Explore top 10 tips to secure your open-source projects now. Read More
×
Backport fixes for CVE-2025-11468, CVE-2026-0672, CVE-2026-0865, CVE-2025-15282, CVE-2026-1299. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-c8b3418f91 2026-02-18 00:54:04.864895+00:00 -------------------------------------------------------------------------------- Name : mingw-python3 Product : Fedora 42 Version : 3.11.14 Release : 7.fc42 URL : https://www.python.org/ Summary : MinGW Windows python3 Description : MinGW Windows python3 -------------------------------------------------------------------------------- Update Information: Backport fixes for CVE-2025-11468, CVE-2026-0672, CVE-2026-0865, CVE-2025-15282, CVE-2026-1299 -------------------------------------------------------------------------------- ChangeLog: * Mon Feb 9 2026 Sandro Mani - 3.11.14-7 - Backport fixes for CVE-2025-11468, CVE-2026-0672, CVE-2026-0865, CVE-2025-15282, CVE-2026-1299 * Fri Jan 16 2026 Fedora Release Engineering - 3.11.14-6 - Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #2431752 - CVE-2025-11468 mingw-python3: Missing character filtering in Python [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2431752 [ 2 ] Bug #2431762 - CVE-2026-0672 mingw-python3: Header injection in http.cookies.Morsel in Python [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2431762 [ 3 ] Bug #2431781 - CVE-2026-0865 mingw-python3: wsgiref.headers.Headers allows header newline injection in Python [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2431781 [ 4 ] Bug #2431790 - CVE-2025-15282 mingw-python3: Header injection via newlines in data URL mediatype in Python [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2431790 [ 5 ] Bug #2431806 - CVE-2025-11468 mingw-python3: Missing character filtering in Python[fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2431806 [ 6 ] Bug #2431817 - CVE-2026-0672 mingw-python3: Header injection in http.cookies.Morsel in Python [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2431817 [ 7 ] Bug #2431818 - CVE-2026-0865 mingw-python3: wsgiref.headers.Headers allows header newline injection in Python [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2431818 [ 8 ] Bug #2431839 - CVE-2025-15282 mingw-python3: Header injection via newlines in data URL mediatype in Python [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2431839 [ 9 ] Bug #2433814 - CVE-2026-1299 mingw-python3: email header injection due to unquoted newlines [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2433814 [ 10 ] Bug #2433824 - CVE-2026-1299 mingw-python3: email header injection due to unquoted newlines [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2433824 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-c8b3418f91' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Backport fix for CVE-2025-12084.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-883181272e 2025-12-23 00:49:47.498002+00:00 -------------------------------------------------------------------------------- Name : mingw-python3 Product : Fedora 43 Version : 3.11.14 Release : 4.fc43 URL : https://www.python.org/ Summary : MinGW Windows python3 Description : MinGW Windows python3 -------------------------------------------------------------------------------- Update Information: Backport fix for CVE-2025-12084. -------------------------------------------------------------------------------- ChangeLog: * Sun Dec 14 2025 Sandro Mani - 3.11.14-4 - Backport patch for CVE-2025-12084 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2421623 - CVE-2025-12084 mingw-python3: cpython: Quadratic algorithm in xml.dom.minidom leads to denial of service [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2421623 [ 2 ] Bug #2421642 - CVE-2025-12084 mingw-python3: cpython: Quadratic algorithm in xml.dom.minidom leads to denial of service [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2421642 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-883181272e' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list
Backport fix for CVE-2025-11277. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-0f4b31c58e 2025-12-17 01:12:56.966718+00:00 -------------------------------------------------------------------------------- Name : assimp Product : Fedora 43 Version : 6.0.2 Release : 4.fc43 URL : https://github.com/assimp/assimp Summary : Library to import various 3D model formats into applications Description : Assimp, the Open Asset Import Library, is a free library to import various well-known 3D model formats into applications. Assimp aims to provide a full asset conversion pipeline for use in game engines and real-time rendering systems, but is not limited to these applications. -------------------------------------------------------------------------------- Update Information: Backport fix for CVE-2025-11277 -------------------------------------------------------------------------------- ChangeLog: * Sun Dec 14 2025 Sandro Mani - 6.0.2-4 - Backport fix for CVE-2025-11277 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-0f4b31c58e' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Backport fixes for CVE-2025-64181 etc. in OpenEXRCore. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-4924a5bc8b 2025-12-16 00:46:10.314063+00:00 -------------------------------------------------------------------------------- Name : usd Product : Fedora 43 Version : 25.08 Release : 12.fc43 URL : https://openusd.org/ Summary : 3D VFX pipeline interchange file format Description : Universal Scene Description (USD) is a time-sampled scene description for interchange between graphics applications. -------------------------------------------------------------------------------- Update Information: Backport fixes for CVE-2025-64181 etc. in OpenEXRCore -------------------------------------------------------------------------------- ChangeLog: -------------------------------------------------------------------------------- References: [ 1 ] Bug #2418252 - CVE-2025-64181 usd: Use of Uninitialized Memory inside generic_unpack [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2418252 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-4924a5bc8b' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Backport fix for CVE-2025-43718.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-e16b533459 2025-10-13 02:01:36.127265+00:00 -------------------------------------------------------------------------------- Name : mingw-poppler Product : Fedora 41 Version : 24.02.0 Release : 6.fc41 URL : http://poppler.freedesktop.org/ Summary : MinGW Windows Poppler library Description : MinGW Windows Poppler library. -------------------------------------------------------------------------------- Update Information: Backport fix for CVE-2025-43718. -------------------------------------------------------------------------------- ChangeLog: * Sat Oct 4 2025 Sandro Mani - 24.02.0-6 - Backport fix for CVE-2025-43718 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2401095 - CVE-2025-43718 mingw-poppler: Poppler stack overflow [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2401095 [ 2 ] Bug #2401097 - CVE-2025-43718 mingw-poppler: Poppler stack overflow [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2401097 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-e16b533459' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Backport fix for CVE-2025-8194.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-2e992ddfa0 2025-08-12 00:55:59.003816+00:00 -------------------------------------------------------------------------------- Name : mingw-python3 Product : Fedora 42 Version : 3.11.13 Release : 4.fc42 URL : https://www.python.org/ Summary : MinGW Windows python3 Description : MinGW Windows python3 -------------------------------------------------------------------------------- Update Information: Backport fix for CVE-2025-8194. -------------------------------------------------------------------------------- ChangeLog: * Sun Aug 3 2025 Sandro Mani - 3.11.13-4 - Backport upstream fix for CVE-2025-8194 * Thu Jul 24 2025 Fedora Release Engineering - 3.11.13-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #2384063 - CVE-2025-8194 mingw-python3: Cpython infinite loop when parsing a tarfile [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2384063 [ 2 ] Bug #2384074 - CVE-2025-8194 mingw-python3: Cpython infinite loop when parsing a tarfile [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2384074 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-2e992ddfa0' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Backport upstream fix for CVE-2025-43859. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-bd59b39ab6 2025-05-11 01:42:02.655172+00:00 -------------------------------------------------------------------------------- Name : python-h11 Product : Fedora 40 Version : 0.14.0 Release : 7.fc40 URL : https://github.com/python-hyper/h11 Summary : A pure-Python, bring-your-own-I/O implementation of HTTP/1.1 Description : This is a little HTTP/1.1 library written from scratch in Python, heavily inspired by hyper-h2. It is a "bring-your-own-I/O" library; h11 contains no IO code whatsoever. This means you can hook h11 up to your favorite network API, and that could be anything you want: synchronous, threaded, asynchronous, or your own implementation of RFC 6214 -- h11 will not judge you. This also means that h11 is not immediately useful out of the box: it is a toolkit for building programs that speak HTTP, not something that could directly replace requests or twisted.web or whatever. But h11 makes it much easier to implement something like requests or twisted.web. -------------------------------------------------------------------------------- Update Information: Backport upstream fix for CVE-2025-43859 -------------------------------------------------------------------------------- ChangeLog: * Fri May 2 2025 Robby Callicotte - 0.14.0-7 - Backport upstream fix for CVE-2025-43859 * Sat Jan 18 2025 Fedora Release Engineering - 0.14.0-6 - Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild * Fri Jul 19 2024 Fedora Release Engineering - 0.14.0-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild * Fri Jun 7 2024 Python Maint - 0.14.0-4 - Rebuilt for Python 3.13 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2362285 - CVE-2025-43859 python-h11: h11 accepts some malformedChunked-Encoding bodies [fedora-40] https://bugzilla.redhat.com/show_bug.cgi?id=2362285 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-bd59b39ab6' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Backport fixes for CVE-2025-32364 and CVE-2025-32365.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-5e9faa5173 2025-04-24 17:32:46.484802+00:00 -------------------------------------------------------------------------------- Name : mingw-poppler Product : Fedora 41 Version : 24.02.0 Release : 5.fc41 URL : http://poppler.freedesktop.org/ Summary : MinGW Windows Poppler library Description : MinGW Windows Poppler library. -------------------------------------------------------------------------------- Update Information: Backport fixes for CVE-2025-32364 and CVE-2025-32365. -------------------------------------------------------------------------------- ChangeLog: * Tue Apr 15 2025 Sandro Mani - 24.02.0-5 - Backport fixes for CVE-2025-32364 and CVE-2025-32365 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2357812 - CVE-2025-32365 mingw-poppler: Out-of-Bounds Read in Poppler [fedora-40] https://bugzilla.redhat.com/show_bug.cgi?id=2357812 [ 2 ] Bug #2357814 - CVE-2025-32365 mingw-poppler: Out-of-Bounds Read in Poppler [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2357814 [ 3 ] Bug #2357816 - CVE-2025-32364 mingw-poppler: Floating-Point Exception in Poppler [fedora-40] https://bugzilla.redhat.com/show_bug.cgi?id=2357816 [ 4 ] Bug #2357818 - CVE-2025-32364 mingw-poppler: Floating-Point Exception in Poppler [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2357818 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-5e9faa5173' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with theFedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Get the latest Linux and open source security news straight to your inbox.