Branch sisyphus_riscv64 update bulletin.

Package itop updated to version 3.2.2-alt1 for branch sisyphus_riscv64.

Published: 2025-11-10
Modified: 2025-11-12

CVE-2025-47286

Combodo iTop is a web based IT service management tool. In versions prior to 2.7.13 and 3.2.2, an administrator can, by editing the configuration of the iTop instance, execute code on the server. Versions 2.7.13 and 3.2.2 escape and check the config parameter before executing a command based on it.

Severity: HIGH (8.6) Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

References:

https://github.com/Combodo/iTop/security/advisories/GHSA-4w93-rw6g-5m9c

Published: 2025-11-10
Modified: 2025-11-12

CVE-2025-49145

Combodo iTop is a web based IT service management tool. In versions prior to 2.7.13 and 3.2.2, a user that has enough rights to create webhooks (mostly administrators) can drop the database. This is fixed in iTop 2.7.13 and 3.2.2 by verifying callback signature.

Severity: HIGH (8.7) Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:H

References:

https://github.com/Combodo/iTop/security/advisories/GHSA-55q8-mfxr-pq4j

Package rust updated to version 1.89.0-alt1 for branch sisyphus_riscv64.

Добавить поддержку wasm32-unknown-unknown в пакет rust для сборки Proxmox Datacenter Manager

Version: 2.1.2

Branch sisyphus_riscv64 update on 2025-08-23

ALT-BU-2025-10837-1

ALT-PU-2025-10834-1

Closed vulnerabilities

CVE-2025-47286

CVE-2025-49145

ALT-PU-2025-10836-1

Closed bugs

Bug #55591