Aggregator

chromium-137.0.7151.68-1.fc42

3 weeks 6 days ago
FEDORA-2025-bc0d109630 Packages in this update:
  • chromium-137.0.7151.68-1.fc42
Update description:

Update to 137.0.7151.68

  • CVE-2025-5419: Out of bounds read and write in V8
  • CVE-2025-5068: Use after free in Blink

USN-7556-1: Bootstrap vulnerabilities

3 weeks 6 days ago
It was discovered that Bootstrap did not correctly sanitize certain input in the carousel component. An attacker could possibly use this issue to execute a cross-site scripting (XSS) attack. (CVE-2024-6484, CVE-2024-6531) It was discovered that Bootstrap did not correctly sanitize certain input in the button plugin. An attacker could possibly use this issue to execute a cross-site scripting (XSS) attack. (CVE-2024-6485)

python3.9-3.9.23-1.fc41

3 weeks 6 days ago
FEDORA-2025-cebde6a6e3 Packages in this update:
  • python3.9-3.9.23-1.fc41
Update description:

Update to 3.9.23.

  • gh-135034: [CVE 2024-12718] [CVE 2025-4138] [CVE 2025-4330] [CVE 2025-4435] [CVE 2025-4517] Fixes multiple issues that allowed tarfile extraction filters (filter="data" and filter="tar") to be bypassed using crafted symlinks and hard links.
  • gh-133767: Fix use-after-free in the “unicode-escape” decoder with a non-“strict” error handler.
  • gh-128840: Short-circuit the processing of long IPv6 addresses early in ipaddress to prevent excessive memory consumption and a minor denial-of-service.
  • gh-80222: Folding of quoted string in display_name violates RFC.

python3.9-3.9.23-1.fc42

3 weeks 6 days ago
FEDORA-2025-6efe030226 Packages in this update:
  • python3.9-3.9.23-1.fc42
Update description:

Update to 3.9.23.

  • gh-135034: [CVE 2024-12718] [CVE 2025-4138] [CVE 2025-4330] [CVE 2025-4435] [CVE 2025-4517] Fixes multiple issues that allowed tarfile extraction filters (filter="data" and filter="tar") to be bypassed using crafted symlinks and hard links.
  • gh-133767: Fix use-after-free in the “unicode-escape” decoder with a non-“strict” error handler.
  • gh-128840: Short-circuit the processing of long IPv6 addresses early in ipaddress to prevent excessive memory consumption and a minor denial-of-service.
  • gh-80222: Folding of quoted string in display_name violates RFC.

python3.10-3.10.18-1.fc42

3 weeks 6 days ago
FEDORA-2025-f41fafb942 Packages in this update:
  • python3.10-3.10.18-1.fc42
Update description:

Update to 3.10.18.

Security content in this release

  • gh-135034: [CVE 2024-12718] [CVE 2025-4138] [CVE 2025-4330] [CVE 2025-4435] [CVE 2025-4517] Fixes multiple issues that allowed tarfile extraction filters (filter="data" and filter="tar") to be bypassed using crafted symlinks and hard links.
  • gh-133767: Fix use-after-free in the “unicode-escape” decoder with a non-“strict” error handler.
  • gh-128840: Short-circuit the processing of long IPv6 addresses early in ipaddress to prevent excessive memory consumption and a minor denial-of-service.

python3.10-3.10.18-1.fc41

3 weeks 6 days ago
FEDORA-2025-76b69d1931 Packages in this update:
  • python3.10-3.10.18-1.fc41
Update description:

Update to 3.10.18.

Security content in this release

  • gh-135034: [CVE 2024-12718] [CVE 2025-4138] [CVE 2025-4330] [CVE 2025-4435] [CVE 2025-4517] Fixes multiple issues that allowed tarfile extraction filters (filter="data" and filter="tar") to be bypassed using crafted symlinks and hard links.
  • gh-133767: Fix use-after-free in the “unicode-escape” decoder with a non-“strict” error handler.
  • gh-128840: Short-circuit the processing of long IPv6 addresses early in ipaddress to prevent excessive memory consumption and a minor denial-of-service.