Fedora Security Advisories

9 hours 18 minutes ago

FEDORA-EPEL-2026-e4c468db6d Packages in this update:

Update description:

Fixes CVE-2025-13473: Username enumeration through timing difference in mod_wsgi authentication handler
Fixes CVE-2025-14550: Potential denial-of-service vulnerability via repeated headers when using ASGI
Fixes CVE-2026-1207: Potential SQL injection via raster lookups on PostGIS
Fixes CVE-2026-1285: Potential denial-of-service vulnerability in django.utils.text.Truncator HTML methods
Fixes CVE-2026-1287: Potential SQL injection in column aliases via control characters
Fixes CVE-2026-1312: Potential SQL injection via QuerySet.order_by and FilteredRelation

9 hours 19 minutes ago

FEDORA-2026-ca3d81129a Packages in this update:

Update description:

Fixes CVE-2025-13473: Username enumeration through timing difference in mod_wsgi authentication handler
Fixes CVE-2025-14550: Potential denial-of-service vulnerability via repeated headers when using ASGI
Fixes CVE-2026-1207: Potential SQL injection via raster lookups on PostGIS
Fixes CVE-2026-1285: Potential denial-of-service vulnerability in django.utils.text.Truncator HTML methods
Fixes CVE-2026-1287: Potential SQL injection in column aliases via control characters
Fixes CVE-2026-1312: Potential SQL injection via QuerySet.order_by and FilteredRelation

21 hours 58 minutes ago

FEDORA-2026-3adb735295 Packages in this update:

Update description:

Fixes CVE-2025-13473: Username enumeration through timing difference in mod_wsgi authentication handler
Fixes CVE-2025-14550: Potential denial-of-service vulnerability via repeated headers when using ASGI
Fixes CVE-2026-1207: Potential SQL injection via raster lookups on PostGIS
Fixes CVE-2026-1285: Potential denial-of-service vulnerability in django.utils.text.Truncator HTML methods
Fixes CVE-2026-1287: Potential SQL injection in column aliases via control characters
Fixes CVE-2026-1312: Potential SQL injection via QuerySet.order_by and FilteredRelation
Fixed a bug in Django 5.2 where data exceeding max_length was silently truncated by QuerySet.bulk_create() on PostgreSQL
Fixed a bug where management command colorized help (introduced in Python 3.14) ignored the --no-color option and the DJANGO_COLORS setting

22 hours ago

FEDORA-2026-00b5bf3150 Packages in this update:

Update description:

Fixes CVE-2025-13473: Username enumeration through timing difference in mod_wsgi authentication handler
Fixes CVE-2025-14550: Potential denial-of-service vulnerability via repeated headers when using ASGI
Fixes CVE-2026-1207: Potential SQL injection via raster lookups on PostGIS
Fixes CVE-2026-1285: Potential denial-of-service vulnerability in django.utils.text.Truncator HTML methods
Fixes CVE-2026-1287: Potential SQL injection in column aliases via control characters
Fixes CVE-2026-1312: Potential SQL injection via QuerySet.order_by and FilteredRelation
Fixed a bug in Django 5.2 where data exceeding max_length was silently truncated by QuerySet.bulk_create() on PostgreSQL
Fixed a bug where management command colorized help (introduced in Python 3.14) ignored the --no-color option and the DJANGO_COLORS setting