Branch c10f2 update bulletin.

Package dante updated to version 1.4.4-alt1 for branch c10f2 in task 383858.

Published: 2024-12-17
Modified: 2024-12-18

CVE-2024-54662

Dante 1.4.0 through 1.4.3 (fixed in 1.4.4) has incorrect access control for some sockd.conf configurations involving socksmethod.

References:

клиент (socksify) не работоспособен: client not built with preloading support

Package dbeaver updated to version 21.1.3-alt2 for branch c10f2 in task 383911.

Published: 2021-12-14
Modified: 2024-11-21

CVE-2021-3836

dbeaver is vulnerable to Improper Restriction of XML External Entity Reference

Severity: MEDIUM (5.5) Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

References:

Package pgbouncer updated to version 1.24.1-alt1 for branch c10f2 in task 382926.

Published: 2025-04-16
Modified: 2025-04-17

CVE-2025-2291

Password can be used past expiry in PgBouncer due to auth_query not taking into account Postgres its VALID UNTIL value, which allows an attacker to log in with an already expired password

References:

https://www.pgbouncer.org/changelog.html#pgbouncer-124x

Version: 2.1.1

Branch c10f2 update on 2025-05-16

ALT-BU-2025-6838-1

ALT-PU-2025-6569-2

Closed vulnerabilities

CVE-2024-54662

Closed bugs

Bug #51145

ALT-PU-2025-6588-2

Closed vulnerabilities

CVE-2021-3836

ALT-PU-2025-6620-2

Closed vulnerabilities

CVE-2025-2291