Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerabilities have been resolved: HID: usbhid: Eliminated a recurring out-of-bounds error in usbhidparse. Updated the struct hiddescriptor to better reflect the mandatory and optional parts of the HID descriptor according to the USB HID 1.11 specification. Not...

CLSA-2026-1778505256 python: Fix of 2 CVEs

CVE-2021-3733: fix ReDoS in urllib2 AbstractBasicAuthHandler regex; the legacy '?:.,' prefix is replaced with the upstream-3.x form '?:^|,' and the scheme charset excludes ',' to prevent quadratic backtracking on crafted WWW-Authenticate headers - CVE-2021-23336: stop accepting ';' as a default...

ciguard: discover_pipeline_files follows symlinks out of scan root

Summary The discoverpipelinefiles function in src/ciguard/discovery.py introduced in v0.8.0 and used by the MCP scanrepo tool shipped in v0.8.1 walks a directory tree following symlinks, with cycle protection via tracking visited resolved paths. An attacker who can plant a symlink in a directory...

CVE-2026-26275 httpsig-hyper has Improper Digest Verification that May Allow Message Integrity Bypass

httpsig-hyper is a hyper extension for http message signatures. An issue was discovered in httpsig-hyper prior to version 0.0.23 where Digest header verification could incorrectly succeed due to misuse of Rust's matches! macro. Specifically, the comparison if matches!digest, expecteddigest treate...

CLSA-2026-1770707507 Fix CVE(s): CVE-2026-24515

SECURITY UPDATE: Make XMLExternalEntityParserCreate copy unknown encoding handler user data - debian/patches/CVE-2026-24515.patch: copy unknown encoding handler user data and add tests to cover effect - CVE-2026-24515...

Cosmos EVM Vulnerability

Patches Patched in versions v0.3.1, v0.4.2, and in the v0.5.0 release. More information will be disclosed at a later point to ensure chains have time to safely upgrade. Workarounds No workarounds for chains that make use of static or dynamic precompiles. Upgrading is strongly recommended. Testing...

DEBIAN-CVE-2025-38103

In the Linux kernel, the following vulnerability has been resolved: HID: usbhid: Eliminate recurrent out-of-bounds bug in usbhidparse Update struct hiddescriptor to better reflect the mandatory and optional parts of the HID Descriptor as per USB HID 1.11 specification. Note: the kernel currently...

UBUNTU-CVE-2025-38103

In the Linux kernel, the following vulnerability has been resolved: HID: usbhid: Eliminate recurrent out-of-bounds bug in usbhidparse Update struct hiddescriptor to better reflect the mandatory and optional parts of the HID Descriptor as per USB HID 1.11 specification. Note: the kernel currently...

CLSA-2023-1691576572 Fix CVE(s): CVE-2023-34966

SECURITY UPDATE: infinite loop vulnerability in mdssvc RPC service for Spotlight - debian/patches/CVE-2023-34966.patch: prevents an infinite loop by preventing subcount less than 1. Add test for addressed CVE. - CVE-2023-34966...

CLSA-2023-1673905845 Fix CVE(s): CVE-2022-42898

SECURITY UPDATE: integer overflows that may lead to remote code execution - debian/patches/CVE-2022-42898.patch: add several tests to prevent integer overflow in pac parsing - CVE-2022-42898...

CLSA-2022-1665680932 Fix CVE(s): CVE-2022-3296, CVE-2022-3324

SECURITY UPDATE: Buffer underflow with unexpected :finally - debian/patches/CVE-2022-3296.patch: Check CSFTRY can be found - CVE-2022-3296 SECURITY UPDATE: Using negative array index with negative width window - debian/patches/CVE-2022-3324.patch: Make sure the window width does not become negati...

CLSA-2022-1658171690 Fixed CVE-2016-10012 in openssh

CVE-2016-10012: re-remove pre-authentication compression and potentially unsecure shared memory manager used by zlib - Move not yet valid timestamps for certs to 2030-2040 range, make sure all tests are passed and add %check unset DISPLAY section...

CLSA-2022-1658171011 Fixed CVE-2016-10012 in openssh

CVE-2016-10012: re-remove pre-authentication compression and potentially unsecure shared memory manager used by zlib - Move not yet valid timestamps for certs to 2030-2040 range, make sure all tests are passed and add %check unset DISPLAY section...

Cross-Site Scripting

I've picked up on the work started over at 276 and rebased on erusev/master. Since this is rebased on master, I can't point at PR at naNuke/master without running into the merge conflicts that I've already resolved manually. I've implemented what I suggested earlier so that all attributes are...