Branch sisyphus_riscv64 update bulletin.

Package userpasswd updated to version 0.3.5-alt1 for branch sisyphus_riscv64.

Не меняется доменный пароль

Package vim updated to version 9.1.0917-alt2 for branch sisyphus_riscv64.

Конфликт: файл /usr/share/vim/ftplugin/mediawiki.vim из устанавливаемого пакета vim-plugin-mediawiki-syntax-0.0-alt5.noarch конфликтует с файлом из пакета vim-common-4:9.1.0917-alt1.noarch

Package python3-module-flask-cors updated to version 5.0.0-alt1 for branch sisyphus_riscv64.

Published: 2024-05-11

BDU:2024-07531

Уязвимость реализации механизма CORS хранилища программных продуктов языка Python PyPi, позволяющая нарушителю раскрыть защищаемую информацию

Severity: MEDIUM (6.5) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

References:

CVE-2024-6221

Published: 2024-08-18
Modified: 2024-08-20

CVE-2024-6221

A vulnerability in corydolphin/flask-cors version 4.0.1 allows the `Access-Control-Allow-Private-Network` CORS header to be set to true by default, without any configuration option. This behavior can expose private network resources to unauthorized external access, leading to significant security risks such as data breaches, unauthorized access to sensitive information, and potential network intrusions.

Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

References:

https://huntr.com/bounties/a42935fc-6f57-4818-bca4-3d528235df4d

Version: 2.1.0

Branch sisyphus_riscv64 update on 2024-12-13

ALT-BU-2024-17069-1

ALT-PU-2024-17065-1

Closed bugs

Bug #49619

ALT-PU-2024-17067-1

Closed bugs

Bug #52413

ALT-PU-2024-17068-1

Closed vulnerabilities

BDU:2024-07531

CVE-2024-6221