ALT-BU-2025-6598-1
Branch sisyphus update bulletin.
Closed bugs
slim: убрать зависимость на PAM(pam_console.so)
Closed bugs
lightdm: убрать зависимость на PAM(pam_console.so)
Closed vulnerabilities
Modified: 2025-05-18
CVE-2025-47203
dbclient in Dropbear SSH before 2025.88 allows command injection via an untrusted hostname argument, because a shell is used.
- http://www.openwall.com/lists/oss-security/2025/05/09/4
- http://www.openwall.com/lists/oss-security/2025/05/12/6
- http://www.openwall.com/lists/oss-security/2025/05/13/1
- http://www.openwall.com/lists/oss-security/2025/05/13/10
- http://www.openwall.com/lists/oss-security/2025/05/13/3
- https://github.com/mkj/dropbear/blob/master/CHANGES
- https://github.com/mkj/dropbear/blob/master/src/cli-main.c
- https://lists.debian.org/debian-lts-announce/2025/05/msg00020.html
Package dropbear-musl updated to version 2025.88-alt1 for branch sisyphus in task 383873.
Closed vulnerabilities
Modified: 2025-05-18
CVE-2025-47203
dbclient in Dropbear SSH before 2025.88 allows command injection via an untrusted hostname argument, because a shell is used.
- http://www.openwall.com/lists/oss-security/2025/05/09/4
- http://www.openwall.com/lists/oss-security/2025/05/12/6
- http://www.openwall.com/lists/oss-security/2025/05/13/1
- http://www.openwall.com/lists/oss-security/2025/05/13/10
- http://www.openwall.com/lists/oss-security/2025/05/13/3
- https://github.com/mkj/dropbear/blob/master/CHANGES
- https://github.com/mkj/dropbear/blob/master/src/cli-main.c
- https://lists.debian.org/debian-lts-announce/2025/05/msg00020.html
Package os-autoinst updated to version 4.6-alt20.gitbc541952 for branch sisyphus in task 383882.
Closed bugs
os-autoinst: лишняя сборочная зависимость на startup
Package apt-indicator updated to version 0.4.1-alt1 for branch sisyphus in task 383900.
Closed bugs
Нельзя выставить дату обновления системы более 3 недель
apt-indicator использует /usr/bin/xdg-su
Package virtualbox updated to version 7.1.8-alt2 for branch sisyphus in task 383894.
Closed bugs
Убрать зависимость на xorg-drv-vboxvideo
virtulabox зависит от virtualboxguest-additions
Package python3-module-django updated to version 5.2.1-alt1 for branch sisyphus in task 383925.
Closed vulnerabilities
CVE-2025-32873
An issue was discovered in Django 4.2 before 4.2.21, 5.1 before 5.1.9, and 5.2 before 5.2.1. The django.utils.html.strip_tags() function is vulnerable to a potential denial-of-service (slow performance) when processing inputs containing large sequences of incomplete HTML tags. The template filter striptags is also vulnerable, because it is built on top of strip_tags().