Aggregator
nmap-7.92-8.fc43
- nmap-7.92-8.fc43
- Fix CVE-2026-58058 (rhbz#2494410)
nmap-7.92-11.fc44
- nmap-7.92-11.fc44
- Fix CVE-2026-58058 (rhbz#2494410)
nmap-7.92-11.fc45
- nmap-7.92-11.fc45
Automatic update for nmap-7.92-11.fc45.
Changelog * Tue Jun 30 2026 Martin Osvald <mosvald@redhat.com> - 4:7.92-11 - Fix CVE-2026-58058 (rhbz#2494410)python-pendulum-3.2.0-1.fc43
- python-pendulum-3.2.0-1.fc43
Update to 3.2.0 (final). Update PyO3 to 0.29, fixing RUSTSEC-2026-0176 and RUSTSEC-2026-0177.
php-8.4.23-1.fc43
- php-8.4.23-1.fc43
PHP version 8.4.23 (03 Jul 2026)
Core:
- Fixed bug GH-22280 (Incorrect compile error for goto to label preceding try/finally block). (Pratik Bhujel)
BCMath:
- Fixed issues with oversized allocations and signed overflow in bcround() and BcMath\Number::round(). (edorian)
Date:
- Fix incorrect recurrence check of DatePeriod::createFromISO8601String(). (ndossche)
DOM:
- Fix GH-22219 (Dom\XMLDocument::schemaValidate fails to resolve xs:QName with prefix from imported schema). (David Carlier)
Exif:
- Read correct value for single and double tags. (ndossche)
GD:
- Fixed bug GH-22121 (Double free in gdImageSetStyle() after overflow-triggered early return). (iliaal)
- Fixed bug GH-19666 (imageconvolution() unexpected nan filter value). (David Carlier)
- Fixed bug GH-19739 (imageellipse/imagefilledellipse overflow). (David Carlier)
- Fixed bug GH-19730 (imageaffine overflow). (David Carlier)
Intl:
- Fix incorrect argument positions for uninitialized calendar arguments in IntlCalendar::equals(), ::before(), ::after(), and ::isEquivalentTo(), and for invalid start/end arguments in transliterator_transliterate(). (Weilin Du)
- Fixed IntlTimeZone::getDisplayName() to synchronize object error state for invalid display types. (Weilin Du)
- Fixed Spoofchecker restriction-level APIs to only be exposed with ICU 53 and later. (Graham Campbell)
mysqli:
- Fix stmt->query leak in mysqli_execute_query() validation errors. (David Carlier)
Opcache:
- Fixed bug GH-20469 (Unsafe inheritance cache replay with reentrant autoloading). (Levi Morrison)
OpenSSL:
- Fixed bug GH-22187 (Memory corruption (zend_mm_heap corrupted) in openssl_encrypt with AES-WRAP-PAD). (David Carlier)
Phar:
- Fixed a bypass of the magic ".phar" directory protection in Phar::addEmptyDir() for paths starting with "/.phar", while allowing non-magic directory names that merely share the ".phar" prefix. (Weilin Du)
Reflection:
- Preserve class-name case in ReflectionClass::getProperty() error messages and autoloading. (jorgsowa)
Sqlite:
- Fix error checks for column retrieval. (ndossche)
Zlib:
- Fixed memory leak if deflate initialization fails and there is a dict. (ndossche)
- Fixed memory leak in inflate_add(). (ndossche)
php-8.5.8-1.fc44
- php-8.5.8-1.fc44
PHP version 8.5.8 (02 Jul 2026)
Core:
- Fixed bug GH-22280 (Incorrect compile error for goto to label preceding try/finally block). (Pratik Bhujel)
- Fixed bug GH-22112 (Assertion when error handler throws during NaN to bool/string coercion). (iliaal)
BCMath:
- Fixed issues with oversized allocations and signed overflow in bcround() and BcMath\Number::round(). (edorian)
Date:
- Fix incorrect recurrence check of DatePeriod::createFromISO8601String(). (ndossche)
Exif:
- Read correct value for single and double tags. (ndossche)
GD:
- Fixed bug GH-22121 (Double free in gdImageSetStyle() after overflow-triggered early return). (iliaal)
Intl:
- Fix incorrect argument positions for invalid start/end arguments in transliterator_transliterate(). (Weilin Du)
- Fixed IntlTimeZone::getDisplayName() to synchronize object error state for invalid display types. (Weilin Du)
Lexbor:
- Merge patch c3a6847. (ilutov, timwolla)
Opcache:
- Fixed bug GH-22265 (Another tailcall vm_interrupt bug). (Levi Morrison)
- Fixed bug GH-20469 (Unsafe inheritance cache replay with reentrant autoloading). (Levi Morrison)
- Fixed bug GH-21972 (Corrupted variable type when a typed by-value return contains a reference wrapper). (Weilin Du)
OpenSSL:
- Fixed bug GH-22187 (Memory corruption (zend_mm_heap corrupted) in openssl_encrypt with AES-WRAP-PAD). (David Carlier)
Phar:
- Fixed a bypass of the magic ".phar" directory protection in Phar::addEmptyDir() for paths starting with "/.phar", while allowing non-magic directory names that merely share the ".phar" prefix. (Weilin Du)
Reflection:
- Preserve class-name case in ReflectionClass::getProperty() error messages and autoloading. (jorgsowa)
SOAP:
- Fixed bug GH-22218 (SoapServer::handle() crash on $_SERVER not being an array). (David Carlier / Rex-Reynolds)
- Fixed bug GH-22285 (Soap server requires the raw input to be passed to $server->handle). (David Carlier / ndossche)
Sqlite:
- Fix error checks for column retrieval. (ndossche)
URI:
- Add LEXBOR_STATIC to CFLAGS_URI on Windows so ext/uri does not see LXB_API as __declspec(dllimport) when linked statically into PHP. (Luther Monson)
- Clean error logs before each Uri\WhatWg\Url wither call so that errors from previous wither calls are not returned the next time a UrlValidationError is thrown. (kocsismate)
Zlib:
- Fixed memory leak if deflate initialization fails and there is a dict. (ndossche)
- Fixed memory leak in inflate_add(). (ndossche)
perl-CSS-Minifier-XS-0.15-1.fc43
- perl-CSS-Minifier-XS-0.15-1.fc43
This package contains the Perl module CSS::Minifier::XS.
Versions of the module before 0.14 have a memory leak when the entire document is minified away (CVE-2026-13593). This update brings version 0.15 which fixes this issue.
perl-CSS-Minifier-XS-0.15-1.fc44
- perl-CSS-Minifier-XS-0.15-1.fc44
This package contains the Perl module CSS::Minifier::XS.
Versions of the module before 0.14 have a memory leak when the entire document is minified away (CVE-2026-13593). This update brings version 0.15 which fixes this issue.
jq-1.8.2-4.fc45
- jq-1.8.2-4.fc45
Automatic update for jq-1.8.2-4.fc45.
Changelog * Sat Jun 20 2026 Filipe Rosset <filiperosset@fedoraproject.org> - 1.8.2-4 - removed old upstreamed patches * Sat Jun 20 2026 Filipe Rosset <filiperosset@fedoraproject.org> - 1.8.2-3 - opt-in to packit for rawhide * Sat Jun 20 2026 Filipe Rosset <filiperosset@fedoraproject.org> - 1.8.2-2 - simplify .gitignore file * Sat Jun 20 2026 Filipe Rosset <filiperosset@fedoraproject.org> - 1.8.2-1 - update to 1.8.2 fixes rhbz#2458354 rhbz#2477179 rhbz#2477180 rhbz#2477235 rhbz#2477236 rhbz#2477522 rhbz#2477523python-pendulum-3.2.0-1.fc44
- python-pendulum-3.2.0-1.fc44
Update to 3.2.0 (final). Update PyO3 to 0.29, fixing RUSTSEC-2026-0176 and RUSTSEC-2026-0177.
USN-8487-1: curl vulnerabilities
next-20260630: linux-next
transmission-4.1.3-1.fc43
- transmission-4.1.3-1.fc43
Fixed a CORS bug that leaked the anti-CSRF nonce. (#8938) Fixed a use-after-free bug in peer code. (#8921) Fixed build error when compiling with fmt 12.2.0. (#8942)
Fix qt icon
transmission-4.1.3-1.fc44
- transmission-4.1.3-1.fc44
Fixed a CORS bug that leaked the anti-CSRF nonce. (#8938) Fixed a use-after-free bug in peer code. (#8921) Fixed build error when compiling with fmt 12.2.0. (#8942)
ipp-usb-0.9.34-2.fc44
- ipp-usb-0.9.34-2.fc44
0.9.34 - security fix for CVE-2026-27145
ipp-usb-0.9.34-2.fc45
- ipp-usb-0.9.34-2.fc45
Automatic update for ipp-usb-0.9.34-2.fc45.
Changelog * Tue Jun 30 2026 Zdenek Dohnal <zdohnal@redhat.com> - 0.9.34-2 - ipp-usb-0.9.34 is available (fedora#2463247, fedora#2484207, fedora#2494316)