Fedora 41 Update: thunderbird-128.11.1-1.fc41
Fedora 41 Update: python-django4.2-4.2.22-1.fc41
Fedora 41 Update: fido-device-onboard-0.5.1-3.fc41
Fedora 41 Update: rust-git-interactive-rebase-tool-2.4.1-9.fc41
[SECURITY] Fedora 41 Update: thunderbird-128.11.1-1.fc41
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-883496c803
2025-06-17 02:28:46.265734+00:00
--------------------------------------------------------------------------------
Name : thunderbird
Product : Fedora 41
Version : 128.11.1
Release : 1.fc41
URL : http://www.mozilla.org/projects/thunderbird/
Summary : Mozilla Thunderbird mail/newsgroup client
Description :
Mozilla Thunderbird is a standalone mail and newsgroup client.
--------------------------------------------------------------------------------
Update Information:
Update to 128.11.1
https://www.mozilla.org/en-US/security/advisories/mfsa2025-49/
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jun 11 2025 Eike Rathke [erack@redhat.com] - 128.11.1-1
- Update to 128.11.1
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-883496c803' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 41 Update: python-django4.2-4.2.22-1.fc41
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-d4849e6cf3
2025-06-17 02:28:46.265709+00:00
--------------------------------------------------------------------------------
Name : python-django4.2
Product : Fedora 41
Version : 4.2.22
Release : 1.fc41
URL : https://www.djangoproject.com/
Summary : A high-level Python Web framework
Description :
Django is a high-level Python Web framework that encourages rapid
development and a clean, pragmatic design. It focuses on automating as
much as possible and adhering to the DRY (Don't Repeat Yourself)
principle.
--------------------------------------------------------------------------------
Update Information:
Fixes CVE-2025-32873: Denial-of-service possibility in strip_tags()
Fixes CVE-2025-48432: Potential log injection via unescaped request path
--------------------------------------------------------------------------------
ChangeLog:
* Sun Jun 8 2025 Michel Lind [salimma@fedoraproject.org] - 4.2.22-1
- Update to version 4.2.22
- Fixes CVE-2025-32873: Denial-of-service possibility in strip_tags()
- Fixes CVE-2025-48432: Potential log injection via unescaped request path
- Revert setuptools bump; we don't need it and don't have the needed
version
- Rebase Python 3.13 patch
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2365045 - CVE-2025-32873 python-django4.2: Django StripTags Denial of Service [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2365045
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-d4849e6cf3' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 41 Update: fido-device-onboard-0.5.1-3.fc41
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-e375586840
2025-06-17 02:28:46.265688+00:00
--------------------------------------------------------------------------------
Name : fido-device-onboard
Product : Fedora 41
Version : 0.5.1
Release : 3.fc41
URL : https://github.com/fdo-rs/fido-device-onboard-rs
Summary : A rust implementation of the FIDO Device Onboard Specification
Description :
A rust implementation of the FIDO Device Onboard Specification.
--------------------------------------------------------------------------------
Update Information:
Rebuild against idna 1.0+ for CVE-2024-12224
--------------------------------------------------------------------------------
ChangeLog:
* Sun Jun 8 2025 Peter Robinson [pbrobinson@fedoraproject.org] - 0.5.1-3
- Rebuild against idna 1.0+ for CVE-2024-12224
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2370564 - CVE-2024-12224 fido-device-onboard: idna accepts Punycode labels that do not produce any non-ASCII when decoded [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2370564
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-e375586840' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 41 Update: rust-git-interactive-rebase-tool-2.4.1-9.fc41
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-26640e9e35
2025-06-17 02:28:46.265681+00:00
--------------------------------------------------------------------------------
Name : rust-git-interactive-rebase-tool
Product : Fedora 41
Version : 2.4.1
Release : 9.fc41
URL : https://crates.io/crates/git-interactive-rebase-tool
Summary : Full-featured terminal-based sequence editor for Git interactive rebase
Description :
Full-featured terminal-based sequence editor for Git interactive rebase.
--------------------------------------------------------------------------------
Update Information:
Rebuild for CVE-2024-12224, CVE-2025-4574
--------------------------------------------------------------------------------
ChangeLog:
* Sun Jun 8 2025 Benjamin Gilbert [bgilbert@backtick.net] - 2.4.1-9
- Rebuild for CVE-2024-12224, CVE-2025-4574 (rhbz#2370599, rhbz#2366573)
* Sun Jan 19 2025 Fedora Release Engineering [releng@fedoraproject.org] - 2.4.1-8
- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2366573 - CVE-2025-4574 rust-git-interactive-rebase-tool: crossbeam-channel Vulnerable to Double Free on Drop [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2366573
[ 2 ] Bug #2370599 - CVE-2024-12224 rust-git-interactive-rebase-tool: idna accepts Punycode labels that do not produce any non-ASCII when decoded [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2370599
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-26640e9e35' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
