Drafts

Create draft to convert the suggestion into a draft security issue that can be edited before publishing.

Dismiss to remove a suggestion from the queue.

CVE-2025-4953

7.4 HIGH

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): HIGH
Privileges required (PR): NONE
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): HIGH
Integrity impact (I): HIGH
Availability impact (A): NONE

updated 1 week ago by @LeSuisse Activity log

Created automatic suggestion 1 month, 2 weeks ago
@LeSuisse removed
7 packages
- podman-tui
- podman-bootc
- podman-compose
- podman-desktop
- nomad-driver-podman
- python312Packages.podman
- python313Packages.podman
1 week ago
@LeSuisse accepted as draft 1 week ago

Podman: build context bind mount

A flaw was found in Podman. In a Containerfile or Podman, data written to RUN --mount=type=bind mounts during the podman build is not discarded. This issue can lead to files created within the container appearing in the temporary build context directory on the host, leaving the created files accessible.

rhcos

podman

container-tools:rhel8/podman

pkgs.podman

Program for managing pods, containers and container images

nixos-unstable ???
- nixpkgs-unstable 5.6.1

Package maintainers: 8

@fabaff Fabian Affolter <mail@fabian-affolter.ch>

@vdemeester Vincent Demeester <vincent@sbr.pm>

@saschagrunert Sascha Grunert <mail@saschagrunert.de>

@cpcloud Phillip Cloud

@evan-goode Evan Goode <mail@evangoo.de>

@sikmir Nikolay Korotkiy <sikmir@disroot.org>

@booxter Ihar Hrachyshka <ihar.hrachyshka@gmail.com>

@aaronjheng Aaron Jheng <wentworth@outlook.com>

CVE-2025-8396

updated 1 week ago by @LeSuisse Activity log

Created automatic suggestion 1 month, 2 weeks ago
@LeSuisse removed
14 packages
- temporal-cli
- python312Packages.temporalio
- python313Packages.temporalio
- haskellPackages.temporal-media
- terraform-providers.temporalcloud
- postgresqlPackages.temporal_tables
- postgresql13Packages.temporal_tables
- postgresql14Packages.temporal_tables
- postgresql15Packages.temporal_tables
- postgresql16Packages.temporal_tables
- postgresql18Packages.temporal_tables
- haskellPackages.temporal-music-notation
- haskellPackages.temporal-music-notation-demo
- haskellPackages.temporal-music-notation-western
1 week ago
@LeSuisse accepted as draft 1 week ago

Insufficiently specific bounds checking on authorization header could lead to …

Insufficiently specific bounds checking on authorization header could lead to denial of service in the Temporal server on all platforms due to excessive memory allocation.This issue affects all platforms and versions of OSS Server prior to 1.26.3, 1.27.3, and 1.28.1 (i.e., fixed in 1.26.3, 1.27.3, and 1.28.1 and later). Temporal Cloud services are not impacted.

temporal

<1.28.1

<1.27.3

<1.26.3

pkgs.temporal

Microservice orchestration platform which enables developers to build scalable applications without sacrificing productivity or reliability

nixos-unstable ???
- nixpkgs-unstable 1.28.1

Package maintainers: 4

@ggPeti Peter Ferenczy <ggpeti@gmail.com>

@levigross Levi Gross <levi@levigross.com>

@jpds Jonathan Davies

@aaronjheng Aaron Jheng <wentworth@outlook.com>