FEDORA-2025-9e233a4e22 — security update for brotli and perl-Alien-Brotli

stable

brotli-1.2.0-1.fc42 and perl-Alien-Brotli-0.2.2-11.fc42

FEDORA-2025-9e233a4e22 created by music 2 months ago for Fedora 42

Update brotli to 1.2.0.

This update provides the necessary Python APIs in python3-brotli to fix denial-of-service security issues related to “decompression bombs,” such as CVE-2025-66471 or CVE-2025-6176, but actually fixing them would require separate updates in affected packages.

How to install

Updates may require up to 24 hours to propagate to mirrors. If the following command doesn't work, please retry later:

sudo dnf upgrade --refresh --advisory=FEDORA-2025-9e233a4e22

This update's test gating status has been changed to 'waiting'.

2 months ago

This update's test gating status has been changed to 'passed'.

2 months ago

This update has been submitted for testing by bodhi.

2 months ago

This update has been pushed to testing.

2 months ago

filiperosset commented & provided feedback 2 months ago

karma

no regressions noted here

derekenz commented & provided feedback 2 months ago

karma

Works

This update can be pushed to stable now if the maintainer wishes

2 months ago

geraldosimiao provided feedback 2 months ago

karma

This update has been submitted for stable by bodhi.

2 months ago

This update has been pushed to stable.

2 months ago

Please log in to add feedback.

Metadata

Type

security

Karma

Signed

Content Type

RPM

Test Gating

passed

Autopush Settings

Unstable by Karma

-3

Stable by Karma

Stable by Time

14 days

Dates

submitted

2 months ago

in testing

2 months ago

in stable

2 months ago

approved

2 months ago

Builds

brotli-1.2.0-1.fc42

perl-Alien-Brotli-0.2.2-11.fc42

BZ#2419491 CVE-2025-6176 brotli: Brotli decompression bomb DoS in scrapy/scrapy [fedora-42]

brotli-1.2.0-1.fc42

perl-Alien-Brotli-0.2.2-11.fc42

Automated Test Results

passed