[oss-security] CVE-2025-49091: Konsole: Code execution from web browser using URL schemes handled by KDE's KTelnetService and Konsole < 25.04.2

Code execution from web browser using URL schemes handled by KDE's KTelnetService and Konsole = Abstract This issue affects systems where KTelnetService and a vulnerable version of Konsole are in

Re: [oss-security] Django CVE-2025-48432 (follow-up patch releases)

Hi! A side note for everyone relying on GitHub Dependabot for dependency updates: Dependabot is failing to send updates for Django 5.2.3 even when triggered manually. So this may need manual pull requests, and it's not the first time [1]. Best Sebastian [1] https://github.com/dependab

[oss-security] Re: Django CVE-2025-48432 (follow-up patch releases)

Corrected announcement link: https://www.djangoproject.com/weblog/2025/jun/10/bugfix-releases/ On Tue, Jun 10, 2025 at 3:28 PM Sarah Boyce wrote: > https://www.djangoproject.com/weblog/2025/jun/04/security-releases/ > > Following the June 4, 2025 security release, the Django team is issuing > re

[oss-security] Django CVE-2025-48432 (follow-up patch releases)

https://www.djangoproject.com/weblog/2025/jun/04/security-releases/ Following the June 4, 2025 security release, the Django team is issuing releases for `Django 5.2.3 `_, `Django 5.1.11 `

Re: [oss-security] Local information disclosure in apport and systemd-coredump

Hi Alexander, On Fri, Jun 06, 2025 at 03:20:27AM +0200, Solar Designer wrote: > In your message to linux-distros, you shared these two patches: > > 0001-coredump-get-rid-of-_META_MANDATORY_MAX.patch > 0003-coredump-also-stop-forwarding-non-dumpable-processes.patch > > So it looks like you omitte