribute Documentation\" how-to", " - auth: add support for LEAP and EAP-PWD (!415)", " - tests: Add autopkgtest for (LP: 1959570) (!419)", " - wifi: make it possible to have a psk and an eap password simultaneously", " (!416)", " - doc: Set-up some basic Doxygen project (!423)", " - doc: Make Sphinx to handle autodoxygen project, using breathe (!423)", " - doc: create libnetplan apidoc structure (!423)", " - inc: Start documenting public API (!423)", " - doc: Update 'Netplan everywhere' for 23.10 (!418)", " SECURITY UPDATE: weak permissions on secret files, command injection", " - d/p/lp2065738/0014-libnetplan-use-more-restrictive-file-permissions.patch:", " Use more restrictive file permissions to prevent unprivileged users to", " read sensitive data from back end files (LP: 2065738, 1987842)", " - CVE-2022-4968", " - d/p/lp2066258/0015-libnetplan-escape-control-characters.patch:", " Escape control characters in the parser and double quotes in backend", " files.", " - d/p/lp2066258/0016-backends-escape-file-paths.patch:", " Escape special characters in file paths.", " - d/p/lp2066258/0017-backends-escape-semicolons-in-service-units.patch:", " Escape isolated semicolons in systemd service units. (LP: 2066258)", " - debian/netplan-generator.postinst: Add a postinst maintainer script to", " call the generator. It's needed so the file permissions fixes will be", " applied automatically.", " Bug fixes:", " - Fix FTBFS on Fedora and refresh RPM packaging (!323)", " - parser: validate lacp-rate properly (LP: 1745648) (!324)", " - use meson-make-symlink.sh helper instead of install_symlink() (!327)", " - netplan: cli: fix typo from 'unkown' to 'unknown' (!328)", " - Handle duplication during parser second pass (LP: 2007682) (!329)", " - parse:ovs: Ignore deprecated OpenFlow1.6 protocol (LP: 1963735) (!332)", " - dbus: Build the copy path correctly (!331)", " - tests: add new spread based snapd integration test (!330)", " - Use controlled execution environment, to avoid failure if PATH is unset", " (LP: 1959570) (!336)", " - Some refactoring (!338)", " - netplan: adjust the maximum buffer size to 1MB (!340)", " - parse: use \"--\" with systemd-escape (!347)", " - docs: fix bridge parameters types and add examples (!346)", " - vrfs: skip policies parsing if list is NULL (LP: 2016427) (!341)", " - networkd: plug a memory leak (!344)", " - libnetplan: don't try to read from a NULL file (!342)", " - nm: return if write_routes() fails (!345)", " - parse: plug a memory leak (!348)", " - parse: set the backend on nm-devices to NM (!349)", " - parse: don't point to the wrong node on validation (!343)", " - rtd: set the OS and Python versions explicitly (!357)", " - Fix 8021x eap method parsing (LP: 2016625) (!358)", " - CI: update canonical/setup-lxd to v0.1.1 (!359)", " - CI: fix dch after adding the new 0.106.1 tag (!364)", " - Provide frequency to wpa_supplicant in adhoc mode (LP: 2020754) (!363)", " - Improve the coverage of the memory leak tests (!365)", " - Fix keyfile parsing of wireguard config (!366)", " - routes: fix metric rendering (LP: 2023681) (!367)", " - CI: add DebCI integration test (!362)", " - CI: initial NetworkManager autopkgtests (!374)", " - parse-nm: handle cloned-mac-address special cases (LP: 2026230) (!376)", " - Improve autopkgtest stability with systemd 253 & iproute 6.4 (!377)", " - Fixes for minor issues (!380)", " - tests:integration: Adopt for systemd v254 (Closes: #1041310) (!381)", " - parse: Downgrade NM passthrough warning to debug (!384)", " - Don't drop files with just global values (LP: 2027584) (!382)", " - Fixing Coverity issues (!383)", " - CLI: Refactoring to avoid namespace clash with public bindings (!387)", " - tests: fix test coverage report with newer python-coverage (!389)", " - github: add a scheduled action to run Coverity (!391)", " - github: only run the coverity workflow on our repository (!392)", " - Addressing a few issues found (!393)", " - Wireguard fixes (!352)", " - Fix a memory leak, an assert and an error message (!350)", " - ovs: don't allow peers with the same name (!353)", " - CI: make use of the canonical/setup-lxd action (!356)", " - test:ovs: Avoid NetworkManager taking contol, breaking a test", " - parse: allow COMMON_LINK_HANDLERS for VRFs (!401)", " - util: don't return a placeholder netdef in the iterator (!406)", " - tunnels/validation: do not error out if \"local\" is not defined (!407)", " - tests: add some integration tests without the local address (!407)", " - wireguard: ignore empty endpoints (LP: 2038811) (!414)", " - parse: improve the parsing of access-points (LP: 1809994) (!413)", " - wifi: replace the previously defined AP with the new one (!413)", " - doc: spelling check improvements (!417)", " - Fix permissions on folder '/run/NetworkManager/' (!422)", " - cli:try: avoid linting error for type hints (Closes: #1058524) (!422)", " - nm-parse: always read the PSK into the new psk variable (!416)", " - networkd: fix formatting (!424)", " - networkd: replace deprecated CriticalConnection= by KeepConfiguration=", " (!424)", " - networkd: move KeepConfiguration= into [Network] section", " - apply: bring \"lo\" back up if it's managed by NM (!408)", " - apply: don't assume the NM loopback connection is called \"lo\" (!408)", " Packaging restructuring:", " - Split netplan-generator into separate package to make the Python", " dependency optional.", " - Split python3-netplan bindings into a separate package", " * Add patches for bug fixes from netplan.io 1.0-1 and 1.0.1-1:", " - debian/patches/lp2041727:", " Check if ovsdb-server.service is active before displaying warning", " (LP: 2041727) (!421)", " - d/p/0004-tests-assert-generated-.service-files-in-assert_srio.patch,", " d/p/0005-tests-sriov-test-if-the-generated-netplan-rebind-ser.patch,", " d/p/0006-sriov-don-t-generate-duplicate-entries-in-the-rebind.patch:", " Don't generate duplicate entries in the netplan-sriov-rebind.service", " (!437)", " - d/p/0017-emitter-allow-unicode-characters-in-the-emitter.patch.", " Allow non-ascii characters in the YAML emitter (LP: 2071652) (!485).", " - d/p/0018-parse-do-not-escape-all-non-ascii-bytes.patch.", " Don't escape all non-ascii bytes (!486).", " * Drop patches not required for 22.04:", " - debian/patches/python-limited-stable-api.patch", " - d/p/sru-compat/0013-Keep-old-file-permission-for-backwards-compatibility.patch.", " From now on we want libnetplan to create files with tight permissions.", " * Add patches for SRU backwards compatibility:", " - 0014-Demote-lacp-rate-validation-error-to-warning-for-bac.patch:", " Convert the error to a warning in a new validation for the option", " 'lacp-rate' to prevent breaking existing setups", " * debian/control:", " - Drop python3-rich dependency to Suggests", " - Drop build dependency on systemd-dev", " * debian/netplan.io.preinst:", " - This preinst script is intended to cleanup the .pyc files from", " share/netplan/netplan. This directory is supposed to be removed after", " the upgrade from netplan.io 0.106.1 to 0.107.1, as the Python code", " was moved to it's own python3-netplan package, but it's left behind", " due to Python cached files.", " * Drop changes related to usr-merge and not required for 22.04", " - debian/netplan-generator.install", " - debian/netplan-generator.dirs", " - debian/netplan-generator.postinst", " - debian/netplan-generator.preinst", " * d/netplan-generator.lintian-overrides, d/netplan.io.lintian-overrides:", " - Drop overrides file. It wasn't really silencing any lintian warnings.", "" ], "package": "netplan.io", "version": "0.107.1-3ubuntu0.22.04.1", "urgency": "medium", "distributions": "jammy", "launchpad_bugs_fixed": [ 2058031 ], "author": "Danilo Egea Gondolfo ", "date": "Fri, 16 Aug 2024 17:59:32 +0100" } ], "notes": null, "is_version_downgrade": false }, { "name": "pkexec", "from_version": { "source_package_name": "policykit-1", "source_package_version": "0.105-33", "version": "0.105-33" }, "to_version": { "source_package_name": "policykit-1", "source_package_version": "0.105-33ubuntu0.1", "version": "0.105-33ubuntu0.1" }, "cves": [ { "cve": "CVE-2025-7519", "url": "https://ubuntu.com/security/CVE-2025-7519", "cve_description": "A flaw was found in polkit. When processing an XML policy with 32 or more nested elements in depth, an out-of-bounds write can be triggered. This issue can lead to a crash or other unexpected behavior, and arbitrary code execution is not discarded. To exploit this flaw, a high-privilege account is needed as it's required to place the malicious policy file properly.", "cve_priority": "low", "cve_public_date": "2025-07-14 14:15:00 UTC" }, { "cve": "CVE-2026-4897", "url": "https://ubuntu.com/security/CVE-2026-4897", "cve_description": "A flaw was found in polkit. A local user can exploit this by providing a specially crafted, excessively long input to the `polkit-agent-helper-1` setuid binary via standard input (stdin). This unbounded input can lead to an out-of-memory (OOM) condition, resulting in a Denial of Service (DoS) for the system.", "cve_priority": "medium", "cve_public_date": "2026-03-26 15:16:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2025-7519", "url": "https://ubuntu.com/security/CVE-2025-7519", "cve_description": "A flaw was found in polkit. When processing an XML policy with 32 or more nested elements in depth, an out-of-bounds write can be triggered. This issue can lead to a crash or other unexpected behavior, and arbitrary code execution is not discarded. To exploit this flaw, a high-privilege account is needed as it's required to place the malicious policy file properly.", "cve_priority": "low", "cve_public_date": "2025-07-14 14:15:00 UTC" }, { "cve": "CVE-2026-4897", "url": "https://ubuntu.com/security/CVE-2026-4897", "cve_description": "A flaw was found in polkit. A local user can exploit this by providing a specially crafted, excessively long input to the `polkit-agent-helper-1` setuid binary via standard input (stdin). This unbounded input can lead to an out-of-memory (OOM) condition, resulting in a Denial of Service (DoS) for the system.", "cve_priority": "medium", "cve_public_date": "2026-03-26 15:16:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: OOB write via nested elements in XML policy", " - debian/patches/CVE-2025-7519.patch: check depth in", " src/polkitbackend/polkitbackendactionpool.c.", " - CVE-2025-7519", " * SECURITY UPDATE: DoS via excessively long input", " - debian/patches/CVE-2026-4897.patch: fix getline() string overflow in", " src/polkitagent/polkitagenthelperprivate.c.", " - CVE-2026-4897", "" ], "package": "policykit-1", "version": "0.105-33ubuntu0.1", "urgency": "medium", "distributions": "jammy-security", "launchpad_bugs_fixed": [], "author": "Marc Deslauriers ", "date": "Fri, 10 Apr 2026 06:59:20 -0400" } ], "notes": null, "is_version_downgrade": false }, { "name": "polkitd", "from_version": { "source_package_name": "policykit-1", "source_package_version": "0.105-33", "version": "0.105-33" }, "to_version": { "source_package_name": "policykit-1", "source_package_version": "0.105-33ubuntu0.1", "version": "0.105-33ubuntu0.1" }, "cves": [ { "cve": "CVE-2025-7519", "url": "https://ubuntu.com/security/CVE-2025-7519", "cve_description": "A flaw was found in polkit. When processing an XML policy with 32 or more nested elements in depth, an out-of-bounds write can be triggered. This issue can lead to a crash or other unexpected behavior, and arbitrary code execution is not discarded. To exploit this flaw, a high-privilege account is needed as it's required to place the malicious policy file properly.", "cve_priority": "low", "cve_public_date": "2025-07-14 14:15:00 UTC" }, { "cve": "CVE-2026-4897", "url": "https://ubuntu.com/security/CVE-2026-4897", "cve_description": "A flaw was found in polkit. A local user can exploit this by providing a specially crafted, excessively long input to the `polkit-agent-helper-1` setuid binary via standard input (stdin). This unbounded input can lead to an out-of-memory (OOM) condition, resulting in a Denial of Service (DoS) for the system.", "cve_priority": "medium", "cve_public_date": "2026-03-26 15:16:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2025-7519", "url": "https://ubuntu.com/security/CVE-2025-7519", "cve_description": "A flaw was found in polkit. When processing an XML policy with 32 or more nested elements in depth, an out-of-bounds write can be triggered. This issue can lead to a crash or other unexpected behavior, and arbitrary code execution is not discarded. To exploit this flaw, a high-privilege account is needed as it's required to place the malicious policy file properly.", "cve_priority": "low", "cve_public_date": "2025-07-14 14:15:00 UTC" }, { "cve": "CVE-2026-4897", "url": "https://ubuntu.com/security/CVE-2026-4897", "cve_description": "A flaw was found in polkit. A local user can exploit this by providing a specially crafted, excessively long input to the `polkit-agent-helper-1` setuid binary via standard input (stdin). This unbounded input can lead to an out-of-memory (OOM) condition, resulting in a Denial of Service (DoS) for the system.", "cve_priority": "medium", "cve_public_date": "2026-03-26 15:16:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: OOB write via nested elements in XML policy", " - debian/patches/CVE-2025-7519.patch: check depth in", " src/polkitbackend/polkitbackendactionpool.c.", " - CVE-2025-7519", " * SECURITY UPDATE: DoS via excessively long input", " - debian/patches/CVE-2026-4897.patch: fix getline() string overflow in", " src/polkitagent/polkitagenthelperprivate.c.", " - CVE-2026-4897", "" ], "package": "policykit-1", "version": "0.105-33ubuntu0.1", "urgency": "medium", "distributions": "jammy-security", "launchpad_bugs_fixed": [], "author": "Marc Deslauriers ", "date": "Fri, 10 Apr 2026 06:59:20 -0400" } ], "notes": null, "is_version_downgrade": false }, { "name": "xxd", "from_version": { "source_package_name": "vim", "source_package_version": "2:8.2.3995-1ubuntu2.26", "version": "2:8.2.3995-1ubuntu2.26" }, "to_version": { "source_package_name": "vim", "source_package_version": "2:8.2.3995-1ubuntu2.27", "version": "2:8.2.3995-1ubuntu2.27" }, "cves": [ { "cve": "CVE-2026-33412", "url": "https://ubuntu.com/security/CVE-2026-33412", "cve_description": "Vim is an open source, command line text editor. Prior to version 9.2.0202, a command injection vulnerability exists in Vim's glob() function on Unix-like systems. By including a newline character (\\n) in a pattern passed to glob(), an attacker may be able to execute arbitrary shell commands. This vulnerability depends on the user's 'shell' setting. This issue has been patched in version 9.2.0202.", "cve_priority": "medium", "cve_public_date": "2026-03-24 20:16:00 UTC" }, { "cve": "CVE-2026-34982", "url": "https://ubuntu.com/security/CVE-2026-34982", "cve_description": "Vim is an open source, command line text editor. Prior to version 9.2.0276, a modeline sandbox bypass in Vim allows arbitrary OS command execution when a user opens a crafted file. The `complete`, `guitabtooltip` and `printheader` options are missing the `P_MLE` flag, allowing a modeline to be executed. Additionally, the `mapset()` function lacks a `check_secure()` call, allowing it to be abused from sandboxed expressions. Commit 9.2.0276 fixes the issue.", "cve_priority": "medium", "cve_public_date": "2026-04-06 16:16:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2026-33412", "url": "https://ubuntu.com/security/CVE-2026-33412", "cve_description": "Vim is an open source, command line text editor. Prior to version 9.2.0202, a command injection vulnerability exists in Vim's glob() function on Unix-like systems. By including a newline character (\\n) in a pattern passed to glob(), an attacker may be able to execute arbitrary shell commands. This vulnerability depends on the user's 'shell' setting. This issue has been patched in version 9.2.0202.", "cve_priority": "medium", "cve_public_date": "2026-03-24 20:16:00 UTC" }, { "cve": "CVE-2026-34982", "url": "https://ubuntu.com/security/CVE-2026-34982", "cve_description": "Vim is an open source, command line text editor. Prior to version 9.2.0276, a modeline sandbox bypass in Vim allows arbitrary OS command execution when a user opens a crafted file. The `complete`, `guitabtooltip` and `printheader` options are missing the `P_MLE` flag, allowing a modeline to be executed. Additionally, the `mapset()` function lacks a `check_secure()` call, allowing it to be abused from sandboxed expressions. Commit 9.2.0276 fixes the issue.", "cve_priority": "medium", "cve_public_date": "2026-04-06 16:16:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: Command injection in glob.", " - debian/patches/CVE-2026-33412.patch: Add newline to SHELL_SPECIAL in", " src/os_unix.c.", " - CVE-2026-33412", " * SECURITY UPDATE: Security bypass in modeline.", " - debian/patches/CVE-2026-34982.patch: Disallow modeset while in secure", " mode in src/optiondefs.h.", " - CVE-2026-34982", "" ], "package": "vim", "version": "2:8.2.3995-1ubuntu2.27", "urgency": "medium", "distributions": "jammy-security", "launchpad_bugs_fixed": [], "author": "Kyle Kernick ", "date": "Mon, 06 Apr 2026 14:13:36 -0600" } ], "notes": null, "is_version_downgrade": false } ], "snap": [] }, "added": { "deb": [ { "name": "netplan-generator", "from_version": { "source_package_name": null, "source_package_version": null, "version": null }, "to_version": { "source_package_name": "netplan.io", "source_package_version": "0.107.1-3ubuntu0.22.04.3", "version": "0.107.1-3ubuntu0.22.04.3" }, "cves": [ { "cve": "CVE-2022-4968", "url": "https://ubuntu.com/security/CVE-2022-4968", "cve_description": "netplan leaks the private key of wireguard to local users. Versions after 1.0 are not affected.", "cve_priority": "medium", "cve_public_date": "2024-06-07 01:15:00 UTC" } ], "launchpad_bugs_fixed": [ 2139598, 1988018, 2020409, 2058031 ], "changes": [ { "cves": [], "log": [ "", " * debian/patches/lp2139598-execute-udev-rules-before-sriov-apply-service.patch:", " execute udev rules before starting sriov apply service (LP: #2139598)", "" ], "package": "netplan.io", "version": "0.107.1-3ubuntu0.22.04.3", "urgency": "medium", "distributions": "jammy", "launchpad_bugs_fixed": [ 2139598 ], "author": "Robert Malz ", "date": "Tue, 03 Mar 2026 12:18:29 +0100" }, { "cves": [], "log": [ "", " * debian/patches/lp1988018: VF-LAG activation", " Fixes the order in which SR-IOV configuration is performed and", " cooperates with VF-LAG activation (LP: #1988018).", " * debian/patches/lp2020409:", " Enables setting the embedded-switch mode without having to define", " virtual functions (LP: #2020409).", " * debian/libnetplan0.symbols: New symbol _netplan_netdef_get_bond_mode.", "" ], "package": "netplan.io", "version": "0.107.1-3ubuntu0.22.04.2", "urgency": "medium", "distributions": "jammy", "launchpad_bugs_fixed": [ 1988018, 2020409 ], "author": "Danilo Egea Gondolfo ", "date": "Mon, 07 Oct 2024 10:57:38 +0100" }, { "cves": [ { "cve": "CVE-2022-4968", "url": "https://ubuntu.com/security/CVE-2022-4968", "cve_description": "netplan leaks the private key of wireguard to local users. Versions after 1.0 are not affected.", "cve_priority": "medium", "cve_public_date": "2024-06-07 01:15:00 UTC" } ], "log": [ "", " * Backport netplan.io 0.107.1-3 to 22.04 (LP: #2058031):", " - Support for \"dummy\" (`dummy-devices`) interfaces (LP: 1774203) (!361)", " - Support for \"veth\" (`virtual-ethernets`) interfaces (!368)", " - Add Python bindings for libnetplan (!385)", " - netplan: Handle command exceptions (!334)", " - WPA3 (personal) support (LP: 2023238) (!369)", " - Add all the commands to the bash completion file (LP: 1749869) (!326)", " - New submodule for state manipulation (!379)", " - commands/status: show routes from all routing tables (!390)", " - cli:status: Make rich pretty printing optional (!388)", " - libnetplan: expose dhcp4 and dhcp6 properties (!394)", " - Expose macaddress and DNS configuration from the netdef (!395)", " - libnetplan: expose the routes list in the netdef (!397)", " - NetworkManager: Wireguard private key flag support (!371)", " - Add a netplan_parser_load_keyfile() Python binding (!351)", " - keyfile parser: add support for all tunnel types (LP: 2016473) (!360)", " - parse-nm:wg: add support for reading the listen-port property (!372)", " - parse-nm: add support for VRF devices (!398)", " - Vlan keyfile parser support (!370)", " - Netplan docs rework (!333 & !337)", " - docs: Add a short netplan-everywhere howto (!325)", " - doc: make us of sphinx copybutton plugin (!354)", " - doc: Add Ubuntu Code of Conduct 2.0 (!355)", " - doc: Explanation about 00-network-manager-all.yaml (!378)", " - wifi: add support for WPA3-Enterprise (LP: 2029876) (!402)", " - wifi: support WPA2 and WPA3 Personal simultaneously (!404)", " - added mii-monitor-interval example (!411)", " - docs: Add \"Contribute Documentation\" how-to", " - auth: add support for LEAP and EAP-PWD (!415)", " - tests: Add autopkgtest for (LP: 1959570) (!419)", " - wifi: make it possible to have a psk and an eap password simultaneously", " (!416)", " - doc: Set-up some basic Doxygen project (!423)", " - doc: Make Sphinx to handle autodoxygen project, using breathe (!423)", " - doc: create libnetplan apidoc structure (!423)", " - inc: Start documenting public API (!423)", " - doc: Update 'Netplan everywhere' for 23.10 (!418)", " SECURITY UPDATE: weak permissions on secret files, command injection", " - d/p/lp2065738/0014-libnetplan-use-more-restrictive-file-permissions.patch:", " Use more restrictive file permissions to prevent unprivileged users to", " read sensitive data from back end files (LP: 2065738, 1987842)", " - CVE-2022-4968", " - d/p/lp2066258/0015-libnetplan-escape-control-characters.patch:", " Escape control characters in the parser and double quotes in backend", " files.", " - d/p/lp2066258/0016-backends-escape-file-paths.patch:", " Escape special characters in file paths.", " - d/p/lp2066258/0017-backends-escape-semicolons-in-service-units.patch:", " Escape isolated semicolons in systemd service units. (LP: 2066258)", " - debian/netplan-generator.postinst: Add a postinst maintainer script to", " call the generator. It's needed so the file permissions fixes will be", " applied automatically.", " Bug fixes:", " - Fix FTBFS on Fedora and refresh RPM packaging (!323)", " - parser: validate lacp-rate properly (LP: 1745648) (!324)", " - use meson-make-symlink.sh helper instead of install_symlink() (!327)", " - netplan: cli: fix typo from 'unkown' to 'unknown' (!328)", " - Handle duplication during parser second pass (LP: 2007682) (!329)", " - parse:ovs: Ignore deprecated OpenFlow1.6 protocol (LP: 1963735) (!332)", " - dbus: Build the copy path correctly (!331)", " - tests: add new spread based snapd integration test (!330)", " - Use controlled execution environment, to avoid failure if PATH is unset", " (LP: 1959570) (!336)", " - Some refactoring (!338)", " - netplan: adjust the maximum buffer size to 1MB (!340)", " - parse: use \"--\" with systemd-escape (!347)", " - docs: fix bridge parameters types and add examples (!346)", " - vrfs: skip policies parsing if list is NULL (LP: 2016427) (!341)", " - networkd: plug a memory leak (!344)", " - libnetplan: don't try to read from a NULL file (!342)", " - nm: return if write_routes() fails (!345)", " - parse: plug a memory leak (!348)", " - parse: set the backend on nm-devices to NM (!349)", " - parse: don't point to the wrong node on validation (!343)", " - rtd: set the OS and Python versions explicitly (!357)", " - Fix 8021x eap method parsing (LP: 2016625) (!358)", " - CI: update canonical/setup-lxd to v0.1.1 (!359)", " - CI: fix dch after adding the new 0.106.1 tag (!364)", " - Provide frequency to wpa_supplicant in adhoc mode (LP: 2020754) (!363)", " - Improve the coverage of the memory leak tests (!365)", " - Fix keyfile parsing of wireguard config (!366)", " - routes: fix metric rendering (LP: 2023681) (!367)", " - CI: add DebCI integration test (!362)", " - CI: initial NetworkManager autopkgtests (!374)", " - parse-nm: handle cloned-mac-address special cases (LP: 2026230) (!376)", " - Improve autopkgtest stability with systemd 253 & iproute 6.4 (!377)", " - Fixes for minor issues (!380)", " - tests:integration: Adopt for systemd v254 (Closes: #1041310) (!381)", " - parse: Downgrade NM passthrough warning to debug (!384)", " - Don't drop files with just global values (LP: 2027584) (!382)", " - Fixing Coverity issues (!383)", " - CLI: Refactoring to avoid namespace clash with public bindings (!387)", " - tests: fix test coverage report with newer python-coverage (!389)", " - github: add a scheduled action to run Coverity (!391)", " - github: only run the coverity workflow on our repository (!392)", " - Addressing a few issues found (!393)", " - Wireguard fixes (!352)", " - Fix a memory leak, an assert and an error message (!350)", " - ovs: don't allow peers with the same name (!353)", " - CI: make use of the canonical/setup-lxd action (!356)", " - test:ovs: Avoid NetworkManager taking contol, breaking a test", " - parse: allow COMMON_LINK_HANDLERS for VRFs (!401)", " - util: don't return a placeholder netdef in the iterator (!406)", " - tunnels/validation: do not error out if \"local\" is not defined (!407)", " - tests: add some integration tests without the local address (!407)", " - wireguard: ignore empty endpoints (LP: 2038811) (!414)", " - parse: improve the parsing of access-points (LP: 1809994) (!413)", " - wifi: replace the previously defined AP with the new one (!413)", " - doc: spelling check improvements (!417)", " - Fix permissions on folder '/run/NetworkManager/' (!422)", " - cli:try: avoid linting error for type hints (Closes: #1058524) (!422)", " - nm-parse: always read the PSK into the new psk variable (!416)", " - networkd: fix formatting (!424)", " - networkd: replace deprecated CriticalConnection= by KeepConfiguration=", " (!424)", " - networkd: move KeepConfiguration= into [Network] section", " - apply: bring \"lo\" back up if it's managed by NM (!408)", " - apply: don't assume the NM loopback connection is called \"lo\" (!408)", " Packaging restructuring:", " - Split netplan-generator into separate package to make the Python", " dependency optional.", " - Split python3-netplan bindings into a separate package", " * Add patches for bug fixes from netplan.io 1.0-1 and 1.0.1-1:", " - debian/patches/lp2041727:", " Check if ovsdb-server.service is active before displaying warning", " (LP: 2041727) (!421)", " - d/p/0004-tests-assert-generated-.service-files-in-assert_srio.patch,", " d/p/0005-tests-sriov-test-if-the-generated-netplan-rebind-ser.patch,", " d/p/0006-sriov-don-t-generate-duplicate-entries-in-the-rebind.patch:", " Don't generate duplicate entries in the netplan-sriov-rebind.service", " (!437)", " - d/p/0017-emitter-allow-unicode-characters-in-the-emitter.patch.", " Allow non-ascii characters in the YAML emitter (LP: 2071652) (!485).", " - d/p/0018-parse-do-not-escape-all-non-ascii-bytes.patch.", " Don't escape all non-ascii bytes (!486).", " * Drop patches not required for 22.04:", " - debian/patches/python-limited-stable-api.patch", " - d/p/sru-compat/0013-Keep-old-file-permission-for-backwards-compatibility.patch.", " From now on we want libnetplan to create files with tight permissions.", " * Add patches for SRU backwards compatibility:", " - 0014-Demote-lacp-rate-validation-error-to-warning-for-bac.patch:", " Convert the error to a warning in a new validation for the option", " 'lacp-rate' to prevent breaking existing setups", " * debian/control:", " - Drop python3-rich dependency to Suggests", " - Drop build dependency on systemd-dev", " * debian/netplan.io.preinst:", " - This preinst script is intended to cleanup the .pyc files from", " share/netplan/netplan. This directory is supposed to be removed after", " the upgrade from netplan.io 0.106.1 to 0.107.1, as the Python code", " was moved to it's own python3-netplan package, but it's left behind", " due to Python cached files.", " * Drop changes related to usr-merge and not required for 22.04", " - debian/netplan-generator.install", " - debian/netplan-generator.dirs", " - debian/netplan-generator.postinst", " - debian/netplan-generator.preinst", " * d/netplan-generator.lintian-overrides, d/netplan.io.lintian-overrides:", " - Drop overrides file. It wasn't really silencing any lintian warnings.", "" ], "package": "netplan.io", "version": "0.107.1-3ubuntu0.22.04.1", "urgency": "medium", "distributions": "jammy", "launchpad_bugs_fixed": [ 2058031 ], "author": "Danilo Egea Gondolfo ", "date": "Fri, 16 Aug 2024 17:59:32 +0100" } ], "notes": "For a newly added package only the three most recent changelog entries are shown.", "is_version_downgrade": false }, { "name": "python3-netplan", "from_version": { "source_package_name": null, "source_package_version": null, "version": null }, "to_version": { "source_package_name": "netplan.io", "source_package_version": "0.107.1-3ubuntu0.22.04.3", "version": "0.107.1-3ubuntu0.22.04.3" }, "cves": [ { "cve": "CVE-2022-4968", "url": "https://ubuntu.com/security/CVE-2022-4968", "cve_description": "netplan leaks the private key of wireguard to local users. Versions after 1.0 are not affected.", "cve_priority": "medium", "cve_public_date": "2024-06-07 01:15:00 UTC" } ], "launchpad_bugs_fixed": [ 2139598, 1988018, 2020409, 2058031 ], "changes": [ { "cves": [], "log": [ "", " * debian/patches/lp2139598-execute-udev-rules-before-sriov-apply-service.patch:", " execute udev rules before starting sriov apply service (LP: #2139598)", "" ], "package": "netplan.io", "version": "0.107.1-3ubuntu0.22.04.3", "urgency": "medium", "distributions": "jammy", "launchpad_bugs_fixed": [ 2139598 ], "author": "Robert Malz ", "date": "Tue, 03 Mar 2026 12:18:29 +0100" }, { "cves": [], "log": [ "", " * debian/patches/lp1988018: VF-LAG activation", " Fixes the order in which SR-IOV configuration is performed and", " cooperates with VF-LAG activation (LP: #1988018).", " * debian/patches/lp2020409:", " Enables setting the embedded-switch mode without having to define", " virtual functions (LP: #2020409).", " * debian/libnetplan0.symbols: New symbol _netplan_netdef_get_bond_mode.", "" ], "package": "netplan.io", "version": "0.107.1-3ubuntu0.22.04.2", "urgency": "medium", "distributions": "jammy", "launchpad_bugs_fixed": [ 1988018, 2020409 ], "author": "Danilo Egea Gondolfo ", "date": "Mon, 07 Oct 2024 10:57:38 +0100" }, { "cves": [ { "cve": "CVE-2022-4968", "url": "https://ubuntu.com/security/CVE-2022-4968", "cve_description": "netplan leaks the private key of wireguard to local users. Versions after 1.0 are not affected.", "cve_priority": "medium", "cve_public_date": "2024-06-07 01:15:00 UTC" } ], "log": [ "", " * Backport netplan.io 0.107.1-3 to 22.04 (LP: #2058031):", " - Support for \"dummy\" (`dummy-devices`) interfaces (LP: 1774203) (!361)", " - Support for \"veth\" (`virtual-ethernets`) interfaces (!368)", " - Add Python bindings for libnetplan (!385)", " - netplan: Handle command exceptions (!334)", " - WPA3 (personal) support (LP: 2023238) (!369)", " - Add all the commands to the bash completion file (LP: 1749869) (!326)", " - New submodule for state manipulation (!379)", " - commands/status: show routes from all routing tables (!390)", " - cli:status: Make rich pretty printing optional (!388)", " - libnetplan: expose dhcp4 and dhcp6 properties (!394)", " - Expose macaddress and DNS configuration from the netdef (!395)", " - libnetplan: expose the routes list in the netdef (!397)", " - NetworkManager: Wireguard private key flag support (!371)", " - Add a netplan_parser_load_keyfile() Python binding (!351)", " - keyfile parser: add support for all tunnel types (LP: 2016473) (!360)", " - parse-nm:wg: add support for reading the listen-port property (!372)", " - parse-nm: add support for VRF devices (!398)", " - Vlan keyfile parser support (!370)", " - Netplan docs rework (!333 & !337)", " - docs: Add a short netplan-everywhere howto (!325)", " - doc: make us of sphinx copybutton plugin (!354)", " - doc: Add Ubuntu Code of Conduct 2.0 (!355)", " - doc: Explanation about 00-network-manager-all.yaml (!378)", " - wifi: add support for WPA3-Enterprise (LP: 2029876) (!402)", " - wifi: support WPA2 and WPA3 Personal simultaneously (!404)", " - added mii-monitor-interval example (!411)", " - docs: Add \"Contribute Documentation\" how-to", " - auth: add support for LEAP and EAP-PWD (!415)", " - tests: Add autopkgtest for (LP: 1959570) (!419)", " - wifi: make it possible to have a psk and an eap password simultaneously", " (!416)", " - doc: Set-up some basic Doxygen project (!423)", " - doc: Make Sphinx to handle autodoxygen project, using breathe (!423)", " - doc: create libnetplan apidoc structure (!423)", " - inc: Start documenting public API (!423)", " - doc: Update 'Netplan everywhere' for 23.10 (!418)", " SECURITY UPDATE: weak permissions on secret files, command injection", " - d/p/lp2065738/0014-libnetplan-use-more-restrictive-file-permissions.patch:", " Use more restrictive file permissions to prevent unprivileged users to", " read sensitive data from back end files (LP: 2065738, 1987842)", " - CVE-2022-4968", " - d/p/lp2066258/0015-libnetplan-escape-control-characters.patch:", " Escape control characters in the parser and double quotes in backend", " files.", " - d/p/lp2066258/0016-backends-escape-file-paths.patch:", " Escape special characters in file paths.", " - d/p/lp2066258/0017-backends-escape-semicolons-in-service-units.patch:", " Escape isolated semicolons in systemd service units. (LP: 2066258)", " - debian/netplan-generator.postinst: Add a postinst maintainer script to", " call the generator. It's needed so the file permissions fixes will be", " applied automatically.", " Bug fixes:", " - Fix FTBFS on Fedora and refresh RPM packaging (!323)", " - parser: validate lacp-rate properly (LP: 1745648) (!324)", " - use meson-make-symlink.sh helper instead of install_symlink() (!327)", " - netplan: cli: fix typo from 'unkown' to 'unknown' (!328)", " - Handle duplication during parser second pass (LP: 2007682) (!329)", " - parse:ovs: Ignore deprecated OpenFlow1.6 protocol (LP: 1963735) (!332)", " - dbus: Build the copy path correctly (!331)", " - tests: add new spread based snapd integration test (!330)", " - Use controlled execution environment, to avoid failure if PATH is unset", " (LP: 1959570) (!336)", " - Some refactoring (!338)", " - netplan: adjust the maximum buffer size to 1MB (!340)", " - parse: use \"--\" with systemd-escape (!347)", " - docs: fix bridge parameters types and add examples (!346)", " - vrfs: skip policies parsing if list is NULL (LP: 2016427) (!341)", " - networkd: plug a memory leak (!344)", " - libnetplan: don't try to read from a NULL file (!342)", " - nm: return if write_routes() fails (!345)", " - parse: plug a memory leak (!348)", " - parse: set the backend on nm-devices to NM (!349)", " - parse: don't point to the wrong node on validation (!343)", " - rtd: set the OS and Python versions explicitly (!357)", " - Fix 8021x eap method parsing (LP: 2016625) (!358)", " - CI: update canonical/setup-lxd to v0.1.1 (!359)", " - CI: fix dch after adding the new 0.106.1 tag (!364)", " - Provide frequency to wpa_supplicant in adhoc mode (LP: 2020754) (!363)", " - Improve the coverage of the memory leak tests (!365)", " - Fix keyfile parsing of wireguard config (!366)", " - routes: fix metric rendering (LP: 2023681) (!367)", " - CI: add DebCI integration test (!362)", " - CI: initial NetworkManager autopkgtests (!374)", " - parse-nm: handle cloned-mac-address special cases (LP: 2026230) (!376)", " - Improve autopkgtest stability with systemd 253 & iproute 6.4 (!377)", " - Fixes for minor issues (!380)", " - tests:integration: Adopt for systemd v254 (Closes: #1041310) (!381)", " - parse: Downgrade NM passthrough warning to debug (!384)", " - Don't drop files with just global values (LP: 2027584) (!382)", " - Fixing Coverity issues (!383)", " - CLI: Refactoring to avoid namespace clash with public bindings (!387)", " - tests: fix test coverage report with newer python-coverage (!389)", " - github: add a scheduled action to run Coverity (!391)", " - github: only run the coverity workflow on our repository (!392)", " - Addressing a few issues found (!393)", " - Wireguard fixes (!352)", " - Fix a memory leak, an assert and an error message (!350)", " - ovs: don't allow peers with the same name (!353)", " - CI: make use of the canonical/setup-lxd action (!356)", " - test:ovs: Avoid NetworkManager taking contol, breaking a test", " - parse: allow COMMON_LINK_HANDLERS for VRFs (!401)", " - util: don't return a placeholder netdef in the iterator (!406)", " - tunnels/validation: do not error out if \"local\" is not defined (!407)", " - tests: add some integration tests without the local address (!407)", " - wireguard: ignore empty endpoints (LP: 2038811) (!414)", " - parse: improve the parsing of access-points (LP: 1809994) (!413)", " - wifi: replace the previously defined AP with the new one (!413)", " - doc: spelling check improvements (!417)", " - Fix permissions on folder '/run/NetworkManager/' (!422)", " - cli:try: avoid linting error for type hints (Closes: #1058524) (!422)", " - nm-parse: always read the PSK into the new psk variable (!416)", " - networkd: fix formatting (!424)", " - networkd: replace deprecated CriticalConnection= by KeepConfiguration=", " (!424)", " - networkd: move KeepConfiguration= into [Network] section", " - apply: bring \"lo\" back up if it's managed by NM (!408)", " - apply: don't assume the NM loopback connection is called \"lo\" (!408)", " Packaging restructuring:", " - Split netplan-generator into separate package to make the Python", " dependency optional.", " - Split python3-netplan bindings into a separate package", " * Add patches for bug fixes from netplan.io 1.0-1 and 1.0.1-1:", " - debian/patches/lp2041727:", " Check if ovsdb-server.service is active before displaying warning", " (LP: 2041727) (!421)", " - d/p/0004-tests-assert-generated-.service-files-in-assert_srio.patch,", " d/p/0005-tests-sriov-test-if-the-generated-netplan-rebind-ser.patch,", " d/p/0006-sriov-don-t-generate-duplicate-entries-in-the-rebind.patch:", " Don't generate duplicate entries in the netplan-sriov-rebind.service", " (!437)", " - d/p/0017-emitter-allow-unicode-characters-in-the-emitter.patch.", " Allow non-ascii characters in the YAML emitter (LP: 2071652) (!485).", " - d/p/0018-parse-do-not-escape-all-non-ascii-bytes.patch.", " Don't escape all non-ascii bytes (!486).", " * Drop patches not required for 22.04:", " - debian/patches/python-limited-stable-api.patch", " - d/p/sru-compat/0013-Keep-old-file-permission-for-backwards-compatibility.patch.", " From now on we want libnetplan to create files with tight permissions.", " * Add patches for SRU backwards compatibility:", " - 0014-Demote-lacp-rate-validation-error-to-warning-for-bac.patch:", " Convert the error to a warning in a new validation for the option", " 'lacp-rate' to prevent breaking existing setups", " * debian/control:", " - Drop python3-rich dependency to Suggests", " - Drop build dependency on systemd-dev", " * debian/netplan.io.preinst:", " - This preinst script is intended to cleanup the .pyc files from", " share/netplan/netplan. This directory is supposed to be removed after", " the upgrade from netplan.io 0.106.1 to 0.107.1, as the Python code", " was moved to it's own python3-netplan package, but it's left behind", " due to Python cached files.", " * Drop changes related to usr-merge and not required for 22.04", " - debian/netplan-generator.install", " - debian/netplan-generator.dirs", " - debian/netplan-generator.postinst", " - debian/netplan-generator.preinst", " * d/netplan-generator.lintian-overrides, d/netplan.io.lintian-overrides:", " - Drop overrides file. It wasn't really silencing any lintian warnings.", "" ], "package": "netplan.io", "version": "0.107.1-3ubuntu0.22.04.1", "urgency": "medium", "distributions": "jammy", "launchpad_bugs_fixed": [ 2058031 ], "author": "Danilo Egea Gondolfo ", "date": "Fri, 16 Aug 2024 17:59:32 +0100" } ], "notes": "For a newly added package only the three most recent changelog entries are shown.", "is_version_downgrade": false } ], "snap": [] }, "removed": { "deb": [], "snap": [] }, "notes": "Changelog diff for Ubuntu 22.04 jammy image from release image serial 20260408 to 20260415", "from_series": "jammy", "to_series": "jammy", "from_serial": "20260408", "to_serial": "20260415", "from_manifest_filename": "release_manifest.previous", "to_manifest_filename": "manifest.current" }