93 matches found
CVE-2026-42301
A flaw was found in pyp2spec, a tool that generates Fedora RPM spec files for Python projects. This vulnerability allows a malicious Python Package Index PyPI package to execute arbitrary commands on a build machine. This occurs because pyp2spec writes PyPI package metadata, such as the summary...
CVE-2026-42301
pyp2spec generates working Fedora RPM spec file for Python projects. Prior to version 0.14.1, pyp2spec was writing PyPI package metadata e.g. the summary field into the generated spec file without escaping RPM macro directives. When a packager then runs rpmbuild, those directives get evaluated, s...
CVE-2026-42301 Improper Input Validation leading to Improper Control of Generation of Code ('Code Injection') in pyp2spec
pyp2spec generates working Fedora RPM spec file for Python projects. Prior to version 0.14.1, pyp2spec was writing PyPI package metadata e.g. the summary field into the generated spec file without escaping RPM macro directives. When a packager then runs rpmbuild, those directives get evaluated, s...
EUVD-2026-28896
pyp2spec generates working Fedora RPM spec file for Python projects. Prior to version 0.14.1, pyp2spec was writing PyPI package metadata e.g. the summary field into the generated spec file without escaping RPM macro directives. When a packager then runs rpmbuild, those directives get evaluated, s...
GHSA-R35X-V8P8-XVHW pyp2spec is Vulnerable to Code Injection
Impact pyp2spec was writing PyPI package metadata e.g. the summary field into the generated spec file without escaping RPM macro directives. When a packager then runs rpmbuild, those directives get evaluated, so a malicious package can execute arbitrary commands on the build machine. The macro...
Arbitrary Code Injection
Overview pyp2spec is a Generate a valid Fedora specfile from Python package from PyPI Affected versions of this package are vulnerable to Arbitrary Code Injection in the process of writing package metadata into the generated spec file without escaping RPM macro directives. An attacker can execute...
PT-2026-37196
Name of the Vulnerable Software and Affected Versions pyp2spec versions prior to 0.14.1 Description pyp2spec writes PyPI package metadata, such as the summary field, into generated spec files without escaping RPM macro directives. When a packager uses tools like rpmbuild -bs, rpmbuild --nobuild, ...
java-17-openjdk security update
1:17.0.18.0.8-1.0.1 - Add Oracle vendor bug URL Orabug: 34340155 1:17.0.18.0.8-1 - Update to jdk-17.0.18+8 GA - Add to .gitignore openjdk-17.0.18+8.tar.xz - Sync java-17-openjdk-portable.specfile from openjdk-portable-rhel-8 - Set buildver to 8 - Set isga to 1 - Update sources to...
MiracleLinux 7 : pcp-4.3.2-12.el7 (AXSA:2020-703:06)
The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2020-703:06 advisory. pcp: Local privilege escalation in pcp spec file %post section CVE-2019-3695 A Improper Control of Generation of Code vulnerability in the packaging ...
Security update for postgresql13
This update for postgresql13 fixes the following issues: Upgraded to 13.23: CVE-2025-12817: Fixed missing check for CREATE privileges on the schema in CREATE STATISTICS bsc1253332 CVE-2025-12818: Fixed integer overflow in allocation-size calculations within libpq bsc1253333 Other fixes: Use...
SUSE-SU-2025:4486-1 Security update for postgresql13
This update for postgresql13 fixes the following issues: Upgraded to 13.23: - CVE-2025-12817: Fixed missing check for CREATE privileges on the schema in CREATE STATISTICS bsc1253332 - CVE-2025-12818: Fixed integer overflow in allocation-size calculations within libpq bsc1253333 Other fixes: - Use...
Security update for postgresql14
This update for postgresql14 fixes the following issues: Upgraded to 14.20: CVE-2025-12817: Fixed missing check for CREATE privileges on the schema in CREATE STATISTICS bsc1253332 CVE-2025-12818: Fixed integer overflow in allocation-size calculations within libpq bsc1253333 Other fixes: Use...
SUSE-SU-2025:4484-1 Security update for postgresql15
This update for postgresql15 fixes the following issues: Upgraded to 15.15: - CVE-2025-12817: Fixed missing check for CREATE privileges on the schema in CREATE STATISTICS bsc1253332 - CVE-2025-12818: Fixed integer overflow in allocation-size calculations within libpq bsc1253333 Other fixes: - Use...
SUSE SLES15 Security Update : postgresql15 (SUSE-SU-2025:4406-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:4406-1 advisory. Upgraded to 15.15: - CVE-2025-12817: Fixed missing check for CREATE privileges on the schema in CREATE STATISTICS bsc1253332 -...
Security update for postgresql15
This update for postgresql15 fixes the following issues: Upgraded to 15.15: CVE-2025-12817: Fixed missing check for CREATE privileges on the schema in CREATE STATISTICS bsc1253332 CVE-2025-12818: Fixed integer overflow in allocation-size calculations within libpq bsc1253333 Other fixes: Use...
Security update for postgresql16
This update for postgresql16 fixes the following issues: Upgraded to 16.11: CVE-2025-12817: Fixed missing check for CREATE privileges on the schema in CREATE STATISTICS bsc1253332 CVE-2025-12818: Fixed integer overflow in allocation-size calculations within libpq bsc1253333 Other fixes: Use...
SUSE-SU-2025:4387-1 Security update for postgresql16
This update for postgresql16 fixes the following issues: Upgraded to 16.11: - CVE-2025-12817: Fixed missing check for CREATE privileges on the schema in CREATE STATISTICS bsc1253332 - CVE-2025-12818: Fixed integer overflow in allocation-size calculations within libpq bsc1253333 Other fixes: - Use...
Security update for postgresql16
This update for postgresql16 fixes the following issues: Upgraded to 16.11: CVE-2025-12817: Fixed missing check for CREATE privileges on the schema in CREATE STATISTICS bsc1253332 CVE-2025-12818: Fixed integer overflow in allocation-size calculations within libpq bsc1253333 Other fixes: Use...
SUSE-SU-2025:4386-1 Security update for postgresql16
This update for postgresql16 fixes the following issues: Upgraded to 16.11: - CVE-2025-12817: Fixed missing check for CREATE privileges on the schema in CREATE STATISTICS bsc1253332 - CVE-2025-12818: Fixed integer overflow in allocation-size calculations within libpq bsc1253333 Other fixes: - Use...
SUSE-SU-2025:4372-1 Security update for postgresql15
This update for postgresql15 fixes the following issues: Upgraded to 15.15: - CVE-2025-12817: Fixed missing check for CREATE privileges on the schema in CREATE STATISTICS bsc1253332 - CVE-2025-12818: Fixed integer overflow in allocation-size calculations within libpq bsc1253333 Other fixes: - Use...