Fedora 42 Update: tinyproxy-1.11.2-5.fc42
Fedora 42 Update: perl-CGI-Simple-1.282-1.fc42
[SECURITY] Fedora 42 Update: tinyproxy-1.11.2-5.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-a177cf4e1e
2025-12-11 01:00:50.567616+00:00
--------------------------------------------------------------------------------
Name : tinyproxy
Product : Fedora 42
Version : 1.11.2
Release : 5.fc42
URL : https://tinyproxy.github.io/
Summary : A small, efficient HTTP/SSL proxy daemon
Description :
tinyproxy is a small, efficient HTTP/SSL proxy daemon that is very useful in a
small network setting, where a larger proxy like Squid would either be too
resource intensive, or a security risk.
--------------------------------------------------------------------------------
Update Information:
Add upstream patch to fix CVE-2025-63938.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Dec 2 2025 Carl George [carlwgeorge@fedoraproject.org] - 1.11.2-5
- Add upstream patch to fix CVE-2025-63938
* Fri Jul 25 2025 Fedora Release Engineering [releng@fedoraproject.org] - 1.11.2-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2417329 - CVE-2025-63938 tinyproxy: Tinyproxy integer overflow [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2417329
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-a177cf4e1e' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 42 Update: perl-CGI-Simple-1.282-1.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-47551b2aa2
2025-12-11 01:00:50.567604+00:00
--------------------------------------------------------------------------------
Name : perl-CGI-Simple
Product : Fedora 42
Version : 1.282
Release : 1.fc42
URL : https://metacpan.org/release/CGI-Simple
Summary : Simple totally OO CGI interface that is CGI.pm compliant
Description :
Simple totally OO CGI interface that is CGI.pm compliant.
--------------------------------------------------------------------------------
Update Information:
1.282 - Sanitize all user-supplied values before inserting into HTTP headers;
Fixed CVE-2025-40927.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Dec 2 2025 Jitka Plesnikova [jplesnik@redhat.com] - 1:1.282-1
- 1.282 bump (rhbz#2392359)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2391834 - CVE-2025-40927 perl-CGI-Simple: CGI::Simple versions 1.281 and earlier for Perl has a HTTP response splitting flaw [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2391834
[ 2 ] Bug #2392359 - Upgrade perl-CGI-Simple to 1.282
https://bugzilla.redhat.com/show_bug.cgi?id=2392359
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-47551b2aa2' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
