3 matches found
pnpm Has an Integrity Check Bypass via Missing Lockfile Integrity Field
Summary pnpm's tarball extraction worker skips integrity verification when the integrity field is absent from the lockfile resolution. If an attacker can both modify pnpm-lock.yaml to remove the integrity: field and cause the referenced registry URL to serve altered package content, pnpm install...
CLSA-2026-1778297730 exim: Fix of 2 CVEs
CVE-2026-40685: dewrap OOB read/write on trailing backslash in JSON header - CVE-2026-40687: SPA authenticator OOB read/write and base64 decode infoleak - Refresh Exim-Maintainers-Keyring.asc to verify the 4.99.x release tarball signature...
CLSA-2026-1777544437 webkit2gtk3: Fix of 35 CVEs
Rebase to webkitgtk 2.52.3 to address WebKitGTK security advisories WSA-2026-0001 and WSA-2026-0002 matches RHSA-2026:9692. - Drop all CVE-2025- backport patches Patch100..Patch112; the fixes are included in 2.52.3 upstream. - Drop fix-missing-typename.patch: target source file was removed...