It was discovered that HTMLDOC did not properly manage memory under certain
circumstances. If a user were tricked into opening a specially crafted HTML
file, a remote attacker could possibly use this issue to cause HTMLDOC to
crash, resulting in a denial of service, or possibly execute arbitrary code.
python-jwt-2.4.0-1.fc36
Update to 2.4.0 to address CVE-2022-29217.
https://github.com/jpadilla/pyjwt/security/advisories/GHSA-ffqj-6fqr-9h24
python-jwt-2.4.0-1.el9
Update to 2.4.0 to address CVE-2022-29217.
https://github.com/jpadilla/pyjwt/security/advisories/GHSA-ffqj-6fqr-9h24
python-jwt-2.4.0-1.fc35
Update to 2.4.0 to address CVE-2022-29217.
https://github.com/jpadilla/pyjwt/security/advisories/GHSA-ffqj-6fqr-9h24
Tobias Stoeckmann discovered that libXfixes incorrectly handled certain
inputs. An attacker could possibly use this issue to cause a denial
of service, or possibly execute arbitrary code.
weechat-3.5-2.fc35
Update to new upstream version.
weechat-3.5-2.fc36
Update to new upstream version.
weechat-3.5-2.fc34
Update to new upstream version.
Successful exploitation of this vulnerability on Claroty Secure Remote Access (SRA) Site versions 3.0 through 3.2 allows an attacker with local command line interface access to gain the secret key, subsequently allowing them to generate valid session tokens for the web user interface (UI). With access to the web UI an attacker can access assets managed by the SRA installation and could compromise the installation.
python-ujson-5.3.0-1.el9
Added
Test Python 3.11 beta
Changed
Benchmark refactor – argparse CLI
Fixed
Fix segmentation faults when errors occur while handling unserialisable objects
Fix segmentation fault when an exception is raised while converting a dict key to a string
Fix memory leak dumping on non-string dict keys
Fix ref counting on repeated default function calls
Remove redundant wheel dependency from pyproject.toml
