File: //proc/thread-self/root/proc/self/root/proc/self/root/snap/core24/current/usr/share/doc/ChangeLog
07/01/2026, commit https://github.com/canonical/core-base/tree/877c452311fe667019aaa475aae73b3e283b8f7b
[ Changes in the core24 snap ]
No detected changes for the core24 snap
[ Changes in primed packages ]
dhcpcd-base (built from dhcpcd) updated from 1:10.0.6-1ubuntu3.1 to 1:10.0.6-1ubuntu3.2:
dhcpcd (1:10.0.6-1ubuntu3.2) noble; urgency=medium
* Fix intermittent dumplease failures when parsing stdin (LP: #2131252)
- d/p/lp2131252-0-Force-dumplease-to-parse-stdin.patch
- d/p/lp2131252-1-Improve-and-document-prior.patch
-- Bryan Fraschetti <bryan.fraschetti@canonical.com> Thu, 13 Nov 2025 12:47:30 -0500
libglib2.0-0t64:amd64 (built from glib2.0) updated from 2.80.0-6ubuntu3.5 to 2.80.0-6ubuntu3.6:
glib2.0 (2.80.0-6ubuntu3.6) noble-security; urgency=medium
* SECURITY UPDATE: overflow via long invalid ISO 8601 timestamp
- debian/patches/CVE-2025-3360-1.patch: fix integer overflow when
parsing very long ISO8601 inputs in glib/gdatetime.c.
- debian/patches/CVE-2025-3360-2.patch: fix potential integer overflow
in timezone offset handling in glib/gdatetime.c.
- debian/patches/CVE-2025-3360-3.patch: track timezone length as an
unsigned size_t in glib/gdatetime.c.
- debian/patches/CVE-2025-3360-4.patch: factor out some string pointer
arithmetic in glib/gdatetime.c.
- debian/patches/CVE-2025-3360-5.patch: factor out an undersized
variable in glib/gdatetime.c.
- debian/patches/CVE-2025-3360-6.patch: add some missing GDateTime
ISO8601 parsing tests in glib/tests/gdatetime.c.
- CVE-2025-3360
* SECURITY UPDATE: GString overflow
- debian/patches/CVE-2025-6052.patch: fix overflow check when expanding
the string in glib/gstring.c.
- CVE-2025-6052
* SECURITY UPDATE: integer overflow in temp file creation
- debian/patches/CVE-2025-7039.patch: fix computation of temporary file
name in glib/gfileutils.c.
- CVE-2025-7039
* SECURITY UPDATE: heap overflow in g_escape_uri_string()
- debian/patches/CVE-2025-13601.patch: add overflow check in
glib/gconvert.c.
- CVE-2025-13601
* SECURITY UPDATE: buffer underflow through glib/gvariant
- debian/patches/CVE-2025-14087-1.patch: fix potential integer overflow
parsing (byte)strings in glib/gvariant-parser.c.
- debian/patches/CVE-2025-14087-2.patch: use size_t to count numbers of
child elements in glib/gvariant-parser.c.
- debian/patches/CVE-2025-14087-3.patch: convert error handling code to
use size_t in glib/gvariant-parser.c.
- CVE-2025-14087
* SECURITY UPDATE: integer overflow in gfileattribute
- debian/patches/gfileattribute-overflow.patch: add overflow check in
gio/gfileattribute.c.
- No CVE number
-- Marc Deslauriers <marc.deslauriers@ubuntu.com> Wed, 10 Dec 2025 10:51:22 -0500
libpng16-16t64:amd64 (built from libpng1.6) updated from 1.6.43-5build1 to 1.6.43-5ubuntu0.1:
libpng1.6 (1.6.43-5ubuntu0.1) noble-security; urgency=medium
* SECURITY UPDATE: buffer overflow issue
- debian/patches/CVE-2025-64505.patch: Fix a buffer overflow in
png_do_quantize
- debian/patches/CVE-2025-64506.patch: Fix a heap buffer overflow in
png_write_image_8bit
- debian/patches/CVE-2025-64720.patch: Fix a buffer overflow in
png_init_read_transformations
- debian/patches/CVE-2025-65018.patch: Fix a heap buffer overflow in
png_image_finish_read
- CVE-2025-64505
- CVE-2025-64506
- CVE-2025-64720
- CVE-2025-65018
-- Nishit Majithia <nishit.majithia@canonical.com> Tue, 09 Dec 2025 17:36:48 +0530
python3-urllib3 (built from python-urllib3) updated from 2.0.7-1ubuntu0.2 to 2.0.7-1ubuntu0.3:
python-urllib3 (2.0.7-1ubuntu0.3) noble-security; urgency=medium
* SECURITY UPDATE: Denial of service due to unbounded decompression chain.
- debian/patches/CVE-2025-66418.patch: Add max_decode_links limit and
checks in src/urllib3/response.py. Add test in test/test_response.py.
- CVE-2025-66418
* SECURITY UPDATE: Denial of service due to decompression bomb.
- debian/patches/CVE-2025-66471.patch: Fix decompression bomb in
src/urllib3/response.py. Add tests in test/test_response.py.
- debian/patches/CVE-2025-66471-post1.patch: Remove brotli version warning
due to intrusive backport for brotli fixes and upstream version warning
not being appropriate for distro backporting.
- CVE-2025-66471
-- Hlib Korzhynskyy <hlib.korzhynskyy@canonical.com> Wed, 10 Dec 2025 15:56:11 -0330
libpam-systemd:amd64, libsystemd-shared:amd64, libsystemd0:amd64, libudev1:amd64, systemd, systemd-coredump, systemd-dev, systemd-resolved, systemd-sysv, systemd-timesyncd, udev (built from systemd) updated from 255.4-1ubuntu8.11 to 255.4-1ubuntu8.12:
systemd (255.4-1ubuntu8.12) noble; urgency=medium
* basic: validate timezones in get_timezones() (LP: #2125405)
* ukify: fix insertion of padding in merged sections (LP: #2132666)
* core: downgrade a log message from warning to debug (LP: #2130554)
* test: skip testcase_multipath_basic_failover.
This test has been failing on Ubuntu infrastructure for a long time.
Leaving this alone at the moment allows other failures to potentially go
unnoticed, because the migration reference baseline has been reset to
fail. Skip the test to try and reset the baseline to pass.
* d/gbp.conf: stop using wrap_cl.py
-- Nick Rosbrook <enr0n@ubuntu.com> Tue, 25 Nov 2025 13:16:31 -0500
bsdutils, fdisk, libblkid1:amd64, libfdisk1:amd64, libmount1:amd64, libsmartcols1:amd64, libuuid1:amd64, mount, rfkill, util-linux (built from util-linux) updated from 1:2.39.3-9ubuntu6.3 to 1:2.39.3-9ubuntu6.4:
10/12/2025, commit https://github.com/canonical/core-base/tree/877c452311fe667019aaa475aae73b3e283b8f7b
[ Changes in the core24 snap ]
Alfonso Sánchez-Beato (1):
static: do not scan loop and mmc boot partitions
Philip Meulengracht (3):
tmpfiles.d: ignore snaps private tmp folder when cleaning /tmp
hooks: switch to ubuntu-advantage (#382)
static: add snapd.conf from the snapd debian, remove the other one (#384)
[ Changes in primed packages ]
apparmor, libapparmor1:amd64 (built from apparmor) updated from 4.0.1really4.0.1-0ubuntu0.24.04.4 to 4.0.1really4.0.1-0ubuntu0.24.04.5:
apparmor (4.0.1really4.0.1-0ubuntu0.24.04.5) noble; urgency=medium
* profiles: make /sys/devices PCI paths hex-aware (LP: #2115234)
-- Keifer Snedeker <keifer.snedeker@canonical.com> Fri, 15 Aug 2025 13:16:02 +0100
libglib2.0-0t64:amd64 (built from glib2.0) updated from 2.80.0-6ubuntu3.4 to 2.80.0-6ubuntu3.5:
glib2.0 (2.80.0-6ubuntu3.5) noble; urgency=medium
* debian: Update VCS references to ubuntu/noble branch
* debian/patches: Fix a crash on arg0 matching.
This is causing a crash in tracker if the battery charging state changes
while tracker is indexing files, as tracker-extract-3 will try to emit
property changes with a NULL arg0. (LP: #2119581)
-- Marco Trevisan (Treviño) <marco@ubuntu.com> Tue, 04 Nov 2025 16:05:02 +0100
libdrm-common, libdrm2:amd64 (built from libdrm) updated from 2.4.122-1~ubuntu0.24.04.1 to 2.4.122-1~ubuntu0.24.04.2:
libdrm (2.4.122-1~ubuntu0.24.04.2) noble; urgency=medium
* patches: Identify APUs from hardware (LP: #2127944)
-- Timo Aaltonen <tjaalton@debian.org> Fri, 24 Oct 2025 17:48:33 +0300
libnetplan1:amd64, netplan-generator, netplan.io, python3-netplan (built from netplan.io) updated from 1.1.2-2~ubuntu24.04.2 to 1.1.2-8ubuntu1~24.04.1:
netplan.io (1.1.2-8ubuntu1~24.04.1) noble; urgency=medium
* Backport netplan.io 1.1.2-8ubuntu1 (LP: #2127195)
- Allows non standard OVS setups (e.g. OVS from snap)
- Test improvements, especially for slower architectures such as riscv64
- d/t/cloud-init.sh: Adopt for actually generated files instead of dummies
- d/control: use dbus-daemon instead of dbus-x11 for build-time tests and
suggests systemd-resolved
* SRU compatibility
- d/gbp.conf: Update for Noble
- d/libnetplan1.symbols: keep it at the original version
- d/p/series: Keep d/p/sru-compat/* patches
- d/p/series: Drop wait-online-dns* which is incompatible with systemd v255
+ d/control: Keep systemd dependency at v248
-- Lukas Märdian <slyon@ubuntu.com> Tue, 25 Nov 2025 12:45:14 +0100
libpython3-stdlib:amd64, python3, python3-minimal (built from python3-defaults) updated from 3.12.3-0ubuntu2 to 3.12.3-0ubuntu2.1:
python3-defaults (3.12.3-0ubuntu2.1) noble-security; urgency=medium
* No-change rebuild into -security to fix dep issues (LP: #2127093)
-- Marc Deslauriers <marc.deslauriers@ubuntu.com> Wed, 12 Nov 2025 07:15:44 -0500
libpython3.12-minimal:amd64, libpython3.12-stdlib:amd64, python3.12, python3.12-minimal (built from python3.12) updated from 3.12.3-1ubuntu0.8 to 3.12.3-1ubuntu0.9:
python3.12 (3.12.3-1ubuntu0.9) noble-security; urgency=medium
* SECURITY UPDATE: Possible payload obfuscation
- debian/patches/CVE-2025-8291.patch: check consistency of
the zip64 end of central dir record in Lib/zipfile.py,
Lib/test/test_zipfile.py.
- CVE-2025-8291
* SECURITY UPDATE: Performance degradation
- debian/patches/CVE-2025-6075.patch: fix quadratic complexity
in os.path.expandvars() in Lib/ntpatch.py, Lib/posixpath.py,
Lib/test/test_genericpatch.py, Lib/test/test_npath.py.
- CVE-2025-6075
-- Leonidas Da Silva Barbosa <leo.barbosa@canonical.com> Thu, 06 Nov 2025 10:44:16 -0300
26/10/2025, commit https://github.com/canonical/core-base/tree/230d59e9c36891b95fbb3a47a8b25563e0b9ae17
[ Changes in the core24 snap ]
Alfonso Sánchez-Beato (1):
hooks: update nvidia driver version
[ Changes in primed packages ]
distro-info-data (built from distro-info-data) updated from 0.60ubuntu0.3 to 0.60ubuntu0.5:
distro-info-data (0.60ubuntu0.5) noble; urgency=medium
* ubuntu.csv: remove eol-legacy field from resolute
This version of distro-info does not know about eol-legacy.
-- Nick Rosbrook <enr0n@ubuntu.com> Fri, 10 Oct 2025 12:02:16 -0400
distro-info-data (0.60ubuntu0.4) noble; urgency=medium
* Add Ubuntu 26.04 LTS "Resolute Raccoon" (LP: #2126961)
* Correct date for forky
* Correct estimation for trixie ELTS EoL to 10 years total support.
* Update the bookworm EoL
-- Florent 'Skia' Jacquet <florent.jacquet@canonical.com> Fri, 10 Oct 2025 11:31:14 +0100
09/10/2025, commit https://github.com/canonical/core-base/tree/3667c3306e20cafd7ee36075b3fb317f05fbec00
[ Changes in the core24 snap ]
No detected changes for the core24 snap
[ Changes in primed packages ]
libpam-systemd:amd64, libsystemd-shared:amd64, libsystemd0:amd64, libudev1:amd64, systemd, systemd-coredump, systemd-dev, systemd-resolved, systemd-sysv, systemd-timesyncd, udev (built from systemd) updated from 255.4-1ubuntu8.10 to 255.4-1ubuntu8.11:
systemd (255.4-1ubuntu8.11) noble; urgency=medium
[ Nick Rosbrook ]
* initramfs-tools: copy hwdb.bin to initramfs (LP: #2112237)
* d/t/tests-in-lxd: drop patching workaround (LP: #2115263)
- d/t/control: add Depends: dnsmasq-base
(Revealed by test progressing past previous failure)
* initramfs-tools: filter out zdev rules in the initramfs hook (LP: #2044104)
Backport the logic from plucky onward, but adjust the version string for
noble.
* test: fall back to SYSLOG_IDENTIFIER= matching in TEST-75-RESOLVED
Partially backport the test fix from 49a954b08654dd06bab71224a2398a65c2555549,
only targeting TEST-75-RESOLVED.
[ Matthew Ruffell ]
* pcrlock: handle measurement logs where hash algs in header.
Fix pcrlock log to function correctly reading the TPM eventlog on hyper-v VMs
(LP: #2115391)
[ Chengen Du ]
* network/dhcp6: consider the DHCPv6 protocol as finished when conflict addresses exist
(LP: #2115418)
[ Mario Limonciello ]
* Drop support for using actual brightness (LP: #2110585)
-- Nick Rosbrook <enr0n@ubuntu.com> Fri, 11 Jul 2025 14:52:59 -0400
wpasupplicant (built from wpa) updated from 2:2.10-21ubuntu0.2 to 2:2.10-21ubuntu0.3:
wpa (2:2.10-21ubuntu0.3) noble; urgency=medium
* Bump DEFAULT_BSS_MAX_COUNT to 1000 (LP: #2117180)
-- Mitchell Augustin <mitchell.augustin@canonical.com> Mon, 21 Jul 2025 18:13:31 -0500
01/10/2025, commit https://github.com/canonical/core-base/tree/3667c3306e20cafd7ee36075b3fb317f05fbec00
[ Changes in the core24 snap ]
No detected changes for the core24 snap
[ Changes in primed packages ]
cloud-init (built from cloud-init) updated from 25.1.4-0ubuntu0~24.04.1 to 25.2-0ubuntu1~24.04.1:
cloud-init (25.2-0ubuntu1~24.04.1) noble; urgency=medium
* add d/p/strip-invalid-mtu.patch
- Provides backwards compatibility for an otherwise invalid
MTU in a netplan config. (GH-6239)
* d/cloud-init.templates:
- Move VMware before OVF. See GH-4030
- Enable CloudCIX by default
* refresh patches:
- d/p/no-single-process.patch
* Upstream snapshot based on 25.2. (LP: #2120495).
List of changes from upstream can be found at
https://raw.githubusercontent.com/canonical/cloud-init/25.2/ChangeLog
-- James Falcon <james.falcon@canonical.com> Tue, 12 Aug 2025 16:19:32 -0500
coreutils (built from coreutils) updated from 9.4-3ubuntu6 to 9.4-3ubuntu6.1:
coreutils (9.4-3ubuntu6.1) noble; urgency=medium
* d/p/suppress-permission-denied-errors-on-nfs.patch:
- Avoid returning permission denied errors when running ls -l when reading
file attributes. (LP: #2115274)
-- Ghadi Elie Rahme <ghadi.rahme@canonical.com> Sun, 22 Jun 2025 16:21:39 +0000
dpkg (built from dpkg) updated from 1.22.6ubuntu6.1 to 1.22.6ubuntu6.5:
dpkg (1.22.6ubuntu6.5) noble-security; urgency=medium
[ Joy Latten ]
* SECURITY UPDATE:
- Fix cleanup for control member with restricted directories. LP: #2122053
- Fixes CVE-2025-6297
-- Serge Hallyn <serge.hallyn@ubuntu.com> Thu, 18 Sep 2025 12:43:59 -0500
dpkg (1.22.6ubuntu6.2) noble; urgency=medium
[ Zixing Liu ]
* Add RUSTFLAGS to define frame pointers for Rust toolchain (LP: #2082636).
* Replaces mainline version number 1.22.6ubuntu12 with 1.22.6ubuntu6.2 in
the documentation to avoid confusion with backported version.
[ Benjamin Drung ]
* buildflags: document RUSTFLAGS
* buildflags: Always set RUSTFLAGS
-- Zixing Liu <zixing.liu@canonical.com> Thu, 26 Sep 2024 13:14:01 -0600
libc-bin, libc6:amd64, libc6:i386 (built from glibc) updated from 2.39-0ubuntu8.5 to 2.39-0ubuntu8.6:
glibc (2.39-0ubuntu8.6) noble-security; urgency=medium
* SECURITY UPDATE: double-free in regcomp function
- debian/patches/any/CVE-2025-8058.patch: fix double-free after
allocation failure in regcomp in posix/Makefile, posix/regcomp.c,
posix/tst-regcomp-bracket-free.c.
- CVE-2025-8058
-- Marc Deslauriers <marc.deslauriers@ubuntu.com> Wed, 17 Sep 2025 10:55:42 -0400
openssh-client, openssh-server, openssh-sftp-server (built from openssh) updated from 1:9.6p1-3ubuntu13.13 to 1:9.6p1-3ubuntu13.14:
openssh (1:9.6p1-3ubuntu13.14) noble; urgency=medium
* d/p/systemd-socket-activation.patch: allow AF_VSOCK sockets (LP: #2111226)
-- Nick Rosbrook <enr0n@ubuntu.com> Tue, 26 Aug 2025 09:49:17 -0400
libssl3t64:amd64, openssl (built from openssl) updated from 3.0.13-0ubuntu3.5 to 3.0.13-0ubuntu3.6:
openssl (3.0.13-0ubuntu3.6) noble-security; urgency=medium
* SECURITY UPDATE: Out-of-bounds read & write in RFC 3211 KEK Unwrap
- debian/patches/CVE-2025-9230.patch: fix incorrect check of unwrapped
key size in crypto/cms/cms_pwri.c.
- CVE-2025-9230
-- Marc Deslauriers <marc.deslauriers@ubuntu.com> Thu, 18 Sep 2025 07:12:48 -0400
libpam-modules-bin, libpam-modules:amd64, libpam-runtime, libpam0g:amd64 (built from pam) updated from 1.5.3-5ubuntu5.4 to 1.5.3-5ubuntu5.5:
pam (1.5.3-5ubuntu5.5) noble-security; urgency=medium
* SECURITY UPDATE: pam_access hostname confusion
- debian/patches/CVE-2024-10963.patch: add "nodns" option to disallow
resolving of tokens as hostname in
modules/pam_access/access.conf.5.xml,
modules/pam_access/pam_access.8.xml,
modules/pam_access/pam_access.c.
- CVE-2024-10963
-- Marc Deslauriers <marc.deslauriers@ubuntu.com> Mon, 15 Sep 2025 08:37:15 -0400
libsqlite3-0:amd64 (built from sqlite3) updated from 3.45.1-1ubuntu2.4 to 3.45.1-1ubuntu2.5:
sqlite3 (3.45.1-1ubuntu2.5) noble-security; urgency=medium
* SECURITY UPDATE: integer overflow in FTS5 extension
- debian/patches/CVE-2025-7709.patch: optimize allocation of large
tombstone arrays in fts5 in ext/fts5/fts5_index.c.
- CVE-2025-7709
-- Marc Deslauriers <marc.deslauriers@ubuntu.com> Thu, 11 Sep 2025 14:06:42 -0400
vim-common, vim-tiny (built from vim) updated from 2:9.1.0016-1ubuntu7.8 to 2:9.1.0016-1ubuntu7.9:
vim (2:9.1.0016-1ubuntu7.9) noble-security; urgency=medium
* SECURITY UPDATE: Path traversal when opening specially crafted tar/zip
archives.
- debian/patches/CVE-2025-53905.patch: remove leading slashes from name,
replace tar_secure with g:tar_secure in runtime/autoload/tar.vim.
- debian/patches/CVE-2025-53906.patch: Add need_rename, replace w! with w,
call warning for path traversal attack, and escape leading "../" in
runtime/autoload/zip.vim.
- CVE-2025-53905
- CVE-2025-53906
-- Hlib Korzhynskyy <hlib.korzhynskyy@canonical.com> Fri, 05 Sep 2025 17:14:46 -0230
29/08/2025, commit https://github.com/canonical/core-base/tree/3667c3306e20cafd7ee36075b3fb317f05fbec00
[ Changes in the core24 snap ]
Alfonso Sánchez-Beato (4):
.github/workflows/release-manual.yaml: remove scheduled builds
get-version.sh: filter by _$branch suffix when looking at tags
hooks/001-extra-packages.chroot: add back libtirpc3t64
snapcraft.yaml: move to 24.04.3 base
Valentin David (2):
spread.yaml: Sync google-nested-arm with snapd
static: copy udev disk rules from core-initrd
[ Changes in primed packages ]
base-files (built from base-files) updated from 13ubuntu10.2 to 13ubuntu10.3:
base-files (13ubuntu10.3) noble; urgency=medium
* /etc/issue{,.net}, /etc/{lsb,os}-release: bump version to 24.04.3
(LP: #2119314)
-- Ural Tunaboyu <ural.tunaboyu@canonical.com> Fri, 01 Aug 2025 07:21:11 -0700
cloud-init (built from cloud-init) updated from 25.1.2-0ubuntu0~24.04.1 to 25.1.4-0ubuntu0~24.04.1:
cloud-init (25.1.4-0ubuntu0~24.04.1) noble-security; urgency=medium
* Upstream snapshot based on 25.1.4.
List of changes from upstream can be found at
https://raw.githubusercontent.com/canonical/cloud-init/25.1.4/ChangeLog
- Bugs fixed in this snapshot:
+ fix: disable cloud-init when non-x86 environments have no DMI-data
and no strict datasources detected (LP: #2069607) (CVE-2024-6174)
-- Chad Smith <chad.smith@canonical.com> Tue, 24 Jun 2025 15:14:03 -0600
cloud-init (25.1.3-0ubuntu0~24.04.1) noble-security; urgency=medium
* d/cloud-init-base.postinst: move existing hotplug-cmd fifo to root-only
share dir (CVE-2024-11584)
* Upstream security bugfix release based on 25.1.3.
List of changes from upstream can be found at
https://raw.githubusercontent.com/canonical/cloud-init/25.1.3/ChangeLog
- Bugs fixed in this snapshot:
- security: make hotplug socket only writable by root (LP: #2114229)
(CVE-2024-11584)
- security: make ds-identify behavior strict datasource discovery on
non-x86 platforms without DMI data (LP: #2069607) (CVE-2024-6174)
-- Chad Smith <chad.smith@canonical.com> Thu, 12 Jun 2025 20:24:45 -0600
iproute2 (built from iproute2) updated from 6.1.0-1ubuntu6 to 6.1.0-1ubuntu6.2:
iproute2 (6.1.0-1ubuntu6.2) noble; urgency=medium
* Do not use stdout to print info about default fan map usage (LP: #2115790)
- d/p/1003-ubuntu-poc-fan-dynamic-map.patch
-- Stefan Bader <stefan.bader@canonical.com> Thu, 10 Jul 2025 16:46:54 +0200
iproute2 (6.1.0-1ubuntu6.1) noble; urgency=medium
* Expose IFLA_VXLAN_FAN_MAP version via sysctl/proc (LP: #2106115)
- d/p/1003-ubuntu-poc-fan-dynamic-map.patch
-- Stefan Bader <stefan.bader@canonical.com> Thu, 26 Jun 2025 16:35:31 +0200
libpython3.12-minimal:amd64, libpython3.12-stdlib:amd64, python3.12, python3.12-minimal (built from python3.12) updated from 3.12.3-1ubuntu0.7 to 3.12.3-1ubuntu0.8:
python3.12 (3.12.3-1ubuntu0.8) noble-security; urgency=medium
* SECURITY UPDATE: Regular expression denial of service.
- debian/patches/CVE-2025-6069.patch: Improve regex parsing in
Lib/html/parser.py.
- CVE-2025-6069
* SECURITY UPDATE: Infinite loop when parsing tar archives.
- debian/patches/CVE-2025-8194.patch: Raise exception when count < 0 in
Lib/tarfile.py.
- CVE-2025-8194
-- Hlib Korzhynskyy <hlib.korzhynskyy@canonical.com> Thu, 14 Aug 2025 15:17:21 -0230
29/07/2025, commit https://github.com/canonical/core-base/tree/e164b892c0535598c3712caa2ecdea0667dfdfc7
[ Changes in the core24 snap ]
Alfonso Sánchez-Beato (11):
snapcraft.yaml: set version from date tag if present
.github/workflows/release.yaml: add release job
.github/workflows/release.yaml: run rebuild base job each day
.github/workflows/tests.yaml: fix runners filtering
.github/workflows/release.yaml: fix typo
static/secureboot-db.service: check mode by looking at modeenv
static: check mode by looking at modeenv in several services
tests: prepare for installation from initramfs
.github/workflows: we do not need spread-arm anymore
.github/workflows: add manual release job, remove old release one
.github/workflows/release-manual: fix typo
Philip Meulengracht (1):
tools: aggregate old changelogs
[ Changes in primed packages ]
libc-bin, libc6:amd64, libc6:i386 (built from glibc) updated from 2.39-0ubuntu8.4 to 2.39-0ubuntu8.5:
glibc (2.39-0ubuntu8.5) noble-security; urgency=medium
* SECURITY UPDATE: insecure power10 strcmp implementation
- debian/patches/any/CVE-2025-5702.patch: remove power10 optimized
strcmp.
- CVE-2025-5702
* Moved other security patches to debian/patches/any.
-- Marc Deslauriers <marc.deslauriers@ubuntu.com> Wed, 09 Jul 2025 12:47:47 -0400
gpgv (built from gnupg2) updated from 2.4.4-2ubuntu17.2 to 2.4.4-2ubuntu17.3:
gnupg2 (2.4.4-2ubuntu17.3) noble-security; urgency=medium
* debian/patches/fix-key-validity-regression-due-to-CVE-2025-
30258.patch:
- Fix a key validity regression following patches for CVE-2025-30258,
causing trusted "certify-only" primary keys to be ignored when checking
signature on user IDs and computing key validity. This regression makes
imported keys signed by a trusted "certify-only" key have an unknown
validity (LP: #2114775).
-- dcpi <dcpi@u22vm> Thu, 26 Jun 2025 13:17:22 +0000
gnutls-bin, libgnutls-dane0t64:amd64, libgnutls30t64:amd64 (built from gnutls28) updated from 3.8.3-1.1ubuntu3.3 to 3.8.3-1.1ubuntu3.4:
gnutls28 (3.8.3-1.1ubuntu3.4) noble-security; urgency=medium
* SECURITY UPDATE: double-free via otherName in the SAN
- debian/patches/CVE-2025-32988.patch: avoid double free when exporting
othernames in SAN in lib/x509/extensions.c.
- CVE-2025-32988
* SECURITY UPDATE: OOB read via malformed length field in SCT extension
- debian/patches/CVE-2025-32989.patch: fix read buffer overrun in SCT
timestamps in lib/x509/x509_ext.c.
- CVE-2025-32989
* SECURITY UPDATE: heap write overflow in certtool via invalid template
- debian/patches/CVE-2025-32990.patch: avoid 1-byte write buffer
overrun when parsing template in src/certtool-cfg.c,
tests/cert-tests/Makefile.am, tests/cert-tests/template-test.sh,
tests/cert-tests/templates/template-too-many-othernames.tmpl.
- CVE-2025-32990
* SECURITY UPDATE: NULL deref via missing PSK in TLS 1.3 handshake
- debian/patches/CVE-2025-6395.patch: clear HSK_PSK_SELECTED when
resetting binders in lib/handshake.c, lib/state.c, tests/Makefile.am,
tests/tls13/hello_retry_request_psk.c.
- CVE-2025-6395
-- Marc Deslauriers <marc.deslauriers@ubuntu.com> Fri, 11 Jul 2025 08:58:05 -0400
gzip (built from gzip) updated from 1.12-1ubuntu3 to 1.12-1ubuntu3.1:
gzip (1.12-1ubuntu3.1) noble; urgency=medium
* d/p/0001-maint-fix-s390-buffer-flushes.patch: align the behavior of
dfltcc_inflate to do the same as gzip_inflate when it hits a premature EOF
(LP: #2083700)
-- Andreas Hasenack <andreas@canonical.com> Mon, 27 Jan 2025 13:56:44 -0300
iputils-ping (built from iputils) updated from 3:20240117-1build1 to 3:20240117-1ubuntu0.1:
iputils (3:20240117-1ubuntu0.1) noble-security; urgency=medium
* SECURITY UPDATE: DoS via crafted ICMP Echo Reply packet
- debian/patches/CVE-2025-47268: fix signed 64-bit integer overflow in
RTT calculation in iputils_common.h, ping/ping_common.c.
- debian/patches/CVE-2025-48964.patch: fix moving average rtt
calculation in iputils_common.h, ping/ping.h, ping/ping_common.c.
- CVE-2025-47268
- CVE-2025-48964
-- Marc Deslauriers <marc.deslauriers@ubuntu.com> Thu, 24 Jul 2025 07:51:16 -0400
libpciaccess0:amd64 (built from libpciaccess) updated from 0.17-3build1 to 0.17-3ubuntu0.24.04.2:
libpciaccess (0.17-3ubuntu0.24.04.2) noble; urgency=medium
* Revert to 0.17-3build1 since the previous update appears to cause
inability to log in to the desktop on some systems (LP: #2115574)
-- Jeremy Bícha <jbicha@ubuntu.com> Mon, 30 Jun 2025 11:55:17 -0400
libpciaccess (0.17-3ubuntu0.24.04.1) noble; urgency=medium
* AMD platform A + N config selected wrong primary GPU in Xorg (LP: #2111684)
d/p/0001-linux_sysfs-Identify-boot_vga-by-acpi-companion-hid.patch
-- Kai-Chuan Hsieh <kaichuan.hsieh@canonical.com> Tue, 03 Jun 2025 17:23:44 +0800
libnetplan1:amd64, netplan-generator, netplan.io, python3-netplan (built from netplan.io) updated from 1.1.2-2~ubuntu24.04.1 to 1.1.2-2~ubuntu24.04.2:
netplan.io (1.1.2-2~ubuntu24.04.2) noble; urgency=medium
* Add integration tests for `netplan try`
- d/p/lp2083029/0007-tests-integration-netplan-try.patch
* Fix networkd file permissions during `netplan try` restore (LP: #2083029)
- d/p/lp2083029/0008-cli-ConfigManager-must-copy-file-ownership.patch
* Prevent netplan-generate from running during `netplan try` (LP: #2083029)
- d/p/lp2083029/0009-generate-Don-t-run-during-netplan-try.patch
-- Wesley Hershberger <wesley.hershberger@canonical.com> Thu, 17 Apr 2025 10:46:08 -0500
openssh-client, openssh-server, openssh-sftp-server (built from openssh) updated from 1:9.6p1-3ubuntu13.12 to 1:9.6p1-3ubuntu13.13:
openssh (1:9.6p1-3ubuntu13.13) noble; urgency=medium
* Explicitly listen on IPv4 by default, with socket-activated sshd
(LP: #2080216)
- d/systemd/ssh.socket: explicitly listen on ipv4 by default
- d/t/sshd-socket-generator: update for new defaults and AddressFamily
- sshd-socket-generator: handle new ssh.socket default settings
-- Nick Rosbrook <enr0n@ubuntu.com> Mon, 09 Jun 2025 13:22:39 -0400
python3-urllib3 (built from python-urllib3) updated from 2.0.7-1ubuntu0.1 to 2.0.7-1ubuntu0.2:
python-urllib3 (2.0.7-1ubuntu0.2) noble-security; urgency=medium
* SECURITY UPDATE: Information disclosure through improperly disabled
redirects.
- debian/patches/CVE-2025-50181.patch: Add "retries" check and set retries
to Retry.from_int(retries, redirect=False) as well as set
raise_on_redirect in ./src/urllib3/poolmanager.py.
- CVE-2025-50181
-- Hlib Korzhynskyy <hlib.korzhynskyy@canonical.com> Mon, 23 Jun 2025 16:34:35 -0230
libpython3.12-minimal:amd64, libpython3.12-stdlib:amd64, python3.12, python3.12-minimal (built from python3.12) updated from 3.12.3-1ubuntu0.6 to 3.12.3-1ubuntu0.7:
python3.12 (3.12.3-1ubuntu0.7) noble-security; urgency=medium
* SECURITY UPDATE: Arbitrary filesystem and metadata write through improper
tar filtering.
- debian/patches/CVE-202x-12718-4138-4x3x-4517.patch: Add ALLOW_MISSING in
./Lib/genericpath.py, ./Lib/ntpath.py, ./Lib/posixpath.py. Change filter
to handle errors in ./Lib/ntpath.py, ./Lib/posixpath.py. Add checks and
unfiltered to ./Lib/tarfile.py. Modify tests.
- CVE-2024-12718
- CVE-2025-4138
- CVE-2025-4330
- CVE-2025-4435
- CVE-2025-4517
-- Hlib Korzhynskyy <hlib.korzhynskyy@canonical.com> Wed, 18 Jun 2025 15:29:45 -0230
libsqlite3-0:amd64 (built from sqlite3) updated from 3.45.1-1ubuntu2.3 to 3.45.1-1ubuntu2.4:
sqlite3 (3.45.1-1ubuntu2.4) noble-security; urgency=medium
* SECURITY UPDATE: Memory corruption via number of aggregate terms
- debian/patches/CVE-2025-6965.patch: raise an error right away if the
number of aggregate terms in a query exceeds the maximum number of
columns in src/expr.c, src/sqliteInt.h.
- CVE-2025-6965
-- Marc Deslauriers <marc.deslauriers@ubuntu.com> Fri, 18 Jul 2025 10:56:16 -0400
sudo (built from sudo) updated from 1.9.15p5-3ubuntu5 to 1.9.15p5-3ubuntu5.24.04.1:
sudo (1.9.15p5-3ubuntu5.24.04.1) noble-security; urgency=medium
* SECURITY UPDATE: Local Privilege Escalation via host option
- debian/patches/CVE-2025-32462.patch: only allow specifying a host
when listing privileges.
- CVE-2025-32462
* SECURITY UPDATE: Local Privilege Escalation via chroot option
- debian/patches/CVE-2025-32463.patch: remove user-selected root
directory chroot option.
- CVE-2025-32463
-- Marc Deslauriers <marc.deslauriers@ubuntu.com> Wed, 25 Jun 2025 08:42:53 -0400
libpam-systemd:amd64, libsystemd-shared:amd64, libsystemd0:amd64, libudev1:amd64, systemd, systemd-coredump, systemd-dev, systemd-resolved, systemd-sysv, systemd-timesyncd, udev (built from systemd) updated from 255.4-1ubuntu8.8 to 255.4-1ubuntu8.10:
systemd (255.4-1ubuntu8.10) noble; urgency=medium
* Fix regression in networkctl caused by previous upload:
A regression was introduced due to an incorrect manager reference being passed to
manager_get_route_table_to_string() within route_append_json(), resulting in an
error when executing the `networkctl --json=pretty` command.
> networkctl --json=pretty
Failed to get description: Message recipient disconnected from message bus without replying
-- Chengen Du <chengen.du@canonical.com> Wed, 02 Jul 2025 10:04:32 -0400
systemd (255.4-1ubuntu8.9) noble; urgency=medium
* Preserve IPv6 configurations when `KeepConfiguration=dhcp-on-stop` is set
(LP: #2098183)
- d/p/lp2098183/0001-network-use-json_variant_append_arrayb.patch
- d/p/lp2098183/0002-json-add-new-dispatch-flag-JSON_ALLOW_EXTENSIONS.patch
- d/p/lp2098183/0003-json-add-macro-for-automatically-defining-a-dispatch.patch
- d/p/lp2098183/0004-json-introduce-json_dispatch_byte_array_iovec-and-js.patch
- d/p/lp2098183/0005-json-introduce-json_dispatch_int8-and-json_dispatch_.patch
- d/p/lp2098183/0006-json-extend-JsonDispatch-flags-with-nullable-and-ref.patch
- d/p/lp2098183/0007-json-util-generalize-json_dispatch_ifindex.patch
- d/p/lp2098183/0008-daemon-util-expose-notify_push_fd.patch
- d/p/lp2098183/0009-network-json-add-missing-entries-for-route-propertie.patch
- d/p/lp2098183/0010-network-introduce-network_config_source_from_string.patch
- d/p/lp2098183/0011-network-expose-log_route_debug-and-log_address_debug.patch
- d/p/lp2098183/0012-network-introduce-manager_serialize-deserialize.patch
- d/p/lp2098183/0013-network-keep-all-dynamically-acquired-configurations.patch
-- Chengen Du <chengen.du@canonical.com> Mon, 09 Jun 2025 13:44:06 -0400
bsdutils, fdisk, libblkid1:amd64, libfdisk1:amd64, libmount1:amd64, libsmartcols1:amd64, libuuid1:amd64, mount, rfkill, util-linux (built from util-linux) updated from 1:2.39.3-9ubuntu6.2 to 1:2.39.3-9ubuntu6.3:
18/06/2025, commit https://git.launchpad.net/snap-core24/tree/f9ca904d1e47c062780620e0060063d8a54646dd
[ Changes in the core24 snap ]
Alfonso Sánchez-Beato (1):
.github,tests: do not rebuild base for each test
[ Changes in primed packages ]
libapt-pkg6.0t64:amd64 (built from apt) updated from 2.7.14build2 to 2.8.3:
apt (2.8.3) noble; urgency=medium
* Revert increased key size requirements from 2.8.0-2.8.2 (LP: #2073126)
- Revert "Only install 00-temporary-rsa1024 for >=2.7.6 and improve comment"
- Revert "Only warn about <rsa2048 when upgrading from 2.7.x to 2.8.x"
- Revert rsa1024 to warnings again
This leaves the mechanisms in place and no longer warns about NIST curves.
* Fix keeping back removals of obsolete packages; and return an error if
ResolveByKeep() is unsuccessful (LP: #2078720)
* Fix buffer overflow, stack overflow, exponential complexity in
apt-ftparchive Contents generation (LP: #2083697)
- ftparchive: Mystrdup: Add safety check and bump buffer size
- ftparchive: contents: Avoid exponential complexity and overflows
- test framework: Improve valgrind support
- test: Check that apt-ftparchive handles deep paths
- Workaround valgrind "invalid read" in ExtractTar::Go by moving large
buffer from stack to heap. The large buffer triggered some bugs in
valgrind stack clash protection handling.
-- Julian Andres Klode <juliank@ubuntu.com> Tue, 22 Oct 2024 15:02:22 +0200
apt (2.8.2) noble; urgency=medium
* Only install 00-temporary-rsa1024 for >=2.7.6 and improve comment
(follow-up for LP: #2073126)
-- Julian Andres Klode <juliank@ubuntu.com> Tue, 13 Aug 2024 16:47:13 +0200
apt (2.8.1) noble; urgency=medium
* Only revoke weak RSA keys for now, add 'next' and 'future' levels
(backported from 2.9.7)
Note that the changes to warn about keys not matching the future level
in the --audit level are not fully included, as the --audit feature
has not yet been backported. (LP: #2073126)
* Introduce further mitigation on upgrades from 2.7.x to allow these
systems to continue using rsa1024 repositories with warnings
until the 24.04.2 point release (LP: #2073126)
-- Julian Andres Klode <juliank@ubuntu.com> Tue, 30 Jul 2024 17:12:00 +0900
apt (2.8.0) noble; urgency=medium
[ Julian Andres Klode ]
* Revert "Temporarily downgrade key assertions to "soon worthless""
We temporarily downgraded the errors to warnings to give the
launchpad PPAs time to be fixed, but warnings are not safe:
Untrusted keys could be hiding on your system, but just not
used at the moment. Hence revert this so we get the errors we
want. (LP: #2060721)
* Branch off the stable 2.8.y branch for noble:
- CI: Test in ubuntu:noble images for 2.8.y
- debian/gbp.conf: Point at the 2.8.y branch
[ David Kalnischkies ]
* Test suite fixes:
- Avoid subshell hiding failure report from testfilestats
- Ignore umask of leftover diff_Index in failed pdiff test
* Documentation translation fixes:
- Fix and unfuzzy previous VCG/Graphviz URI change
-- Julian Andres Klode <juliank@ubuntu.com> Tue, 16 Apr 2024 16:59:14 +0200
cloud-init (built from cloud-init) updated from 24.4.1-0ubuntu0~24.04.3 to 25.1.2-0ubuntu0~24.04.1:
cloud-init (25.1.2-0ubuntu0~24.04.1) noble; urgency=medium
* Upstream snapshot based on 25.1.2. (LP: #2104165).
List of changes from upstream can be found at
https://raw.githubusercontent.com/canonical/cloud-init/25.1.2/ChangeLog
-- James Falcon <james.falcon@canonical.com> Mon, 19 May 2025 15:00:58 -0500
cloud-init (25.1.1-0ubuntu1~24.04.1) noble; urgency=medium
* Drop cpicks which are now upstream:
- cpick-d75840be-fix-retry-AWS-hotplug-for-async-IMDS-5995
- cpick-84806336-chore-Add-feature-flag-for-manual-network-waiting
- d/p/cpick-c60771d8-test-pytestify-test_url_helper.py
- d/p/cpick-8810a2dc-test-Remove-CiTestCase-from-test_url_helper.py
- d/p/cpick-582f16c1-test-add-OauthUrlHelper-tests
- d/p/cpick-9311e066-fix-Update-OauthUrlHelper-to-use-readurl-exception_cb
* refresh patches
- d/p/deprecation-version-boundary.patch
- d/p/grub-dpkg-support.patch
- d/p/no-nocloud-network.patch
- d/p/no-single-process.patch
* sort hunks within all patches (--sort on quilt refresh)
* Upstream snapshot based on 25.1.1.
List of changes from upstream can be found at
https://raw.githubusercontent.com/canonical/cloud-init/25.1.1/ChangeLog
-- Chad Smith <chad.smith@canonical.com> Tue, 25 Mar 2025 11:02:28 -0600
libgssapi-krb5-2:amd64, libk5crypto3:amd64, libkrb5-3:amd64, libkrb5support0:amd64 (built from krb5) updated from 1.20.1-6ubuntu2.5 to 1.20.1-6ubuntu2.6:
krb5 (1.20.1-6ubuntu2.6) noble-security; urgency=medium
* SECURITY UPDATE: Use of weak cryptographic hash.
- debian/patches/CVE-2025-3576.patch: Add allow_des3 and allow_rc4 options.
Disallow usage of des3 and rc4 unless allowed in the config. Replace
warn_des3 with warn_deprecated in ./src/lib/krb5/krb/get_in_tkt.c. Add
allow_des3 and allow_rc4 boolean in ./src/include/k5-int.h. Prevent usage
of deprecated enctypes in ./src/kdc/kdc_util.c.
- debian/patches/CVE-2025-3576-post1.patch: Add enctype comparison with
ENCTYPE_AES256_CTS_HMAC_SHA1_96 in ./src/kdc/kdc_util.c.
- CVE-2025-3576
-- Hlib Korzhynskyy <hlib.korzhynskyy@canonical.com> Thu, 15 May 2025 10:09:20 +0200
openssh-client, openssh-server, openssh-sftp-server (built from openssh) updated from 1:9.6p1-3ubuntu13.11 to 1:9.6p1-3ubuntu13.12:
openssh (1:9.6p1-3ubuntu13.12) noble; urgency=medium
* d/p/sshd-socket-generator.patch: add note to sshd_config
Explain that a systemctl daemon-reload is needed for changes
to Port et al to take effect.
(LP: #2069041)
-- Nick Rosbrook <enr0n@ubuntu.com> Tue, 29 Apr 2025 10:57:04 -0400
libpam-modules-bin, libpam-modules:amd64, libpam-runtime, libpam0g:amd64 (built from pam) updated from 1.5.3-5ubuntu5.1 to 1.5.3-5ubuntu5.4:
pam (1.5.3-5ubuntu5.4) noble-security; urgency=medium
* SECURITY UPDATE: privilege escalation via pam_namespace
- debian/patches/pam_namespace_170.patch: sync pam_namespace module to
version 1.7.0.
- debian/patches/pam_namespace_post170-*.patch: add post-1.7.0 changes
from upstream git tree.
- debian/patches/pam_namespace_revert_abi.patch: revert ABI change to
prevent unintended issues in running daemons.
- debian/patches/CVE-2025-6020-1.patch: fix potential privilege
escalation.
- debian/patches/CVE-2025-6020-2.patch: add flags to indicate path
safety.
- debian/patches/CVE-2025-6020-3.patch: secure_opendir: do not look at
the group ownership.
- debian/patches/pam_namespace_o_directory.patch: removed, included in
patch cluster above.
- CVE-2025-6020
-- Marc Deslauriers <marc.deslauriers@ubuntu.com> Thu, 12 Jun 2025 10:45:28 -0400
pam (1.5.3-5ubuntu5.2) noble; urgency=medium
* d/p/031_pam_include: fix loading from /usr/lib/pam.d (LP: #2087827)
-- Simon Chopin <schopin@ubuntu.com> Mon, 26 May 2025 16:34:46 +0200
libpython3.12-minimal:amd64, libpython3.12-stdlib:amd64, python3.12, python3.12-minimal (built from python3.12) updated from 3.12.3-1ubuntu0.5 to 3.12.3-1ubuntu0.6:
python3.12 (3.12.3-1ubuntu0.6) noble-security; urgency=medium
* SECURITY UPDATE: incorrect address list folding
- debian/patches/CVE-2025-1795-2.patch: fix AttributeError in the email
module in Lib/email/_header_value_parser.py,
Lib/test/test_email/test__header_value_parser.py.
- CVE-2025-1795
* SECURITY UPDATE: DoS via bytes.decode with unicode_escape
- debian/patches/CVE-2025-4516.patch: fix use-after-free in the
unicode-escape decoder with an error handler in
Include/cpython/bytesobject.h, Include/cpython/unicodeobject.h,
Lib/test/test_codeccallbacks.py, Lib/test/test_codecs.py,
Objects/bytesobject.c, Objects/unicodeobject.c,
Parser/string_parser.c.
- CVE-2025-4516
-- Marc Deslauriers <marc.deslauriers@ubuntu.com> Mon, 26 May 2025 14:50:19 -0400
python3-requests (built from requests) updated from 2.31.0+dfsg-1ubuntu1 to 2.31.0+dfsg-1ubuntu1.1:
requests (2.31.0+dfsg-1ubuntu1.1) noble-security; urgency=medium
* SECURITY UPDATE: Information Leak
- debian/patches/CVE-2024-47081.patch: Only use hostname to do netrc
lookup instead of netloc
- CVE-2024-47081
* Skip Test
- skip-failing-zip-test.patch: Skip failing zip test
-- Bruce Cable <bruce.cable@canonical.com> Thu, 12 Jun 2025 11:19:32 +1000
python3-pkg-resources (built from setuptools) updated from 68.1.2-2ubuntu1.1 to 68.1.2-2ubuntu1.2:
setuptools (68.1.2-2ubuntu1.2) noble-security; urgency=medium
* SECURITY UPDATE: path traversal vulnerability
- debian/patches/CVE-2025-47273-pre1.patch: Extract
_resolve_download_filename with test.
- debian/patches/CVE-2025-47273.patch: Add a check to ensure the name
resolves relative to the tmpdir.
- CVE-2025-47273
-- Fabian Toepfer <fabian.toepfer@canonical.com> Wed, 28 May 2025 19:00:32 +0200
libpam-systemd:amd64, libsystemd-shared:amd64, libsystemd0:amd64, libudev1:amd64, systemd, systemd-coredump, systemd-dev, systemd-resolved, systemd-sysv, systemd-timesyncd, udev (built from systemd) updated from 255.4-1ubuntu8.6 to 255.4-1ubuntu8.8:
systemd (255.4-1ubuntu8.8) noble-security; urgency=medium
* SECURITY UPDATE: race condition in systemd-coredump
- debian/patches/CVE_2025_4598_1.patch: coredump: get rid of
_META_MANDATORY_MAX.
- debian/patches/CVE_2025_4598_2.patch: coredump: use %d in kernel core
pattern.
- debian/patches/CVE_2025_4598_3.patch: coredump: also stop forwarding
non-dumpable processes.
- debian/patches/CVE_2025_4598_4.patch: coredump: get rid of a bogus
assertion.
- CVE-2025-4598
* this update does not include the changes from 255.4-1ubuntu8.7 as included in noble-proposed
-- Octavio Galland <octavio.galland@canonical.com> Wed, 04 Jun 2025 09:24:15 -0300
tzdata (built from tzdata) updated from 2025b-0ubuntu0.24.04 to 2025b-0ubuntu0.24.04.1:
tzdata (2025b-0ubuntu0.24.04.1) noble; urgency=medium
* Update the ICU timezone data to 2025b (LP: #2107950)
* Add autopkgtest test case for ICU timezone data 2025b
-- Benjamin Drung <bdrung@ubuntu.com> Tue, 22 Apr 2025 12:11:08 +0200