yarnpkg-1.22.22-16.fc42
FEDORA-2026-2809f801f3
Packages in this update:
- yarnpkg-1.22.22-16.fc42
Regenerate vendor tarball. Fixes CVE-2025-13465.
Aggregator
yarnpkg-1.22.22-16.fc43
FEDORA-2026-a75abb3f2b
Packages in this update:
- yarnpkg-1.22.22-16.fc43
Regenerate vendor tarball. Fixes CVE-2025-13465.
pgadmin4-9.11-3.fc42
FEDORA-2026-3062e10d87
Packages in this update:
- pgadmin4-9.11-3.fc42
Regenerate vendor tarball. Fixes CVE-2025-13465.
pgadmin4-9.11-3.fc43
FEDORA-2026-4e47f4d911
Packages in this update:
- pgadmin4-9.11-3.fc43
Regenerate vendor tarball. Fixes CVE-2025-13465.
opencc-1.0.5-4.el8
FEDORA-EPEL-2026-cf486df588
Packages in this update:
- opencc-1.0.5-4.el8
Fix CVE-2025-15536
DSA-6112-1 openjdk-21 - security update
openqa-5^20260126git19189f0-1.fc43 os-autoinst-5^20260123git72cabd0-1.fc43
FEDORA-2026-abd2d2d60c
Packages in this update:
- openqa-5^20260126git19189f0-1.fc43
- os-autoinst-5^20260123git72cabd0-1.fc43
This update provides new upstream snapshots of openQA and os-autoinst, with various fixes and enhancements. Please see upstream changelogs for details. They also address a CVE by updating a bundled javascript library, though we're fairly sure openQA didn't actually expose the vulnerability anyway.
python-jupytext-1.19.1-1.fc42
FEDORA-2026-d3c5092654
Packages in this update:
- python-jupytext-1.19.1-1.fc42
See https://github.com/mwouts/jupytext/blob/main/CHANGELOG.md for changes in versions 1.19.0 and 1.19.1. This update contains a fix for CVE-2025-13465.
python-jupytext-1.19.1-1.fc43
FEDORA-2026-9111b2e330
Packages in this update:
- python-jupytext-1.19.1-1.fc43
See https://github.com/mwouts/jupytext/blob/main/CHANGELOG.md for changes in versions 1.19.0 and 1.19.1. This update contains a fix for CVE-2025-13465.
next-20260126: linux-next
Version:next-20260126 (linux-next)
Released:2026-01-26
rust-sequoia-keystore-server-0.2.0-5.el9 rust-sequoia-sq-1.3.1-9.el9
FEDORA-EPEL-2026-0e3aa1d4ee
Packages in this update:
- rust-sequoia-keystore-server-0.2.0-5.el9
- rust-sequoia-sq-1.3.1-9.el9
Rebuild with sequoia-openpgp v2.1.0 to apply fixes for RUSTSEC-2025-0136 / CVE-2025-67897.
rust-sequoia-keystore-server-0.2.0-5.fc43 rust-sequoia-octopus-librnp-1.11.1-4.fc43 rust-sequoia-sq-1.3.1-9.fc43 rust-sequoia-sqv-1.3.0-5.fc43
FEDORA-2026-9317b8ea7b
Packages in this update:
- rust-sequoia-keystore-server-0.2.0-5.fc43
- rust-sequoia-octopus-librnp-1.11.1-4.fc43
- rust-sequoia-sq-1.3.1-9.fc43
- rust-sequoia-sqv-1.3.0-5.fc43
Rebuild with sequoia-openpgp v2.1.0 to apply fixes for RUSTSEC-2025-0136 / CVE-2025-67897.
rust-sequoia-keystore-server-0.2.0-5.fc42 rust-sequoia-octopus-librnp-1.11.1-4.fc42 rust-sequoia-sq-1.3.1-9.fc42 rust-sequoia-sqv-1.3.0-5.fc42
FEDORA-2026-304a740a0b
Packages in this update:
- rust-sequoia-keystore-server-0.2.0-5.fc42
- rust-sequoia-octopus-librnp-1.11.1-4.fc42
- rust-sequoia-sq-1.3.1-9.fc42
- rust-sequoia-sqv-1.3.0-5.fc42
Rebuild with sequoia-openpgp v2.1.0 to apply fixes for RUSTSEC-2025-0136 / CVE-2025-67897.
retroarch-1.22.0-20.fc44
FEDORA-2026-5e8ffdd3b9
Packages in this update:
- retroarch-1.22.0-20.fc44
Automatic update for retroarch-1.22.0-20.fc44.
Changelog * Mon Jan 26 2026 Artem Polishchuk <ego.cordatus@gmail.com> - 1.22.0-20 - Disable 7zip support due CVE - rhbz#2432835USN-7978-1: GNU Screen vulnerabilities
It was discovered that GNU Screen incorrectly handled signals when setuid
or setgid privileges were being used, which is not the default in Ubuntu.
A local attacker could use this issue to send privileged signals, possibly
leading to a denial of service. This issue only affected Ubuntu 22.04 LTS.
(CVE-2023-24626)
It was discovered that GNU Screen incorrectly handled PTY permissions. A
local attacker could possibly use this issue to connect to an unauthorized
screen session. (CVE-2025-46802)
It was discovered that GNU Screen incorrectly handled file access when
setuid privileges were being used, which is not the default in Ubuntu. A
local attacker could use this issue to deduce information about certain
file paths. (CVE-2025-46804)
It was discovered that GNU Screen incorrectly handled signals when setuid
privileges were being used, which is not the default in Ubuntu. A local
attacker could use this issue to send privileged signals, possibly leading
to a denial of service. (CVE-2025-46805)
USN-7977-1: Git LFS vulnerabilities
Ryota K discovered that Git LFS may leak login credentials in certain
instances due to failing to check for URL-encoded characters. An
attacker could possibly use this issue to learn sensitive information.
(CVE-2024-53263)
It was discovered that Git LFS could have its git lfs checkout and
git lfs pull commands abused to write to any file on a user's
system. An attacker could possibly use this issue to execute arbitrary
code. This issue was only addressed in Ubuntu 24.04 LTS and
Ubuntu 25.10. (CVE-2025-26625)
USN-7976-1: Form-Data vulnerability
Ben Shonaldmann discovered that Form-data incorrectly generated boundary
values for multipart form-encoded data, leading to predictable values. A
remote attacker could possibly use this issue to make arbitrary requests
to internal systems.
DSA-6111-1 imagemagick - security update
gimp-3.0.8-4.fc43
FEDORA-2026-ebabb127fb
Packages in this update:
- gimp-3.0.8-4.fc43
This is an upstream bugfix and security update. Please refer to the upstream release notes for details about the changes in this version.
gimp-3.0.8-4.fc42
FEDORA-2026-bda4a20a3c
Packages in this update:
- gimp-3.0.8-4.fc42
This is an upstream bugfix and security update. Please refer to the upstream release notes for details about the changes in this version.