FEDORA-2025-96f340d7a0 — security update for source-to-image

stable

source-to-image-1.5.1-1.fc42

FEDORA-2025-96f340d7a0 created by yselkowitz 4 months ago for Fedora 42

Update to 1.5.1, migrate to Go Vendor Tools

How to install

Updates may require up to 24 hours to propagate to mirrors. If the following command doesn't work, please retry later:

sudo dnf upgrade --refresh --advisory=FEDORA-2025-96f340d7a0

This update has been submitted for testing by yselkowitz.

4 months ago

This update's test gating status has been changed to 'ignored'.

4 months ago

This update has been pushed to testing.

4 months ago

This update can be pushed to stable now if the maintainer wishes

4 months ago

This update has been submitted for stable by yselkowitz.

3 months ago

This update has been pushed to stable.

3 months ago

Please log in to add feedback.

Metadata

Type

security

Severity

medium

Karma

Signed

Content Type

RPM

Test Gating

ignored

Autopush Settings

Unstable by Karma

-3

Stable by Karma

disabled

Stable by Time

disabled

Dates

submitted

4 months ago

in testing

4 months ago

in stable

3 months ago

approved

4 months ago

Builds

source-to-image-1.5.1-1.fc42

BZ#2337561 source-to-image-1.6.0 is available

BZ#2398887 CVE-2025-47910 source-to-image: CrossOriginProtection bypass in net/http [fedora-42]

BZ#2399569 CVE-2025-47906 source-to-image: Unexpected paths returned from LookPath in os/exec [fedora-42]

BZ#2408097 CVE-2025-58189 source-to-image: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]

BZ#2409567 CVE-2025-61723 source-to-image: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]

BZ#2410518 CVE-2025-58185 source-to-image: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]

BZ#2411416 CVE-2025-58188 source-to-image: Panic when validating certificates with DSA public keys in crypto/x509 [fedora-42]

source-to-image-1.5.1-1.fc42

Automated Test Results

ignored