Alerts This Week
Warning Icon 1 764
Alerts This Week
Warning Icon 1 764

Fedora 42: gi-docgen Important XSS Fix CVE-2025-11687 2025-b4184a589e

fedora
Calendar Grey October 21, 2025
Dist Fedora Esm H88
A security advisory update for gi-docgen in Fedora 42, addressing XSS concerns with severity important.
gi-docgen 2025.5 - 2025-10-11 This is a security fix for CVE-2025-11687

Summary

GI-DocGen is a document generator for GObject-based libraries. GObject is the

base type system of the GNOME project. GI-Docgen reuses the introspection data

generated by GObject-based libraries to generate the API reference of these

libraries, as well as other ancillary documentation.

GI-DocGen is not a general purpose documentation tool for C libraries.

While GI-DocGen can be used to generate API references for most GObject/C

libraries that expose introspection data, its main goal is to generate the

reference for GTK and its immediate dependencies. Any and all attempts at

making this tool more generic, or to cover more use cases, will be weighted

heavily against its primary goal.

GI-DocGen is still in development. The recommended use of GI-DocGen is to add

it as a sub-project to your Meson build system, and vendor it when releasing

dist archives.

You should not depend on a system-wide installation until GI-DocGen is declared

stable.

Update Information:

gi-docgen 2025.5 - 2025-10-11 This is a security fix for CVE-2025-11687. \u201cThe severity of this issue depends on what else is hosted on the same domain as the docs. XSS on a website that hosts only gi-docgen docs and nothing else is likely harmless.\u201d Fixed Make sure to escape query strings

Topics%20covered

Topics Covered

security advisory fedora XSS important fix gi-docgen

Change Log

* Sat Oct 11 2025 Benjamin A. Beasley - 2025.5-1 - Update to 2025.5 (close RHBZ#2403282) * Fri Sep 19 2025 Python Maint - 2025.4-5 - Rebuilt for Python 3.14.0rc3 bytecode * Fri Aug 15 2025 Python Maint - 2025.4-4 - Rebuilt for Python 3.14.0rc2 bytecode * Wed Jul 23 2025 Fedora Release Engineering - 2025.4-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild

References


[ 1 ] Bug #2403282 - gi-docgen-2025.5 is available https://bugzilla.redhat.com/show_bug.cgi?id=2403282 [ 2 ] Bug #2403540 - CVE-2025-11687 gi-docgen: Reflected DOM XSS in gi-docgen [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2403540

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-b4184a589e' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
important
Lowest
Low
Medium
High
Critical

Name: gi-docgen
Product: Fedora 42
Version: 2025.5
Release: 1.fc42
URL:
Summary: Documentation tool for GObject-based libraries

Topics%20covered

Topics Covered

security advisory fedora XSS important fix gi-docgen

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here