Fedora Security Advisories

1 month ago

FEDORA-2026-3adb735295 Packages in this update:

Update description:

Fixes CVE-2025-13473: Username enumeration through timing difference in mod_wsgi authentication handler
Fixes CVE-2025-14550: Potential denial-of-service vulnerability via repeated headers when using ASGI
Fixes CVE-2026-1207: Potential SQL injection via raster lookups on PostGIS
Fixes CVE-2026-1285: Potential denial-of-service vulnerability in django.utils.text.Truncator HTML methods
Fixes CVE-2026-1287: Potential SQL injection in column aliases via control characters
Fixes CVE-2026-1312: Potential SQL injection via QuerySet.order_by and FilteredRelation
Fixed a bug in Django 5.2 where data exceeding max_length was silently truncated by QuerySet.bulk_create() on PostgreSQL
Fixed a bug where management command colorized help (introduced in Python 3.14) ignored the --no-color option and the DJANGO_COLORS setting

1 month ago

FEDORA-2026-00b5bf3150 Packages in this update:

Update description:

Fixes CVE-2025-13473: Username enumeration through timing difference in mod_wsgi authentication handler
Fixes CVE-2025-14550: Potential denial-of-service vulnerability via repeated headers when using ASGI
Fixes CVE-2026-1207: Potential SQL injection via raster lookups on PostGIS
Fixes CVE-2026-1285: Potential denial-of-service vulnerability in django.utils.text.Truncator HTML methods
Fixes CVE-2026-1287: Potential SQL injection in column aliases via control characters
Fixes CVE-2026-1312: Potential SQL injection via QuerySet.order_by and FilteredRelation
Fixed a bug in Django 5.2 where data exceeding max_length was silently truncated by QuerySet.bulk_create() on PostgreSQL
Fixed a bug where management command colorized help (introduced in Python 3.14) ignored the --no-color option and the DJANGO_COLORS setting

Checked

13 minutes 51 seconds ago

URL