Lector de Feeds

adding myself to test ISO for Mageia10

← Older revision Revision as of 14:03, 6 February 2026 Line 125: Line 125:     * geiadrivalinux30 - geiadrivalinux30 - geiadrivalinux30 at gmail dot com * geiadrivalinux30 - geiadrivalinux30 - geiadrivalinux30 at gmail dot com  +  +* PhilippeDIDIER - Philippe DIDIER - philippedidier at laposte dot net Philippedidier

Publication date: 06 Feb 2026
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-13473 , CVE-2025-14550 , CVE-2026-1207 , CVE-2026-1285 , CVE-2026-1287 , CVE-2026-1312 Description Username enumeration through timing difference in mod_wsgi authentication handler. (CVE-2025-13473) Potential denial-of-service vulnerability via repeated headers when using ASGI. (CVE-2025-14550) Potential SQL injection via raster lookups on PostGIS. (CVE-2026-1207) Potential denial-of-service vulnerability in django.utils.text.Truncator HTML methods. (CVE-2026-1285) Potential SQL injection in column aliases via control characters. (CVE-2026-1287) Potential SQL injection via QuerySet.order_by and FilteredRelation. (CVE-2026-1312) References

• https://bugs.mageia.org/show_bug.cgi?id=35103
• https://ubuntu.com/security/notices/USN-8009-1
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13473
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14550
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1207
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1285
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1287
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1312

SRPMS 9/core

• python-django-4.1.13-1.10.mga9