FEDORA-2025-5f73919942 — security update for rclone

stable

rclone-1.72.0-1.fc42

FEDORA-2025-5f73919942 created by mikelo2 4 months ago for Fedora 42

Update to 1.72.0

How to install

Updates may require up to 24 hours to propagate to mirrors. If the following command doesn't work, please retry later:

sudo dnf upgrade --refresh --advisory=FEDORA-2025-5f73919942

This update has been submitted for testing by mikelo2.

4 months ago

This update's test gating status has been changed to 'ignored'.

4 months ago

This update has been pushed to testing.

4 months ago

geraldosimiao provided feedback 3 months ago

karma

This update can be pushed to stable now if the maintainer wishes

3 months ago

This update has been submitted for stable by bodhi.

3 months ago

This update has been pushed to stable.

3 months ago

Please log in to add feedback.

Metadata

Type

security

Karma

Signed

Content Type

RPM

Test Gating

ignored

Autopush Settings

Unstable by Karma

-3

Stable by Karma

Stable by Time

7 days

Dates

submitted

4 months ago

in testing

4 months ago

in stable

3 months ago

approved

3 months ago

Builds

rclone-1.72.0-1.fc42

BZ#2384131 rclone: Host Header Injection in github.com/go-chi/chi [fedora-42]

BZ#2398879 CVE-2025-47910 rclone: CrossOriginProtection bypass in net/http [fedora-42]

BZ#2399558 CVE-2025-47906 rclone: Unexpected paths returned from LookPath in os/exec [fedora-42]

BZ#2408087 CVE-2025-58189 rclone: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]

BZ#2409557 CVE-2025-61723 rclone: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]

BZ#2410508 CVE-2025-58185 rclone: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]

BZ#2411406 CVE-2025-58188 rclone: Panic when validating certificates with DSA public keys in crypto/x509 [fedora-42]

rclone-1.72.0-1.fc42

Automated Test Results

ignored