Branch c10f2 update bulletin.

Package dante updated to version 1.4.4-alt1 for branch c10f2 in task 383858.

Published: 2024-12-17
Modified: 2024-12-18

CVE-2024-54662

Dante 1.4.0 through 1.4.3 (fixed in 1.4.4) has incorrect access control for some sockd.conf configurations involving socksmethod.

Severity: CRITICAL (9.1) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

References:

клиент (socksify) не работоспособен: client not built with preloading support

Package dbeaver updated to version 21.1.3-alt2 for branch c10f2 in task 383911.

Published: 2021-12-14
Modified: 2024-11-21

CVE-2021-3836

dbeaver is vulnerable to Improper Restriction of XML External Entity Reference

Severity: MEDIUM (4.3) Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N

Severity: MEDIUM (5.5) Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

References:

Package pgbouncer updated to version 1.24.1-alt1 for branch c10f2 in task 382926.

Published: 2025-04-16
Modified: 2025-11-03

CVE-2025-2291

Password can be used past expiry in PgBouncer due to auth_query not taking into account Postgres its VALID UNTIL value, which allows an attacker to log in with an already expired password

Severity: HIGH (8.1) Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Version: 2.1.2

Branch c10f2 update on 2025-05-16

ALT-BU-2025-6838-1

ALT-PU-2025-6569-2

Closed vulnerabilities

CVE-2024-54662

Closed bugs

Bug #51145

ALT-PU-2025-6588-2

Closed vulnerabilities

CVE-2021-3836

ALT-PU-2025-6620-2

Closed vulnerabilities

CVE-2025-2291