2 weeks ago
FEDORA-2025-24dfd3b072
Packages in this update:
- python-django5-5.2.9-1.fc43
Update description:
- Fixes CVE-2025-13372: Potential SQL injection in FilteredRelation column aliases on PostgreSQL
- Fixes CVE-2025-64460: Potential denial-of-service vulnerability in XML Deserializer
- Fixes CVE-2025-64459: Potential SQL injection via _connector keyword argument (5.2.8)
- Fixes CVE-2025-59681: Potential SQL injection in QuerySet.annotate(),
alias(), aggregate(), and extra() on MySQL and MariaDB (5.2.7)
- Fixes CVE-2025-59682: Potential partial directory-traversal via
archive.extract() (5.2.7)
- Fixes CVE-2025-57833: Potential SQL injection in FilteredRelation
column aliases (5.2.6)
2 weeks ago
FEDORA-2025-45ee190318
Packages in this update:
- python-django5-5.2.9-1.fc42
Update description:
- Fixes CVE-2025-13372: Potential SQL injection in FilteredRelation column aliases on PostgreSQL
- Fixes CVE-2025-64460: Potential denial-of-service vulnerability in XML Deserializer
- Fixes CVE-2025-64459: Potential SQL injection via _connector keyword argument (5.2.8)
- Fixes CVE-2025-59681: Potential SQL injection in QuerySet.annotate(),
alias(), aggregate(), and extra() on MySQL and MariaDB (5.2.7)
- Fixes CVE-2025-59682: Potential partial directory-traversal via
archive.extract() (5.2.7)
- Fixes CVE-2025-57833: Potential SQL injection in FilteredRelation
column aliases (5.2.6)
2 weeks ago
It was discovered that the subsetting module of fontTools was vulnerable to
an XML External Entity (XEE) attack. An unauthenticated remote attacker
could possibly use this issue to include arbitrary files from the file
system or make web requests from the host system. This issue only affected
Ubuntu 22.04 LTS. (CVE-2023-45139)
It was discovered that fontTools was vulnerable to path traversal attacks.
If a user or automated system were tricked into extracting a specially
crafted .designspace file, an attacker could possibly use this issue to
write arbitrary files outside the target directory, resulting in remote
code execution. This issue only affected Ubuntu 24.04 LTS, Ubuntu 25.04
and Ubuntu 25.10. (CVE-2025-66034)
2 weeks 1 day ago
FEDORA-2025-9621c19da8
Packages in this update:
Update description:
- version update
- security update
2 weeks 1 day ago
FEDORA-2025-f7c75ffee2
Packages in this update:
Update description:
- version update
- security update
2 weeks 1 day ago
FEDORA-2025-bf07d21f3e
Packages in this update:
Update description:
Upstream update
2 weeks 1 day ago
FEDORA-2025-4fa5b6cb8e
Packages in this update:
Update description:
- Updated to latest upstream (146.0)
2 weeks 1 day ago
FEDORA-2025-d09ccba523
Packages in this update:
Update description:
- Updated to latest upstream (146.0)
2 weeks 1 day ago
Julian Andres Klode discovered that python-apt incorrectly handled
deb822 configuration files. An attacker could use this issue to cause
python-apt to crash, resulting in a denial of service.
2 weeks 1 day ago
USN-7412-1 fixed a vulnerability in GnuPG. This update provides the
corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS.
Original advisory details:
It was discovered that GnuPG incorrectly handled importing keys with
certain crafted subkey data. If a user or automated system were tricked
into importing a specially crafted key, a remote attacker may prevent
users from importing other keys in the future.
2 weeks 1 day ago
2 weeks 1 day ago
FEDORA-2025-d9707059b7
Packages in this update:
Update description:
New version of vips.
2 weeks 1 day ago
FEDORA-2025-107641b428
Packages in this update:
Update description:
New version of vips.
2 weeks 1 day ago
Version:next-20251209 (linux-next)
Released:2025-12-09
2 weeks 1 day ago
It was discovered that Radare2 contained several memory leaks. An attacker
could possibly use these issues to cause a denial of service.
2 weeks 1 day ago
FEDORA-2025-7b0d558ac5
Packages in this update:
Update description:
This update includes the latest upstream release of mod_md, with various bug fixes and enhancements. See https://github.com/icing/mod_md/releases for more information.
A fix for the security vulnerability CVE-2025-55753 is also included.
2 weeks 1 day ago
FEDORA-2025-83d84ee7f2
Packages in this update:
Update description:
This update includes the latest upstream release of mod_md, with various bug fixes and enhancements. See https://github.com/icing/mod_md/releases for more information.
A fix for the security vulnerability CVE-2025-55753 is also included.
2 weeks 1 day ago
FEDORA-2025-24282560e4
Packages in this update:
Update description:
This update includes the latest upstream release of mod_md, with various bug fixes and enhancements. See https://github.com/icing/mod_md/releases for more information.
A fix for the security vulnerability CVE-2025-55753 is also included.
2 weeks 2 days ago
Several security issues were discovered in the WebKitGTK Web and JavaScript
engines. If a user were tricked into viewing a malicious website, a remote
attacker could exploit a variety of issues related to web browser security,
including cross-site scripting attacks, denial of service attacks, and
arbitrary code execution.
2 weeks 2 days ago
FEDORA-2025-2cab0e8716
Packages in this update:
- conda-build-25.4.0-1.fc41
Update description:
Update to 25.4.0.
Fixes CVEs
