Fedora 42 Update: mingw-libsoup-2.74.3-14.fc42
Fedora 42 Update: mingw-glib2-2.84.4-1.fc42
Fedora 42 Update: mingw-python3-3.11.14-4.fc42
Fedora 43 Update: mingw-libsoup-2.74.3-14.fc43
Fedora 43 Update: mingw-python3-3.11.14-4.fc43
Fedora 43 Update: mingw-glib2-2.86.3-1.fc43
[SECURITY] Fedora 42 Update: mingw-libsoup-2.74.3-14.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-6c78aad721
2025-12-23 01:27:05.654584+00:00
--------------------------------------------------------------------------------
Name : mingw-libsoup
Product : Fedora 42
Version : 2.74.3
Release : 14.fc42
URL : https://wiki.gnome.org/Projects/libsoup
Summary : MinGW library for HTTP and XML-RPC functionality
Description :
Libsoup is an HTTP library implementation in C. It was originally part
of a SOAP (Simple Object Access Protocol) implementation called Soup, but
the SOAP and non-SOAP parts have now been split into separate packages.
libsoup uses the Glib main loop and is designed to work well with GTK
applications. This enables GNOME applications to access HTTP servers
on the network in a completely asynchronous fashion, very similar to
the Gtk+ programming model (a synchronous operation mode is also
supported for those who want it).
This is the MinGW build of Libsoup
--------------------------------------------------------------------------------
Update Information:
Backport fix for CVE-2025-11021.
--------------------------------------------------------------------------------
ChangeLog:
* Sun Dec 14 2025 Sandro Mani [manisandro@gmail.com] - 2.74.3-14
- Backport fix for CVE-2025-11021
* Thu Jul 24 2025 Fedora Release Engineering [releng@fedoraproject.org] - 2.74.3-13
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2399631 - CVE-2025-11021 mingw-libsoup: Out-of-Bounds Read in Cookie Date Handling of libsoup HTTP Library [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2399631
[ 2 ] Bug #2399634 - CVE-2025-11021 mingw-libsoup: Out-of-Bounds Read in Cookie Date Handling of libsoup HTTP Library [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2399634
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-6c78aad721' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 42 Update: mingw-glib2-2.84.4-1.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-b2df36b70a
2025-12-23 01:27:05.654566+00:00
--------------------------------------------------------------------------------
Name : mingw-glib2
Product : Fedora 42
Version : 2.84.4
Release : 1.fc42
URL : http://www.gtk.org
Summary : MinGW Windows GLib2 library
Description :
MinGW Windows Glib2 library.
--------------------------------------------------------------------------------
Update Information:
Update to glib-2.84.4 and backport fixes for CVE-2025-13601, CVE-2025-14087 and
CVE-2025-14512.
--------------------------------------------------------------------------------
ChangeLog:
* Sun Dec 14 2025 Sandro Mani [manisandro@gmail.com] - 2.84.1-1
- Update to 2.84.1
- Backport patch for CVE-2025-14512
- Backport patch for CVE-2025-14087
* Sun Dec 14 2025 Sandro Mani [manisandro@gmail.com] - 2.84.3-3
- Backport patch for CVE-2025-13601
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2417052 - CVE-2025-13601 mingw-glib2: Integer overflow in in g_escape_uri_string() [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2417052
[ 2 ] Bug #2419111 - CVE-2025-14087 mingw-glib2: A buffer-underflow vulnerability exists in GLib???s GVariant parser, specifically within bytestring_parse() and string_parse(). The parser uses signed 32-bit integers (gint) as loop indices (i and j). When extreme ... [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2419111
[ 3 ] Bug #2421343 - CVE-2025-14512 mingw-glib2: Integer Overflow in GLib GIO Attribute Escaping Causes Heap Buffer Overflow [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2421343
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-b2df36b70a' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
[SECURITY] Fedora 42 Update: mingw-python3-3.11.14-4.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-34626c05f6
2025-12-23 01:27:05.654582+00:00
--------------------------------------------------------------------------------
Name : mingw-python3
Product : Fedora 42
Version : 3.11.14
Release : 4.fc42
URL : https://www.python.org/
Summary : MinGW Windows python3
Description :
MinGW Windows python3
--------------------------------------------------------------------------------
Update Information:
Backport fix for CVE-2025-12084.
--------------------------------------------------------------------------------
ChangeLog:
* Sun Dec 14 2025 Sandro Mani [manisandro@gmail.com] - 3.11.14-4
- Backport patch for CVE-2025-12084
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2421623 - CVE-2025-12084 mingw-python3: cpython: Quadratic algorithm in xml.dom.minidom leads to denial of service [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2421623
[ 2 ] Bug #2421642 - CVE-2025-12084 mingw-python3: cpython: Quadratic algorithm in xml.dom.minidom leads to denial of service [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2421642
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-34626c05f6' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 43 Update: mingw-libsoup-2.74.3-14.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-5a82449616
2025-12-23 00:49:47.498009+00:00
--------------------------------------------------------------------------------
Name : mingw-libsoup
Product : Fedora 43
Version : 2.74.3
Release : 14.fc43
URL : https://wiki.gnome.org/Projects/libsoup
Summary : MinGW library for HTTP and XML-RPC functionality
Description :
Libsoup is an HTTP library implementation in C. It was originally part
of a SOAP (Simple Object Access Protocol) implementation called Soup, but
the SOAP and non-SOAP parts have now been split into separate packages.
libsoup uses the Glib main loop and is designed to work well with GTK
applications. This enables GNOME applications to access HTTP servers
on the network in a completely asynchronous fashion, very similar to
the Gtk+ programming model (a synchronous operation mode is also
supported for those who want it).
This is the MinGW build of Libsoup
--------------------------------------------------------------------------------
Update Information:
Backport fix for CVE-2025-11021.
--------------------------------------------------------------------------------
ChangeLog:
* Sun Dec 14 2025 Sandro Mani [manisandro@gmail.com] - 2.74.3-14
- Backport fix for CVE-2025-11021
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2399631 - CVE-2025-11021 mingw-libsoup: Out-of-Bounds Read in Cookie Date Handling of libsoup HTTP Library [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2399631
[ 2 ] Bug #2399634 - CVE-2025-11021 mingw-libsoup: Out-of-Bounds Read in Cookie Date Handling of libsoup HTTP Library [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2399634
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-5a82449616' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 43 Update: mingw-python3-3.11.14-4.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-883181272e
2025-12-23 00:49:47.498002+00:00
--------------------------------------------------------------------------------
Name : mingw-python3
Product : Fedora 43
Version : 3.11.14
Release : 4.fc43
URL : https://www.python.org/
Summary : MinGW Windows python3
Description :
MinGW Windows python3
--------------------------------------------------------------------------------
Update Information:
Backport fix for CVE-2025-12084.
--------------------------------------------------------------------------------
ChangeLog:
* Sun Dec 14 2025 Sandro Mani [manisandro@gmail.com] - 3.11.14-4
- Backport patch for CVE-2025-12084
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2421623 - CVE-2025-12084 mingw-python3: cpython: Quadratic algorithm in xml.dom.minidom leads to denial of service [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2421623
[ 2 ] Bug #2421642 - CVE-2025-12084 mingw-python3: cpython: Quadratic algorithm in xml.dom.minidom leads to denial of service [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2421642
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-883181272e' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 43 Update: mingw-glib2-2.86.3-1.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-ecdc29aa34
2025-12-23 00:49:47.497988+00:00
--------------------------------------------------------------------------------
Name : mingw-glib2
Product : Fedora 43
Version : 2.86.3
Release : 1.fc43
URL : http://www.gtk.org
Summary : MinGW Windows GLib2 library
Description :
MinGW Windows Glib2 library.
--------------------------------------------------------------------------------
Update Information:
Update to 2.86.3, fixes CVE-2025-13601, CVE-2025-14087 and CVE-2025-14512.
--------------------------------------------------------------------------------
ChangeLog:
* Sun Dec 14 2025 Sandro Mani [manisandro@gmail.com] - 2.86.3-1
- Update to 2.86.3
* Sat Nov 15 2025 Sandro Mani [manisandro@gmail.com] - 2.87.0-1
- Update to 2.87.0
* Thu Oct 30 2025 Sandro Mani [manisandro@gmail.com] - 2.86.1-1
- Update to 2.86.1
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2417054 - CVE-2025-13601 mingw-glib2: Integer overflow in in g_escape_uri_string() [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2417054
[ 2 ] Bug #2419130 - CVE-2025-14087 mingw-glib2: A buffer-underflow vulnerability exists in GLib???s GVariant parser, specifically within bytestring_parse() and string_parse(). The parser uses signed 32-bit integers (gint) as loop indices (i and j). When extreme ... [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2419130
[ 3 ] Bug #2421345 - CVE-2025-14512 mingw-glib2: Integer Overflow in GLib GIO Attribute Escaping Causes Heap Buffer Overflow [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2421345
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-ecdc29aa34' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
