ALT-BU-2024-4670-1
Branch sisyphus_riscv64 update bulletin.
Package libfcgi updated to version 2.4.2-alt1 for branch sisyphus_riscv64.
Closed vulnerabilities
Modified: 2025-04-12
CVE-2012-6687
FastCGI (aka fcgi and libfcgi) 2.4.0 allows remote attackers to cause a denial of service (segmentation fault and crash) via a large number of connections.
- http://advisories.mageia.org/MGASA-2015-0184.html
- http://www.openwall.com/lists/oss-security/2015/02/06/4
- http://www.openwall.com/lists/oss-security/2015/02/07/4
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=681591
- https://bugs.launchpad.net/ubuntu/+source/libfcgi/+bug/933417
- https://bugzilla.redhat.com/show_bug.cgi?id=1189958
- https://exchange.xforce.ibmcloud.com/vulnerabilities/100696
- http://advisories.mageia.org/MGASA-2015-0184.html
- http://www.openwall.com/lists/oss-security/2015/02/06/4
- http://www.openwall.com/lists/oss-security/2015/02/07/4
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=681591
- https://bugs.launchpad.net/ubuntu/+source/libfcgi/+bug/933417
- https://bugzilla.redhat.com/show_bug.cgi?id=1189958
- https://exchange.xforce.ibmcloud.com/vulnerabilities/100696
Package vnstat updated to version 2.12-alt1 for branch sisyphus_riscv64.
Closed bugs
Ошибки при установке пакета vnstat-server
Package gem-tf updated to version 0.4.5-alt2 for branch sisyphus_riscv64.
Closed bugs
Не работает gem-tf
Package gem-reek updated to version 6.3.0-alt1 for branch sisyphus_riscv64.
Closed bugs
gem-reek: не хватает зависимостей для code_climate_reek (gem-rexml и codeclimate)
Package python3-module-django updated to version 4.2.11-alt1 for branch sisyphus_riscv64.
Closed vulnerabilities
Modified: 2025-10-24
BDU:2024-01517
Уязвимость программной платформы для веб-приложений Django, связанная с неконтролируемым расходом ресурсов, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2025-11-04
CVE-2024-24680
An issue was discovered in Django 3.2 before 3.2.24, 4.2 before 4.2.10, and Django 5.0 before 5.0.2. The intcomma template filter was subject to a potential denial-of-service attack when used with very long strings.
- https://docs.djangoproject.com/en/5.0/releases/security/
- https://groups.google.com/forum/#%21forum/django-announce
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D2JIRXEDP4ZET5KFMAPPYSK663Q52NEX/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SN2PLJGYSAAG5KUVIUFJYKD3BLQ4OSN6/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D/
- https://www.djangoproject.com/weblog/2024/feb/06/security-releases/
- https://docs.djangoproject.com/en/5.0/releases/security/
- https://groups.google.com/forum/#%21forum/django-announce
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D2JIRXEDP4ZET5KFMAPPYSK663Q52NEX/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SN2PLJGYSAAG5KUVIUFJYKD3BLQ4OSN6/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SN2PLJGYSAAG5KUVIUFJYKD3BLQ4OSN6/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D/
- https://www.djangoproject.com/weblog/2024/feb/06/security-releases/
Modified: 2025-11-04
CVE-2024-27351
In Django 3.2 before 3.2.25, 4.2 before 4.2.11, and 5.0 before 5.0.3, the django.utils.text.Truncator.words() method (with html=True) and the truncatewords_html template filter are subject to a potential regular expression denial-of-service attack via a crafted string. NOTE: this issue exists because of an incomplete fix for CVE-2019-14232 and CVE-2023-43665.
- http://www.openwall.com/lists/oss-security/2024/03/04/1
- https://docs.djangoproject.com/en/5.0/releases/security/
- https://groups.google.com/forum/#%21forum/django-announce
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D2JIRXEDP4ZET5KFMAPPYSK663Q52NEX/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SN2PLJGYSAAG5KUVIUFJYKD3BLQ4OSN6/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D/
- https://www.djangoproject.com/weblog/2024/mar/04/security-releases/
- http://www.openwall.com/lists/oss-security/2024/03/04/1
- https://docs.djangoproject.com/en/5.0/releases/security/
- https://github.com/django/django/commit/072963e4c4d0b3a7a8c5412bc0c7d27d1a9c3521
- https://github.com/django/django/commit/3394fc6132436eca89e997083bae9985fb7e761e
- https://github.com/django/django/commit/3c9a2771cc80821e041b16eb36c1c37af5349d4a
- https://groups.google.com/forum/#%21forum/django-announce
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D2JIRXEDP4ZET5KFMAPPYSK663Q52NEX/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SN2PLJGYSAAG5KUVIUFJYKD3BLQ4OSN6/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2JIRXEDP4ZET5KFMAPPYSK663Q52NEX/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SN2PLJGYSAAG5KUVIUFJYKD3BLQ4OSN6/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D/
- https://www.djangoproject.com/weblog/2024/mar/04/security-releases/
Package ruby updated to version 3.1.4-alt4.1 for branch sisyphus_riscv64.
Closed bugs
ri не показывает документацию