– Update to latest 3.2 release – Security fix for CVE-2023-31047 – Provide python3-django so it can be used by dependents that do not use the python3.Xdist(django) for requesting it
Archive for Fedora Linux Distribution – Security Advisories
– Updated to latest upstream (113.0)
Patch for CVE-2023-1729.
Patch for CVE-2023-1729.
update to 113.0.5672.64. Fixes the following security issues: CVE-2023-2459 CVE-2023-2460 CVE-2023-2461 CVE-2023-2462 CVE-2023-2463 CVE-2023-2464 CVE-2023-2465 CVE-2023-2466 CVE-2023-2467 CVE-2023-2468
Fedora 38: rubygem-redcarpet 2023-44daa9c1d4
A security flow was found on redcarpet that escaping html was not properly done even if requested on some cases which may cause XSS vulnerability. This issue is now assigned as CVE-2020-26298. This new rpm should fix this issue.
Fedora 37: rubygem-redcarpet 2023-8682a0e17d
A security flow was found on redcarpet that escaping html was not properly done even if requested on some cases which may cause XSS vulnerability. This issue is now assigned as CVE-2020-26298. This new rpm should fix this issue.
– digiKam-8.0.0 – enabled MediaPlayer – Security fix for CVE-2023-1729 https://www.digikam.org/news/2023-04-16-8.0.0_release_announcement/
– digiKam-8.0.0 – enabled MediaPlayer – Security fix for CVE-2023-1729 https://www.digikam.org/news/2023-04-16-8.0.0_release_announcement/
Fedora 38: rust-fedora-update-feedback 2023-cc21019773
Recent updates for the `tokio`, `h2`, and `openssl` crates addressed some (potential or confirmed) security or soundness issues: – `tokio`: [RUSTSEC-2023-0005](https://rustsec.org/advisories/RUSTSEC-2023-0005.html) – `h2`: [RUSTSEC-2023-0034](https://rustsec.org/advisories/RUSTSEC-2023-0034.html) / [CVE-2023-26964](https://nvd.nist.gov/vuln/detail/CVE-2023-26964) – `openssl`:
update to 113.0.5672.64. Fixes the following security issues: CVE-2023-2459 CVE-2023-2460 CVE-2023-2461 CVE-2023-2462 CVE-2023-2463 CVE-2023-2464 CVE-2023-2465 CVE-2023-2466 CVE-2023-2467 CVE-2023-2468
Fixes an incompatibility with AOM v3.6.0 and includes a couple of smaller fixes. Also fixes a stack overflow with some crafted images (CVE-2023-29659).
Fixes an incompatibility with AOM v3.6.0 and includes a couple of smaller fixes. Also fixes a stack overflow with some crafted images (CVE-2023-29659).
updated to java april security update
Fedora 37: python-sentry-sdk 2023-f839113811
Update to 1.21.1 (resolve rhbz#2182365)
update to 112.0.5615.165. Fixes the following security issues: CVE-2023-2004 CVE-2023-2133 CVE-2023-2134 CVE-2023-2135 CVE-2023-2136 CVE-2023-2137 CVE-2023-2033 CVE-2023-2136
* The Bubblewrap sandbox no longer requires setting an application identifier via GApplication to operate correctly. Using GApplication is still recommended, but optional. * Adjust the scrolling speed for mouse wheels to make it feel more natural. * Allow pasting content using the Asynchronous Clipboard API when the origin is the same as the clipboard contents. * Improvements to the
Fedora 37: python-setuptools 2023-60e2b22be0
Security fix for CVE-2022-40897
update to 2.40.1 (CVE-2023-25652, CVE-2023-25815, CVE-2023-29007) Refer to the release notes for 2.30.9 for details of each CVE as well as the following security advisories from the git project: https://github.com/git/git/security/advisories/GHSA-2hvf-7c8p-28fx (CVE-2023-25652)
Update to 102.10.0 ; https://www.mozilla.org/en- US/security/advisories/mfsa2023-15/ ; https://www.thunderbird.net/en- US/thunderbird/102.10.0/releasenotes/
Fedora 36: python-setuptools 2023-9992b32c1f
Security fix for CVE-2022-40897
– Update comrak to version 0.18.0. – Disable the unused markdown support in askama and askama_shared crates, which depends on an ancient version of comrak. This update also includes fixes for two medium-severity security issues in comrak (CVE-2023-28631 and CVE-2023-28626).
– Update comrak to version 0.18.0. – Disable the unused markdown support in askama and askama_shared crates, which depends on an ancient version of comrak. This update also includes fixes for two medium-severity security issues in comrak (CVE-2023-28631 and CVE-2023-28626).
Fedora 36: rust-askama_shared 2023-b37722768e
– Update comrak to version 0.18.0. – Disable the unused markdown support in askama and askama_shared crates, which depends on an ancient version of comrak. This update also includes fixes for two medium-severity security issues in comrak (CVE-2023-28631 and CVE-2023-28626).
update to 2.40.1 (CVE-2023-25652, CVE-2023-25815, CVE-2023-29007) Refer to the release notes for 2.30.9 for details of each CVE as well as the following security advisories from the git project: https://github.com/git/git/security/advisories/GHSA-2hvf-7c8p-28fx (CVE-2023-25652)
x86 shadow paging arbitrary pointer dereference [XSA-430, CVE-2022-42335]
**Redis 6.2.12** Released Mon Apr 17 16:00:00 IST 2023 Upgrade urgency: SECURITY, contains fixes to security issues. Security Fixes: * (**CVE-2023-28856**) Authenticated users can use the HINCRBYFLOAT command to create an invalid hash field that will crash Redis on access Bug Fixes * Fix CLIENT REPLY OFF|SKIP to not silence push notifications (#11875) * Disconnect
Fedora 36: perl-Alien-ProtoBuf 2022-15729fa33d
Selected notes from packaging changes and improvements: * 3.19.6 fixes CVE-2022-3171 * 3.19.5 fixes CVE-2022-1941 * License updated to SPDX * Unnecessary dependency on python3-six removed * Python extension is now the compiled C++ version, improving performance * All subpackages now have the license file or depend on something that does * The -vim subpackage now
update to 112.0.5615.165. Fixes the following security issues: CVE-2023-2004 CVE-2023-2133 CVE-2023-2134 CVE-2023-2135 CVE-2023-2136 CVE-2023-2137 CVE-2023-2033 CVE-2023-2136
Fix for CVE-2020-17354