CVE-2025-32800 Conda-build vulnerable to supply chain attack vector due to pyproject.toml referring to dependencies not present in PyPI

Conda-build contains commands and tools to build conda packages. Prior to version 25.3.0, the pyproject.toml lists conda-index as a Python dependency. This package is not published in PyPI. An attacker could claim this namespace and upload arbitrary malicious code to the package, and then exploit...

Multiple rtmpdump vulnerabilities

The version of rtmpdump contained in this package has multiple known vulnerabilities. Patches This package is abandoned and should not be used anymore. There is no patched release. Workarounds You should install rmtpdump from another source. References...