Fedora Security Advisories

perl-HTTP-Date-6.08-1.fc43

5 days 4 hours ago
FEDORA-2026-b1bdb7c518 Packages in this update:
  • perl-HTTP-Date-6.08-1.fc43
Update description:

Changes:

6.08 2026-07-09 02:04:21Z

- [SECURITY] Reject input longer than 64 characters in parse_date() to prevent quadratic regex backtracking (a denial of service) on hostile date strings. Fixes CVE-2026-14741. (Olaf Alders)

6.07 2026-06-25 15:12:09Z

- Add test with Time::Zone (GH#25) (Michal Josef Špaček) - Add test with bad Time::Zone string (GH#26) (Michal Josef Špaček) - Add tests with negative time (GH#26) (Michal Josef Špaček) - Replace all instances of \d with [0-9] in regular expressions to reject non-ASCII Unicode digits, with a regression test (GH#27) (Robert Rothenberg) - Reject malformed ISO 8601 timezones with a doubled colon (GH#31) (Olaf Alders) - Document day/month/year ordering for numeric dates (GH#32) (Olaf Alders)

perl-HTTP-Date-6.08-1.fc44

5 days 4 hours ago
FEDORA-2026-8cec3cbf5b Packages in this update:
  • perl-HTTP-Date-6.08-1.fc44
Update description:

Changes:

6.08 2026-07-09 02:04:21Z

- [SECURITY] Reject input longer than 64 characters in parse_date() to prevent quadratic regex backtracking (a denial of service) on hostile date strings. Fixes CVE-2026-14741. (Olaf Alders)

6.07 2026-06-25 15:12:09Z

- Add test with Time::Zone (GH#25) (Michal Josef Špaček) - Add test with bad Time::Zone string (GH#26) (Michal Josef Špaček) - Add tests with negative time (GH#26) (Michal Josef Špaček) - Replace all instances of \d with [0-9] in regular expressions to reject non-ASCII Unicode digits, with a regression test (GH#27) (Robert Rothenberg) - Reject malformed ISO 8601 timezones with a doubled colon (GH#31) (Olaf Alders) - Document day/month/year ordering for numeric dates (GH#32) (Olaf Alders)

python-asyncssh-2.24.0-2.el10_3

6 days 12 hours ago
FEDORA-EPEL-2026-f1bf34001a Packages in this update:
  • python-asyncssh-2.24.0-2.el10_3
Update description:

update to version 2.24.0 Fix CVE-2026-54590: Unauthorized file modification via authorized-keys directory escape Fix CVE-2026-54591: Arbitrary file write via path traversal in SCP client

Checked
51 minutes 28 seconds ago