Automatic update for pypy3.11-7.3.21-3.3.11.fc45.
Changelog * Thu Mar 19 2026 Charalampos Stratakis <cstratak@redhat.com> - 7.3.21-2 - Fix CVE-2025-56005 via removing no-longer used bundled ply - Fixes: rhbz#2431978 * Thu Mar 19 2026 Charalampos Stratakis <cstratak@redhat.com> - 7.3.21-1 - Update to 7.3.21 - Fixes: rhbz#2447285Security fix for CVE-2025-56005 for the bundled ply within the bundled pycparser
Security fix for CVE-2025-56005 for the bundled ply within the bundled pycparser
Fix jit backend for ppc64le and s390x
Fix jit backend for ppc64le and s390x
Automatic update for pypy3.10-7.3.19-11.3.10.fc45.
Changelog * Thu Mar 19 2026 Charalampos Stratakis <cstratak@redhat.com> - 7.3.19-11 - Security fix for CVE-2025-56005 for the bundled ply within the bundled pycparser - Fixes: rhbz#2431977Automatic update for pypy-7.3.21-3.fc45.
Changelog * Thu Mar 19 2026 Charalampos Stratakis <cstratak@redhat.com> - 7.3.21-2 - Security fix for CVE-2025-56005 for the bundled ply within the bundled pycparser - Fixes: rhbz#2431976 * Thu Mar 19 2026 Charalampos Stratakis <cstratak@redhat.com> - 7.3.21-1 - Update to 7.3.21 - Fixes: rhbz#2447284Backport fixes for CVE-2026-32874 and CVE-2026-32875
This new updates backports a fix for a format string injection vulnerability in JSON.parse, which is now assigned as CVE-2026-33210
Update to 1.23.1
YAML::Syck versions up to and including 1.36 for Perl has several potential security vulnerabilities including a high-severity heap buffer overflow in the YAML emitter. The heap overflow occurs when class names exceed the initial 512-byte allocation. The base64 decoder could read past the buffer end on trailing newlines. strtok mutated n->type_id in place, corrupting shared node data. A memory leak occurred in syck_hdlr_add_anchor when a node already had an anchor. The incoming anchor string 'a' was leaked on early return.
YAML::Syck versions up to and including 1.36 for Perl has several potential security vulnerabilities including a high-severity heap buffer overflow in the YAML emitter. The heap overflow occurs when class names exceed the initial 512-byte allocation. The base64 decoder could read past the buffer end on trailing newlines. strtok mutated n->type_id in place, corrupting shared node data. A memory leak occurred in syck_hdlr_add_anchor when a node already had an anchor. The incoming anchor string 'a' was leaked on early return.
YAML::Syck versions up to and including 1.36 for Perl has several potential security vulnerabilities including a high-severity heap buffer overflow in the YAML emitter. The heap overflow occurs when class names exceed the initial 512-byte allocation. The base64 decoder could read past the buffer end on trailing newlines. strtok mutated n->type_id in place, corrupting shared node data. A memory leak occurred in syck_hdlr_add_anchor when a node already had an anchor. The incoming anchor string 'a' was leaked on early return.
YAML::Syck versions up to and including 1.36 for Perl has several potential security vulnerabilities including a high-severity heap buffer overflow in the YAML emitter. The heap overflow occurs when class names exceed the initial 512-byte allocation. The base64 decoder could read past the buffer end on trailing newlines. strtok mutated n->type_id in place, corrupting shared node data. A memory leak occurred in syck_hdlr_add_anchor when a node already had an anchor. The incoming anchor string 'a' was leaked on early return.
YAML::Syck versions up to and including 1.36 for Perl has several potential security vulnerabilities including a high-severity heap buffer overflow in the YAML emitter. The heap overflow occurs when class names exceed the initial 512-byte allocation. The base64 decoder could read past the buffer end on trailing newlines. strtok mutated n->type_id in place, corrupting shared node data. A memory leak occurred in syck_hdlr_add_anchor when a node already had an anchor. The incoming anchor string 'a' was leaked on early return.
YAML::Syck versions up to and including 1.36 for Perl has several potential security vulnerabilities including a high-severity heap buffer overflow in the YAML emitter. The heap overflow occurs when class names exceed the initial 512-byte allocation. The base64 decoder could read past the buffer end on trailing newlines. strtok mutated n->type_id in place, corrupting shared node data. A memory leak occurred in syck_hdlr_add_anchor when a node already had an anchor. The incoming anchor string 'a' was leaked on early return.
Update to 1.23.1
Update to 1.23.1
Update to 1.23.1
Add patch for CVE-2026-1539 (Also remove Proxy-Authorization header on cross origin redirect)