Alerts This Week
Warning Icon 1 1,149
Alerts This Week
Warning Icon 1 1,149

Fedora 43 python-dotenv Important Arbitrary Overwrite Fix CVE-2026-28684

fedora
Calendar Grey May 21, 2026
Dist Fedora Esm H88
Update for Fedora 43 python-dotenv addressing CVE-2026-28684 security flaw improves system integrity.
Update to 1.2.2, security fix for CVE-2026-28684.

Summary

Reads the key/value pairs from a .env file and can add them to environment

variables.

Update Information:

Update to 1.2.2, security fix for CVE-2026-28684.

Change Log

* Thu Apr 30 2026 Benjamin A. Beasley - 1.2.2-1 - Update to 1.2.2 (close RHBZ#2443673) * Sat Jan 17 2026 Fedora Release Engineering - 1.1.0-7 - Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild * Tue Oct 28 2025 Miro Hron\u010dok - 1.1.0-6 - Remove unused build dependency on pytest-cov (redux)

References


[ 1 ] Bug #2374518 - python-dotenv-1.2.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=2374518 [ 2 ] Bug #2443673 - python-dotenv-1.2.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=2443673 [ 3 ] Bug #2460552 - CVE-2026-28684 python-dotenv: python-dotenv: Arbitrary file overwrite via symbolic link following [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2460552

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-20312e36a8' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
important
Lowest
Low
Medium
High
Critical

Name: python-dotenv
Product: Fedora 43
Version: 1.2.2
Release: 1.fc43
Summary: Read key-value pairs from a .env file and set them as environment variables

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here