Fedora alert FEDORA-2025-52dc5ac7d9 (gi-docgen)
| From: | updates--- via package-announce <package-announce@lists.fedoraproject.org> | |
| To: | package-announce@lists.fedoraproject.org | |
| Subject: | [SECURITY] Fedora 41 Update: gi-docgen-2025.5-1.fc41 | |
| Date: | Tue, 21 Oct 2025 01:40:27 +0000 | |
| Message-ID: | <20251021014027.416B17E03B@bastion01.rdu3.fedoraproject.org> | |
| Archive-link: | Article |
-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-52dc5ac7d9 2025-10-21 01:40:08.522799+00:00 -------------------------------------------------------------------------------- Name : gi-docgen Product : Fedora 41 Version : 2025.5 Release : 1.fc41 URL : https://gitlab.gnome.org/GNOME/gi-docgen Summary : Documentation tool for GObject-based libraries Description : GI-DocGen is a document generator for GObject-based libraries. GObject is the base type system of the GNOME project. GI-Docgen reuses the introspection data generated by GObject-based libraries to generate the API reference of these libraries, as well as other ancillary documentation. GI-DocGen is not a general purpose documentation tool for C libraries. While GI-DocGen can be used to generate API references for most GObject/C libraries that expose introspection data, its main goal is to generate the reference for GTK and its immediate dependencies. Any and all attempts at making this tool more generic, or to cover more use cases, will be weighted heavily against its primary goal. GI-DocGen is still in development. The recommended use of GI-DocGen is to add it as a sub-project to your Meson build system, and vendor it when releasing dist archives. You should not depend on a system-wide installation until GI-DocGen is declared stable. -------------------------------------------------------------------------------- Update Information: gi-docgen 2025.5 - 2025-10-11 This is a security fix for CVE-2025-11687. “The severity of this issue depends on what else is hosted on the same domain as the docs. XSS on a website that hosts only gi-docgen docs and nothing else is likely harmless.” Fixed Make sure to escape query strings -------------------------------------------------------------------------------- ChangeLog: * Sat Oct 11 2025 Benjamin A. Beasley <code@musicinmybrain.net> - 2025.5-1 - Update to 2025.5 (close RHBZ#2403282) * Fri Sep 19 2025 Python Maint <python-maint@redhat.com> - 2025.4-5 - Rebuilt for Python 3.14.0rc3 bytecode * Fri Aug 15 2025 Python Maint <python-maint@redhat.com> - 2025.4-4 - Rebuilt for Python 3.14.0rc2 bytecode * Wed Jul 23 2025 Fedora Release Engineering <releng@fedoraproject.org> - 2025.4-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #2403282 - gi-docgen-2025.5 is available https://bugzilla.redhat.com/show_bug.cgi?id=2403282 [ 2 ] Bug #2403539 - CVE-2025-11687 gi-docgen: Reflected DOM XSS in gi-docgen [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2403539 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-52dc5ac7d9' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgr... All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------
Attachment: None (type=text/plain)
-- _______________________________________________ package-announce mailing list -- package-announce@lists.fedoraproject.org To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-cond... List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/package-ann... Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue