Aggregator

perl-Mojo-JWT-1.02-1.fc44

Fedora Security Advisories
2 days ago
FEDORA-2026-80333f8f56 Packages in this update:
  • perl-Mojo-JWT-1.02-1.fc44
Update description:

This release of Mojo::JWT Improves the security of decode to prevent timing side-channel attacks in symmetric signatures

perl-Mojo-JWT-1.02-1.fc43

Fedora Security Advisories
2 days ago
FEDORA-2026-1da54e6cb8 Packages in this update:
  • perl-Mojo-JWT-1.02-1.fc43
Update description:

This release of Mojo::JWT Improves the security of decode to prevent timing side-channel attacks in symmetric signatures

python-django4.2-4.2.30-2.el9

Fedora Security Advisories
2 days 11 hours ago
FEDORA-EPEL-2026-4d0b588a17 Packages in this update:
  • python-django4.2-4.2.30-2.el9
Update description:
  • Backport fix for CVE-2026-35192 (low): Session fixation via public cached pages and SESSION_SAVE_EVERY_REQUEST
  • Django 4.2.30 fixes one security issue with severity “moderate” and four security issues with severity “low” in 4.2.29
  • CVE-2026-33033: Potential denial-of-service vulnerability in MultiPartParser via base64-encoded file upload [moderate]
  • CVE-2026-3902: ASGI header spoofing via underscore/hyphen conflation
  • CVE-2026-4277: Privilege abuse in GenericInlineModelAdmin
  • CVE-2026-4292: Privilege abuse in ModelAdmin.list_editable
  • CVE-2026-33034: Potential denial-of-service vulnerability in ASGI requests via memory upload limit bypass
  • Django 4.2.29 fixes a security issue with severity “moderate” and a security issue with severity “low” in 4.2.28
  • CVE-2026-25673: Potential denial-of-service vulnerability in URLField via Unicode normalization on Windows [moderate]
  • CVE-2026-25674: Potential incorrect permissions on newly created file system objects