This bug was fixed in the package dotnet10 -
10.0.108-10.0.8-0ubuntu1~26.04.1
---------------
dotnet10 (10.0.108-10.0.8-0ubuntu1~26.04.1) resolute-security; urgency=medium
* SECURITY UPDATE: denial of service
- CVE-2026-42899: Loop with unreachable exit condition ('infinite loop')
in ASP.NET Core allows an unauthorized attacker to deny service over a
network.
[ Mateus Rodrigues de Morais ]
* New upstream release (LP: #2152598)
* d/t/regular-tests/check-test-results: match to any NU1102 error
occurrences when ignoring package not found restore errors.
* d/t/regular-tests/template-test/test.json: increment timeout multiplier to
avoid timeout errors when running on the autopkgtest cloud.
* d/t/regular-tests/tools-in-path/test.json: skip test when running on the
toolchains-ci CI pipeline.
* d/t/run-regular-tests: define environment variable to selectively add the
'toolchains-ci' trait to the test runner.
-- Ian Constantin <[email protected]> Fri, 22 May 2026
17:45:46 +0300
** Changed in: dotnet10 (Ubuntu Resolute)
Status: New => Fix Released
** CVE added: https://cve.org/CVERecord?id=CVE-2026-42899
** Changed in: dotnet10 (Ubuntu Noble)
Status: New => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2152598
Title:
New upstream microrelease .NET 10.0.108/10.0.8
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/dotnet10/+bug/2152598/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
