Fedora Security Advisories

• libre-4.8.1-1.el10_3

• fmt/pl: add pl_strip_html()
• sys/fs: add getpwuid fallback for fs_gethome
• tls: remove unused include rsa.h
• ice: check source address of incoming application packets
• websock: Fix integer overflow in websock_decode() masked frame check
  • https://github.com/baresip/re/security/advisories/GHSA-hvxv-v2gp-v93h
  • https://github.com/baresip/baresip/issues/3705

• libre-4.8.1-1.fc43

• fmt/pl: add pl_strip_html()
• sys/fs: add getpwuid fallback for fs_gethome
• tls: remove unused include rsa.h
• ice: check source address of incoming application packets
• websock: Fix integer overflow in websock_decode() masked frame check
  • https://github.com/baresip/re/security/advisories/GHSA-hvxv-v2gp-v93h
  • https://github.com/baresip/baresip/issues/3705

• libre-4.8.1-1.el9

• fmt/pl: add pl_strip_html()
• sys/fs: add getpwuid fallback for fs_gethome
• tls: remove unused include rsa.h
• ice: check source address of incoming application packets
• websock: Fix integer overflow in websock_decode() masked frame check
  • https://github.com/baresip/re/security/advisories/GHSA-hvxv-v2gp-v93h
  • https://github.com/baresip/baresip/issues/3705

• libre-4.8.1-1.el8

• fmt/pl: add pl_strip_html()
• sys/fs: add getpwuid fallback for fs_gethome
• tls: remove unused include rsa.h
• ice: check source address of incoming application packets
• websock: Fix integer overflow in websock_decode() masked frame check
  • https://github.com/baresip/re/security/advisories/GHSA-hvxv-v2gp-v93h
  • https://github.com/baresip/baresip/issues/3705

• libre-4.8.1-1.el10_2

• fmt/pl: add pl_strip_html()
• sys/fs: add getpwuid fallback for fs_gethome
• tls: remove unused include rsa.h
• ice: check source address of incoming application packets
• websock: Fix integer overflow in websock_decode() masked frame check
  • https://github.com/baresip/re/security/advisories/GHSA-hvxv-v2gp-v93h
  • https://github.com/baresip/baresip/issues/3705

• libre-4.8.1-1.fc44

• fmt/pl: add pl_strip_html()
• sys/fs: add getpwuid fallback for fs_gethome
• tls: remove unused include rsa.h
• ice: check source address of incoming application packets
• websock: Fix integer overflow in websock_decode() masked frame check
  • https://github.com/baresip/re/security/advisories/GHSA-hvxv-v2gp-v93h
  • https://github.com/baresip/baresip/issues/3705

• python-starlette-0.52.1-2.fc43

Backport fix for CVE-2026-48710

• python-starlette-0.52.1-2.fc44

Backport fix for CVE-2026-48710

• nextcloud-33.0.4-1.el10_2

33.0.4 Release

• nextcloud-33.0.4-1.fc43

33.0.4 Release

• nextcloud-33.0.4-1.el10_3

33.0.4 Release

• nextcloud-33.0.4-1.fc44

33.0.4 Release

• strongswan-6.0.6-1.el8

Update to 6.0.6 to fix a bunch of security issues: CVE-2026-25075, CVE-2026-35328, CVE-2026-35329, CVE-2026-35330, CVE-2026-35331, CVE-2026-35332, CVE-2026-35333, CVE-2026-35334, CVE-2026-25075, CVE-2025-9615, CVE-2025-62291

• perl-Cpanel-JSON-XS-4.41-1.el8

This update addresses a number of bugs including these security issues:

• Fix BOM-shift PV-corruption SIGABRT (CVE-2026-9516)
• Fix dupkeys_as_arrayref type confusion (CVE-2026-9334)

• perl-Cpanel-JSON-XS-4.41-1.el9

This update addresses a number of bugs including these security issues:

• Fix BOM-shift PV-corruption SIGABRT (CVE-2026-9516)
• Fix dupkeys_as_arrayref type confusion (CVE-2026-9334)

• perl-Cpanel-JSON-XS-4.41-1.fc43

This update addresses a number of bugs including these security issues:

• Fix BOM-shift PV-corruption SIGABRT (CVE-2026-9516)
• Fix dupkeys_as_arrayref type confusion (CVE-2026-9334)

• perl-Cpanel-JSON-XS-4.41-1.el10_3

This update addresses a number of bugs including these security issues:

• Fix BOM-shift PV-corruption SIGABRT (CVE-2026-9516)
• Fix dupkeys_as_arrayref type confusion (CVE-2026-9334)

• perl-Cpanel-JSON-XS-4.41-1.el10_2

This update addresses a number of bugs including these security issues:

• Fix BOM-shift PV-corruption SIGABRT (CVE-2026-9516)
• Fix dupkeys_as_arrayref type confusion (CVE-2026-9334)

• perl-Cpanel-JSON-XS-4.41-1.fc44

This update addresses a number of bugs including these security issues:

• Fix BOM-shift PV-corruption SIGABRT (CVE-2026-9516)
• Fix dupkeys_as_arrayref type confusion (CVE-2026-9334)

• rubygem-yard-0.9.37-5.fc43

Backport 0.9.41 / 0.9.44 fixes for possible path traversal issues