Aggregator

vim-9.2.112-2.fc42

1 week 5 days ago
FEDORA-2026-e1aedf3746 Packages in this update:
  • vim-9.2.112-2.fc42
Update description:

Security fixes for CVE-2026-28417, CVE-2026-28418, CVE-2026-28419, CVE-2026-28420, CVE-2026-28421, CVE-2026-28422

vim-9.2.112-2.fc43

1 week 5 days ago
FEDORA-2026-651ba4626f Packages in this update:
  • vim-9.2.112-2.fc43
Update description:

Security fixes for CVE-2026-28417, CVE-2026-28418, CVE-2026-28419, CVE-2026-28420, CVE-2026-28421, CVE-2026-28422

Security fixes for CVE-2026-28417, CVE-2026-28418, CVE-2026-28419, CVE-2026-28420, CVE-2026-28421, CVE-2026-28422

vim-9.2.112-2.fc44

1 week 5 days ago
FEDORA-2026-f37895e500 Packages in this update:
  • vim-9.2.112-2.fc44
Update description:

Security fixes for CVE-2026-28417, CVE-2026-28418, CVE-2026-28419, CVE-2026-28420, CVE-2026-28421, CVE-2026-28422

Security fixes for CVE-2026-28417, CVE-2026-28418, CVE-2026-28419, CVE-2026-28420, CVE-2026-28421, CVE-2026-28422

vim-9.2.112-1.fc43

1 week 5 days ago
FEDORA-2026-233241ccc7 Packages in this update:
  • vim-9.2.112-1.fc43
Update description:

Security fixes for CVE-2026-28417, CVE-2026-28418, CVE-2026-28419, CVE-2026-28420, CVE-2026-28421, CVE-2026-28422

vim-9.2.112-1.fc44

1 week 5 days ago
FEDORA-2026-572cf2642d Packages in this update:
  • vim-9.2.112-1.fc44
Update description:

Security fixes for CVE-2026-28417, CVE-2026-28418, CVE-2026-28419, CVE-2026-28420, CVE-2026-28421, CVE-2026-28422

USN-8076-1: Qt vulnerabilities

1 week 5 days ago
It was discovered that Qt did not correctly handle OpenSSL's error queue. An attacker could possibly use this issue to cause a denial of service. This issue was only addressed in Ubuntu 20.04 LTS. (CVE-2020-13962) It was discovered that Qt incorrectly handled certain XBM image files. If a user or automated system were tricked into opening a specially crafted PPM file, a remote attacker could cause Qt to crash, resulting in a denial of service. This issue was only addressed in Ubuntu 16.04 LTS and Ubuntu 20.04 LTS. (CVE-2020-17507) It was discovered that Qt did not correctly handle executing specific binaries. If a user or automated system were tricked into executing a binary at a specific file path, an attacker could cause a denial of service or execute arbitrary code. This issue was only addressed in Ubuntu 20.04 LTS. (CVE-2022-25255) It was discovered that Qt did not correctly handle certain integer arithmetic. An attacker could possibly use this issue to cause a denial of service. This issue was only addressed in Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2023-51714) It was discovered that Qt did not correctly handle certain encrypted connections. An attacker could possibly use this issue to leak sensitive information. This issue was only addressed in Ubuntu 24.04 LTS. (CVE-2024-39936)

USN-8077-1: Bleach vulnerabilities

1 week 6 days ago
It was discovered that Bleach did not properly sanitize URI attributes containing character entities. An attacker could possibly use this issue to construct a URI with a disallowed scheme that would bypass sanitization, leading to cross-site scripting. This issue only affected Ubuntu 18.04 LTS. (CVE-2018-7753) Yaniv Nizry discovered that Bleach was vulnerable to a mutation cross-site scripting issue when sanitizing HTML with the noscript tag and a raw tag in the allowed tags list. An attacker could possibly use this issue to inject malicious content, leading to cross-site scripting. This issue only affected Ubuntu 18.04 LTS. (CVE-2020-6802) Yaniv Nizry discovered that Bleach was vulnerable to a mutation cross-site scripting issue when sanitizing HTML with RCDATA together with svg or math tags in the allowed tags list. An attacker could possibly use this issue to inject malicious content, leading to cross-site scripting. (CVE-2020-6816) It was discovered that Bleach incorrectly handled parsing of style attributes when sanitizing HTML. An attacker could possibly use this issue to perform a regular expression denial of service, leading to excessive resource consumption. (CVE-2020-6817) Yaniv Nizry and Michał Bentkowski discovered that Bleach was vulnerable to a mutation cross-site scripting issue when sanitizing HTML with certain combinations of allowed tags. An attacker could possibly use this issue to inject malicious content, leading to cross-site scripting. (CVE-2021-23980)

SDL3_sound-3.0.0~20260117gitb00e4a3-1.fc45

1 week 6 days ago
FEDORA-2026-6887ad5a22 Packages in this update:
  • SDL3_sound-3.0.0~20260117gitb00e4a3-1.fc45
Update description:

Automatic update for SDL3_sound-3.0.0~20260117gitb00e4a3-1.fc45.

Changelog * Thu Mar 5 2026 Dominik 'Rathann' Mierzejewski <dominik@greysector.net> - 3.0.0~20260117gitb00e4a3-1 - update to 20260117 snapshot from main (3.0) branch - fixes CVE-2025-14369 (resolves rhbz#2431178) - fixes rpmbuild -bi --short-circuit