FEDORA-2025-387540db1f — security update for pack

stable

pack-0.38.2-1.fc42

FEDORA-2025-387540db1f created by lsm5 4 months ago for Fedora 42

bump to v0.38.2

How to install

Updates may require up to 24 hours to propagate to mirrors. If the following command doesn't work, please retry later:

sudo dnf upgrade --refresh --advisory=FEDORA-2025-387540db1f

This update has been submitted for testing by lsm5.

4 months ago

This update's test gating status has been changed to 'ignored'.

4 months ago

This update has been pushed to testing.

4 months ago

This update has been submitted for stable by bodhi.

4 months ago

This update has been pushed to stable.

4 months ago

Please log in to add feedback.

Metadata

Type

security

Severity

medium

Karma

Signed

Content Type

RPM

Test Gating

ignored

Autopush Settings

Unstable by Karma

-3

Stable by Karma

Stable by Time

7 days

Dates

submitted

4 months ago

in testing

4 months ago

in stable

4 months ago

approved

4 months ago

Builds

pack-0.38.2-1.fc42

BZ#2386310 CVE-2025-8556 pack: CIRCL-Fourq: Missing and wrong validation can lead to incorrect results [fedora-42]

BZ#2398873 CVE-2025-47910 pack: CrossOriginProtection bypass in net/http [fedora-42]

BZ#2399550 CVE-2025-47906 pack: Unexpected paths returned from LookPath in os/exec [fedora-42]

BZ#2408083 CVE-2025-58189 pack: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]

BZ#2409553 CVE-2025-61723 pack: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]

BZ#2410504 CVE-2025-58185 pack: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]

BZ#2411402 CVE-2025-58188 pack: Panic when validating certificates with DSA public keys in crypto/x509 [fedora-42]

BZ#2412812 CVE-2025-58183 pack: Unbounded allocation when parsing GNU sparse map [fedora-42]

pack-0.38.2-1.fc42

Automated Test Results

ignored