{
    "summary": {
        "snap": {
            "added": [],
            "removed": [],
            "diff": []
        },
        "deb": {
            "added": [],
            "removed": [],
            "diff": [
                "apport",
                "apport-core-dump-handler",
                "curl",
                "libcurl4t64",
                "python3-apport",
                "python3-problem-report",
                "tzdata"
            ]
        }
    },
    "diff": {
        "deb": [
            {
                "name": "apport",
                "from_version": {
                    "source_package_name": "apport",
                    "source_package_version": "2.28.1-0ubuntu3.8",
                    "version": "2.28.1-0ubuntu3.8"
                },
                "to_version": {
                    "source_package_name": "apport",
                    "source_package_version": "2.28.2-0ubuntu0.1",
                    "version": "2.28.2-0ubuntu0.1"
                },
                "cves": [],
                "launchpad_bugs_fixed": [
                    2081708
                ],
                "changes": [
                    {
                        "cves": [],
                        "log": [
                            "",
                            "  * New upstream bug-fix release. Changes not in previous upload:",
                            "    - setup.py: remove the shebang mangling code",
                            "    - apt_dpkg: fix finding source for `/lib/x86_64-linux-gnu/libc.so.6`",
                            "    - apt_dpkg: Map mirror to correct URL for the architecture",
                            "    - problem_report: use an iterator in CompressedValue.__len__ to keep",
                            "      the memory footprint small (LP: #2081708)",
                            "    - parse_segv.py: ignore registers with unavailable values (like pl3_ssp)",
                            "  * Drop all patches applied upstream",
                            "  * Switch to git repository from git-ubuntu",
                            "  * autopkgtest: run system UI tests separately",
                            "  * autopkgtest: split tests that need Internet access",
                            ""
                        ],
                        "package": "apport",
                        "version": "2.28.2-0ubuntu0.1",
                        "urgency": "medium",
                        "distributions": "noble",
                        "launchpad_bugs_fixed": [
                            2081708
                        ],
                        "author": "Benjamin Drung <bdrung@ubuntu.com>",
                        "date": "Tue, 28 Apr 2026 19:12:59 +0200"
                    }
                ],
                "notes": null,
                "is_version_downgrade": false
            },
            {
                "name": "apport-core-dump-handler",
                "from_version": {
                    "source_package_name": "apport",
                    "source_package_version": "2.28.1-0ubuntu3.8",
                    "version": "2.28.1-0ubuntu3.8"
                },
                "to_version": {
                    "source_package_name": "apport",
                    "source_package_version": "2.28.2-0ubuntu0.1",
                    "version": "2.28.2-0ubuntu0.1"
                },
                "cves": [],
                "launchpad_bugs_fixed": [
                    2081708
                ],
                "changes": [
                    {
                        "cves": [],
                        "log": [
                            "",
                            "  * New upstream bug-fix release. Changes not in previous upload:",
                            "    - setup.py: remove the shebang mangling code",
                            "    - apt_dpkg: fix finding source for `/lib/x86_64-linux-gnu/libc.so.6`",
                            "    - apt_dpkg: Map mirror to correct URL for the architecture",
                            "    - problem_report: use an iterator in CompressedValue.__len__ to keep",
                            "      the memory footprint small (LP: #2081708)",
                            "    - parse_segv.py: ignore registers with unavailable values (like pl3_ssp)",
                            "  * Drop all patches applied upstream",
                            "  * Switch to git repository from git-ubuntu",
                            "  * autopkgtest: run system UI tests separately",
                            "  * autopkgtest: split tests that need Internet access",
                            ""
                        ],
                        "package": "apport",
                        "version": "2.28.2-0ubuntu0.1",
                        "urgency": "medium",
                        "distributions": "noble",
                        "launchpad_bugs_fixed": [
                            2081708
                        ],
                        "author": "Benjamin Drung <bdrung@ubuntu.com>",
                        "date": "Tue, 28 Apr 2026 19:12:59 +0200"
                    }
                ],
                "notes": null,
                "is_version_downgrade": false
            },
            {
                "name": "curl",
                "from_version": {
                    "source_package_name": "curl",
                    "source_package_version": "8.5.0-2ubuntu10.10",
                    "version": "8.5.0-2ubuntu10.10"
                },
                "to_version": {
                    "source_package_name": "curl",
                    "source_package_version": "8.5.0-2ubuntu10.11",
                    "version": "8.5.0-2ubuntu10.11"
                },
                "cves": [
                    {
                        "cve": "CVE-2026-10536",
                        "url": "https://ubuntu.com/security/CVE-2026-10536",
                        "cve_description": "A use-after-free vulnerability exists in libcurl when an application configures an HTTP/2 stream-dependency tree via `CURLOPT_STREAM_DEPENDS` or `CURLOPT_STREAM_DEPENDS_E`, subsequently invokes `curl_easy_reset()`, and finally terminates the handle with `curl_easy_cleanup()`. During this final cleanup phase, libcurl attempts to access and modify an internal structure that was already freed during the reset operation.",
                        "cve_priority": "low",
                        "cve_public_date": "2026-07-03 07:16:00 UTC"
                    },
                    {
                        "cve": "CVE-2026-5773",
                        "url": "https://ubuntu.com/security/CVE-2026-5773",
                        "cve_description": "libcurl might in some circumstances reuse the wrong connection for SMB(S) transfers.  libcurl features a pool of recent connections so that subsequent requests can reuse an existing connection to avoid overhead.  When reusing a connection a range of criteria must be met. Due to a logical error in the code, a network transfer operation that was requested by an application could wrongfully reuse an existing SMB connection to the same server that was using a different 'share' than the new subsequent transfer should.  This could in unlucky situations lead to the download of the wrong file or the upload of a file to the wrong place. When this happens, the same credentials are used and the server name is the same.",
                        "cve_priority": "low",
                        "cve_public_date": "2026-05-13 13:01:00 UTC"
                    }
                ],
                "launchpad_bugs_fixed": [],
                "changes": [
                    {
                        "cves": [
                            {
                                "cve": "CVE-2026-10536",
                                "url": "https://ubuntu.com/security/CVE-2026-10536",
                                "cve_description": "A use-after-free vulnerability exists in libcurl when an application configures an HTTP/2 stream-dependency tree via `CURLOPT_STREAM_DEPENDS` or `CURLOPT_STREAM_DEPENDS_E`, subsequently invokes `curl_easy_reset()`, and finally terminates the handle with `curl_easy_cleanup()`. During this final cleanup phase, libcurl attempts to access and modify an internal structure that was already freed during the reset operation.",
                                "cve_priority": "low",
                                "cve_public_date": "2026-07-03 07:16:00 UTC"
                            },
                            {
                                "cve": "CVE-2026-5773",
                                "url": "https://ubuntu.com/security/CVE-2026-5773",
                                "cve_description": "libcurl might in some circumstances reuse the wrong connection for SMB(S) transfers.  libcurl features a pool of recent connections so that subsequent requests can reuse an existing connection to avoid overhead.  When reusing a connection a range of criteria must be met. Due to a logical error in the code, a network transfer operation that was requested by an application could wrongfully reuse an existing SMB connection to the same server that was using a different 'share' than the new subsequent transfer should.  This could in unlucky situations lead to the download of the wrong file or the upload of a file to the wrong place. When this happens, the same credentials are used and the server name is the same.",
                                "cve_priority": "low",
                                "cve_public_date": "2026-05-13 13:01:00 UTC"
                            }
                        ],
                        "log": [
                            "",
                            "  * SECURITY UPDATE: Use after free in curl_easy_reset.",
                            "    - debian/patches/CVE-2026-10536.patch: Deprecate CURLOPT_STREAM_DEPENDS",
                            "      and CURLOPT_STREAM_DEPENDS_E and remove stream dependency tracking in",
                            "      include/curl/curl.h, lib/http2.c, ../setopt.c, ../url.c, and",
                            "      ../urldata.h",
                            "    - CVE-2026-10536",
                            "  * debian/patches/CVE-2026-5773.patch: Fix potential edge cases in fix. Thanks to Siddharth Doshi.",
                            ""
                        ],
                        "package": "curl",
                        "version": "8.5.0-2ubuntu10.11",
                        "urgency": "medium",
                        "distributions": "noble-security",
                        "launchpad_bugs_fixed": [],
                        "author": "Kyle Kernick <kyle.kernick@canonical.com>",
                        "date": "Mon, 06 Jul 2026 11:02:02 -0600"
                    }
                ],
                "notes": null,
                "is_version_downgrade": false
            },
            {
                "name": "libcurl4t64",
                "from_version": {
                    "source_package_name": "curl",
                    "source_package_version": "8.5.0-2ubuntu10.10",
                    "version": "8.5.0-2ubuntu10.10"
                },
                "to_version": {
                    "source_package_name": "curl",
                    "source_package_version": "8.5.0-2ubuntu10.11",
                    "version": "8.5.0-2ubuntu10.11"
                },
                "cves": [
                    {
                        "cve": "CVE-2026-10536",
                        "url": "https://ubuntu.com/security/CVE-2026-10536",
                        "cve_description": "A use-after-free vulnerability exists in libcurl when an application configures an HTTP/2 stream-dependency tree via `CURLOPT_STREAM_DEPENDS` or `CURLOPT_STREAM_DEPENDS_E`, subsequently invokes `curl_easy_reset()`, and finally terminates the handle with `curl_easy_cleanup()`. During this final cleanup phase, libcurl attempts to access and modify an internal structure that was already freed during the reset operation.",
                        "cve_priority": "low",
                        "cve_public_date": "2026-07-03 07:16:00 UTC"
                    },
                    {
                        "cve": "CVE-2026-5773",
                        "url": "https://ubuntu.com/security/CVE-2026-5773",
                        "cve_description": "libcurl might in some circumstances reuse the wrong connection for SMB(S) transfers.  libcurl features a pool of recent connections so that subsequent requests can reuse an existing connection to avoid overhead.  When reusing a connection a range of criteria must be met. Due to a logical error in the code, a network transfer operation that was requested by an application could wrongfully reuse an existing SMB connection to the same server that was using a different 'share' than the new subsequent transfer should.  This could in unlucky situations lead to the download of the wrong file or the upload of a file to the wrong place. When this happens, the same credentials are used and the server name is the same.",
                        "cve_priority": "low",
                        "cve_public_date": "2026-05-13 13:01:00 UTC"
                    }
                ],
                "launchpad_bugs_fixed": [],
                "changes": [
                    {
                        "cves": [
                            {
                                "cve": "CVE-2026-10536",
                                "url": "https://ubuntu.com/security/CVE-2026-10536",
                                "cve_description": "A use-after-free vulnerability exists in libcurl when an application configures an HTTP/2 stream-dependency tree via `CURLOPT_STREAM_DEPENDS` or `CURLOPT_STREAM_DEPENDS_E`, subsequently invokes `curl_easy_reset()`, and finally terminates the handle with `curl_easy_cleanup()`. During this final cleanup phase, libcurl attempts to access and modify an internal structure that was already freed during the reset operation.",
                                "cve_priority": "low",
                                "cve_public_date": "2026-07-03 07:16:00 UTC"
                            },
                            {
                                "cve": "CVE-2026-5773",
                                "url": "https://ubuntu.com/security/CVE-2026-5773",
                                "cve_description": "libcurl might in some circumstances reuse the wrong connection for SMB(S) transfers.  libcurl features a pool of recent connections so that subsequent requests can reuse an existing connection to avoid overhead.  When reusing a connection a range of criteria must be met. Due to a logical error in the code, a network transfer operation that was requested by an application could wrongfully reuse an existing SMB connection to the same server that was using a different 'share' than the new subsequent transfer should.  This could in unlucky situations lead to the download of the wrong file or the upload of a file to the wrong place. When this happens, the same credentials are used and the server name is the same.",
                                "cve_priority": "low",
                                "cve_public_date": "2026-05-13 13:01:00 UTC"
                            }
                        ],
                        "log": [
                            "",
                            "  * SECURITY UPDATE: Use after free in curl_easy_reset.",
                            "    - debian/patches/CVE-2026-10536.patch: Deprecate CURLOPT_STREAM_DEPENDS",
                            "      and CURLOPT_STREAM_DEPENDS_E and remove stream dependency tracking in",
                            "      include/curl/curl.h, lib/http2.c, ../setopt.c, ../url.c, and",
                            "      ../urldata.h",
                            "    - CVE-2026-10536",
                            "  * debian/patches/CVE-2026-5773.patch: Fix potential edge cases in fix. Thanks to Siddharth Doshi.",
                            ""
                        ],
                        "package": "curl",
                        "version": "8.5.0-2ubuntu10.11",
                        "urgency": "medium",
                        "distributions": "noble-security",
                        "launchpad_bugs_fixed": [],
                        "author": "Kyle Kernick <kyle.kernick@canonical.com>",
                        "date": "Mon, 06 Jul 2026 11:02:02 -0600"
                    }
                ],
                "notes": null,
                "is_version_downgrade": false
            },
            {
                "name": "python3-apport",
                "from_version": {
                    "source_package_name": "apport",
                    "source_package_version": "2.28.1-0ubuntu3.8",
                    "version": "2.28.1-0ubuntu3.8"
                },
                "to_version": {
                    "source_package_name": "apport",
                    "source_package_version": "2.28.2-0ubuntu0.1",
                    "version": "2.28.2-0ubuntu0.1"
                },
                "cves": [],
                "launchpad_bugs_fixed": [
                    2081708
                ],
                "changes": [
                    {
                        "cves": [],
                        "log": [
                            "",
                            "  * New upstream bug-fix release. Changes not in previous upload:",
                            "    - setup.py: remove the shebang mangling code",
                            "    - apt_dpkg: fix finding source for `/lib/x86_64-linux-gnu/libc.so.6`",
                            "    - apt_dpkg: Map mirror to correct URL for the architecture",
                            "    - problem_report: use an iterator in CompressedValue.__len__ to keep",
                            "      the memory footprint small (LP: #2081708)",
                            "    - parse_segv.py: ignore registers with unavailable values (like pl3_ssp)",
                            "  * Drop all patches applied upstream",
                            "  * Switch to git repository from git-ubuntu",
                            "  * autopkgtest: run system UI tests separately",
                            "  * autopkgtest: split tests that need Internet access",
                            ""
                        ],
                        "package": "apport",
                        "version": "2.28.2-0ubuntu0.1",
                        "urgency": "medium",
                        "distributions": "noble",
                        "launchpad_bugs_fixed": [
                            2081708
                        ],
                        "author": "Benjamin Drung <bdrung@ubuntu.com>",
                        "date": "Tue, 28 Apr 2026 19:12:59 +0200"
                    }
                ],
                "notes": null,
                "is_version_downgrade": false
            },
            {
                "name": "python3-problem-report",
                "from_version": {
                    "source_package_name": "apport",
                    "source_package_version": "2.28.1-0ubuntu3.8",
                    "version": "2.28.1-0ubuntu3.8"
                },
                "to_version": {
                    "source_package_name": "apport",
                    "source_package_version": "2.28.2-0ubuntu0.1",
                    "version": "2.28.2-0ubuntu0.1"
                },
                "cves": [],
                "launchpad_bugs_fixed": [
                    2081708
                ],
                "changes": [
                    {
                        "cves": [],
                        "log": [
                            "",
                            "  * New upstream bug-fix release. Changes not in previous upload:",
                            "    - setup.py: remove the shebang mangling code",
                            "    - apt_dpkg: fix finding source for `/lib/x86_64-linux-gnu/libc.so.6`",
                            "    - apt_dpkg: Map mirror to correct URL for the architecture",
                            "    - problem_report: use an iterator in CompressedValue.__len__ to keep",
                            "      the memory footprint small (LP: #2081708)",
                            "    - parse_segv.py: ignore registers with unavailable values (like pl3_ssp)",
                            "  * Drop all patches applied upstream",
                            "  * Switch to git repository from git-ubuntu",
                            "  * autopkgtest: run system UI tests separately",
                            "  * autopkgtest: split tests that need Internet access",
                            ""
                        ],
                        "package": "apport",
                        "version": "2.28.2-0ubuntu0.1",
                        "urgency": "medium",
                        "distributions": "noble",
                        "launchpad_bugs_fixed": [
                            2081708
                        ],
                        "author": "Benjamin Drung <bdrung@ubuntu.com>",
                        "date": "Tue, 28 Apr 2026 19:12:59 +0200"
                    }
                ],
                "notes": null,
                "is_version_downgrade": false
            },
            {
                "name": "tzdata",
                "from_version": {
                    "source_package_name": "tzdata",
                    "source_package_version": "2026a-0ubuntu0.24.04.1",
                    "version": "2026a-0ubuntu0.24.04.1"
                },
                "to_version": {
                    "source_package_name": "tzdata",
                    "source_package_version": "2026b-0ubuntu0.24.04.1",
                    "version": "2026b-0ubuntu0.24.04.1"
                },
                "cves": [],
                "launchpad_bugs_fixed": [
                    2157973
                ],
                "changes": [
                    {
                        "cves": [],
                        "log": [
                            "",
                            "  * New upstream release (LP: #2157973):",
                            "    - British Columbia moved to permanent -07 on 2026-03-09, so it will not",
                            "      fall back from -07 to -08 on 2026-11-01.",
                            "  * Add autopkgtest test case for 2026b release",
                            "  * Update the ICU timezone data to 2026b",
                            "  * Add autopkgtest test case for ICU timezone data 2026b",
                            ""
                        ],
                        "package": "tzdata",
                        "version": "2026b-0ubuntu0.24.04.1",
                        "urgency": "medium",
                        "distributions": "noble",
                        "launchpad_bugs_fixed": [
                            2157973
                        ],
                        "author": "Benjamin Drung <bdrung@ubuntu.com>",
                        "date": "Tue, 23 Jun 2026 14:20:48 +0200"
                    }
                ],
                "notes": null,
                "is_version_downgrade": false
            }
        ],
        "snap": []
    },
    "added": {
        "deb": [],
        "snap": []
    },
    "removed": {
        "deb": [],
        "snap": []
    },
    "notes": "Changelog diff for Ubuntu 24.04 noble image from daily image serial 20260708 to 20260710",
    "from_series": "noble",
    "to_series": "noble",
    "from_serial": "20260708",
    "to_serial": "20260710",
    "from_manifest_filename": "daily_manifest.previous",
    "to_manifest_filename": "manifest.current"
}