{ "summary": { "snap": { "added": [], "removed": [], "diff": [] }, "deb": { "added": [], "removed": [], "diff": [ "busybox-initramfs", "busybox-static" ] } }, "diff": { "deb": [ { "name": "busybox-initramfs", "from_version": { "source_package_name": "busybox", "source_package_version": "1:1.30.1-4ubuntu6.4", "version": "1:1.30.1-4ubuntu6.4" }, "to_version": { "source_package_name": "busybox", "source_package_version": "1:1.30.1-4ubuntu6.5", "version": "1:1.30.1-4ubuntu6.5" }, "cves": [ { "cve": "CVE-2022-48174", "url": "https://ubuntu.com/security/CVE-2022-48174", "cve_description": "There is a stack overflow vulnerability in ash.c:6030 in busybox before 1.35. In the environment of Internet of Vehicles, this vulnerability can be executed from command to arbitrary code execution.", "cve_priority": "low", "cve_public_date": "2023-08-22 19:16:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2022-48174", "url": "https://ubuntu.com/security/CVE-2022-48174", "cve_description": "There is a stack overflow vulnerability in ash.c:6030 in busybox before 1.35. In the environment of Internet of Vehicles, this vulnerability can be executed from command to arbitrary code execution.", "cve_priority": "low", "cve_public_date": "2023-08-22 19:16:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: stack overflow in ash", " - debian/patches/CVE-2022-48174.patch: error out on number followed by", " another number or variable name in shell/math.c.", " - CVE-2022-48174", "" ], "package": "busybox", "version": "1:1.30.1-4ubuntu6.5", "urgency": "medium", "distributions": "focal-security", "launchpad_bugs_fixed": [], "author": "Octavio Galland ", "date": "Tue, 13 Aug 2024 10:37:04 -0300" } ], "notes": null }, { "name": "busybox-static", "from_version": { "source_package_name": "busybox", "source_package_version": "1:1.30.1-4ubuntu6.4", "version": "1:1.30.1-4ubuntu6.4" }, "to_version": { "source_package_name": "busybox", "source_package_version": "1:1.30.1-4ubuntu6.5", "version": "1:1.30.1-4ubuntu6.5" }, "cves": [ { "cve": "CVE-2022-48174", "url": "https://ubuntu.com/security/CVE-2022-48174", "cve_description": "There is a stack overflow vulnerability in ash.c:6030 in busybox before 1.35. In the environment of Internet of Vehicles, this vulnerability can be executed from command to arbitrary code execution.", "cve_priority": "low", "cve_public_date": "2023-08-22 19:16:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2022-48174", "url": "https://ubuntu.com/security/CVE-2022-48174", "cve_description": "There is a stack overflow vulnerability in ash.c:6030 in busybox before 1.35. In the environment of Internet of Vehicles, this vulnerability can be executed from command to arbitrary code execution.", "cve_priority": "low", "cve_public_date": "2023-08-22 19:16:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: stack overflow in ash", " - debian/patches/CVE-2022-48174.patch: error out on number followed by", " another number or variable name in shell/math.c.", " - CVE-2022-48174", "" ], "package": "busybox", "version": "1:1.30.1-4ubuntu6.5", "urgency": "medium", "distributions": "focal-security", "launchpad_bugs_fixed": [], "author": "Octavio Galland ", "date": "Tue, 13 Aug 2024 10:37:04 -0300" } ], "notes": null } ], "snap": [] }, "added": { "deb": [], "snap": [] }, "removed": { "deb": [], "snap": [] }, "notes": "Changelog diff for Ubuntu 20.04 focal image from release image serial 20240809 to 20240814", "from_series": "focal", "to_series": "focal", "from_serial": "20240809", "to_serial": "20240814", "from_manifest_filename": "release_manifest.previous", "to_manifest_filename": "manifest.current" }