|
|
Log in / Subscribe / Register

Ubuntu alert USN-7984-1 (pagure)



From:
              noreply+usn-bot@canonical.com


To:
              ubuntu-security-announce@lists.ubuntu.com


Subject:
              [USN-7984-1] Pagure vulnerabilities


Date:
              Wed, 04 Feb 2026 02:34:24 +0000


Message-ID:
              <E1vnSim-0001SJ-Vx@lists.ubuntu.com>


==========================================================================
Ubuntu Security Notice USN-7984-1
January 29, 2026

pagure vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS

Summary:

Several security issues were fixed in Pagure.

Software Description:
- pagure: A git-centered forge using pygit2

Details:

Thomas Chauchefoin discovered that Pagure incorrectly handled symbolic
links in Git repositories. A remote attacker could possibly use this
issue to cause Pagure to expose files outside the intended repository
boundaries. (CVE-2024-4981)

Thomas Chauchefoin discovered that Pagure did not properly sanitize path
inputs. A remote attacker could possibly use this issue to read arbitrary
files. (CVE-2024-4982)

Thomas Chauchefoin discovered that Pagure incorrectly handled symbolic
links during repository archiving. A remote attacker could possibly use
this issue to disclose local files on the server. (CVE-2024-47515)

Thomas Chauchefoin discovered that Pagure incorrectly handled certain
inputs. A remote attacker could possibly use this issue to execute
arbitrary code on the server. (CVE-2024-47516)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.04 LTS
  pagure                          5.11.3+dfsg-2.1ubuntu0.2

Ubuntu 22.04 LTS
  pagure                          5.11.3+dfsg-1ubuntu0.1

Ubuntu 20.04 LTS
  pagure                          5.8.1+dfsg-3ubuntu0.1~esm1
                                  Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-7984-1
  CVE-2024-47515, CVE-2024-47516, CVE-2024-4981, CVE-2024-4982

Package Information:
  https://launchpad.net/ubuntu/+source/pagure/5.11.3+dfsg-2...
  https://launchpad.net/ubuntu/+source/pagure/5.11.3+dfsg-1...




Attachment: signature.asc (type=application/pgp-signature)

-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEE+8neBLO2Hp/ppPlOcpJm3tlzhgEFAmmCr84ACgkQcpJm3tlz
hgHBLQ//WhsrTYzuPqKx6cPerM2etbvxU+7PTp90dyrYY4ZALCPN8Ii0tb2+vko/
9Soy35cJDQz7q7T631wp31Jr0Lef2FndABdEOpMxLKDxtBh4mLyYPb0UprEV2ftJ
ZEp5gNCZwdZsMwhDJ6XxsjmICCjhZ3dGCVbLoH72hWtRfsH/TtkA88SzfeCvny6s
R8ndYaqGm3AV4/ZxcVZ/5pNSqOPxv737mU7gs+RkZuFrPO72u7nNTy9OAkt4wkua
ImPwfyiDqLk5nTI8tiwtph2qX6CQF6T78tsQyNKZvY44S0+tTzFtERfhRFdSBG2a
7LhqzTc9qQ4yRoKrdB6Fl4Sqv2j707Ytm+IsAaPyURTDX8HgOLbQlUIpSPISfcNZ
DJ3sSwvchulrR7N37sJb9W4xNLl1JX48C8foAyx4okxSbFl0BpsmTMUw/xm1VnMO
MHwErk6Pl5i2rvEK0HV7H4+9F/V1/26+rLUEfoq3GejL2MP7BCUBbbDm6B4/W5xb
biGGvWNYqraq2XdiO1CLYGz8XVORUkcRnzA2MxtWtG+5njTMwNvExGVfI4jWEph9
kr6HK5mT4M4P2ffy5ggFUieNwkQnvvoUCgsN+Wab0vvM9P6sgVFgtV+Qf/M4iN+I
L1FEUMMyPofpC2dizXNDKiiDmvfRLbI/Cz3WuEWuhfcVtnForro=
=bWcE
-----END PGP SIGNATURE-----
to post comments


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds