{ "summary": { "snap": { "added": [], "removed": [], "diff": [] }, "deb": { "added": [ "linux-image-7.0.0-14-generic", "linux-main-modules-zfs-7.0.0-14-generic", "linux-modules-7.0.0-14-generic" ], "removed": [ "linux-image-7.0.0-13-generic", "linux-main-modules-zfs-7.0.0-13-generic", "linux-modules-7.0.0-13-generic" ], "diff": [ "apparmor", "base-files", "cloud-init", "cloud-init-base", "libapparmor1", "libc-bin", "libc-gconv-modules-extra", "libc6", "libpam-systemd", "libsystemd-shared", "libsystemd0", "libudev1", "linux-image-virtual", "python-apt-common", "python3-apt", "python3-distupgrade", "python3-update-manager", "rust-coreutils", "snapd", "squashfs-tools", "systemd", "systemd-resolved", "systemd-sysv", "ubuntu-release-upgrader-core", "udev" ] } }, "diff": { "deb": [ { "name": "apparmor", "from_version": { "source_package_name": "apparmor", "source_package_version": "5.0.0~beta1-0ubuntu6", "version": "5.0.0~beta1-0ubuntu6" }, "to_version": { "source_package_name": "apparmor", "source_package_version": "5.0.0~beta1-0ubuntu7", "version": "5.0.0~beta1-0ubuntu7" }, "cves": [], "launchpad_bugs_fixed": [ 2147551, 2127874, 2137088, 2146874, 2148047, 2148177, 2147986, 2147986 ], "changes": [ { "cves": [], "log": [ "", " * Add patches to fix skb and v9 network iface mediation (LP: #2147551):", " - d/p/u/0006-parser-name-ns_domain-and-network_v9-classes.patch", " - d/p/u/0007-Set-parser-network.h-ip_conds-ptrs-to-null-in-its-fr.patch", " - d/p/u/0008-parser-move-to-encode-an-alternation-of-a-null-trans.patch", " - d/p/u/0009-parser-disable-ability-to-specify-interface-on-peer-.patch", " - d/p/u/0010-parser-fix-iface-perms-to-work-when-v9-and-v9_skb-ar.patch", " - d/p/u/0011-utils-add-support-for-iface-an-label-in-network-rule.patch", " - d/p/u/0012-parser-fix-label-match-for-default-label-values.patch", " - d/p/u/0013-parser-fix-FTBFS-due-to-missing-merge-edit.patch", " - d/p/u/0014-tests-check-if-skb-mediation-is-enabled.patch", " * Add patch to fix snap browser invocation from Evince and papers", " (LP: #2127874):", " - d/p/u/snap-browser-add-missing-perms-when-opening-from-link.patch", " * Add patch to pull the Rygel profile (LP: #2137088):", " - d/p/u/profiles-pull-rygel-profile.patch", " * Add patch to pull the openvpn profile (LP: #2146874):", " - d/p/u/profiles-pull-openvpn-profile.patch", " * d/apparmor.install,d/apparmor-profiles.install,d/apparmor.maintscript:", " account for the new location of the rygel and openvpn profile", " * Add patch to fix lsusb hwdb access (LP: #2148047):", " - d/p/u/lsusb-allow-reading-etc-udev-hwdb-bin.patch", " * Add patch for unix socket access in sanitized_helper (LP: #2148177):", " - d/p/u/profiles-grant-unix-domain-socket-access-to-sanitize.patch", " * Add patch to fix compressed cache mtime issues (LP: #2147986):", " - d/p/u/0001-parser-fix-rewriting-of-cache-after-zstd-recompressi.patch", " - d/p/u/0002-parser-refactor-compressed-policy-cache.patch", " - d/p/u/0003-parser-handle-compressed-cache-on-kernels-without-de.patch", " - d/p/u/0004-regression-fix-the-e2e-test-for-compressed-caches.patch", " * apparmor.postinst: remove separately generated compressed cache", " (LP: #2147986)", "" ], "package": "apparmor", "version": "5.0.0~beta1-0ubuntu7", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2147551, 2127874, 2137088, 2146874, 2148047, 2148177, 2147986, 2147986 ], "author": "Ryan Lee ", "date": "Wed, 08 Apr 2026 10:26:51 -0700" } ], "notes": null, "is_version_downgrade": false }, { "name": "base-files", "from_version": { "source_package_name": "base-files", "source_package_version": "14ubuntu5", "version": "14ubuntu5" }, "to_version": { "source_package_name": "base-files", "source_package_version": "14ubuntu6", "version": "14ubuntu6" }, "cves": [], "launchpad_bugs_fixed": [], "changes": [ { "cves": [], "log": [ "", " * /etc/issue{,.net}, /etc/{lsb,os}-release: Prepare for 26.04 release", "" ], "package": "base-files", "version": "14ubuntu6", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [], "author": "Oliver Reiche ", "date": "Mon, 20 Apr 2026 09:46:31 +0100" } ], "notes": null, "is_version_downgrade": false }, { "name": "cloud-init", "from_version": { "source_package_name": "cloud-init", "source_package_version": "26.1-0ubuntu1", "version": "26.1-0ubuntu1" }, "to_version": { "source_package_name": "cloud-init", "source_package_version": "26.1-0ubuntu2", "version": "26.1-0ubuntu2" }, "cves": [], "launchpad_bugs_fixed": [ 2147101 ], "changes": [ { "cves": [], "log": [ "", " * cherry-pick d4566b1a: Configure arm64 to use archive.ubuntu.com", " (LP: #2147101)", "" ], "package": "cloud-init", "version": "26.1-0ubuntu2", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2147101 ], "author": "Chad Smith ", "date": "Wed, 15 Apr 2026 13:54:46 -0600" } ], "notes": null, "is_version_downgrade": false }, { "name": "cloud-init-base", "from_version": { "source_package_name": "cloud-init", "source_package_version": "26.1-0ubuntu1", "version": "26.1-0ubuntu1" }, "to_version": { "source_package_name": "cloud-init", "source_package_version": "26.1-0ubuntu2", "version": "26.1-0ubuntu2" }, "cves": [], "launchpad_bugs_fixed": [ 2147101 ], "changes": [ { "cves": [], "log": [ "", " * cherry-pick d4566b1a: Configure arm64 to use archive.ubuntu.com", " (LP: #2147101)", "" ], "package": "cloud-init", "version": "26.1-0ubuntu2", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2147101 ], "author": "Chad Smith ", "date": "Wed, 15 Apr 2026 13:54:46 -0600" } ], "notes": null, "is_version_downgrade": false }, { "name": "libapparmor1", "from_version": { "source_package_name": "apparmor", "source_package_version": "5.0.0~beta1-0ubuntu6", "version": "5.0.0~beta1-0ubuntu6" }, "to_version": { "source_package_name": "apparmor", "source_package_version": "5.0.0~beta1-0ubuntu7", "version": "5.0.0~beta1-0ubuntu7" }, "cves": [], "launchpad_bugs_fixed": [ 2147551, 2127874, 2137088, 2146874, 2148047, 2148177, 2147986, 2147986 ], "changes": [ { "cves": [], "log": [ "", " * Add patches to fix skb and v9 network iface mediation (LP: #2147551):", " - d/p/u/0006-parser-name-ns_domain-and-network_v9-classes.patch", " - d/p/u/0007-Set-parser-network.h-ip_conds-ptrs-to-null-in-its-fr.patch", " - d/p/u/0008-parser-move-to-encode-an-alternation-of-a-null-trans.patch", " - d/p/u/0009-parser-disable-ability-to-specify-interface-on-peer-.patch", " - d/p/u/0010-parser-fix-iface-perms-to-work-when-v9-and-v9_skb-ar.patch", " - d/p/u/0011-utils-add-support-for-iface-an-label-in-network-rule.patch", " - d/p/u/0012-parser-fix-label-match-for-default-label-values.patch", " - d/p/u/0013-parser-fix-FTBFS-due-to-missing-merge-edit.patch", " - d/p/u/0014-tests-check-if-skb-mediation-is-enabled.patch", " * Add patch to fix snap browser invocation from Evince and papers", " (LP: #2127874):", " - d/p/u/snap-browser-add-missing-perms-when-opening-from-link.patch", " * Add patch to pull the Rygel profile (LP: #2137088):", " - d/p/u/profiles-pull-rygel-profile.patch", " * Add patch to pull the openvpn profile (LP: #2146874):", " - d/p/u/profiles-pull-openvpn-profile.patch", " * d/apparmor.install,d/apparmor-profiles.install,d/apparmor.maintscript:", " account for the new location of the rygel and openvpn profile", " * Add patch to fix lsusb hwdb access (LP: #2148047):", " - d/p/u/lsusb-allow-reading-etc-udev-hwdb-bin.patch", " * Add patch for unix socket access in sanitized_helper (LP: #2148177):", " - d/p/u/profiles-grant-unix-domain-socket-access-to-sanitize.patch", " * Add patch to fix compressed cache mtime issues (LP: #2147986):", " - d/p/u/0001-parser-fix-rewriting-of-cache-after-zstd-recompressi.patch", " - d/p/u/0002-parser-refactor-compressed-policy-cache.patch", " - d/p/u/0003-parser-handle-compressed-cache-on-kernels-without-de.patch", " - d/p/u/0004-regression-fix-the-e2e-test-for-compressed-caches.patch", " * apparmor.postinst: remove separately generated compressed cache", " (LP: #2147986)", "" ], "package": "apparmor", "version": "5.0.0~beta1-0ubuntu7", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2147551, 2127874, 2137088, 2146874, 2148047, 2148177, 2147986, 2147986 ], "author": "Ryan Lee ", "date": "Wed, 08 Apr 2026 10:26:51 -0700" } ], "notes": null, "is_version_downgrade": false }, { "name": "libc-bin", "from_version": { "source_package_name": "glibc", "source_package_version": "2.43-2ubuntu1", "version": "2.43-2ubuntu1" }, "to_version": { "source_package_name": "glibc", "source_package_version": "2.43-2ubuntu2", "version": "2.43-2ubuntu2" }, "cves": [ { "cve": "CVE-2026-4437", "url": "https://ubuntu.com/security/CVE-2026-4437", "cve_description": "Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C Library version 2.34 to version 2.43 could, with a crafted response from the configured DNS server, result in a violation of the DNS specification that causes the application to treat a non-answer section of the DNS response as a valid answer.", "cve_priority": "medium", "cve_public_date": "2026-03-20 20:16:00 UTC" }, { "cve": "CVE-2026-4438", "url": "https://ubuntu.com/security/CVE-2026-4438", "cve_description": "Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C library version 2.34 to version 2.43 could result in an invalid DNS hostname being returned to the caller in violation of the DNS specification.", "cve_priority": "medium", "cve_public_date": "2026-03-20 20:16:00 UTC" }, { "cve": "CVE-2026-4437", "url": "https://ubuntu.com/security/CVE-2026-4437", "cve_description": "Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C Library version 2.34 to version 2.43 could, with a crafted response from the configured DNS server, result in a violation of the DNS specification that causes the application to treat a non-answer section of the DNS response as a valid answer.", "cve_priority": "medium", "cve_public_date": "2026-03-20 20:16:00 UTC" }, { "cve": "CVE-2026-4438", "url": "https://ubuntu.com/security/CVE-2026-4438", "cve_description": "Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C library version 2.34 to version 2.43 could result in an invalid DNS hostname being returned to the caller in violation of the DNS specification.", "cve_priority": "medium", "cve_public_date": "2026-03-20 20:16:00 UTC" } ], "launchpad_bugs_fixed": [ 2145679 ], "changes": [ { "cves": [ { "cve": "CVE-2026-4437", "url": "https://ubuntu.com/security/CVE-2026-4437", "cve_description": "Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C Library version 2.34 to version 2.43 could, with a crafted response from the configured DNS server, result in a violation of the DNS specification that causes the application to treat a non-answer section of the DNS response as a valid answer.", "cve_priority": "medium", "cve_public_date": "2026-03-20 20:16:00 UTC" }, { "cve": "CVE-2026-4438", "url": "https://ubuntu.com/security/CVE-2026-4438", "cve_description": "Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C library version 2.34 to version 2.43 could result in an invalid DNS hostname being returned to the caller in violation of the DNS specification.", "cve_priority": "medium", "cve_public_date": "2026-03-20 20:16:00 UTC" } ], "log": [ "", " * Merge from Debian experimental", " Delta dropped:", " - Fix broken ldconfig, static-pie binary on riscv64 (LP #2142067)", " - build: use date --rfc-email for Rust coreutils compat (LP #2122100)", " * Delta added:", " - fix ftbfs: backport conditional OPEN_TREE_* ifndef (LP: #2145679)", " - Revert \"debian/rules.d/build.mk: add a makefile function to filter out", " dpkg build flags incompatible with glibc and define CFLAGS from dpkg", " build flags. Closes: #1129746.\"", " * import git-updates", " - nss: Introduce dedicated struct nss_database_for_fork type", " - Linux: In getlogin_r, use utmp fallback only for specific errors", " - nss: Missing checks in __nss_configure_lookup, __nss_database_get (bug 28940)", " - debug: Fix build with --enable-fortify-source=1 (BZ 33904)", " - Add BZ 33904 entry to NEWS", " - malloc: Avoid accessing /sys/kernel/mm files", " - tests: aarch64: fix makefile dependencies for dlopen tests for BTI", " - aarch64: Lock GCS status at startup", " - aarch64: Tests for locking GCS", " - posix: Run tst-wordexp-reuse-mem test", " - resolv: Count records correctly (CVE-2026-4437)", " - resolv: Check hostname for validity (CVE-2026-4438)", " - elf: parse /proc/self/maps as the last resort to find the gap for tst-link-map-contiguous-ldso", " - elf: Use dl-symbol-redir-ifunc.h instead _dl_strlen", " - riscv: Resolve calls to memcpy using memcpy-generic in early startup", " - tests: fix tst-rseq with Linux 7.0", "" ], "package": "glibc", "version": "2.43-2ubuntu2", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2145679 ], "author": "Simon Poirier ", "date": "Tue, 31 Mar 2026 16:35:10 -0400" }, { "cves": [ { "cve": "CVE-2026-4437", "url": "https://ubuntu.com/security/CVE-2026-4437", "cve_description": "Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C Library version 2.34 to version 2.43 could, with a crafted response from the configured DNS server, result in a violation of the DNS specification that causes the application to treat a non-answer section of the DNS response as a valid answer.", "cve_priority": "medium", "cve_public_date": "2026-03-20 20:16:00 UTC" }, { "cve": "CVE-2026-4438", "url": "https://ubuntu.com/security/CVE-2026-4438", "cve_description": "Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C library version 2.34 to version 2.43 could result in an invalid DNS hostname being returned to the caller in violation of the DNS specification.", "cve_priority": "medium", "cve_public_date": "2026-03-20 20:16:00 UTC" } ], "log": [ "", " [ Samuel Thibault ]", " * debian/patches/hurd-i386/git-mach_send_eintr.diff: Fix assertion failure", " on eintr during message send.", " * debian/patches/hurd-i386/git-itimer-lock.diff: Fix setitimer mutex", " inversion.", " * debian/patches/hurd-i386/git-posix-timers.diff: Set _POSIX_TIMERS to", " 200809L. Closes: #1128631.", " * debian/patches/hurd-i386/sig-alarm.diff: Fix it_interval in setitimer, thus", " alarm too, on hurd-amd64.", " * debian/patches/hurd-i386/git-libio-mtsafe.diff: Fix mt-safeness of libio.", " * debian/patches/hurd-i386/git-cancel-sig.diff: Complete fix.", " * debian/patches/hurd-i386/git-timedrwlock-unlock.diff: Fix race between", " timedrd/wrlock and unlock.", " * debian/patches/hurd-i386/git-sigtimedwait-timeout.diff: Fix cleaning on", " sigtimedwait timing out.", " * debian/testsuite-xfail-debian.mk: Update for 2.44.", "", " [ Aurelien Jarno ]", " * debian/sysdeps/mips*.mk: rename extra passes to matche the dpkg", " architecture name.", " * debian/rules.d/build.mk: add a makefile function that queries the dpkg", " build flags for the current pass.", " * debian/rules.d/build.mk: enable stack protection depending on", " -fstack-protector* flags returned by dpkg-buildflags.", " * debian/rules.d/build.mk: add a makefile function to filter out dpkg build", " flags incompatible with glibc and define CFLAGS from dpkg build flags.", " Closes: #1129746.", " * debian/control.in/{libc,i386}: downgrade the libdpkg-dev break to the", " trixie version now that bug#1122107 got fixed in trixie. Also apply it to", " amd64 and x32, as they are also using symbol versions used as ABI flag.", " Limit the break to libc6, multilib packages will get the break", " transitively through the strict depends.", " * debian/symbols.wildcards: adjust ABI flags version, we need to match the", " first version where the flag got introduced, not the first version where", " the fix got introduced.", " * debian/patches/git-updates.diff: update from upstream stable branch:", " - Fix a null pointer dereference in the nss_database_check_reload_and_get", " function.", " - Fix invalid pointer arithmetic in ANSI_X3.110 iconv module", " - Fix a typo preventing new tst-wordexp-reuse-mem to run", " - Fix incorrect handling of DNS responses in gethostbyaddr and", " gethostbyaddr_r (CVE-2026-4437). Closes: #1131435.", " - Fix invalid DNS hostnames returned by gethostbyaddr and", " gethostbyaddr_r (CVE-2026-4438). Closes: #1131887.", "" ], "package": "glibc", "version": "2.42-14", "urgency": "medium", "distributions": "unstable", "launchpad_bugs_fixed": [], "author": "Aurelien Jarno ", "date": "Fri, 27 Mar 2026 22:08:16 +0100" } ], "notes": null, "is_version_downgrade": false }, { "name": "libc-gconv-modules-extra", "from_version": { "source_package_name": "glibc", "source_package_version": "2.43-2ubuntu1", "version": "2.43-2ubuntu1" }, "to_version": { "source_package_name": "glibc", "source_package_version": "2.43-2ubuntu2", "version": "2.43-2ubuntu2" }, "cves": [ { "cve": "CVE-2026-4437", "url": "https://ubuntu.com/security/CVE-2026-4437", "cve_description": "Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C Library version 2.34 to version 2.43 could, with a crafted response from the configured DNS server, result in a violation of the DNS specification that causes the application to treat a non-answer section of the DNS response as a valid answer.", "cve_priority": "medium", "cve_public_date": "2026-03-20 20:16:00 UTC" }, { "cve": "CVE-2026-4438", "url": "https://ubuntu.com/security/CVE-2026-4438", "cve_description": "Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C library version 2.34 to version 2.43 could result in an invalid DNS hostname being returned to the caller in violation of the DNS specification.", "cve_priority": "medium", "cve_public_date": "2026-03-20 20:16:00 UTC" }, { "cve": "CVE-2026-4437", "url": "https://ubuntu.com/security/CVE-2026-4437", "cve_description": "Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C Library version 2.34 to version 2.43 could, with a crafted response from the configured DNS server, result in a violation of the DNS specification that causes the application to treat a non-answer section of the DNS response as a valid answer.", "cve_priority": "medium", "cve_public_date": "2026-03-20 20:16:00 UTC" }, { "cve": "CVE-2026-4438", "url": "https://ubuntu.com/security/CVE-2026-4438", "cve_description": "Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C library version 2.34 to version 2.43 could result in an invalid DNS hostname being returned to the caller in violation of the DNS specification.", "cve_priority": "medium", "cve_public_date": "2026-03-20 20:16:00 UTC" } ], "launchpad_bugs_fixed": [ 2145679 ], "changes": [ { "cves": [ { "cve": "CVE-2026-4437", "url": "https://ubuntu.com/security/CVE-2026-4437", "cve_description": "Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C Library version 2.34 to version 2.43 could, with a crafted response from the configured DNS server, result in a violation of the DNS specification that causes the application to treat a non-answer section of the DNS response as a valid answer.", "cve_priority": "medium", "cve_public_date": "2026-03-20 20:16:00 UTC" }, { "cve": "CVE-2026-4438", "url": "https://ubuntu.com/security/CVE-2026-4438", "cve_description": "Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C library version 2.34 to version 2.43 could result in an invalid DNS hostname being returned to the caller in violation of the DNS specification.", "cve_priority": "medium", "cve_public_date": "2026-03-20 20:16:00 UTC" } ], "log": [ "", " * Merge from Debian experimental", " Delta dropped:", " - Fix broken ldconfig, static-pie binary on riscv64 (LP #2142067)", " - build: use date --rfc-email for Rust coreutils compat (LP #2122100)", " * Delta added:", " - fix ftbfs: backport conditional OPEN_TREE_* ifndef (LP: #2145679)", " - Revert \"debian/rules.d/build.mk: add a makefile function to filter out", " dpkg build flags incompatible with glibc and define CFLAGS from dpkg", " build flags. Closes: #1129746.\"", " * import git-updates", " - nss: Introduce dedicated struct nss_database_for_fork type", " - Linux: In getlogin_r, use utmp fallback only for specific errors", " - nss: Missing checks in __nss_configure_lookup, __nss_database_get (bug 28940)", " - debug: Fix build with --enable-fortify-source=1 (BZ 33904)", " - Add BZ 33904 entry to NEWS", " - malloc: Avoid accessing /sys/kernel/mm files", " - tests: aarch64: fix makefile dependencies for dlopen tests for BTI", " - aarch64: Lock GCS status at startup", " - aarch64: Tests for locking GCS", " - posix: Run tst-wordexp-reuse-mem test", " - resolv: Count records correctly (CVE-2026-4437)", " - resolv: Check hostname for validity (CVE-2026-4438)", " - elf: parse /proc/self/maps as the last resort to find the gap for tst-link-map-contiguous-ldso", " - elf: Use dl-symbol-redir-ifunc.h instead _dl_strlen", " - riscv: Resolve calls to memcpy using memcpy-generic in early startup", " - tests: fix tst-rseq with Linux 7.0", "" ], "package": "glibc", "version": "2.43-2ubuntu2", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2145679 ], "author": "Simon Poirier ", "date": "Tue, 31 Mar 2026 16:35:10 -0400" }, { "cves": [ { "cve": "CVE-2026-4437", "url": "https://ubuntu.com/security/CVE-2026-4437", "cve_description": "Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C Library version 2.34 to version 2.43 could, with a crafted response from the configured DNS server, result in a violation of the DNS specification that causes the application to treat a non-answer section of the DNS response as a valid answer.", "cve_priority": "medium", "cve_public_date": "2026-03-20 20:16:00 UTC" }, { "cve": "CVE-2026-4438", "url": "https://ubuntu.com/security/CVE-2026-4438", "cve_description": "Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C library version 2.34 to version 2.43 could result in an invalid DNS hostname being returned to the caller in violation of the DNS specification.", "cve_priority": "medium", "cve_public_date": "2026-03-20 20:16:00 UTC" } ], "log": [ "", " [ Samuel Thibault ]", " * debian/patches/hurd-i386/git-mach_send_eintr.diff: Fix assertion failure", " on eintr during message send.", " * debian/patches/hurd-i386/git-itimer-lock.diff: Fix setitimer mutex", " inversion.", " * debian/patches/hurd-i386/git-posix-timers.diff: Set _POSIX_TIMERS to", " 200809L. Closes: #1128631.", " * debian/patches/hurd-i386/sig-alarm.diff: Fix it_interval in setitimer, thus", " alarm too, on hurd-amd64.", " * debian/patches/hurd-i386/git-libio-mtsafe.diff: Fix mt-safeness of libio.", " * debian/patches/hurd-i386/git-cancel-sig.diff: Complete fix.", " * debian/patches/hurd-i386/git-timedrwlock-unlock.diff: Fix race between", " timedrd/wrlock and unlock.", " * debian/patches/hurd-i386/git-sigtimedwait-timeout.diff: Fix cleaning on", " sigtimedwait timing out.", " * debian/testsuite-xfail-debian.mk: Update for 2.44.", "", " [ Aurelien Jarno ]", " * debian/sysdeps/mips*.mk: rename extra passes to matche the dpkg", " architecture name.", " * debian/rules.d/build.mk: add a makefile function that queries the dpkg", " build flags for the current pass.", " * debian/rules.d/build.mk: enable stack protection depending on", " -fstack-protector* flags returned by dpkg-buildflags.", " * debian/rules.d/build.mk: add a makefile function to filter out dpkg build", " flags incompatible with glibc and define CFLAGS from dpkg build flags.", " Closes: #1129746.", " * debian/control.in/{libc,i386}: downgrade the libdpkg-dev break to the", " trixie version now that bug#1122107 got fixed in trixie. Also apply it to", " amd64 and x32, as they are also using symbol versions used as ABI flag.", " Limit the break to libc6, multilib packages will get the break", " transitively through the strict depends.", " * debian/symbols.wildcards: adjust ABI flags version, we need to match the", " first version where the flag got introduced, not the first version where", " the fix got introduced.", " * debian/patches/git-updates.diff: update from upstream stable branch:", " - Fix a null pointer dereference in the nss_database_check_reload_and_get", " function.", " - Fix invalid pointer arithmetic in ANSI_X3.110 iconv module", " - Fix a typo preventing new tst-wordexp-reuse-mem to run", " - Fix incorrect handling of DNS responses in gethostbyaddr and", " gethostbyaddr_r (CVE-2026-4437). Closes: #1131435.", " - Fix invalid DNS hostnames returned by gethostbyaddr and", " gethostbyaddr_r (CVE-2026-4438). Closes: #1131887.", "" ], "package": "glibc", "version": "2.42-14", "urgency": "medium", "distributions": "unstable", "launchpad_bugs_fixed": [], "author": "Aurelien Jarno ", "date": "Fri, 27 Mar 2026 22:08:16 +0100" } ], "notes": null, "is_version_downgrade": false }, { "name": "libc6", "from_version": { "source_package_name": "glibc", "source_package_version": "2.43-2ubuntu1", "version": "2.43-2ubuntu1" }, "to_version": { "source_package_name": "glibc", "source_package_version": "2.43-2ubuntu2", "version": "2.43-2ubuntu2" }, "cves": [ { "cve": "CVE-2026-4437", "url": "https://ubuntu.com/security/CVE-2026-4437", "cve_description": "Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C Library version 2.34 to version 2.43 could, with a crafted response from the configured DNS server, result in a violation of the DNS specification that causes the application to treat a non-answer section of the DNS response as a valid answer.", "cve_priority": "medium", "cve_public_date": "2026-03-20 20:16:00 UTC" }, { "cve": "CVE-2026-4438", "url": "https://ubuntu.com/security/CVE-2026-4438", "cve_description": "Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C library version 2.34 to version 2.43 could result in an invalid DNS hostname being returned to the caller in violation of the DNS specification.", "cve_priority": "medium", "cve_public_date": "2026-03-20 20:16:00 UTC" }, { "cve": "CVE-2026-4437", "url": "https://ubuntu.com/security/CVE-2026-4437", "cve_description": "Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C Library version 2.34 to version 2.43 could, with a crafted response from the configured DNS server, result in a violation of the DNS specification that causes the application to treat a non-answer section of the DNS response as a valid answer.", "cve_priority": "medium", "cve_public_date": "2026-03-20 20:16:00 UTC" }, { "cve": "CVE-2026-4438", "url": "https://ubuntu.com/security/CVE-2026-4438", "cve_description": "Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C library version 2.34 to version 2.43 could result in an invalid DNS hostname being returned to the caller in violation of the DNS specification.", "cve_priority": "medium", "cve_public_date": "2026-03-20 20:16:00 UTC" } ], "launchpad_bugs_fixed": [ 2145679 ], "changes": [ { "cves": [ { "cve": "CVE-2026-4437", "url": "https://ubuntu.com/security/CVE-2026-4437", "cve_description": "Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C Library version 2.34 to version 2.43 could, with a crafted response from the configured DNS server, result in a violation of the DNS specification that causes the application to treat a non-answer section of the DNS response as a valid answer.", "cve_priority": "medium", "cve_public_date": "2026-03-20 20:16:00 UTC" }, { "cve": "CVE-2026-4438", "url": "https://ubuntu.com/security/CVE-2026-4438", "cve_description": "Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C library version 2.34 to version 2.43 could result in an invalid DNS hostname being returned to the caller in violation of the DNS specification.", "cve_priority": "medium", "cve_public_date": "2026-03-20 20:16:00 UTC" } ], "log": [ "", " * Merge from Debian experimental", " Delta dropped:", " - Fix broken ldconfig, static-pie binary on riscv64 (LP #2142067)", " - build: use date --rfc-email for Rust coreutils compat (LP #2122100)", " * Delta added:", " - fix ftbfs: backport conditional OPEN_TREE_* ifndef (LP: #2145679)", " - Revert \"debian/rules.d/build.mk: add a makefile function to filter out", " dpkg build flags incompatible with glibc and define CFLAGS from dpkg", " build flags. Closes: #1129746.\"", " * import git-updates", " - nss: Introduce dedicated struct nss_database_for_fork type", " - Linux: In getlogin_r, use utmp fallback only for specific errors", " - nss: Missing checks in __nss_configure_lookup, __nss_database_get (bug 28940)", " - debug: Fix build with --enable-fortify-source=1 (BZ 33904)", " - Add BZ 33904 entry to NEWS", " - malloc: Avoid accessing /sys/kernel/mm files", " - tests: aarch64: fix makefile dependencies for dlopen tests for BTI", " - aarch64: Lock GCS status at startup", " - aarch64: Tests for locking GCS", " - posix: Run tst-wordexp-reuse-mem test", " - resolv: Count records correctly (CVE-2026-4437)", " - resolv: Check hostname for validity (CVE-2026-4438)", " - elf: parse /proc/self/maps as the last resort to find the gap for tst-link-map-contiguous-ldso", " - elf: Use dl-symbol-redir-ifunc.h instead _dl_strlen", " - riscv: Resolve calls to memcpy using memcpy-generic in early startup", " - tests: fix tst-rseq with Linux 7.0", "" ], "package": "glibc", "version": "2.43-2ubuntu2", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2145679 ], "author": "Simon Poirier ", "date": "Tue, 31 Mar 2026 16:35:10 -0400" }, { "cves": [ { "cve": "CVE-2026-4437", "url": "https://ubuntu.com/security/CVE-2026-4437", "cve_description": "Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C Library version 2.34 to version 2.43 could, with a crafted response from the configured DNS server, result in a violation of the DNS specification that causes the application to treat a non-answer section of the DNS response as a valid answer.", "cve_priority": "medium", "cve_public_date": "2026-03-20 20:16:00 UTC" }, { "cve": "CVE-2026-4438", "url": "https://ubuntu.com/security/CVE-2026-4438", "cve_description": "Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C library version 2.34 to version 2.43 could result in an invalid DNS hostname being returned to the caller in violation of the DNS specification.", "cve_priority": "medium", "cve_public_date": "2026-03-20 20:16:00 UTC" } ], "log": [ "", " [ Samuel Thibault ]", " * debian/patches/hurd-i386/git-mach_send_eintr.diff: Fix assertion failure", " on eintr during message send.", " * debian/patches/hurd-i386/git-itimer-lock.diff: Fix setitimer mutex", " inversion.", " * debian/patches/hurd-i386/git-posix-timers.diff: Set _POSIX_TIMERS to", " 200809L. Closes: #1128631.", " * debian/patches/hurd-i386/sig-alarm.diff: Fix it_interval in setitimer, thus", " alarm too, on hurd-amd64.", " * debian/patches/hurd-i386/git-libio-mtsafe.diff: Fix mt-safeness of libio.", " * debian/patches/hurd-i386/git-cancel-sig.diff: Complete fix.", " * debian/patches/hurd-i386/git-timedrwlock-unlock.diff: Fix race between", " timedrd/wrlock and unlock.", " * debian/patches/hurd-i386/git-sigtimedwait-timeout.diff: Fix cleaning on", " sigtimedwait timing out.", " * debian/testsuite-xfail-debian.mk: Update for 2.44.", "", " [ Aurelien Jarno ]", " * debian/sysdeps/mips*.mk: rename extra passes to matche the dpkg", " architecture name.", " * debian/rules.d/build.mk: add a makefile function that queries the dpkg", " build flags for the current pass.", " * debian/rules.d/build.mk: enable stack protection depending on", " -fstack-protector* flags returned by dpkg-buildflags.", " * debian/rules.d/build.mk: add a makefile function to filter out dpkg build", " flags incompatible with glibc and define CFLAGS from dpkg build flags.", " Closes: #1129746.", " * debian/control.in/{libc,i386}: downgrade the libdpkg-dev break to the", " trixie version now that bug#1122107 got fixed in trixie. Also apply it to", " amd64 and x32, as they are also using symbol versions used as ABI flag.", " Limit the break to libc6, multilib packages will get the break", " transitively through the strict depends.", " * debian/symbols.wildcards: adjust ABI flags version, we need to match the", " first version where the flag got introduced, not the first version where", " the fix got introduced.", " * debian/patches/git-updates.diff: update from upstream stable branch:", " - Fix a null pointer dereference in the nss_database_check_reload_and_get", " function.", " - Fix invalid pointer arithmetic in ANSI_X3.110 iconv module", " - Fix a typo preventing new tst-wordexp-reuse-mem to run", " - Fix incorrect handling of DNS responses in gethostbyaddr and", " gethostbyaddr_r (CVE-2026-4437). Closes: #1131435.", " - Fix invalid DNS hostnames returned by gethostbyaddr and", " gethostbyaddr_r (CVE-2026-4438). Closes: #1131887.", "" ], "package": "glibc", "version": "2.42-14", "urgency": "medium", "distributions": "unstable", "launchpad_bugs_fixed": [], "author": "Aurelien Jarno ", "date": "Fri, 27 Mar 2026 22:08:16 +0100" } ], "notes": null, "is_version_downgrade": false }, { "name": "libpam-systemd", "from_version": { "source_package_name": "systemd", "source_package_version": "259.5-0ubuntu2", "version": "259.5-0ubuntu2" }, "to_version": { "source_package_name": "systemd", "source_package_version": "259.5-0ubuntu3", "version": "259.5-0ubuntu3" }, "cves": [], "launchpad_bugs_fixed": [ 2148202 ], "changes": [ { "cves": [], "log": [ "", " * Drop needs-internet restriction and fix test failures masked by this (LP: #2148202)", " - d/t/upstream: use mkosi from the archive to drop needs-internet", " - d/t/control: add Depends: libcrypt-dev for upstream test", " - test: do not use nanoseconds width specifier in date command", "" ], "package": "systemd", "version": "259.5-0ubuntu3", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2148202 ], "author": "Nick Rosbrook ", "date": "Wed, 15 Apr 2026 14:32:53 -0400" } ], "notes": null, "is_version_downgrade": false }, { "name": "libsystemd-shared", "from_version": { "source_package_name": "systemd", "source_package_version": "259.5-0ubuntu2", "version": "259.5-0ubuntu2" }, "to_version": { "source_package_name": "systemd", "source_package_version": "259.5-0ubuntu3", "version": "259.5-0ubuntu3" }, "cves": [], "launchpad_bugs_fixed": [ 2148202 ], "changes": [ { "cves": [], "log": [ "", " * Drop needs-internet restriction and fix test failures masked by this (LP: #2148202)", " - d/t/upstream: use mkosi from the archive to drop needs-internet", " - d/t/control: add Depends: libcrypt-dev for upstream test", " - test: do not use nanoseconds width specifier in date command", "" ], "package": "systemd", "version": "259.5-0ubuntu3", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2148202 ], "author": "Nick Rosbrook ", "date": "Wed, 15 Apr 2026 14:32:53 -0400" } ], "notes": null, "is_version_downgrade": false }, { "name": "libsystemd0", "from_version": { "source_package_name": "systemd", "source_package_version": "259.5-0ubuntu2", "version": "259.5-0ubuntu2" }, "to_version": { "source_package_name": "systemd", "source_package_version": "259.5-0ubuntu3", "version": "259.5-0ubuntu3" }, "cves": [], "launchpad_bugs_fixed": [ 2148202 ], "changes": [ { "cves": [], "log": [ "", " * Drop needs-internet restriction and fix test failures masked by this (LP: #2148202)", " - d/t/upstream: use mkosi from the archive to drop needs-internet", " - d/t/control: add Depends: libcrypt-dev for upstream test", " - test: do not use nanoseconds width specifier in date command", "" ], "package": "systemd", "version": "259.5-0ubuntu3", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2148202 ], "author": "Nick Rosbrook ", "date": "Wed, 15 Apr 2026 14:32:53 -0400" } ], "notes": null, "is_version_downgrade": false }, { "name": "libudev1", "from_version": { "source_package_name": "systemd", "source_package_version": "259.5-0ubuntu2", "version": "259.5-0ubuntu2" }, "to_version": { "source_package_name": "systemd", "source_package_version": "259.5-0ubuntu3", "version": "259.5-0ubuntu3" }, "cves": [], "launchpad_bugs_fixed": [ 2148202 ], "changes": [ { "cves": [], "log": [ "", " * Drop needs-internet restriction and fix test failures masked by this (LP: #2148202)", " - d/t/upstream: use mkosi from the archive to drop needs-internet", " - d/t/control: add Depends: libcrypt-dev for upstream test", " - test: do not use nanoseconds width specifier in date command", "" ], "package": "systemd", "version": "259.5-0ubuntu3", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2148202 ], "author": "Nick Rosbrook ", "date": "Wed, 15 Apr 2026 14:32:53 -0400" } ], "notes": null, "is_version_downgrade": false }, { "name": "linux-image-virtual", "from_version": { "source_package_name": "linux-meta", "source_package_version": "7.0.0-13.13", "version": "7.0.0-13.13" }, "to_version": { "source_package_name": "linux-meta", "source_package_version": "7.0.0-14.14", "version": "7.0.0-14.14" }, "cves": [], "launchpad_bugs_fixed": [], "changes": [ { "cves": [], "log": [ "", " * Main version: 7.0.0-14.14", "" ], "package": "linux-meta", "version": "7.0.0-14.14", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [], "author": "Paolo Pisati ", "date": "Mon, 13 Apr 2026 10:12:46 +0200" } ], "notes": null, "is_version_downgrade": false }, { "name": "python-apt-common", "from_version": { "source_package_name": "python-apt", "source_package_version": "3.1.0build1", "version": "3.1.0build1" }, "to_version": { "source_package_name": "python-apt", "source_package_version": "3.1.0ubuntu1", "version": "3.1.0ubuntu1" }, "cves": [], "launchpad_bugs_fixed": [ 2148657 ], "changes": [ { "cves": [], "log": [ "", " * Refresh mirror lists (LP: #2148657)", "" ], "package": "python-apt", "version": "3.1.0ubuntu1", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2148657 ], "author": "Oliver Reiche ", "date": "Wed, 15 Apr 2026 11:45:55 +0200" } ], "notes": null, "is_version_downgrade": false }, { "name": "python3-apt", "from_version": { "source_package_name": "python-apt", "source_package_version": "3.1.0build1", "version": "3.1.0build1" }, "to_version": { "source_package_name": "python-apt", "source_package_version": "3.1.0ubuntu1", "version": "3.1.0ubuntu1" }, "cves": [], "launchpad_bugs_fixed": [ 2148657 ], "changes": [ { "cves": [], "log": [ "", " * Refresh mirror lists (LP: #2148657)", "" ], "package": "python-apt", "version": "3.1.0ubuntu1", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2148657 ], "author": "Oliver Reiche ", "date": "Wed, 15 Apr 2026 11:45:55 +0200" } ], "notes": null, "is_version_downgrade": false }, { "name": "python3-distupgrade", "from_version": { "source_package_name": "ubuntu-release-upgrader", "source_package_version": "1:26.04.14", "version": "1:26.04.14" }, "to_version": { "source_package_name": "ubuntu-release-upgrader", "source_package_version": "1:26.04.16", "version": "1:26.04.16" }, "cves": [], "launchpad_bugs_fixed": [ 2148475 ], "changes": [ { "cves": [], "log": [ "", " [ Oliver Reiche ]", " * deb2snap: update for resolute release", "", " [ Nick Rosbrook ]", " * Run pre-build.sh: updatte mirrors", "" ], "package": "ubuntu-release-upgrader", "version": "1:26.04.16", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [], "author": "Oliver Reiche ", "date": "Thu, 16 Apr 2026 13:50:19 -0400" }, { "cves": [], "log": [ "", " * DistUpgradeQuirks: On Pi installations, force the installation of dracut", " to prevent over-filling smaller boot partitions (LP: #2148475)", "" ], "package": "ubuntu-release-upgrader", "version": "1:26.04.15", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2148475 ], "author": "Dave Jones ", "date": "Wed, 15 Apr 2026 15:23:54 +0100" } ], "notes": null, "is_version_downgrade": false }, { "name": "python3-update-manager", "from_version": { "source_package_name": "update-manager", "source_package_version": "1:26.04.4", "version": "1:26.04.4" }, "to_version": { "source_package_name": "update-manager", "source_package_version": "1:26.04.5", "version": "1:26.04.5" }, "cves": [], "launchpad_bugs_fixed": [ 2140764 ], "changes": [ { "cves": [], "log": [ "", " [ Florent 'Skia' Jacquet ]", " * Adjust dates in hwe-support-status for resolute.", "", " [ Nathan Pratta Teodosio ]", " * Selectable (i.e. copiable) error messages (LP: #2140764)", "" ], "package": "update-manager", "version": "1:26.04.5", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2140764 ], "author": "Florent 'Skia' Jacquet ", "date": "Thu, 16 Apr 2026 15:25:57 +0200" } ], "notes": null, "is_version_downgrade": false }, { "name": "rust-coreutils", "from_version": { "source_package_name": "rust-coreutils", "source_package_version": "0.7.0-0ubuntu1", "version": "0.7.0-0ubuntu1" }, "to_version": { "source_package_name": "rust-coreutils", "source_package_version": "0.8.0-0ubuntu3", "version": "0.8.0-0ubuntu3" }, "cves": [], "launchpad_bugs_fixed": [ 2147425 ], "changes": [ { "cves": [], "log": [ "", " * d/p/fix-incomplete-locale-bundles.patch: Fix an error where messages did", " not fallback to embedded locales correctly if utility-specific locales", " were missing. This lead to tests failing that expected translated", " messages but received the raw Fluent key instead.", "" ], "package": "rust-coreutils", "version": "0.8.0-0ubuntu3", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [], "author": "Simon Johnsson ", "date": "Thu, 16 Apr 2026 14:41:19 +0200" }, { "cves": [], "log": [ "", " * d/p/tee-fix-input-with-sleep.patch: Fix an error where tee prematurely", " exits causing a SIGPIPE/EPIPE. This happened when the first read() returns", " fewer than 8 KiB, causing the upstream process in a pipeline to receive", " SIGPIPE/EPIPE and fail.", "" ], "package": "rust-coreutils", "version": "0.8.0-0ubuntu2", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [], "author": "Simon Johnsson ", "date": "Wed, 15 Apr 2026 11:21:14 +0200" }, { "cves": [], "log": [ "", " * New upstream version (LP: #2147425)", " * Drop patch:", " - use-u32-for-ppc64le.patch: Added upstream.", " * Refresh patches:", " - Tweak-release-build-profile.patch", " - build-stty.patch", " - dd-ensure-full-writes.patch", " - glibc-2.42.patch", " - require-utilities-to-be-invoked-using-matching-path.patch", " - use-l10n-translations-in-makefile.patch", " - workspace-exclude.patch", " * Add patches:", " - fix-locale-path.patch: Use a specific known directory for locale", " lookup. This also installs locales in /usr/share/coreutils/locales", " instead of /usr/share/locales/.", "" ], "package": "rust-coreutils", "version": "0.8.0-0ubuntu1", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2147425 ], "author": "Simon Johnsson ", "date": "Tue, 07 Apr 2026 12:34:13 +0200" } ], "notes": null, "is_version_downgrade": false }, { "name": "snapd", "from_version": { "source_package_name": "snapd", "source_package_version": "2.74.1+ubuntu26.04.3", "version": "2.74.1+ubuntu26.04.3" }, "to_version": { "source_package_name": "snapd", "source_package_version": "2.74.1+ubuntu26.04.4", "version": "2.74.1+ubuntu26.04.4" }, "cves": [], "launchpad_bugs_fixed": [ 2138629, 2147645 ], "changes": [ { "cves": [], "log": [ "", " * New upstream release, LP: #2138629", " - LP: #2147645 FDE: secboot fixes", "" ], "package": "snapd", "version": "2.74.1+ubuntu26.04.4", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2138629, 2147645 ], "author": "Ernest Lotter ", "date": "Thu, 14 Apr 2026 09:30:00 +0200" } ], "notes": null, "is_version_downgrade": false }, { "name": "squashfs-tools", "from_version": { "source_package_name": "squashfs-tools", "source_package_version": "1:4.7.4-1ubuntu1", "version": "1:4.7.4-1ubuntu1" }, "to_version": { "source_package_name": "squashfs-tools", "source_package_version": "1:4.7.5-1", "version": "1:4.7.5-1" }, "cves": [], "launchpad_bugs_fixed": [ 2143762 ], "changes": [ { "cves": [], "log": [ "", " * Backport \"mksquashfs: don't create duplicate virtual -> real disk", " mappings\" which causes corrupt squashfs files to be built when building", " Ubuntu Studio (LP: #2143762)", "" ], "package": "squashfs-tools", "version": "1:4.7.4-1ubuntu1", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2143762 ], "author": "Michael Hudson-Doyle ", "date": "Thu, 12 Mar 2026 17:36:38 +1300" } ], "notes": null, "is_version_downgrade": true }, { "name": "systemd", "from_version": { "source_package_name": "systemd", "source_package_version": "259.5-0ubuntu2", "version": "259.5-0ubuntu2" }, "to_version": { "source_package_name": "systemd", "source_package_version": "259.5-0ubuntu3", "version": "259.5-0ubuntu3" }, "cves": [], "launchpad_bugs_fixed": [ 2148202 ], "changes": [ { "cves": [], "log": [ "", " * Drop needs-internet restriction and fix test failures masked by this (LP: #2148202)", " - d/t/upstream: use mkosi from the archive to drop needs-internet", " - d/t/control: add Depends: libcrypt-dev for upstream test", " - test: do not use nanoseconds width specifier in date command", "" ], "package": "systemd", "version": "259.5-0ubuntu3", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2148202 ], "author": "Nick Rosbrook ", "date": "Wed, 15 Apr 2026 14:32:53 -0400" } ], "notes": null, "is_version_downgrade": false }, { "name": "systemd-resolved", "from_version": { "source_package_name": "systemd", "source_package_version": "259.5-0ubuntu2", "version": "259.5-0ubuntu2" }, "to_version": { "source_package_name": "systemd", "source_package_version": "259.5-0ubuntu3", "version": "259.5-0ubuntu3" }, "cves": [], "launchpad_bugs_fixed": [ 2148202 ], "changes": [ { "cves": [], "log": [ "", " * Drop needs-internet restriction and fix test failures masked by this (LP: #2148202)", " - d/t/upstream: use mkosi from the archive to drop needs-internet", " - d/t/control: add Depends: libcrypt-dev for upstream test", " - test: do not use nanoseconds width specifier in date command", "" ], "package": "systemd", "version": "259.5-0ubuntu3", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2148202 ], "author": "Nick Rosbrook ", "date": "Wed, 15 Apr 2026 14:32:53 -0400" } ], "notes": null, "is_version_downgrade": false }, { "name": "systemd-sysv", "from_version": { "source_package_name": "systemd", "source_package_version": "259.5-0ubuntu2", "version": "259.5-0ubuntu2" }, "to_version": { "source_package_name": "systemd", "source_package_version": "259.5-0ubuntu3", "version": "259.5-0ubuntu3" }, "cves": [], "launchpad_bugs_fixed": [ 2148202 ], "changes": [ { "cves": [], "log": [ "", " * Drop needs-internet restriction and fix test failures masked by this (LP: #2148202)", " - d/t/upstream: use mkosi from the archive to drop needs-internet", " - d/t/control: add Depends: libcrypt-dev for upstream test", " - test: do not use nanoseconds width specifier in date command", "" ], "package": "systemd", "version": "259.5-0ubuntu3", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2148202 ], "author": "Nick Rosbrook ", "date": "Wed, 15 Apr 2026 14:32:53 -0400" } ], "notes": null, "is_version_downgrade": false }, { "name": "ubuntu-release-upgrader-core", "from_version": { "source_package_name": "ubuntu-release-upgrader", "source_package_version": "1:26.04.14", "version": "1:26.04.14" }, "to_version": { "source_package_name": "ubuntu-release-upgrader", "source_package_version": "1:26.04.16", "version": "1:26.04.16" }, "cves": [], "launchpad_bugs_fixed": [ 2148475 ], "changes": [ { "cves": [], "log": [ "", " [ Oliver Reiche ]", " * deb2snap: update for resolute release", "", " [ Nick Rosbrook ]", " * Run pre-build.sh: updatte mirrors", "" ], "package": "ubuntu-release-upgrader", "version": "1:26.04.16", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [], "author": "Oliver Reiche ", "date": "Thu, 16 Apr 2026 13:50:19 -0400" }, { "cves": [], "log": [ "", " * DistUpgradeQuirks: On Pi installations, force the installation of dracut", " to prevent over-filling smaller boot partitions (LP: #2148475)", "" ], "package": "ubuntu-release-upgrader", "version": "1:26.04.15", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2148475 ], "author": "Dave Jones ", "date": "Wed, 15 Apr 2026 15:23:54 +0100" } ], "notes": null, "is_version_downgrade": false }, { "name": "udev", "from_version": { "source_package_name": "systemd", "source_package_version": "259.5-0ubuntu2", "version": "259.5-0ubuntu2" }, "to_version": { "source_package_name": "systemd", "source_package_version": "259.5-0ubuntu3", "version": "259.5-0ubuntu3" }, "cves": [], "launchpad_bugs_fixed": [ 2148202 ], "changes": [ { "cves": [], "log": [ "", " * Drop needs-internet restriction and fix test failures masked by this (LP: #2148202)", " - d/t/upstream: use mkosi from the archive to drop needs-internet", " - d/t/control: add Depends: libcrypt-dev for upstream test", " - test: do not use nanoseconds width specifier in date command", "" ], "package": "systemd", "version": "259.5-0ubuntu3", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2148202 ], "author": "Nick Rosbrook ", "date": "Wed, 15 Apr 2026 14:32:53 -0400" } ], "notes": null, "is_version_downgrade": false } ], "snap": [] }, "added": { "deb": [ { "name": "linux-image-7.0.0-14-generic", "from_version": { "source_package_name": "linux-signed", "source_package_version": "7.0.0-13.13", "version": null }, "to_version": { "source_package_name": "linux-signed", "source_package_version": "7.0.0-14.14", "version": "7.0.0-14.14" }, "cves": [], "launchpad_bugs_fixed": [ 1786013 ], "changes": [ { "cves": [], "log": [ "", " * Main version: 7.0.0-14.14", "", " * Packaging resync (LP: #1786013)", " - [Packaging] debian/tracking-bug -- resync from main package", "", " * Miscellaneous Ubuntu changes", " - [Packaging] removing \"-fde\" suffixes from packaging", "" ], "package": "linux-signed", "version": "7.0.0-14.14", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 1786013 ], "author": "Paolo Pisati ", "date": "Mon, 13 Apr 2026 10:14:24 +0200" } ], "notes": "linux-image-7.0.0-14-generic version '7.0.0-14.14' (source package linux-signed version '7.0.0-14.14') was added. linux-image-7.0.0-14-generic version '7.0.0-14.14' has the same source package name, linux-signed, as removed package linux-image-7.0.0-13-generic. As such we can use the source package version of the removed package, '7.0.0-13.13', as the starting point in our changelog diff. Kernel packages are an example of where the binary package name changes for the same source package. Using the removed package source package version as our starting point means we can still get meaningful changelog diffs even for what appears to be a new package.", "is_version_downgrade": false }, { "name": "linux-main-modules-zfs-7.0.0-14-generic", "from_version": { "source_package_name": "linux-main-signed", "source_package_version": "7.0.0-13.13", "version": null }, "to_version": { "source_package_name": "linux-main-signed", "source_package_version": "7.0.0-14.14+3", "version": "7.0.0-14.14+3" }, "cves": [], "launchpad_bugs_fixed": [ 1786013, 1786013, 1786013 ], "changes": [ { "cves": [], "log": [ "", "", " * Miscellaneous upstream changes", " - Revert \"lmm: Add synthetic dependency for LMM package, to stop early", " promotion\"", "" ], "package": "linux-main-signed", "version": "7.0.0-14.14+3", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [], "author": "Timo Aaltonen ", "date": "Tue, 14 Apr 2026 13:38:00 +0300" }, { "cves": [], "log": [ "", "", " * Packaging resync (LP: #1786013)", " - [Packaging] debian/dkms-versions -- update from kernel-versions", " (main/d2026.04.13)", "" ], "package": "linux-main-signed", "version": "7.0.0-14.14+2", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 1786013 ], "author": "Timo Aaltonen ", "date": "Tue, 14 Apr 2026 09:23:27 +0300" }, { "cves": [], "log": [ "", "", " * Packaging resync (LP: #1786013)", " - [Packaging] debian/dkms-versions -- update from kernel-versions", " (main/d2026.04.13)", "" ], "package": "linux-main-signed", "version": "7.0.0-14.14+1", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 1786013 ], "author": "Timo Aaltonen ", "date": "Mon, 13 Apr 2026 20:03:08 +0300" }, { "cves": [], "log": [ "", " * Main version: 7.0.0-14.14", "", " * Packaging resync (LP: #1786013)", " - [Packaging] debian/tracking-bug -- resync from main package", "", " * Miscellaneous upstream changes", " - Cleanup d/package.config from LRM config options", " - lmm: cleanup and add copyright notice", " - lmm: Fix an issue for the in-series copy phase", " - lmm: Make off_series the default mechanism", " - lmm: Allow skipping specific DKMS for specific flavours at build time", " - lmm: move final artifacts from /ubuntu to /kernel", " - lmm: Fix DKMS build for chroot environments", " - lmm: Add synthetic dependency for LMM package, to stop early promotion", "" ], "package": "linux-main-signed", "version": "7.0.0-14.14", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 1786013 ], "author": "Paolo Pisati ", "date": "Mon, 13 Apr 2026 11:36:59 +0200" } ], "notes": "linux-main-modules-zfs-7.0.0-14-generic version '7.0.0-14.14+3' (source package linux-main-signed version '7.0.0-14.14+3') was added. linux-main-modules-zfs-7.0.0-14-generic version '7.0.0-14.14+3' has the same source package name, linux-main-signed, as removed package linux-main-modules-zfs-7.0.0-13-generic. As such we can use the source package version of the removed package, '7.0.0-13.13', as the starting point in our changelog diff. Kernel packages are an example of where the binary package name changes for the same source package. Using the removed package source package version as our starting point means we can still get meaningful changelog diffs even for what appears to be a new package.", "is_version_downgrade": false }, { "name": "linux-modules-7.0.0-14-generic", "from_version": { "source_package_name": "linux", "source_package_version": "7.0.0-13.13", "version": null }, "to_version": { "source_package_name": "linux", "source_package_version": "7.0.0-14.14", "version": "7.0.0-14.14" }, "cves": [], "launchpad_bugs_fixed": [ 2148159, 2138841, 2147533, 2137448, 2139572, 2139656, 2145164, 2143879, 2144537 ], "changes": [ { "cves": [], "log": [ "", " * resolute/linux: 7.0.0-14.14 -proposed tracker (LP: #2148159)", "", " * support vflip/hflip for Sony IMX471 camera sensor (LP: #2138841)", " - SAUCE: media: ipu-bridge: add TBE20A0 ACPI id for Sony IMX471", "", " * AA: disable SECURITY_APPARMOR_PACKET_MEDIATION_ENABLED (LP: #2147533)", " - [Config] disable SECURITY_APPARMOR_PACKET_MEDIATION_ENABLED", "", " * System doesn't response with mt76 call trace (LP: #2137448)", " - wifi: mt76: mt792x: Fix a potential deadlock in high-load situations", "", " * The second tbt storage plugged on the dock will not be recognized", " (LP: #2139572)", " - SAUCE: thunderbolt: Fix PCIe device enumeration with delayed rescan", "", " * dma-buf filesystem flags fix (LP: #2139656)", " - SAUCE: dma-buf: set SB_I_NOEXEC and SB_I_NODEV on dmabuf filesystem", "", " * Bluetooth device (MT7925) not detected on USB bus with linux-oem-6.17", " (LP: #2145164)", " - SAUCE: USB: hub: call ACPI _PRR reset during port power-cycle on", " enumeration failure", "", " * drm/i915/lnl+/tc: Fix false disconnect of active DP-alt TC port during", " long HPD pulse (LP: #2143879)", " - SAUCE: drm/i915/lnl+/tc: Fix false disconnect of active DP-alt TC port", " during long HPD pulse", "", " * i915 WARN_ON call trace during CB/WB on MTL/ARL platforms (LP: #2144537)", " - SAUCE: drm/i915/xelpdp/tc: Convert TCSS power check WARN to a debug", " message", "", " * Miscellaneous Ubuntu changes", " - [Packaging] Add support for per-flavour depends", " - [Packaging] Don't hard-code lmm zfs dependency", " - [Config] updateconfigs following v7.0 release", "" ], "package": "linux", "version": "7.0.0-14.14", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2148159, 2138841, 2147533, 2137448, 2139572, 2139656, 2145164, 2143879, 2144537 ], "author": "Paolo Pisati ", "date": "Mon, 13 Apr 2026 10:12:22 +0200" } ], "notes": "linux-modules-7.0.0-14-generic version '7.0.0-14.14' (source package linux version '7.0.0-14.14') was added. linux-modules-7.0.0-14-generic version '7.0.0-14.14' has the same source package name, linux, as removed package linux-modules-7.0.0-13-generic. As such we can use the source package version of the removed package, '7.0.0-13.13', as the starting point in our changelog diff. Kernel packages are an example of where the binary package name changes for the same source package. Using the removed package source package version as our starting point means we can still get meaningful changelog diffs even for what appears to be a new package.", "is_version_downgrade": false } ], "snap": [] }, "removed": { "deb": [ { "name": "linux-image-7.0.0-13-generic", "from_version": { "source_package_name": "linux-signed", "source_package_version": "7.0.0-13.13", "version": "7.0.0-13.13" }, "to_version": { "source_package_name": null, "source_package_version": null, "version": null }, "cves": [], "launchpad_bugs_fixed": [], "changes": [], "notes": null, "is_version_downgrade": false }, { "name": "linux-main-modules-zfs-7.0.0-13-generic", "from_version": { "source_package_name": "linux-main-signed", "source_package_version": "7.0.0-13.13", "version": "7.0.0-13.13" }, "to_version": { "source_package_name": null, "source_package_version": null, "version": null }, "cves": [], "launchpad_bugs_fixed": [], "changes": [], "notes": null, "is_version_downgrade": false }, { "name": "linux-modules-7.0.0-13-generic", "from_version": { "source_package_name": "linux", "source_package_version": "7.0.0-13.13", "version": "7.0.0-13.13" }, "to_version": { "source_package_name": null, "source_package_version": null, "version": null }, "cves": [], "launchpad_bugs_fixed": [], "changes": [], "notes": null, "is_version_downgrade": false } ], "snap": [] }, "notes": "Changelog diff for Ubuntu 26.04 resolute image from daily image serial 20260415 to 20260420", "from_series": "resolute", "to_series": "resolute", "from_serial": "20260415", "to_serial": "20260420", "from_manifest_filename": "daily_manifest.previous", "to_manifest_filename": "manifest.current" }