This CVE is not for python-django, but for some go project
which shares the same name.
Ignore this CVE due to this.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
This ancient CVE [1] is unversioned ("*") in NVD DB.
"mod_sqlpw module in ProFTPD does not reset a cached password..."
Looking at history and changelog, the module was removed [2] around
the time when this CVE was published, likely as reaction to this CVE.
"mod_sqlpw.c, mod_mysql.c and mod_pgsql.c have been REMOVED from the
distribution. They are currently unmaintained and have numerous bugs."
Note: It was later re-introduced as mod_sql when it got fixed under
new maintainer.
[1] https://nvd.nist.gov/vuln/detail/CVE-2001-0027
[2] https://github.com/proftpd/proftpd/blob/v1.3.8b/NEWS#L3362
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 03a1b56bc7)
Adapted to Kirkstone (CVE_STATUS -> CVE_CHECK_IGNORE)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Comes with fixes for CVE-2025-14177, CVE-2025-14178 and CVE-2025-14180
Changelog:
- Curl: Fix curl build and test failures with version 8.16.
- Opcache: Reset global pointers to prevent use-after-free in zend_jit_status().
- PDO: Fixed: PDO quoting result null deref. (CVE-2025-14180)
- Standard:
* Fixed: Null byte termination in dns_get_record().
* Fixed: Heap buffer overflow in array_merge(). (CVE-2025-14178)
* Fixed: Information Leak of Memory in getimagesize. (CVE-2025-14177)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
The tarball was moved to an archive server, so the link stopped
working. Update it to the new location.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
The tarball was moved to a new folder in the SourceForge project,
and the original convenience link stopped working.
Use the direct link instead.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
The original link stopped working.
I have compared the original tarball's content with this revision: the contents
are bit-identical to each other. The only difference is that the original
tarball came with an extra "debian/control" file which is not present in
the git repository, but it not using for compiling.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
This update contains minor bugfixes.
Changelog:
3.0.17.4:
Service Discovery: Fix UPnP regression on Windows
3.0.17.3:
Demux: Fix a regression causing a lack of audio in adaptive streaming
3.0.17.2:
Interface: Qt: Fix right click support on video
Misc: Update YouTube script
This commit has been detached from all branches. The version format
change does not cause version-going-backwards issues.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
The actual patch was identified by checking the file that was modified
in the tag 6.0.42, and also by looking at the Jira item referenced by it:
the patch references DEV-4466, the same ID that is referenced in the
Jira ticket[1] referenced by the NVD report (look in the "All Activity" tab).
[1]: https://support.zabbix.com/browse/ZBX-27284
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
The CVE_PRODUCT is set with a weak default assignment in the cve-check.bbclass,
which means that when the recipe uses +=, it overrides the original weak adefault
value instead of appending to it.
Set all applicable values in CVE_PRODUCT variable explicitly.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
This update contains many bugfixes.
Changelog: https://xdebug.org/updates#x_3_1_5
3.1.5:
- Install documentation gives wrong arch for installation on M1 Macs
- phpize --clean removes required clocks.m4 file
- Constant defined with an enum case produce double "facet" attribute in context_get response
- Crash when used with source guardian encoded files
- Segfault in __callStatic() after FFI initialization
3.1.4:
- Removing second call breakpoint with same function name
- XDebug breaks the Symfony "PhpFilesAdapter" cache adapter
- Possible use after free with GC Stats
- Can't inspect ArrayObject storage elements
- Segmentation fault in symfony cache
- Debug session can be started with "XDEBUG_SESSION_START=anything" when xdebug.trigger_value is set
- Warn when profiler_append is used together with zlib compression
- Code coverage misses static array assignment lines
3.1.3:
- evaling broken code (still) causes unhandled exception in PHP 7.4
- Memory leak when a trace file can't be opened because xdebug.trace_output_name is invalid
- Slowdown when calling a function with long string parameters
- Debugger creates XML with double facet attribute
3.1.2:
- Segfault on fiber switch in finally block in garbage collected fiber
- Crash when profile file can not be created
- __debugInfo is not used for var_dump output
- Segault on xdebug_get_function_stack inside a Fiber
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Last bugfix release of the 5.1.x series.
Changelog:
- Fixed sorting the database list with "statistics" enabled on "Data" column creates a PHP type error
- Fix for invalid cache when losing access to config storage after it being cached
- Fix session cookie not respecting the CookieSameSite configuration directive in PHP 7.2
- Fix create index form accepting too many columns
- Disable editing to system schemas
- Add better error handling when IndexedDB is not working
- Fixed incorrect escaping of special MySQL characters on some pages
- Fix GIS visualization with an edited query
- Remove the use of the deprecated `strftime` function in OpenDocument exports
- Enable tabindex recompute on preview button while insert new rows
- Fix invalid SQL generated when PRIMARY/UNIQUE key contains a POINT column
- Fix setup's CSS not loading when the URL doesn't have a trailing slash
- Remove jQuery SVG JavaScript dependency
- Fix column visibility dropdown when the column name is too long
- Fix issue when exporting using Firefox or Safari on PHP 8.1.4
- Update JavaScript dependencies
- Fix case where errors were thrown when browsing a table
- Fix UI issue when user accounts page has the initials navigation bar
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Gyorgy Sarvari
Peter Marko
Ankur Tyagi
Emil Kronborg Andersen
Ninette Adhikari
Hitendra Prajapati