Aggregator

phpunit12-12.5.8-1.fc42

Fedora Security Advisories
2 weeks 1 day ago
FEDORA-2026-8c25940d05 Packages in this update:
  • phpunit12-12.5.8-1.fc42
Update description: Version 12.5.8 - 2026-01-27 Changed
  • To prevent Poisoned Pipeline Execution (PPE) attacks using prepared .coverage files in pull requests, a PHPT test will no longer be run if the temporary file for writing code coverage information already exists before the test runs
Version 12.5.7 - 2026-01-24 Fixed
  • #6362: Manually instantiated test doubles are broken since PHPUnit 11.2
  • #6470: Infinite recursion in Count::getCountOf() for unusal implementations of Iterator or IteratorAggregate
Version 12.5.6 - 2026-01-16 Changed Version 12.5.5 - 2026-01-15 Deprecated
  • #6461: any() matcher (soft deprecation)
Fixed
  • #6470: Mocking a class with a property hook setter accepting more types than the property results in a fatal error

phpunit12-12.5.8-1.fc43

Fedora Security Advisories
2 weeks 1 day ago
FEDORA-2026-470a48f838 Packages in this update:
  • phpunit12-12.5.8-1.fc43
Update description: Version 12.5.8 - 2026-01-27 Changed
  • To prevent Poisoned Pipeline Execution (PPE) attacks using prepared .coverage files in pull requests, a PHPT test will no longer be run if the temporary file for writing code coverage information already exists before the test runs
Version 12.5.7 - 2026-01-24 Fixed
  • #6362: Manually instantiated test doubles are broken since PHPUnit 11.2
  • #6470: Infinite recursion in Count::getCountOf() for unusal implementations of Iterator or IteratorAggregate
Version 12.5.6 - 2026-01-16 Changed Version 12.5.5 - 2026-01-15 Deprecated
  • #6461: any() matcher (soft deprecation)
Fixed
  • #6470: Mocking a class with a property hook setter accepting more types than the property results in a fatal error

phpunit11-11.5.50-1.fc43

Fedora Security Advisories
2 weeks 1 day ago
FEDORA-2026-8ccfe50c58 Packages in this update:
  • phpunit11-11.5.50-1.fc43
Update description: Version 11.5.50 - 2026-01-27 Changed
  • To prevent Poisoned Pipeline Execution (PPE) attacks using prepared .coverage files in pull requests, a PHPT test will no longer be run if the temporary file for writing code coverage information already exists before the test runs
Version 11.5.49 - 2026-01-24 Fixed
  • #6362: Manually instantiated test doubles are broken since PHPUnit 11.2
  • #6470: Infinite recursion in Count::getCountOf() for unusal implementations of Iterator or IteratorAggregate
Version 11.5.48 - 2026-01-16 Changed Version 11.5.47 - 2026-01-15 Fixed
  • #6470: Mocking a class with a property hook setter accepting more types than the property results in a fatal error

phpunit11-11.5.50-1.fc42

Fedora Security Advisories
2 weeks 1 day ago
FEDORA-2026-c3b42a28dd Packages in this update:
  • phpunit11-11.5.50-1.fc42
Update description: Version 11.5.50 - 2026-01-27 Changed
  • To prevent Poisoned Pipeline Execution (PPE) attacks using prepared .coverage files in pull requests, a PHPT test will no longer be run if the temporary file for writing code coverage information already exists before the test runs
Version 11.5.49 - 2026-01-24 Fixed
  • #6362: Manually instantiated test doubles are broken since PHPUnit 11.2
  • #6470: Infinite recursion in Count::getCountOf() for unusal implementations of Iterator or IteratorAggregate
Version 11.5.48 - 2026-01-16 Changed Version 11.5.47 - 2026-01-15 Fixed
  • #6470: Mocking a class with a property hook setter accepting more types than the property results in a fatal error

openqa-5^20260126git19189f0-1.fc43 os-autoinst-5^20260123git72cabd0-1.fc43

Fedora Security Advisories
2 weeks 1 day ago
FEDORA-2026-abd2d2d60c Packages in this update:
  • openqa-5^20260126git19189f0-1.fc43
  • os-autoinst-5^20260123git72cabd0-1.fc43
Update description:

This update provides new upstream snapshots of openQA and os-autoinst, with various fixes and enhancements. Please see upstream changelogs for details. They also address a CVE by updating a bundled javascript library, though we're fairly sure openQA didn't actually expose the vulnerability anyway.

USN-7978-1: GNU Screen vulnerabilities

Ubuntu Security Advisories
2 weeks 2 days ago
It was discovered that GNU Screen incorrectly handled signals when setuid or setgid privileges were being used, which is not the default in Ubuntu. A local attacker could use this issue to send privileged signals, possibly leading to a denial of service. This issue only affected Ubuntu 22.04 LTS. (CVE-2023-24626) It was discovered that GNU Screen incorrectly handled PTY permissions. A local attacker could possibly use this issue to connect to an unauthorized screen session. (CVE-2025-46802) It was discovered that GNU Screen incorrectly handled file access when setuid privileges were being used, which is not the default in Ubuntu. A local attacker could use this issue to deduce information about certain file paths. (CVE-2025-46804) It was discovered that GNU Screen incorrectly handled signals when setuid privileges were being used, which is not the default in Ubuntu. A local attacker could use this issue to send privileged signals, possibly leading to a denial of service. (CVE-2025-46805)

USN-7977-1: Git LFS vulnerabilities

Ubuntu Security Advisories
2 weeks 2 days ago
Ryota K discovered that Git LFS may leak login credentials in certain instances due to failing to check for URL-encoded characters. An attacker could possibly use this issue to learn sensitive information. (CVE-2024-53263) It was discovered that Git LFS could have its git lfs checkout and git lfs pull commands abused to write to any file on a user's system. An attacker could possibly use this issue to execute arbitrary code. This issue was only addressed in Ubuntu 24.04 LTS and Ubuntu 25.10. (CVE-2025-26625)