Monday, May 4, 2026

[USN-8228-1] Exim vulnerabilities

========================================================================== Ubuntu Security Notice USN-8228-1 May 04, 2026 exim4 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 26.04 LTS - Ubuntu 25.10 - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS Summary: Several security issues were fixed in Exim. Software Description: - exim4: Exim is a mail transport agent Details: It was discovered that Exim incorrectly handled parsing malformed JSON in message headers. A remote attacker could possibly use this issue to execute arbitrary code. (CVE-2026-40685) It was discovered that Exim incorrectly handled processing of UTF-8 trailing characters. A remote attacker could possibly use this issue to obtain sensitive information. (CVE-2026-40686) It was discovered that Exim incorrectly handled SPA authenticator input. An authenticated user could possibly use this issue to execute arbitrary code. (CVE-2026-40687) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 26.04 LTS exim4 4.99.1-1ubuntu1.1 exim4-base 4.99.1-1ubuntu1.1 eximon4 4.99.1-1ubuntu1.1 Ubuntu 25.10 exim4 4.98.2-1ubuntu2.1 exim4-base 4.98.2-1ubuntu2.1 eximon4 4.98.2-1ubuntu2.1 Ubuntu 24.04 LTS exim4 4.97-4ubuntu4.4 exim4-base 4.97-4ubuntu4.4 eximon4 4.97-4ubuntu4.4 Ubuntu 22.04 LTS exim4 4.95-4ubuntu2.7 exim4-base 4.95-4ubuntu2.7 eximon4 4.95-4ubuntu2.7 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-8228-1 CVE-2026-40685, CVE-2026-40686, CVE-2026-40687 Package Information: https://launchpad.net/ubuntu/+source/exim4/4.99.1-1ubuntu1.1 https://launchpad.net/ubuntu/+source/exim4/4.98.2-1ubuntu2.1 https://launchpad.net/ubuntu/+source/exim4/4.97-4ubuntu4.4 https://launchpad.net/ubuntu/+source/exim4/4.95-4ubuntu2.7

No comments:

[USN-8227-1] curl vulnerabilities

========================================================================== Ubuntu Security Notice USN-8227-1 May 04, 2026 curl vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 26.04 LTS - Ubuntu 25.10 - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS Summary: curl could be made to expose sensitive information over the network. Software Description: - curl: HTTP, HTTPS, and FTP client and client libraries Details: It was discovered that curl incorrectly reused non-TLS connections when TLS was required in some STARTTLS configurations. A remote attacker could possibly use this issue to obtain sensitive information. (CVE-2026-4873) It was discovered that curl incorrectly reused certain HTTP Negotiate connections. A remote attacker could possibly use this issue to obtain sensitive information. (CVE-2026-5545) It was discovered that curl incorrectly reused certain SMB connections. A remote attacker could possibly use this issue to obtain sensitive information. (CVE-2026-5773) It was discovered that curl could leak proxy credentials when handling redirects in some configurations. A remote attacker could possibly use this issue to obtain sensitive information. (CVE-2026-6253) It was discovered that curl could leak cookies because of stale custom cookie host handling in some requests. A remote attacker could possibly use this issue to obtain sensitive information. (CVE-2026-6276) It was discovered that curl could leak .netrc credentials when reusing proxy connections in some situations. A remote attacker could possibly use this issue to obtain sensitive information. (CVE-2026-6429) It was discovered that curl could leak Digest authentication state when switching proxies in some situations. A remote attacker could possibly use this issue to obtain sensitive information. (CVE-2026-7168) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 26.04 LTS curl 8.18.0-1ubuntu2.1 libcurl3t64-gnutls 8.18.0-1ubuntu2.1 libcurl4t64 8.18.0-1ubuntu2.1 Ubuntu 25.10 curl 8.14.1-2ubuntu1.3 libcurl3t64-gnutls 8.14.1-2ubuntu1.3 libcurl4t64 8.14.1-2ubuntu1.3 Ubuntu 24.04 LTS curl 8.5.0-2ubuntu10.9 libcurl3t64-gnutls 8.5.0-2ubuntu10.9 libcurl4t64 8.5.0-2ubuntu10.9 Ubuntu 22.04 LTS curl 7.81.0-1ubuntu1.24 libcurl3-gnutls 7.81.0-1ubuntu1.24 libcurl3-nss 7.81.0-1ubuntu1.24 libcurl4 7.81.0-1ubuntu1.24 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-8227-1 CVE-2026-4873, CVE-2026-5545, CVE-2026-5773, CVE-2026-6253, CVE-2026-6276, CVE-2026-6429, CVE-2026-7168 Package Information: https://launchpad.net/ubuntu/+source/curl/8.18.0-1ubuntu2.1 https://launchpad.net/ubuntu/+source/curl/8.14.1-2ubuntu1.3 https://launchpad.net/ubuntu/+source/curl/8.5.0-2ubuntu10.9 https://launchpad.net/ubuntu/+source/curl/7.81.0-1ubuntu1.24

No comments:

[USN-8229-1] sed vulnerability

========================================================================== Ubuntu Security Notice USN-8229-1 May 04, 2026 sed vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 26.04 LTS - Ubuntu 25.10 - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS Summary: sed could be made to overwrite files. Software Description: - sed: GNU stream editor for filtering/transforming text Details: MichaƂ Majchrowicz and Marcin Wyczechowski discovered that sed incorrectly handled symbolic links when performing in-place edits. A local attacker could possibly use this issue to overwrite arbitrary files. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 26.04 LTS sed 4.9-2ubuntu1 Ubuntu 25.10 sed 4.9-2ubuntu0.25.10.1 Ubuntu 24.04 LTS sed 4.9-2ubuntu0.24.04.1 Ubuntu 22.04 LTS sed 4.8-1ubuntu2.1 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-8229-1 CVE-2026-5958 Package Information: https://launchpad.net/ubuntu/+source/sed/4.9-2ubuntu1 https://launchpad.net/ubuntu/+source/sed/4.9-2ubuntu0.25.10.1 https://launchpad.net/ubuntu/+source/sed/4.9-2ubuntu0.24.04.1 https://launchpad.net/ubuntu/+source/sed/4.8-1ubuntu2.1

No comments:

Sunday, May 3, 2026

Orphaned packages looking for new maintainers

Report started at 2026-05-03 22:00:54 UTC The following packages are orphaned and will be retired when they are orphaned for six weeks, unless someone adopts them. If you know for sure that the package should be retired, please do so now with a proper reason: https://fedoraproject.org/wiki/How_to_remove_a_package_at_end_of_life Note: If you received this mail directly you (co)maintain one of the affected packages or a package that depends on one. Please adopt the affected package or retire your depending package to avoid broken dependencies, otherwise your package will be retired when the affected package gets retired. Request package ownership via the *Take* button in the left column on https://src.fedoraproject.org/rpms/<pkgname> Full report available at: https://a.gtmx.me/orphans/orphans.txt grep it for your FAS username and follow the dependency chain. For human readable dependency chains, see https://packager-dashboard.fedoraproject.org/ For all orphaned packages, see https://packager-dashboard.fedoraproject.org/orphan Package (co)maintainers Status Change ================================================================================ bbox-firago-fonts orphan 5 weeks ago bign-handheld-thumbnailer orphan 5 weeks ago botan2 orphan, thm 2 weeks ago dex-autostart orphan 2 weeks ago dnf-plugin-ovl orphan 2 weeks ago dqlite orphan 3 weeks ago elementary-calculator @pantheon-sig, orphan 0 weeks ago elementary-calendar @pantheon-sig, mcrha, orphan 0 weeks ago elementary-camera @pantheon-sig, orphan 0 weeks ago elementary-code @pantheon-sig, orphan 0 weeks ago elementary-files @pantheon-sig, orphan 0 weeks ago elementary-mail @pantheon-sig, mcrha, orphan 0 weeks ago elementary-music @pantheon-sig, orphan 0 weeks ago elementary-notifications @pantheon-sig, orphan 0 weeks ago elementary-onboarding @pantheon-sig, orphan 0 weeks ago elementary-photos @pantheon-sig, orphan 0 weeks ago elementary-screenshot @pantheon-sig, orphan 0 weeks ago elementary-settings-daemon @pantheon-sig, orphan 0 weeks ago fparser orphan 2 weeks ago gala @pantheon-sig, orphan 0 weeks ago gcolor2 orphan 1 weeks ago glibd orphan 2 weeks ago golang-bitbucket-creachadair- @go-sig, orphan 5 weeks ago shell golang-cloud-google-pubsub @go-sig, orphan 5 weeks ago golang-cloud-google-spanner @go-sig, orphan 5 weeks ago golang-github-andreyvit-diff @go-sig, orphan 1 weeks ago golang-github-antihax-optional @go-sig, orphan 5 weeks ago golang-github-armon-socks5 @go-sig, orphan 5 weeks ago golang-github-burntsushi-toml @go-sig, dcavalca, dfateyev, 1 weeks ago orphan golang-github-circonus-labs- @go-sig, orphan 5 weeks ago apiclient golang-github-circonus-labs- @go-sig, orphan 5 weeks ago circonusllhist golang-github-elazarl-goproxy @go-sig, orphan 5 weeks ago golang-github-erkexzcx- @go-sig, orphan 3 weeks ago valetudopng golang-github-ghodss-yaml @go-sig, jchaloup, orphan 5 weeks ago golang-github-git-fixtures-4 @go-sig, orphan 5 weeks ago golang-github-git-gcfg @go-sig, orphan 5 weeks ago golang-github-gliderlabs-ssh @go-sig, jchaloup, orphan 5 weeks ago golang-github-google-renameio-2 @go-sig, orphan 2 weeks ago golang-github-googleapis- @go-sig, orphan 5 weeks ago enterprise-certificate-proxy golang-github-groupcache @go-sig, orphan 5 weeks ago golang-github-hebcal-greg @go-sig, orphan 2 weeks ago golang-github-jose4 @go-sig, orphan 1 weeks ago golang-github-joshuarubin- @go-sig, ngompa, orphan 1 weeks ago lifecycle golang-github-labstack-echo-4 @go-sig, orphan 5 weeks ago golang-github-mdlayher- @go-sig, orphan 2 weeks ago genetlink golang-github-patrickmn-cache @go-sig, orphan 5 weeks ago golang-github-peterbourgon- @go-sig, jchaloup, orphan 5 weeks ago diskv golang-github-pjbgf-sha1cd @go-sig, orphan 5 weeks ago golang-github-prashantv-gostub @go-sig, orphan 2 weeks ago golang-github-sergi-diff @go-sig, orphan 2 weeks ago golang-github-skeema-knownhosts @go-sig, orphan 5 weeks ago golang-github-syndtr-goleveldb @go-sig, jchaloup, orphan 5 weeks ago golang-github-task-slim-sprig @go-sig, orphan 3 weeks ago golang-github-task-slim-sprig3 @go-sig, orphan 2 weeks ago golang-github-xanzy-ssh-agent @go-sig, jchaloup, orphan 5 weeks ago golang-gopkg-alecthomas- @go-sig, orphan 2 weeks ago kingpin-2 golang-hein-version @go-sig, orphan 5 weeks ago granite-7 @pantheon-sig, orphan 0 weeks ago grilo @gnome-sig, orphan, victortoso 2 weeks ago grilo-plugins @gnome-sig, orphan, victortoso 2 weeks ago gtk-murrine-engine @epel-packagers-sig, orphan, 1 weeks ago robert http-parser duck, mrunge, orphan, 2 weeks ago sgallagh, vascom kwebkitpart @kde-sig, orphan, than 4 weeks ago log4cpp orphan 4 weeks ago mod_auth_openid orphan 2 weeks ago mopidy orphan 4 weeks ago mopidy-mpd orphan 4 weeks ago nodejs-backbone orphan 3 weeks ago octave-parallel orphan 0 weeks ago openssl-gost-engine abbra, dbelyavs, orphan 2 weeks ago pantheon-wayland @pantheon-sig, orphan 0 weeks ago pykka orphan 4 weeks ago python-cmake-build-extension orphan 2 weeks ago python-modernize orphan 1 weeks ago python-opytimizer orphan 2 weeks ago python-platformio music, orphan 0 weeks ago python-pytest-sugar orphan 3 weeks ago python-pyxs orphan 3 weeks ago rubygem-macaddr orphan 3 weeks ago rubygem-opennebula orphan 3 weeks ago rust-bisection @rust-sig, orphan 3 weeks ago rust-dutree @rust-sig, orphan 0 weeks ago rust-heatseeker @rust-sig, orphan 0 weeks ago rust-procs @rust-sig, orphan 0 weeks ago rust-tealdeer @rust-sig, orphan 0 weeks ago rust-varlink @rust-sig, orphan 0 weeks ago rust-varlink-cli @rust-sig, orphan 0 weeks ago rust-varlink_generator @rust-sig, orphan 0 weeks ago rust-varlink_parser @rust-sig, orphan 0 weeks ago rust-varlink_stdinterfaces @rust-sig, orphan 0 weeks ago vim-javabrowser orphan 4 weeks ago vim-taglist orphan 4 weeks ago wingpanel @pantheon-sig, orphan 0 weeks ago wingpanel-indicator-a11y @pantheon-sig, orphan 0 weeks ago wingpanel-indicator-bluetooth @pantheon-sig, orphan 0 weeks ago wingpanel-indicator-datetime @pantheon-sig, orphan 0 weeks ago wingpanel-indicator-keyboard @pantheon-sig, orphan 0 weeks ago wult orphan 1 weeks ago xdaliclock orphan 1 weeks ago The following packages require above mentioned packages: Depending on: botan2 (1), status change: 2026-04-17 (2 weeks ago) qownnotes (maintained by: atim) qownnotes-26.1.14-1.fc44.src requires pkgconfig(botan-2) = 2.19.5 qownnotes-26.1.14-1.fc44.x86_64 requires libbotan-2.so.19()(64bit) Depending on: dex-autostart (1), status change: 2026-04-16 (2 weeks ago) NsCDE (maintained by: dcavalca, salimma) NsCDE-2.2-11.fc44.x86_64 requires dex-autostart = 0.10.1-5.fc44 Depending on: elementary-notifications (6), status change: 2026-05-03 (0 weeks ago) gala (maintained by: @pantheon-sig, orphan) gala-8.4.1^20260325.git4b15f84-1.fc45.i686 requires elementary-notifications = 8.1.2-2.fc44 gala-8.4.1^20260325.git4b15f84-1.fc45.x86_64 requires elementary-notifications = 8.1.2-2.fc44 wingpanel (maintained by: @pantheon-sig, orphan) wingpanel-8.0.4^20260127.gitcd4852e-1.fc44.i686 requires libgala.so.0 wingpanel-8.0.4^20260127.gitcd4852e-1.fc44.src requires pkgconfig(gala) = 8.4.1 wingpanel-8.0.4^20260127.gitcd4852e-1.fc44.x86_64 requires libgala.so.0()(64bit) wingpanel-indicator-a11y (maintained by: @pantheon-sig, orphan) wingpanel-indicator-a11y-1.0.2-5.fc44.src requires pkgconfig(wingpanel) = 8.0.4 wingpanel-indicator-a11y-1.0.2-5.fc44.x86_64 requires libwingpanel.so.8()(64bit), wingpanel(x86-64) = 8.0.4^20260127.gitcd4852e-1.fc44 wingpanel-indicator-bluetooth (maintained by: @pantheon-sig, orphan) wingpanel-indicator-bluetooth-8.0.0-4.fc44.src requires pkgconfig(wingpanel) = 8.0.4 wingpanel-indicator-bluetooth-8.0.0-4.fc44.x86_64 requires libwingpanel.so.8()(64bit), wingpanel(x86-64) = 8.0.4^20260127.gitcd4852e-1.fc44 wingpanel-indicator-datetime (maintained by: @pantheon-sig, orphan) wingpanel-indicator-datetime-2.4.2-4.fc44.src requires pkgconfig(wingpanel) = 8.0.4 wingpanel-indicator-datetime-2.4.2-4.fc44.x86_64 requires libwingpanel.so.8()(64bit), wingpanel(x86-64) = 8.0.4^20260127.gitcd4852e-1.fc44 wingpanel-indicator-keyboard (maintained by: @pantheon-sig, orphan) wingpanel-indicator-keyboard-2.4.2-4.fc44.src requires pkgconfig(wingpanel) = 8.0.4 wingpanel-indicator-keyboard-2.4.2-4.fc44.x86_64 requires libwingpanel.so.8()(64bit), wingpanel(x86-64) = 8.0.4^20260127.gitcd4852e-1.fc44 Depending on: gala (5), status change: 2026-05-03 (0 weeks ago) wingpanel (maintained by: @pantheon-sig, orphan) wingpanel-8.0.4^20260127.gitcd4852e-1.fc44.i686 requires libgala.so.0 wingpanel-8.0.4^20260127.gitcd4852e-1.fc44.src requires pkgconfig(gala) = 8.4.1 wingpanel-8.0.4^20260127.gitcd4852e-1.fc44.x86_64 requires libgala.so.0()(64bit) wingpanel-indicator-a11y (maintained by: @pantheon-sig, orphan) wingpanel-indicator-a11y-1.0.2-5.fc44.src requires pkgconfig(wingpanel) = 8.0.4 wingpanel-indicator-a11y-1.0.2-5.fc44.x86_64 requires libwingpanel.so.8()(64bit), wingpanel(x86-64) = 8.0.4^20260127.gitcd4852e-1.fc44 wingpanel-indicator-bluetooth (maintained by: @pantheon-sig, orphan) wingpanel-indicator-bluetooth-8.0.0-4.fc44.src requires pkgconfig(wingpanel) = 8.0.4 wingpanel-indicator-bluetooth-8.0.0-4.fc44.x86_64 requires libwingpanel.so.8()(64bit), wingpanel(x86-64) = 8.0.4^20260127.gitcd4852e-1.fc44 wingpanel-indicator-datetime (maintained by: @pantheon-sig, orphan) wingpanel-indicator-datetime-2.4.2-4.fc44.src requires pkgconfig(wingpanel) = 8.0.4 wingpanel-indicator-datetime-2.4.2-4.fc44.x86_64 requires libwingpanel.so.8()(64bit), wingpanel(x86-64) = 8.0.4^20260127.gitcd4852e-1.fc44 wingpanel-indicator-keyboard (maintained by: @pantheon-sig, orphan) wingpanel-indicator-keyboard-2.4.2-4.fc44.src requires pkgconfig(wingpanel) = 8.0.4 wingpanel-indicator-keyboard-2.4.2-4.fc44.x86_64 requires libwingpanel.so.8()(64bit), wingpanel(x86-64) = 8.0.4^20260127.gitcd4852e-1.fc44 Depending on: golang-github-andreyvit-diff (1), status change: 2026-04-21 (1 weeks ago) golang-github-facebookincubator-nvdtools (maintained by: @go-sig, dcavalca) golang-github-facebookincubator-nvdtools-0.1.4-21.fc44.src requires golang(github.com/andreyvit/diff) = 0-19.20190625gitc7f18ee.fc44 Depending on: golang-github-burntsushi-toml (13), status change: 2026-04-20 (1 weeks ago) elvish (maintained by: @go-sig, topazus) elvish-0.21.0-12.fc44.src requires golang(github.com/BurntSushi/toml) = 1.5.0-6.fc44 golang-github-facebookincubator-nvdtools (maintained by: @go-sig, dcavalca) golang-github-facebookincubator-nvdtools-0.1.4-21.fc44.src requires golang(github.com/BurntSushi/toml) = 1.5.0-6.fc44 golang-github-facebookincubator-nvdtools-devel-0.1.4-21.fc44.noarch requires golang(github.com/BurntSushi/toml) = 1.5.0-6.fc44 golang-github-mmarkdown-mmark (maintained by: @go-sig, eclipseo) golang-github-mmarkdown-mmark-2.2.10-20.fc44.src requires golang(github.com/BurntSushi/toml) = 1.5.0-6.fc44 golang-github-mmarkdown-mmark-devel-2.2.10-20.fc44.noarch requires golang(github.com/BurntSushi/toml) = 1.5.0-6.fc44 golang-github-nicksnyder-i18n-2 (maintained by: @go-sig, qulogic) golang-github-nicksnyder-i18n-2-2.1.2-20.fc45.src requires golang(github.com/BurntSushi/toml) = 1.5.0-6.fc44 golang-github-nicksnyder-i18n-2-devel-2.1.2-20.fc45.noarch requires golang(github.com/BurntSushi/toml) = 1.5.0-6.fc44 golang-github-schollz-cli-2 (maintained by: @go-sig, dcavalca) golang-github-schollz-cli-2-2.2.1-13.fc44.src requires golang(github.com/BurntSushi/toml) = 1.5.0-6.fc44 golang-github-schollz-cli-2-devel-2.2.1-13.fc44.noarch requires golang(github.com/BurntSushi/toml) = 1.5.0-6.fc44 golang-github-urfave-cli (maintained by: @go-sig, alexsaezm) golang-github-urfave-cli-1.22.10-10.fc44.src requires golang(github.com/BurntSushi/toml) = 1.5.0-6.fc44 golang-github-urfave-cli-devel-1.22.10-10.fc44.noarch requires golang(github.com/BurntSushi/toml) = 1.5.0-6.fc44 golang-github-urfave-cli-2 (maintained by: @go-sig, mikelo2, nathans) golang-github-urfave-cli-2-2.27.1-4.fc43.src requires golang(github.com/BurntSushi/toml) = 1.5.0-6.fc44 golang-github-urfave-cli-2-devel-2.27.1-4.fc43.noarch requires golang(github.com/BurntSushi/toml) = 1.5.0-6.fc44 golang-gopkg-natefinch-lumberjack-2 (maintained by: @go-sig, alexsaezm, jchaloup) golang-gopkg-natefinch-lumberjack-2-1:2.0.0-19.fc44.src requires golang(github.com/BurntSushi/toml) = 1.5.0-6.fc44 golang-github-opencontainers-runtime-tools (maintained by: @go-sig, eclipseo) golang-github-opencontainers-runtime-tools-0.9.0-25.20221129git2802ff9.fc44.src requires golang(github.com/urfave/cli) = 1.22.10-10.fc44 golang-github-opencontainers-runtime-tools-devel-0.9.0-25.20221129git2802ff9.fc44.noarch requires golang(github.com/urfave/cli) = 1.22.10-10.fc44 golang-github-shopify-toxiproxy (maintained by: @go-sig, eclipseo) golang-github-shopify-toxiproxy-2.1.4-23.fc44.src requires golang(github.com/urfave/cli) = 1.22.10-10.fc44 golang-github-shopify-toxiproxy-devel-2.1.4-23.fc44.noarch requires golang(github.com/urfave/cli) = 1.22.10-10.fc44 golang-github-vbatts-tar-split (maintained by: @go-sig, jchaloup, runcom) golang-github-vbatts-tar-split-0.11.2-12.fc44.src requires golang(github.com/urfave/cli) = 1.22.10-10.fc44 golang-github-vbatts-tar-split-devel-0.11.2-12.fc44.noarch requires golang(github.com/urfave/cli) = 1.22.10-10.fc44 gotun (maintained by: @go-sig, kushal) gotun-0-0.24.gita9dbe4d.fc42.src requires golang(github.com/urfave/cli) = 1.22.10-10.fc44 golang-mau-zeroconfig (maintained by: @go-sig, v02460) golang-mau-zeroconfig-0.1.2-4.fc43.src requires golang(gopkg.in/natefinch/lumberjack.v2) = 2.0.0-19.fc44 golang-mau-zeroconfig-devel-0.1.2-4.fc43.noarch requires golang(gopkg.in/natefinch/lumberjack.v2) = 2.0.0-19.fc44 Depending on: golang-github-sergi-diff (2), status change: 2026-04-14 (2 weeks ago) golang-github-andreyvit-diff (maintained by: @go-sig, orphan) golang-github-andreyvit-diff-0-19.20190625gitc7f18ee.fc44.src requires golang(github.com/sergi/go-diff/diffmatchpatch) = 1.3.1-9.fc44 golang-github-andreyvit-diff-devel-0-19.20190625gitc7f18ee.fc44.noarch requires golang(github.com/sergi/go-diff/diffmatchpatch) = 1.3.1-9.fc44 golang-github-facebookincubator-nvdtools (maintained by: @go-sig, dcavalca) golang-github-facebookincubator-nvdtools-0.1.4-21.fc44.src requires golang(github.com/andreyvit/diff) = 0-19.20190625gitc7f18ee.fc44 Depending on: golang-gopkg-alecthomas-kingpin-2 (2), status change: 2026-04-14 (2 weeks ago) golang-github-jose-3 (maintained by: @go-sig, eclipseo) golang-github-jose-3-3.0.0-9.fc44.src requires golang(gopkg.in/alecthomas/kingpin.v2) = 2.3.2-9.fc44 golang-github-jose-3-devel-3.0.0-9.fc44.noarch requires golang(gopkg.in/alecthomas/kingpin.v2) = 2.3.2-9.fc44 golang-github-jsonnet-bundler (maintained by: @go-sig, olem) golang-github-jsonnet-bundler-0.4.0-23.fc44.src requires golang(gopkg.in/alecthomas/kingpin.v2) = 2.3.2-9.fc44 golang-github-jsonnet-bundler-devel-0.4.0-23.fc44.noarch requires golang(gopkg.in/alecthomas/kingpin.v2) = 2.3.2-9.fc44 Depending on: granite-7 (14), status change: 2026-05-03 (0 weeks ago) SwayNotificationCenter (maintained by: @sway-sig, topazus) SwayNotificationCenter-0.12.5-1.fc45.src requires pkgconfig(granite-7) = 7.8.1 elementary-calculator (maintained by: @pantheon-sig, orphan) elementary-calculator-8.0.1-2.fc44.src requires pkgconfig(granite-7) = 7.8.1 elementary-calculator-8.0.1-2.fc44.x86_64 requires libgranite-7.so.7()(64bit) elementary-camera (maintained by: @pantheon-sig, orphan) elementary-camera-8.0.2-2.fc44.src requires pkgconfig(granite-7) = 7.8.1 elementary-camera-8.0.2-2.fc44.x86_64 requires libgranite-7.so.7()(64bit) elementary-music (maintained by: @pantheon-sig, orphan) elementary-music-8.1.0-2.fc44.src requires pkgconfig(granite-7) = 7.8.1 elementary-music-8.1.0-2.fc44.x86_64 requires libgranite-7.so.7()(64bit) elementary-notifications (maintained by: @pantheon-sig, orphan) elementary-notifications-8.1.2-2.fc44.src requires pkgconfig(granite-7) = 7.8.1 elementary-notifications-8.1.2-2.fc44.x86_64 requires libgranite-7.so.7()(64bit) elementary-notifications-demo-8.1.2-2.fc44.x86_64 requires libgranite-7.so.7()(64bit) elementary-screenshot (maintained by: @pantheon-sig, orphan) elementary-screenshot-8.0.1-3.fc44.src requires pkgconfig(granite-7) = 7.8.1 elementary-screenshot-8.0.1-3.fc44.x86_64 requires libgranite-7.so.7()(64bit) gala (maintained by: @pantheon-sig, orphan) gala-8.4.1^20260325.git4b15f84-1.fc45.i686 requires elementary-notifications = 8.1.2-2.fc44, libgranite-7.so.7 gala-8.4.1^20260325.git4b15f84-1.fc45.src requires pkgconfig(granite-7) = 7.8.1 gala-8.4.1^20260325.git4b15f84-1.fc45.x86_64 requires elementary-notifications = 8.1.2-2.fc44, libgranite-7.so.7()(64bit) minder (maintained by: atim) minder-2.0.9-1.fc45.src requires pkgconfig(granite-7) = 7.8.1 minder-2.0.9-1.fc45.x86_64 requires libgranite-7.so.7()(64bit) warble (maintained by: aekoroglu) warble-2.0.1-2.fc44.src requires pkgconfig(granite-7) = 7.8.1 warble-2.0.1-2.fc44.x86_64 requires libgranite-7.so.7()(64bit) wingpanel (maintained by: @pantheon-sig, orphan) wingpanel-8.0.4^20260127.gitcd4852e-1.fc44.i686 requires libgala.so.0 wingpanel-8.0.4^20260127.gitcd4852e-1.fc44.src requires pkgconfig(gala) = 8.4.1 wingpanel-8.0.4^20260127.gitcd4852e-1.fc44.x86_64 requires libgala.so.0()(64bit) wingpanel-indicator-a11y (maintained by: @pantheon-sig, orphan) wingpanel-indicator-a11y-1.0.2-5.fc44.src requires pkgconfig(wingpanel) = 8.0.4 wingpanel-indicator-a11y-1.0.2-5.fc44.x86_64 requires libwingpanel.so.8()(64bit), wingpanel(x86-64) = 8.0.4^20260127.gitcd4852e-1.fc44 wingpanel-indicator-bluetooth (maintained by: @pantheon-sig, orphan) wingpanel-indicator-bluetooth-8.0.0-4.fc44.src requires pkgconfig(wingpanel) = 8.0.4 wingpanel-indicator-bluetooth-8.0.0-4.fc44.x86_64 requires libwingpanel.so.8()(64bit), wingpanel(x86-64) = 8.0.4^20260127.gitcd4852e-1.fc44 wingpanel-indicator-datetime (maintained by: @pantheon-sig, orphan) wingpanel-indicator-datetime-2.4.2-4.fc44.src requires pkgconfig(wingpanel) = 8.0.4 wingpanel-indicator-datetime-2.4.2-4.fc44.x86_64 requires libwingpanel.so.8()(64bit), wingpanel(x86-64) = 8.0.4^20260127.gitcd4852e-1.fc44 wingpanel-indicator-keyboard (maintained by: @pantheon-sig, orphan) wingpanel-indicator-keyboard-2.4.2-4.fc44.src requires pkgconfig(wingpanel) = 8.0.4 wingpanel-indicator-keyboard-2.4.2-4.fc44.x86_64 requires libwingpanel.so.8()(64bit), wingpanel(x86-64) = 8.0.4^20260127.gitcd4852e-1.fc44 Depending on: grilo (8), status change: 2026-04-14 (2 weeks ago) budgie-control-center (maintained by: joshstrobl) budgie-control-center-2.1.1-1.fc45.src requires pkgconfig(grilo-0.3) = 0.3.19 gnome-music (maintained by: @gnome-sig, kalev, mclasen) gnome-music-49.1-2.fc45.noarch requires grilo = 0.3.19-3.fc45, grilo-plugins = 0.3.18-11.fc45 gnome-music-49.1-2.fc45.src requires pkgconfig(grilo-0.3) = 0.3.19, pkgconfig(grilo-plugins-0.3) = 0.3.18 grilo-plugins (maintained by: @gnome-sig, orphan, victortoso) grilo-plugins-0.3.18-11.fc45.i686 requires grilo(x86-32) = 0.3.19-3.fc45, libgrilo-0.3.so.0, libgrlnet-0.3.so.0, libgrlpls-0.3.so.0 grilo-plugins-0.3.18-11.fc45.src requires grilo-devel = 0.3.19-3.fc45 grilo-plugins-0.3.18-11.fc45.x86_64 requires grilo(x86-64) = 0.3.19-3.fc45, libgrilo-0.3.so.0()(64bit), libgrlnet-0.3.so.0()(64bit), libgrlpls-0.3.so.0()(64bit) pragha (maintained by: nonamedotc) pragha-1.3.3-34.fc44.src requires pkgconfig(grilo-0.3) = 0.3.19 pragha-1.3.3-34.fc44.x86_64 requires libgrilo-0.3.so.0()(64bit) rhythmbox (maintained by: @gnome-sig, alexl, amigadave, dwmw2, rhughes, rstrode, snirkel) rhythmbox-3.4.9-2.fc45.i686 requires libgrilo-0.3.so.0 rhythmbox-3.4.9-2.fc45.src requires pkgconfig(grilo-0.3) = 0.3.19 rhythmbox-3.4.9-2.fc45.x86_64 requires libgrilo-0.3.so.0()(64bit) totem (maintained by: @gnome-sig, alexl, kalev, mclasen, rhughes, rstrode, teuf) totem-1:43.2-8.fc45.i686 requires grilo-plugins(x86-32) = 0.3.18-11.fc45, libgrilo-0.3.so.0, libgrlpls-0.3.so.0 totem-1:43.2-8.fc45.src requires pkgconfig(grilo-0.3) = 0.3.19, pkgconfig(grilo-pls-0.3) = 0.3.19 totem-1:43.2-8.fc45.x86_64 requires grilo-plugins(x86-64) = 0.3.18-11.fc45, libgrilo-0.3.so.0()(64bit), libgrlpls-0.3.so.0()(64bit) rhythmbox-alternative-toolbar (maintained by: mochaa) rhythmbox-alternative-toolbar-0.20.4-9.fc44.src requires rhythmbox-devel = 3.4.9-2.fc45 rhythmbox-alternative-toolbar-0.20.4-9.fc44.x86_64 requires rhythmbox = 3.4.9-2.fc45 rhythmbox-ampache (maintained by: jorti) rhythmbox-ampache-0-45.20200822gited4b082.fc44.x86_64 requires rhythmbox(x86-64) = 3.4.9-2.fc45 Depending on: grilo-plugins (2), status change: 2026-04-14 (2 weeks ago) gnome-music (maintained by: @gnome-sig, kalev, mclasen) gnome-music-49.1-2.fc45.noarch requires grilo-plugins = 0.3.18-11.fc45 gnome-music-49.1-2.fc45.src requires pkgconfig(grilo-plugins-0.3) = 0.3.18 totem (maintained by: @gnome-sig, alexl, kalev, mclasen, rhughes, rstrode, teuf) totem-1:43.2-8.fc45.i686 requires grilo-plugins(x86-32) = 0.3.18-11.fc45 totem-1:43.2-8.fc45.x86_64 requires grilo-plugins(x86-64) = 0.3.18-11.fc45 Depending on: gtk-murrine-engine (11), status change: 2026-04-23 (1 weeks ago) arc-theme (maintained by: nonamedotc, tsmetana) arc-theme-20221218-13.fc44.noarch requires gtk-murrine-engine = 0.98.2-43.fc44 arc-theme-20221218-13.fc44.src requires gtk-murrine-engine = 0.98.2-43.fc44 bluebird (maintained by: kevin, maxamillion) bluebird-gtk2-theme-1.3-19.fc44.noarch requires gtk-murrine-engine = 0.98.2-43.fc44 cros-guest-tools (maintained by: buckaroogeek, dcavalca, kwizart, ngompa) cros-adapta-143-3.fc44.noarch requires gtk-murrine-engine = 0.98.2-43.fc44 greybird (maintained by: kevin, lbazan, nonamedotc) greybird-dark-theme-3.23.4-4.fc44.noarch requires gtk-murrine-engine = 0.98.2-43.fc44 greybird-light-theme-3.23.4-4.fc44.noarch requires gtk-murrine-engine = 0.98.2-43.fc44 pocillo-gtk-theme (maintained by: @budgie-sig, joshstrobl) pocillo-gtk2-theme-0.11-3.fc44.noarch requires gtk-murrine-engine = 0.98.2-43.fc44 pop-gtk-theme (maintained by: carlwgeorge) pop-gtk2-theme-5.5.1-8.fc44.noarch requires gtk-murrine-engine = 0.98.2-43.fc44 budgie-desktop-defaults (maintained by: joshstrobl) budgie-desktop-defaults-0.5.4-3.fc44.noarch requires pocillo-gtk-theme = 0.11-3.fc44 cosmic-settings-daemon (maintained by: @cosmic-sig, @rust-sig, ryanabx) cosmic-settings-daemon-1.0.11-1.fc45.x86_64 requires pop-sound-theme = 5.5.1-8.fc44 cosmic-session (maintained by: @cosmic-sig, @rust-sig, ryanabx) cosmic-session-1.0.11-1.fc45.x86_64 requires cosmic-settings = 1.0.11-1.fc45, cosmic-settings-daemon = 1.0.11-1.fc45, system-cosmic-config cosmic-settings (maintained by: @cosmic-sig, @rust-sig, ryanabx) cosmic-settings-1.0.11-1.fc45.x86_64 requires cosmic-settings-daemon = 1.0.11-1.fc45 cosmic-config-fedora (maintained by: ngompa) cosmic-config-fedora-0~git.20241103.1.d35e087-5.fc44.noarch requires cosmic-settings = 1.0.11-1.fc45 Depending on: http-parser (7), status change: 2026-04-17 (2 weeks ago) jabberd (maintained by: dmaphy) jabberd-2.6.1-34.fc44.src requires http-parser-devel = 2.9.4-16.fc44 jabberd-2.6.1-34.fc44.x86_64 requires libhttp_parser.so.2()(64bit) julia (maintained by: nalimilan) julia-1.12.1-1.fc44.src requires http-parser-devel = 2.9.4-16.fc44 slurm (maintained by: @epel-packagers-sig, neil, salimma) slurm-25.11.4-8.fc45.src requires http-parser-devel = 2.9.4-16.fc44 slurm-25.11.4-8.fc45.x86_64 requires libhttp_parser.so.2()(64bit) cantor (maintained by: @kde-sig, @r-maint-sig, than) cantor-26.04.0-2.fc45.src requires julia-devel = 1.12.1-1.fc44 cantor-julia-26.04.0-2.fc45.x86_64 requires libjulia.so.1.12()(64bit), libjulia.so.1.12(JL_LIBJULIA_1.12)(64bit) vim-syntastic (maintained by: mhjacks) vim-syntastic-julia-3.10.0-30.fc45.noarch requires julia = 1.12.1-1.fc44 python-snakemake-executor-plugin-slurm (maintained by: @neuro-sig, music) python-snakemake-executor-plugin-slurm-2.6.1-1.fc45.src requires slurm = 25.11.4-8.fc45 python3-snakemake-executor-plugin-slurm-2.6.1-1.fc45.noarch requires slurm = 25.11.4-8.fc45 LabPlot (maintained by: @kde-sig, @scitech_sig, cicku, topazus) LabPlot-2.12.1-20.fc45.src requires cantor-devel = 26.04.0-2.fc45 LabPlot-2.12.1-20.fc45.x86_64 requires libcantorlibs.so.28()(64bit) Depending on: log4cpp (4), status change: 2026-03-30 (4 weeks ago) elements (maintained by: aalvarez) elements-6.3.4-6.fc44.i686 requires liblog4cpp.so.5 elements-6.3.4-6.fc44.src requires log4cpp-devel = 1.1.3-21.fc44 elements-6.3.4-6.fc44.x86_64 requires liblog4cpp.so.5()(64bit) elements-alexandria (maintained by: aalvarez) elements-alexandria-2.32.0-6.fc44.i686 requires libElementsKernel.so.6.3.4, liblog4cpp.so.5 elements-alexandria-2.32.0-6.fc44.src requires elements-devel = 6.3.4-6.fc44, elements-doc = 6.3.4-6.fc44, log4cpp-devel = 1.1.3-21.fc44 elements-alexandria-2.32.0-6.fc44.x86_64 requires libElementsKernel.so.6.3.4()(64bit), liblog4cpp.so.5()(64bit) elements-alexandria-devel-2.32.0-6.fc44.i686 requires elements-devel(x86-32) = 6.3.4-6.fc44 elements-alexandria-devel-2.32.0-6.fc44.x86_64 requires elements-devel(x86-64) = 6.3.4-6.fc44 elements-alexandria-doc-2.32.0-6.fc44.noarch requires elements-doc = 6.3.4-6.fc44 engauge-digitizer (maintained by: sagitter) engauge-digitizer-1:12.9.1-4.fc44.src requires log4cpp-devel = 1.1.3-21.fc44 engauge-digitizer-1:12.9.1-4.fc44.x86_64 requires liblog4cpp.so.5()(64bit) fastnetmon (maintained by: music, odintsov) fastnetmon-1.2.1-33.20220528git420e7b8.fc45.src requires log4cpp-devel = 1.1.3-21.fc44 fastnetmon-1.2.1-33.20220528git420e7b8.fc45.x86_64 requires liblog4cpp.so.5()(64bit) Depending on: mopidy (1), status change: 2026-04-03 (4 weeks ago) mopidy-mpd (maintained by: orphan) mopidy-mpd-4.0.0~a4-1.fc45.noarch requires mopidy = 4.0.0~a15-1.fc45, python3.14dist(mopidy) = 4~a15 mopidy-mpd-4.0.0~a4-1.fc45.src requires mopidy = 4.0.0~a15-1.fc45, python3dist(mopidy) = 4~a15 Depending on: pykka (2), status change: 2026-04-03 (4 weeks ago) mopidy (maintained by: orphan) mopidy-4.0.0~a15-1.fc45.noarch requires python3-Pykka = 4.2.0-6.fc44, python3.14dist(pykka) = 4.2 mopidy-4.0.0~a15-1.fc45.src requires python3-Pykka = 4.2.0-6.fc44, python3dist(pykka) = 4.2 mopidy-mpd (maintained by: orphan) mopidy-mpd-4.0.0~a4-1.fc45.noarch requires mopidy = 4.0.0~a15-1.fc45, python3.14dist(mopidy) = 4~a15, python3.14dist(pykka) = 4.2 mopidy-mpd-4.0.0~a4-1.fc45.src requires mopidy = 4.0.0~a15-1.fc45, python3dist(mopidy) = 4~a15, python3dist(pykka) = 4.2 Depending on: python-pytest-sugar (1), status change: 2026-04-09 (3 weeks ago) home-assistant-cli (maintained by: thebeanogamer) home-assistant-cli-1.0.0-1.fc45.src requires python3dist(pytest-sugar) = 1.1.1 Depending on: rubygem-macaddr (1), status change: 2026-04-07 (3 weeks ago) rubygem-uuid (maintained by: valtri) rubygem-uuid-2.3.7-25.fc44.noarch requires rubygem(macaddr) = 1.7.2 rubygem-uuid-2.3.7-25.fc44.src requires rubygem(macaddr) = 1.7.2 Depending on: rust-varlink (2), status change: 2026-04-29 (0 weeks ago) rust-varlink-cli (maintained by: @rust-sig, orphan) rust-varlink-cli-4.5.3-11.fc44.src requires crate(varlink/default) = 11.0.1, crate(varlink_stdinterfaces/default) = 11.0.2 rust-varlink_stdinterfaces (maintained by: @rust-sig, orphan) rust-varlink_stdinterfaces-11.0.2-13.fc44.src requires crate(varlink/default) = 11.0.1 rust-varlink_stdinterfaces-devel-11.0.2-13.fc44.noarch requires crate(varlink/default) = 11.0.1 Depending on: rust-varlink_generator (2), status change: 2026-04-29 (0 weeks ago) rust-varlink_stdinterfaces (maintained by: @rust-sig, orphan) rust-varlink_stdinterfaces-11.0.2-13.fc44.src requires crate(varlink_generator/default) = 10.1.0 rust-varlink_stdinterfaces-devel-11.0.2-13.fc44.noarch requires crate(varlink_generator/default) = 10.1.0 rust-varlink-cli (maintained by: @rust-sig, orphan) rust-varlink-cli-4.5.3-11.fc44.src requires crate(varlink_stdinterfaces/default) = 11.0.2 Depending on: rust-varlink_parser (3), status change: 2026-04-29 (0 weeks ago) rust-varlink-cli (maintained by: @rust-sig, orphan) rust-varlink-cli-4.5.3-11.fc44.src requires crate(varlink_parser/default) = 4.2.0, crate(varlink_stdinterfaces/default) = 11.0.2 rust-varlink_generator (maintained by: @rust-sig, orphan) rust-varlink_generator-10.1.0-10.fc44.src requires crate(varlink_parser/default) = 4.2.0 rust-varlink_generator-devel-10.1.0-10.fc44.noarch requires crate(varlink_parser/default) = 4.2.0 rust-varlink_stdinterfaces (maintained by: @rust-sig, orphan) rust-varlink_stdinterfaces-11.0.2-13.fc44.src requires crate(varlink_generator/default) = 10.1.0 rust-varlink_stdinterfaces-devel-11.0.2-13.fc44.noarch requires crate(varlink_generator/default) = 10.1.0 Depending on: rust-varlink_stdinterfaces (1), status change: 2026-04-29 (0 weeks ago) rust-varlink-cli (maintained by: @rust-sig, orphan) rust-varlink-cli-4.5.3-11.fc44.src requires crate(varlink_stdinterfaces/default) = 11.0.2 Depending on: wingpanel (4), status change: 2026-05-03 (0 weeks ago) wingpanel-indicator-a11y (maintained by: @pantheon-sig, orphan) wingpanel-indicator-a11y-1.0.2-5.fc44.src requires pkgconfig(wingpanel) = 8.0.4 wingpanel-indicator-a11y-1.0.2-5.fc44.x86_64 requires libwingpanel.so.8()(64bit), wingpanel(x86-64) = 8.0.4^20260127.gitcd4852e-1.fc44 wingpanel-indicator-bluetooth (maintained by: @pantheon-sig, orphan) wingpanel-indicator-bluetooth-8.0.0-4.fc44.src requires pkgconfig(wingpanel) = 8.0.4 wingpanel-indicator-bluetooth-8.0.0-4.fc44.x86_64 requires libwingpanel.so.8()(64bit), wingpanel(x86-64) = 8.0.4^20260127.gitcd4852e-1.fc44 wingpanel-indicator-datetime (maintained by: @pantheon-sig, orphan) wingpanel-indicator-datetime-2.4.2-4.fc44.src requires pkgconfig(wingpanel) = 8.0.4 wingpanel-indicator-datetime-2.4.2-4.fc44.x86_64 requires libwingpanel.so.8()(64bit), wingpanel(x86-64) = 8.0.4^20260127.gitcd4852e-1.fc44 wingpanel-indicator-keyboard (maintained by: @pantheon-sig, orphan) wingpanel-indicator-keyboard-2.4.2-4.fc44.src requires pkgconfig(wingpanel) = 8.0.4 wingpanel-indicator-keyboard-2.4.2-4.fc44.x86_64 requires libwingpanel.so.8()(64bit), wingpanel(x86-64) = 8.0.4^20260127.gitcd4852e-1.fc44 Affected (co)maintainers @budgie-sig: gtk-murrine-engine @cosmic-sig: gtk-murrine-engine @epel-packagers-sig: gtk-murrine-engine, http-parser @gnome-sig: grilo-plugins, grilo @go-sig: golang-github-circonus-labs-apiclient, golang-bitbucket-creachadair-shell, golang-github-labstack-echo-4, golang-github-xanzy-ssh-agent, golang-github-syndtr-goleveldb, golang-gopkg-alecthomas-kingpin-2, golang-cloud-google-pubsub, golang-github-gliderlabs-ssh, golang-github-task-slim-sprig, golang-hein-version, golang-github-prashantv-gostub, golang-github-circonus-labs-circonusllhist, golang-github-jose4, golang-github-erkexzcx-valetudopng, golang-github-mdlayher-genetlink, golang-github-googleapis-enterprise-certificate-proxy, golang-github-burntsushi-toml, golang-github-task-slim-sprig3, golang-github-git-gcfg, golang-github-andreyvit-diff, golang-github-patrickmn-cache, golang-github-sergi-diff, golang-github-groupcache, golang-github-peterbourgon-diskv, golang-github-armon-socks5, golang-github-hebcal-greg, golang-github-git-fixtures-4, golang-github-elazarl-goproxy, golang-github-skeema-knownhosts, golang-github-antihax-optional, golang-github-google-renameio-2, golang-github-ghodss-yaml, golang-github-joshuarubin-lifecycle, golang-github-pjbgf-sha1cd, golang-cloud-google-spanner @kde-sig: kwebkitpart, http-parser @neuro-sig: http-parser @pantheon-sig: pantheon-wayland, elementary-calculator, elementary-onboarding, wingpanel-indicator-bluetooth, wingpanel-indicator-datetime, elementary-notifications, granite-7, elementary-photos, elementary-settings-daemon, elementary-mail, wingpanel-indicator-a11y, elementary-camera, elementary-code, elementary-calendar, wingpanel, elementary-files, gala, wingpanel-indicator-keyboard, elementary-music, elementary-screenshot @r-maint-sig: http-parser @rust-sig: rust-procs, rust-varlink_generator, rust-tealdeer, rust-varlink_stdinterfaces, rust-varlink, rust-varlink_parser, rust-heatseeker, rust-varlink-cli, rust-bisection, gtk-murrine-engine, rust-dutree @scitech_sig: http-parser @sway-sig: granite-7 aalvarez: log4cpp abbra: openssl-gost-engine aekoroglu: granite-7 alexl: grilo-plugins, grilo alexsaezm: golang-github-burntsushi-toml amigadave: grilo atim: botan2, granite-7 buckaroogeek: gtk-murrine-engine carlwgeorge: gtk-murrine-engine cicku: http-parser dbelyavs: openssl-gost-engine dcavalca: golang-github-andreyvit-diff, dex-autostart, golang-github-sergi-diff, gtk-murrine-engine, golang-github-burntsushi-toml dfateyev: golang-github-burntsushi-toml dmaphy: http-parser duck: http-parser dwmw2: grilo eclipseo: golang-gopkg-alecthomas-kingpin-2, golang-github-burntsushi-toml jchaloup: golang-github-xanzy-ssh-agent, golang-github-ghodss-yaml, golang-github-peterbourgon-diskv, golang-github-syndtr-goleveldb, golang-github-burntsushi-toml, golang-github-gliderlabs-ssh jorti: grilo joshstrobl: gtk-murrine-engine, grilo kalev: grilo-plugins, grilo kevin: gtk-murrine-engine kushal: golang-github-burntsushi-toml kwizart: gtk-murrine-engine lbazan: gtk-murrine-engine maxamillion: gtk-murrine-engine mclasen: grilo-plugins, grilo mcrha: elementary-mail, elementary-calendar mhjacks: http-parser mikelo2: golang-github-burntsushi-toml mochaa: grilo mrunge: http-parser music: log4cpp, python-platformio, http-parser nalimilan: http-parser nathans: golang-github-burntsushi-toml neil: http-parser ngompa: gtk-murrine-engine, golang-github-joshuarubin-lifecycle nonamedotc: gtk-murrine-engine, grilo odintsov: log4cpp olem: golang-gopkg-alecthomas-kingpin-2 qulogic: golang-github-burntsushi-toml rhughes: grilo-plugins, grilo robert: gtk-murrine-engine rstrode: grilo-plugins, grilo runcom: golang-github-burntsushi-toml ryanabx: gtk-murrine-engine sagitter: log4cpp salimma: dex-autostart, http-parser sgallagh: http-parser snirkel: grilo teuf: grilo-plugins, grilo than: kwebkitpart, http-parser thebeanogamer: python-pytest-sugar thm: botan2 topazus: granite-7, golang-github-burntsushi-toml, http-parser tsmetana: gtk-murrine-engine v02460: golang-github-burntsushi-toml valtri: rubygem-macaddr vascom: http-parser victortoso: grilo-plugins, grilo Orphans (99): bbox-firago-fonts bign-handheld-thumbnailer botan2 dex-autostart dnf-plugin-ovl dqlite elementary-calculator elementary-calendar elementary-camera elementary-code elementary-files elementary-mail elementary-music elementary-notifications elementary-onboarding elementary-photos elementary-screenshot elementary-settings-daemon fparser gala gcolor2 glibd golang-bitbucket-creachadair-shell golang-cloud-google-pubsub golang-cloud-google-spanner golang-github-andreyvit-diff golang-github-antihax-optional golang-github-armon-socks5 golang-github-burntsushi-toml golang-github-circonus-labs-apiclient golang-github-circonus-labs-circonusllhist golang-github-elazarl-goproxy golang-github-erkexzcx-valetudopng golang-github-ghodss-yaml golang-github-git-fixtures-4 golang-github-git-gcfg golang-github-gliderlabs-ssh golang-github-google-renameio-2 golang-github-googleapis-enterprise-certificate-proxy golang-github-groupcache golang-github-hebcal-greg golang-github-jose4 golang-github-joshuarubin-lifecycle golang-github-labstack-echo-4 golang-github-mdlayher-genetlink golang-github-patrickmn-cache golang-github-peterbourgon-diskv golang-github-pjbgf-sha1cd golang-github-prashantv-gostub golang-github-sergi-diff golang-github-skeema-knownhosts golang-github-syndtr-goleveldb golang-github-task-slim-sprig golang-github-task-slim-sprig3 golang-github-xanzy-ssh-agent golang-gopkg-alecthomas-kingpin-2 golang-hein-version granite-7 grilo grilo-plugins gtk-murrine-engine http-parser kwebkitpart log4cpp mod_auth_openid mopidy mopidy-mpd nodejs-backbone octave-parallel openssl-gost-engine pantheon-wayland pykka python-cmake-build-extension python-modernize python-opytimizer python-platformio python-pytest-sugar python-pyxs rubygem-macaddr rubygem-opennebula rust-bisection rust-dutree rust-heatseeker rust-procs rust-tealdeer rust-varlink rust-varlink-cli rust-varlink_generator rust-varlink_parser rust-varlink_stdinterfaces vim-javabrowser vim-taglist wingpanel wingpanel-indicator-a11y wingpanel-indicator-bluetooth wingpanel-indicator-datetime wingpanel-indicator-keyboard wult xdaliclock Orphans (dependend on) (23): botan2 dex-autostart elementary-notifications gala golang-github-andreyvit-diff golang-github-burntsushi-toml golang-github-sergi-diff golang-gopkg-alecthomas-kingpin-2 granite-7 grilo grilo-plugins gtk-murrine-engine http-parser log4cpp mopidy pykka python-pytest-sugar rubygem-macaddr rust-varlink rust-varlink_generator rust-varlink_parser rust-varlink_stdinterfaces wingpanel Orphans (rawhide) for at least 6 weeks (dependend on) (0): Orphans (rawhide) (not depended on) (76): bbox-firago-fonts bign-handheld-thumbnailer dnf-plugin-ovl dqlite elementary-calculator elementary-calendar elementary-camera elementary-code elementary-files elementary-mail elementary-music elementary-onboarding elementary-photos elementary-screenshot elementary-settings-daemon fparser gcolor2 glibd golang-bitbucket-creachadair-shell golang-cloud-google-pubsub golang-cloud-google-spanner golang-github-antihax-optional golang-github-armon-socks5 golang-github-circonus-labs-apiclient golang-github-circonus-labs-circonusllhist golang-github-elazarl-goproxy golang-github-erkexzcx-valetudopng golang-github-ghodss-yaml golang-github-git-fixtures-4 golang-github-git-gcfg golang-github-gliderlabs-ssh golang-github-google-renameio-2 golang-github-googleapis-enterprise-certificate-proxy golang-github-groupcache golang-github-hebcal-greg golang-github-jose4 golang-github-joshuarubin-lifecycle golang-github-labstack-echo-4 golang-github-mdlayher-genetlink golang-github-patrickmn-cache golang-github-peterbourgon-diskv golang-github-pjbgf-sha1cd golang-github-prashantv-gostub golang-github-skeema-knownhosts golang-github-syndtr-goleveldb golang-github-task-slim-sprig golang-github-task-slim-sprig3 golang-github-xanzy-ssh-agent golang-hein-version kwebkitpart mod_auth_openid mopidy-mpd nodejs-backbone octave-parallel openssl-gost-engine pantheon-wayland python-cmake-build-extension python-modernize python-opytimizer python-platformio python-pyxs rubygem-opennebula rust-bisection rust-dutree rust-heatseeker rust-procs rust-tealdeer rust-varlink-cli vim-javabrowser vim-taglist wingpanel-indicator-a11y wingpanel-indicator-bluetooth wingpanel-indicator-datetime wingpanel-indicator-keyboard wult xdaliclock Orphans (rawhide) for at least 6 weeks (not dependend on) (0): Depending packages (rawhide) (69): LabPlot NsCDE SwayNotificationCenter arc-theme bluebird budgie-control-center budgie-desktop-defaults cantor cosmic-config-fedora cosmic-session cosmic-settings cosmic-settings-daemon cros-guest-tools elementary-calculator elementary-camera elementary-music elementary-notifications elementary-screenshot elements elements-alexandria elvish engauge-digitizer fastnetmon gala gnome-music golang-github-andreyvit-diff golang-github-facebookincubator-nvdtools golang-github-jose-3 golang-github-jsonnet-bundler golang-github-mmarkdown-mmark golang-github-nicksnyder-i18n-2 golang-github-opencontainers-runtime-tools golang-github-schollz-cli-2 golang-github-shopify-toxiproxy golang-github-urfave-cli golang-github-urfave-cli-2 golang-github-vbatts-tar-split golang-gopkg-natefinch-lumberjack-2 golang-mau-zeroconfig gotun greybird grilo-plugins home-assistant-cli jabberd julia minder mopidy mopidy-mpd pocillo-gtk-theme pop-gtk-theme pragha python-snakemake-executor-plugin-slurm qownnotes rhythmbox rhythmbox-alternative-toolbar rhythmbox-ampache rubygem-uuid rust-varlink-cli rust-varlink_generator rust-varlink_stdinterfaces slurm totem vim-syntastic warble wingpanel wingpanel-indicator-a11y wingpanel-indicator-bluetooth wingpanel-indicator-datetime wingpanel-indicator-keyboard Packages depending on packages orphaned (rawhide) for more than 6 weeks (0): Non-leaf golang library packages (rawhide) (4): golang-github-andreyvit-diff golang-github-burntsushi-toml golang-github-sergi-diff golang-gopkg-alecthomas-kingpin-2 -- The script creating this output is run and developed by Fedora Release Engineering. Please report issues at its pagure instance: https://pagure.io/releng/ The sources of this script can be found at: https://pagure.io/releng/blob/main/f/scripts/find_unblocked_orphans.py Report finished at 2026-05-03 22:04:33 UTC -- _______________________________________________ devel-announce mailing list -- devel-announce@lists.fedoraproject.org To unsubscribe send an email to devel-announce-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel-announce@lists.fedoraproject.org Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new

No comments:

Saturday, May 2, 2026

FreeBSD Errata Notice FreeBSD-EN-26:12.freebsd-update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-EN-26:12.freebsd-update Errata Notice The FreeBSD Project Topic: Source inconsistency between freebsd-update, EN/SAs, and git Category: core Module: freebsd-update Announced: 2026-05-01 Affects: All supported versions of FreeBSD. Corrected: 2026-05-01 15:08:47 UTC (releng/15.0, 15.0-RELEASE-p8) 2026-05-01 15:08:38 UTC (releng/14.4, 14.4-RELEASE-p4) 2026-05-01 15:08:31 UTC (releng/14.3, 14.3-RELEASE-p13) 2026-05-01 15:08:20 UTC (releng/13.5, 13.5-RELEASE-p14) For general information regarding FreeBSD Errata Notices and Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit <URL:https://security.FreeBSD.org/>. Note: While FreeBSD 13.5 is end of life (EOL) as of May 1st, 2026, the Security Team has decided to patch this issue as it was identified and a fix was in-flight before the EOL date. I. Background The FreeBSD Security Team distributes patches for supported releases via the git version control system, as patches link through errata and advisories, and through the freebsd-update binary update system. Both freebsd-update and the errata/advisories do not directly use the authoritative git repo but instead rely on individual patch files. II. Problem Description Due to the manual nature of patch file development and management, there are instances where either a freebsd-update maintained machine or a patched source tree from errata/advisories have become out of sync with the authoritative git repository. Specifically, an earlier version of the patch associated with SA-26:11.amd64 was distributed via freebsd-update. The source patch linked in the advisory and the source in git were both correct. Additionally, patches distributed via freebsd-update and errata/advisories are occasionally missing test or non-material ancillary files to minimize patch size and improve compatibility across releases, causing an additional source of drift from the authoritative git repository. Pkgbase is unaffected as it directly builds from the authoritative git repository. III. Impact As a result of this drift, the FreeBSD Security Team has changed the freebsd-update build mechanism to retrieve source directly from the authoritative git repository. This has caused a binary update to rectify the SA-26:11.amd64 issue as well as alter a few additional files, such as test infrastructure and ancillary tooling files, that have been updated in git but were not distributed via freebsd-update. IV. Workaround No workaround is available. Systems using pkgbase or building directly from source obtained from the authoritative git repository are unaffected. V. Solution Upgrade your system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date and reboot the system. Perform one of the following: 1) If your system is installed from base system packages: No update is needed as pkgbase is not affected by this issue. 2) To update your system installed from binary distribution sets: Systems running a RELEASE version of FreeBSD on the amd64 or arm64 platforms, or the i386 platform on FreeBSD 13, which were not installed using base system packages, can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install # shutdown -r +10min "Rebooting for a system update" 3) To update your system via a source code patch: The following patches are only intended to be used for source trees that have been maintained with patches linked by previous EN/SAs. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. [FreeBSD 15.0] # fetch https://security.FreeBSD.org/patches/EN-26:12/ensa-150.patch # fetch https://security.FreeBSD.org/patches/EN-26:12/ensa-150.patch.asc # gpg --verify ensa-150.patch.asc [FreeBSD 14.4] # fetch https://security.FreeBSD.org/patches/EN-26:12/ensa-144.patch # fetch https://security.FreeBSD.org/patches/EN-26:12/ensa-144.patch.asc # gpg --verify ensa-144.patch.asc [FreeBSD 14.3] # fetch https://security.FreeBSD.org/patches/EN-26:12/ensa-143.patch # fetch https://security.FreeBSD.org/patches/EN-26:12/ensa-143.patch.asc # gpg --verify ensa-143.patch.asc [FreeBSD 13.5] # fetch https://security.FreeBSD.org/patches/EN-26:12/ensa-135.patch # fetch https://security.FreeBSD.org/patches/EN-26:12/ensa-135.patch.asc # gpg --verify ensa-135.patch.asc b) Apply the patch. Execute the following commands as root: # cd /usr/src # patch < /path/to/patch c) Recompile the operating system using buildworld and installworld as described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>. Reboot the system. VI. Correction details This issue is corrected as of the corresponding Git commit hash in the following stable and release branches: Branch/path Hash Revision - ------------------------------------------------------------------------- releng/15.0/ 53054229dcb3 releng/15.0-n281036 releng/14.4/ 49be56ed6fea releng/14.4-n273700 releng/14.3/ 4f4b48e8a547 releng/14.3-n271500 releng/13.5/ 2e6399fe39b3 releng/13.5-n259222 - ------------------------------------------------------------------------- Run the following command to see which files were modified by a particular commit: # git show --stat <commit hash> Or visit the following URL, replacing NNNNNN with the hash: <URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN> To determine the commit count in a working tree (for comparison against nNNNNNN in the table above), run: # git rev-list --count --first-parent HEAD VII. References <URL:https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=270166> The latest revision of this advisory is available at <URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-26:12.freebsd-update.asc> -----BEGIN PGP SIGNATURE----- iQJPBAEBCgA5FiEEthUnfoEIffdcgYM7bljekB8AGu8FAmn0yLQbFIAAAAAABAAO bWFudTIsMi41KzEuMTIsMCwzAAoJEG5Y3pAfABrvPNYQAIXixMavK1HRNgv1kzms qcAlmg/dd46KZKD7SkgAmlqKfO1wIdpDo5GZhcpKqS0TRorgqi7u9UU8xNsYxyG0 mD00dY1m65Vy5wE56QOYDFGnVgC4ZkP3it0HUGZf2t7H9kWO7LB8w8v41z+V7HKK XRaECq4OyCjeFL9e9C1BdztkFSeVyubN+L2ca8q4S6EWq+4tu9ubTaY+P+Xojy0X 1jX42p31ZYoowHNoNPoC6jfNXrHYg2n7TZ3/kcEwCHlENpoFNT7a87RbijoAlvNP 4Y/IsvlvFdpSjxuyT9chKCPiCaMKkb26Zzng8WPcveeQP1T0f6vV7OFCIl+5RlSM dFAYp3+IgyBfNa2iQ+ANYrVZB6718gBiE3mAweO/3VJDRK0+okxtQoOlonOSOUJd BEQrurf2nVJC0Ihi82C/Yn8lHT6IGgEWQzpLLJH2Y9A5z9IEDNpT7s6l6SwOgVuT 1C16q9IincGwKi8YuL1v3Xr9D71PaFWj9DNVuIVe6j9nAFgqZuIFOTPObDcnfN6t n7hiL2UdOIr9bUxl/H8FQoh5nHeDfbzSn0pF1mvkUMANC1/WSQY3ZVmQHOF5D0yV 9snZZTdsk4eZjhXJUGnLIgBVpYNqwTF7Hm3A0/LF4nbTQm2w78XMj/dIJq7lLliH BHnoS2GbAjlAHemJRTt14Zcm =Baez -----END PGP SIGNATURE-----

No comments:

Friday, May 1, 2026

[USN-8215-1] .NET vulnerability

========================================================================== Ubuntu Security Notice USN-8215-1 April 28, 2026 dotnet10 vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 25.10 - Ubuntu 24.04 LTS Summary: .NET could be made to crash or run programs as an administrator. Software Description: - dotnet10: .NET CLI tools and runtime Details: It was discovered that the Microsoft.AspNetCore.DataProtection library in .NET did not properly verify cryptographic signatures under certain conditions. A remote attacker could possibly use this issue to elevate privileges. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 25.10 aspnetcore-runtime-10.0 10.0.7-0ubuntu1~25.10.1 dotnet-host-10.0 10.0.7-0ubuntu1~25.10.1 dotnet-hostfxr-10.0 10.0.7-0ubuntu1~25.10.1 dotnet-runtime-10.0 10.0.7-0ubuntu1~25.10.1 dotnet-sdk-10.0 10.0.107-0ubuntu1~25.10.1 dotnet-sdk-aot-10.0 10.0.107-0ubuntu1~25.10.1 dotnet10 10.0.107-10.0.7-0ubuntu1~25.10.1 Ubuntu 24.04 LTS aspnetcore-runtime-10.0 10.0.7-0ubuntu1~24.04.1 dotnet-host-10.0 10.0.7-0ubuntu1~24.04.1 dotnet-hostfxr-10.0 10.0.7-0ubuntu1~24.04.1 dotnet-runtime-10.0 10.0.7-0ubuntu1~24.04.1 dotnet-sdk-10.0 10.0.107-0ubuntu1~24.04.1 dotnet-sdk-aot-10.0 10.0.107-0ubuntu1~24.04.1 dotnet10 10.0.107-10.0.7-0ubuntu1~24.04.1 After a standard system update, it is recommended to rotate the DataProtection key ring. References: https://ubuntu.com/security/notices/USN-8215-1 CVE-2026-40372 Package Information: https://launchpad.net/ubuntu/+source/dotnet10/10.0.107-10.0.7-0ubuntu1~25.10.1 https://launchpad.net/ubuntu/+source/dotnet10/10.0.107-10.0.7-0ubuntu1~24.04.1

No comments:

FreeBSD Errata Notice FreeBSD-EN-26:11.dhclient

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-EN-26:11.dhclient Errata Notice The FreeBSD Project Topic: dhclient(8) lease validation is too strict Category: core Module: dhclient Announced: 2026-05-01 Affects: All supported versions of FreeBSD. Corrected: 2026-04-30 21:07:00 UTC (stable/15, 15.0-STABLE) 2026-05-01 15:08:46 UTC (releng/15.0, 15.0-RELEASE-p8) 2026-04-30 21:07:11 UTC (stable/14, 14.4-STABLE) 2026-05-01 15:08:37 UTC (releng/14.4, 14.4-RELEASE-p4) 2026-05-01 15:08:30 UTC (releng/14.3, 14.3-RELEASE-p13) 2026-04-30 21:07:24 UTC (stable/13, 13.5-STABLE) 2026-05-01 15:08:19 UTC (releng/13.5, 13.5-RELEASE-p14) For general information regarding FreeBSD Errata Notices and Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit <URL:https://security.FreeBSD.org/>. Note: While FreeBSD 13.5 is end of life (EOL) as of May 1st, 2026, the Security Team has decided to patch this issue as it was identified and a fix was in-flight before the EOL date. I. Background dhclient(8) is the default IPv4 DHCP client used on FreeBSD. It is responsible for contacting DHCP servers on a network segment and for initialising and configuring network interfaces based on received information. When processing a DHCP offer, dhclient passes various parameters provided by the server to dhclient-script(8). DHCP options, as documented in dhcp-options(5), are passed via the environment. II. Problem Description The patch for FreeBSD-SA-26:15.dhclient introduced some validation of the boot file DHCP option to prevent unescaped values from being written to the stored lease file. This validation is overly strict and rejects Windows paths. III. Impact The overly strict validation may cause dhclient(8) to reject valid leases. IV. Workaround No workaround is available. Systems not running dhclient(8) are not affected. V. Solution Upgrade your system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date. Perform one of the following: 1) To update your system installed from base system packages: Systems running a 15.0-RELEASE version of FreeBSD on the amd64 or arm64 platforms, which were installed using base system packages, can be updated via the pkg(8) utility: # pkg upgrade -r FreeBSD-base 2) To update your system installed from binary distribution sets: Systems running a RELEASE version of FreeBSD on the amd64 or arm64 platforms, or the i386 platform on FreeBSD 13, which were not installed using base system packages, can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install 3) To update your system via a source code patch: The following patches have been verified to apply to the applicable FreeBSD release branches. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. # fetch https://security.FreeBSD.org/patches/EN-26:11/dhclient.patch # fetch https://security.FreeBSD.org/patches/EN-26:11/dhclient.patch.asc # gpg --verify dhclient.patch.asc b) Apply the patch. Execute the following commands as root: # cd /usr/src # patch < /path/to/patch c) Recompile the operating system using buildworld and installworld as described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>. Restart the applicable daemons, or reboot the system. VI. Correction details This issue is corrected as of the corresponding Git commit hash in the following stable and release branches: Branch/path Hash Revision - ------------------------------------------------------------------------- stable/15/ 252f603d1704 stable/15-n283453 releng/15.0/ dc8762cfb6e2 releng/15.0-n281035 stable/14/ 2f9478ad42c4 stable/14-n274094 releng/14.4/ dfcb69cdb07e releng/14.4-n273699 releng/14.3/ 5bad905eb37f releng/14.3-n271499 stable/13/ b1ece85741db stable/13-n259871 releng/13.5/ b362b6b6c8f2 releng/13.5-n259221 - ------------------------------------------------------------------------- Run the following command to see which files were modified by a particular commit: # git show --stat <commit hash> Or visit the following URL, replacing NNNNNN with the hash: <URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN> To determine the commit count in a working tree (for comparison against nNNNNNN in the table above), run: # git rev-list --count --first-parent HEAD VII. References <URL:https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=294886> The latest revision of this advisory is available at <URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-26:11.dhclient.asc> -----BEGIN PGP SIGNATURE----- iQJPBAEBCgA5FiEEthUnfoEIffdcgYM7bljekB8AGu8FAmn0xiAbFIAAAAAABAAO bWFudTIsMi41KzEuMTIsMCwzAAoJEG5Y3pAfABrvJnEQAJ8ZYWjGt7iYjMkOZiM1 I7NLl7RygvIWU25ThAOXlA7zPA7LbS23+nca4QlNdvTVkpcfsCrmxhJYY4ymkZh7 QuEVDEp20n02S7362S9kCpmp3NDXQvuCPNt8zRel4ek3u/b8/9KCASL1jN+1eSgR G8ZVWVheRzKgsaYJsDIyX0AjNk41gQk8ASYoWjeIk5F14kFk3ozlfJTrBL2XlOuL J28P47d5lEgU2x04xLSZF9xQrF1I13XZa8pMtogF3aveTXXVzHDJFZIcppu0uQYY tp9uvyQ6NnzNPBXWztVCJ+eRdxS4RLp3Dp3U9/3GrqVuCfG8BO7kE5OhcjO0EPVC lmvXBJLqQnsodEQA0BysAsMxlMcw+n6z0np2DFdFCkyLrPCx3Bm+D/WRLngRcp4s +FBIgoF+ywUXVwLRkVJeCsQJTNzVhneq8rtcfE6LdJoIgW/oOUyNEJTBpgvhXmz6 /pmW47cmNY+CFWCXAL/7fLZVX1dYvEpSn+Iqqs8Efr2OFfQqRXZunJXNXnKuMtfT p82Hl////cHObQSqlI95J5yJmdBzOxlpzHTwSLVTD5SfvAcN3PzN3hRhFFqG8lg5 HV64Fu1xPqLX1mthTw1Sbng5mTUL+MJ5BN26M+UevYZBi02m5nMUyjWH+D4Bn3RS gajZ9Z16VPgdlPsNPihqsx7k =Ro3y -----END PGP SIGNATURE-----

No comments:

[USN-8222-1] OpenSSH vulnerabilities

========================================================================== Ubuntu Security Notice USN-8222-1 April 29, 2026 openssh vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 26.04 LTS - Ubuntu 25.10 - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS Summary: Several security issues were fixed in OpenSSH. Software Description: - openssh: secure shell (SSH) for secure access to remote machines Details: Christos Papakonstantinou discovered that the OpenSSH scp tool incorrectly handled the legacy scp protocol (-O) option. This could result in certain files being installed setuid or setgid, contrary to expectations. (CVE-2026-35385) Florian KohnhÀuser discovered that OpenSSH incorrectly handled shell metacharacters in usernames within a command line. When untrusted usernames and non-default configurations using % in ssh_config are being used, an attacker could possibly use this issue to execute arbitrary code. (CVE-2026-35386) Christos Papakonstantinou discovered that OpenSSH incorrectly handled parsing the PubkeyAcceptedAlgorithms and HostbasedAcceptedAlgorithms options. This could result in unintended ECDSA algorithms being used, contrary to expectations. (CVE-2026-35387) Michalis Vasileiadis discovered that OpenSSH incorrectly handled proxy-mode multiplexing sessions. This could result in no confirmation being asked, contrary to expectations. (CVE-2026-35388) Vladimir Tokarev discovered that OpenSSH incorrectly handled certificates with the principal name containing a comma character when using user-trusted CA keys in authorized_keys and an authorized_keys principals="" option that lists more than one principal. This could result in inappropriate principal matching, contrary to expectations. (CVE-2026-35414) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 26.04 LTS openssh-client 1:10.2p1-2ubuntu3.2 openssh-server 1:10.2p1-2ubuntu3.2 Ubuntu 25.10 openssh-client 1:10.0p1-5ubuntu5.4 openssh-server 1:10.0p1-5ubuntu5.4 Ubuntu 24.04 LTS openssh-client 1:9.6p1-3ubuntu13.16 openssh-server 1:9.6p1-3ubuntu13.16 Ubuntu 22.04 LTS openssh-client 1:8.9p1-3ubuntu0.15 openssh-server 1:8.9p1-3ubuntu0.15 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-8222-1 CVE-2026-35385, CVE-2026-35386, CVE-2026-35387, CVE-2026-35388, CVE-2026-35414 Package Information: https://launchpad.net/ubuntu/+source/openssh/1:10.2p1-2ubuntu3.2 https://launchpad.net/ubuntu/+source/openssh/1:10.0p1-5ubuntu5.4 https://launchpad.net/ubuntu/+source/openssh/1:9.6p1-3ubuntu13.16 https://launchpad.net/ubuntu/+source/openssh/1:8.9p1-3ubuntu0.15

No comments:

FreeBSD Security Advisory FreeBSD-SA-26:14.pf

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-26:14.pf Security Advisory The FreeBSD Project Topic: pf can overflow the stack parsing crafted SCTP packets Category: core Module: pf Announced: 2026-04-29 Credits: Igor Gabriel Sousa e Souza Affects: All supported versions of FreeBSD. Corrected: 2026-04-29 14:47:50 UTC (stable/15, 15.0-STABLE) 2026-04-29 14:48:30 UTC (releng/15.0, 15.0-RELEASE-p7) 2026-04-29 14:48:52 UTC (stable/14, 14.4-STABLE) 2026-04-29 14:49:44 UTC (releng/14.4, 14.4-RELEASE-p3) 2026-04-29 14:49:20 UTC (releng/14.3, 14.3-RELEASE-p12) 2026-04-29 14:50:08 UTC (stable/13, 13.5-STABLE) 2026-04-29 14:50:20 UTC (releng/13.5, 13.5-RELEASE-p13) CVE Name: CVE-2026-7164 For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit <URL:https://security.FreeBSD.org/>. I. Background pf is an Internet Protocol packet filter originally written for OpenBSD. SCTP is a transport protocol with multihome support. pf parses SCTP packets to discover additional addresses for SCTP endpoints, allowing it to create states allowing connections between these additional addresses. II. Problem Description Incorrect packet validation allowed unbounded recursion parsing SCTP chunk parameters. This can eventually result in a stack overflow and panic. III. Impact Remote attackers can craft packets which cause affected systems to panic. This affects any system where pf is configured to process traffic, independent of the configured ruleset. IV. Workaround No workaround is available. Systems not using pf are not affected. V. Solution Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date, and reboot the system. Perform one of the following: 1) To update your vulnerable system installed from base system packages: Systems running a 15.0-RELEASE version of FreeBSD on the amd64 or arm64 platforms, which were installed using base system packages, can be updated via the pkg(8) utility: # pkg upgrade -r FreeBSD-base # shutdown -r +10min "Rebooting for a security update" 2) To update your vulnerable system installed from binary distribution sets: Systems running a RELEASE version of FreeBSD on the amd64 or arm64 platforms, or the i386 platform on FreeBSD 13, which were not installed using base system packages, can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install # shutdown -r +10min "Rebooting for a security update" 3) To update your vulnerable system via a source code patch: The following patches have been verified to apply to the applicable FreeBSD release branches. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. [FreeBSD 15.0] # fetch https://security.FreeBSD.org/patches/SA-26:14/pf-150.patch # fetch https://security.FreeBSD.org/patches/SA-26:14/pf-150.patch.asc # gpg --verify pf-150.patch.asc [FreeBSD 14.4] # fetch https://security.FreeBSD.org/patches/SA-26:14/pf-144.patch # fetch https://security.FreeBSD.org/patches/SA-26:14/pf-144.patch.asc # gpg --verify pf-144.patch.asc [FreeBSD 14.3] # fetch https://security.FreeBSD.org/patches/SA-26:14/pf-143.patch # fetch https://security.FreeBSD.org/patches/SA-26:14/pf-143.patch.asc # gpg --verify pf-143.patch.asc [FreeBSD 13.5] # fetch https://security.FreeBSD.org/patches/SA-26:14/pf-135.patch # fetch https://security.FreeBSD.org/patches/SA-26:14/pf-135.patch.asc # gpg --verify pf-135.patch.asc b) Apply the patch. Execute the following commands as root: # cd /usr/src # patch < /path/to/patch c) Recompile your kernel as described in <URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the system. VI. Correction details This issue is corrected as of the corresponding Git commit hash in the following stable and release branches: Branch/path Hash Revision - ------------------------------------------------------------------------- stable/15/ e1c9f92130e8 stable/15-n283379 releng/15.0/ c01d9bcf0cf6 releng/15.0-n281031 stable/14/ ba21845e94dd stable/14-n274078 releng/14.4/ 0cbe512c7a80 releng/14.4-n273693 releng/14.3/ 63495b09ccf5 releng/14.3-n271490 stable/13/ ed0e766f1256 stable/13-n259861 releng/13.5/ 0ab05345fb40 releng/13.5-n259217 - ------------------------------------------------------------------------- Run the following command to see which files were modified by a particular commit: # git show --stat <commit hash> Or visit the following URL, replacing NNNNNN with the hash: <URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN> To determine the commit count in a working tree (for comparison against nNNNNNN in the table above), run: # git rev-list --count --first-parent HEAD VII. References <URL:https://www.cve.org/CVERecord?id=CVE-2026-7164> The latest revision of this advisory is available at <URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-26:14.pf.asc> -----BEGIN PGP SIGNATURE----- iQJPBAEBCgA5FiEEthUnfoEIffdcgYM7bljekB8AGu8FAmnySS0bFIAAAAAABAAO bWFudTIsMi41KzEuMTIsMCwzAAoJEG5Y3pAfABrvIZAP/1GsgtB+t9rl+cOV5dv6 EeW82SX6ivf2GdmjiuXGSKoGuw3VsXPUC4RCcnFoewr1dmh+p0mGGnN0mH7lwXlT 8HG/ZF5sRXAvbaqMt2t2kPh6RbSUTfDm9TWpFQRCUmCn2PjAtrZtjQAjEZZOhfAS domShW7gUMTHl5AA3bpSWyL/GL2/WicOkhczJAoRg8rlUiFmTg8OYWPmSZfXfLtf E5AeXlfn5OaXFFupB+FKsdQDShU2p01kh6BtpyfH6TXa7a2yM3Cu4OdL37oy+TSi OgH3G7/CveNXqRknOD5DJi/kwIGbWpGLGnyAerOepY3MMq8Wag5Wz0Ive2H6B6Ud 45v7cmXhDUUaNv/vAW/q+oiru0qJKzEvOlL7RWOxDLz1eL1P8Cqj9fJBLmD9Z3GW t4QwGS09bkDcvkxyLh4HkrHwuOmZIP/OXfdHZji98N7tgmvepiNdv8e+Ww2Pm/Oc M+E+44nx2grOpo5kewoUUT9KPxNMwn2h91Pdh2qLFCAb/HTuJ9cpPcoKvw2DAsYz 6IGLxUjQA13kkD9J7ehlvEd1/OaYxBeRIBVIJAxV2Y3OJMLhQRCu1HKz1ACNkQY0 /wHT5DXf4Q8PfGCEyEjtRI/tVAtVFdojSAfyWuxfusSjTxGD6SAz/MjWKI0oqGPZ oTn0P+vVYzU3/bYgLl6DYOCP =dRoD -----END PGP SIGNATURE-----

No comments:

FreeBSD Security Advisory FreeBSD-SA-26:15.dhclient

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-26:15.dhclient Security Advisory The FreeBSD Project Topic: Remotely triggerable out-of-bounds heap write in dhclient Category: core Module: dhclient Announced: 2026-04-29 Credits: Joshua Rogers of AISLE Research Team Affects: All supported versions of FreeBSD. Corrected: 2026-04-29 14:47:49 UTC (stable/15, 15.0-STABLE) 2026-04-29 14:48:29 UTC (releng/15.0, 15.0-RELEASE-p7) 2026-04-29 14:48:51 UTC (stable/14, 14.4-STABLE) 2026-04-29 14:49:42 UTC (releng/14.4, 14.4-RELEASE-p3) 2026-04-29 14:49:24 UTC (releng/14.3, 14.3-RELEASE-p12) 2026-04-29 14:50:07 UTC (stable/13, 13.5-STABLE) 2026-04-29 14:50:19 UTC (releng/13.5, 13.5-RELEASE-p13) CVE Name: CVE-2026-42512 For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit <URL:https://security.FreeBSD.org/>. I. Background dhclient(8) is the default IPv4 DHCP client used on FreeBSD. It is responsible for contacting DHCP servers on a network segment and for initialising and configuring network interfaces based on received information. When processing a DHCP offer, dhclient passes various parameters provided by the server to dhclient-script(8). DHCP options, as documented in dhcp-options(5), are passed via the environment. II. Problem Description As dhclient is building an environment to pass to dhclient-script, it may need to resize the array of string pointers. The code which expands the array incorrectly calculates its new size when requesting memory, resulting in a heap buffer overrun. III. Impact A specially crafted packet can cause dhclient to overrun its buffer of environment entries. This can result in a crash, but it may be possible to leverage this bug to achieve remote code execution. IV. Workaround No workaround is available. Systems not running dhclient(8) are not affected. The attacker needs to be on the same broadcast domain and respond to DHCP requests. A well-managed network will configure DHCP snooping on switches to prevent rogue DHCP servers from operating. V. Solution Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date. Perform one of the following: 1) To update your vulnerable system installed from base system packages: Systems running a 15.0-RELEASE version of FreeBSD on the amd64 or arm64 platforms, which were installed using base system packages, can be updated via the pkg(8) utility: # pkg upgrade -r FreeBSD-base 2) To update your vulnerable system installed from binary distribution sets: Systems running a RELEASE version of FreeBSD on the amd64 or arm64 platforms, or the i386 platform on FreeBSD 13, which were not installed using base system packages, can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install 3) To update your vulnerable system via a source code patch: The following patches have been verified to apply to the applicable FreeBSD release branches. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. # fetch https://security.FreeBSD.org/patches/SA-26:15/dhclient.patch # fetch https://security.FreeBSD.org/patches/SA-26:15/dhclient.patch.asc # gpg --verify dhclient.patch.asc b) Apply the patch. Execute the following commands as root: # cd /usr/src # patch < /path/to/patch c) Recompile the operating system using buildworld and installworld as described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>. Restart the applicable daemons, or reboot the system. VI. Correction details This issue is corrected as of the corresponding Git commit hash in the following stable and release branches: Branch/path Hash Revision - ------------------------------------------------------------------------- stable/15/ 4408b683d237 stable/15-n283378 releng/15.0/ 66d6c32ce7b8 releng/15.0-n281030 stable/14/ a813012f4b76 stable/14-n274077 releng/14.4/ d60456d859a1 releng/14.4-n273692 releng/14.3/ 76734958a098 releng/14.3-n271493 stable/13/ 5d3e93fda7ce stable/13-n259860 releng/13.5/ 5a5e7883a3bb releng/13.5-n259216 - ------------------------------------------------------------------------- Run the following command to see which files were modified by a particular commit: # git show --stat <commit hash> Or visit the following URL, replacing NNNNNN with the hash: <URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN> To determine the commit count in a working tree (for comparison against nNNNNNN in the table above), run: # git rev-list --count --first-parent HEAD VII. References <URL:https://www.cve.org/CVERecord?id=CVE-2026-42512> The latest revision of this advisory is available at <URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-26:15.dhclient.asc> -----BEGIN PGP SIGNATURE----- iQJPBAEBCgA5FiEEthUnfoEIffdcgYM7bljekB8AGu8FAmnySTMbFIAAAAAABAAO bWFudTIsMi41KzEuMTIsMCwzAAoJEG5Y3pAfABrvvwIP/3DfD428ehRM/ukPC7bY 2AUpIfE5s+AHvE6JiRF8IcbsuVRHsMfO1Z6YWYMfPxhzTpoKhjBcC1XuM6fMugcP 9GFRoW1u4f17trfSSTFMbgTA6q7EC1hab1wQsGhpgazQA+lGpUjoISC88ah+jiEu +Z1b9ubyuYURnstf5V5gj3cRunt9YL3ZuBC0oJJaybODJSuVvuvgZL3QvtwSGM98 OJmqEANEYO3uGpkbeJsIXBYvzqJdzVHpp/rVF84+PHYLp/uqVaWFllflWLwEp6wE 0oSKmsWljjPjL2bIcbsxu+aJH4XJDwDizgYRq6IVnbV/G3XYqQPJwMyQh/qGDhIq 8hA3tG/aQrs5ukL4WE7eMMM+fNzy+LTBfD3vWyfuabFHmKXBCI+Kc6q+oNcPGXeq /ofaJav+ivO4d0H6XHIJ/MtZOO9782EXYWmR8X8E4myZ4z6/vtmqUzL457Kh2v7b rdGE/1tdd+CyIVobfcuPJBq0cx8Fp8gVydcQ7Ts6i5Hqx/Grz2za5qvQgsHsruqo ZQxb3rw7J6wp7w7duqEl9cYVZRgz9CdmTSmjCPi8Ws3nO0PCBV220/dHBHi/kPtl f2GPmIBJA2s0HjTiPQJp9LAFaAnUuCsleo4PEj04NDe6QFMt/u1W22AZbO50zCOQ wuVe9dL9HWnNoKuR1hjIWB27 =rnNn -----END PGP SIGNATURE-----

No comments:

[USN-8226-1] kmod update

========================================================================== Ubuntu Security Notice USN-8226-1 April 30, 2026 kmod update ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 25.10 - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS Summary: kmod has been updated to block loading of the algif_aead kernel module. Software Description: - kmod: tools for managing Linux kernel modules Details: It was discovered that the Linux kernel algif_aead module contained a logic flaw allowing a local attacker to escalate privileges to root. This update to the kmod package disables loading the algif_aead module as a measure to mitigate the issue until kernel updates are made available. See the following URL for more information https://ubuntu.com/blog/copy-fail-vulnerability-fixes-available Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 25.10 kmod 34.2-2ubuntu1.1 Ubuntu 24.04 LTS kmod 31+20240202-2ubuntu7.2 Ubuntu 22.04 LTS kmod 29-1ubuntu1.1 After a standard system update you need to reboot your computer to make all the necessary changes. References: https://ubuntu.com/security/notices/USN-8226-1 CVE-2026-31431, https://launchpad.net/bugs/2150743 Package Information: https://launchpad.net/ubuntu/+source/kmod/34.2-2ubuntu1.1 https://launchpad.net/ubuntu/+source/kmod/31+20240202-2ubuntu7.2 https://launchpad.net/ubuntu/+source/kmod/29-1ubuntu1.1

No comments:

[USN-8226-2] kmod update

========================================================================== Ubuntu Security Notice USN-8226-2 April 30, 2026 kmod update ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS - Ubuntu 14.04 LTS Summary: kmod has been updated to block loading of the algif_aead kernel module. Software Description: - kmod: tools for managing Linux kernel modules Details: USN-8226-1 added a mitigation to kmod to disable loading the algif_aead module. This update adds the same mitigation to Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. Original advisory details: It was discovered that the Linux kernel algif_aead module contained a logic flaw allowing a local attacker to escalate privileges to root. This update to the kmod package disables loading the algif_aead module as a measure to mitigate the issue until kernel updates are made available. See the following URL for more information https://ubuntu.com/blog/copy-fail-vulnerability-fixes-available Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 20.04 LTS kmod 27-1ubuntu2.1+esm1 Available with Ubuntu Pro Ubuntu 18.04 LTS kmod 24-1ubuntu3.5+esm1 Available with Ubuntu Pro Ubuntu 16.04 LTS kmod 22-1ubuntu5.2+esm1 Available with Ubuntu Pro Ubuntu 14.04 LTS kmod 15-0ubuntu7+esm1 Available with Ubuntu Pro After a standard system update you need to reboot your computer to make all the necessary changes. References: https://ubuntu.com/security/notices/USN-8226-2 https://ubuntu.com/security/notices/USN-8226-1 CVE-2026-31431

No comments:
Subscribe to: Posts (Atom)