Refresh RPM lockfiles [SECURITY]

[red-hat-konflux]

This PR contains the following updates:

Update	Change
lockFileMaintenance	All locks refreshed

---

Warning

Some dependencies could not be looked up. Check the warning logs for more information.

---

gitk: git script execution flaw

CVE-2025-27614

More information

Severity

Important

References

• https://access.redhat.com/security/cve/CVE-2025-27614
• https://bugzilla.redhat.com/show_bug.cgi?id=2379125
• https://www.cve.org/CVERecord?id=CVE-2025-27614
• https://nvd.nist.gov/vuln/detail/CVE-2025-27614
• https://lore.kernel.org/git/[email protected]/
• https://www.openwall.com/lists/oss-security/2025/07/08/4

---

git: Git GUI can create and overwrite files for which the user has write permission

CVE-2025-46835

More information

Severity

Important

References

• https://access.redhat.com/security/cve/CVE-2025-46835
• https://bugzilla.redhat.com/show_bug.cgi?id=2379326
• https://www.cve.org/CVERecord?id=CVE-2025-46835
• https://nvd.nist.gov/vuln/detail/CVE-2025-46835
• https://github.com/j6t/git-gui/compare/dcda716dbc9c90bcac4611bd1076747671ee0906..a437f5bc93330a70b42a230e52f3bd036ca1b1da
• https://github.com/j6t/git-gui/security/advisories/GHSA-xfx7-68v4-v8fg

---

git: Newline confusion in credential helpers can lead to credential exfiltration in git

CVE-2024-52006

More information

Severity

Important

References

• https://access.redhat.com/security/cve/CVE-2024-52006
• https://bugzilla.redhat.com/show_bug.cgi?id=2337956
• https://www.cve.org/CVERecord?id=CVE-2024-52006
• https://nvd.nist.gov/vuln/detail/CVE-2024-52006
• https://github.com/git-ecosystem/git-credential-manager/security/advisories/GHSA-86c2-4x57-wc8g
• https://github.com/git/git/commit/b01b9b81d36759cdcd07305e78765199e1bc2060
• https://github.com/git/git/security/advisories/GHSA-qm7j-c969-7j4q
• https://github.com/git/git/security/advisories/GHSA-r5ph-xg7q-xfrp

---

git: Git does not sanitize URLs when asking for credentials interactively

CVE-2024-50349

More information

Severity

Important

References

• https://access.redhat.com/security/cve/CVE-2024-50349
• https://bugzilla.redhat.com/show_bug.cgi?id=2337824
• https://www.cve.org/CVERecord?id=CVE-2024-50349
• https://nvd.nist.gov/vuln/detail/CVE-2024-50349
• https://github.com/git/git/commit/7725b8100ffbbff2750ee4d61a0fcc1f53a086e8
• https://github.com/git/git/commit/c903985bf7e772e2d08275c1a95c8a55ab011577
• https://github.com/git/git/security/advisories/GHSA-hmg8-h7qf-7cxr

---

git: Git arbitrary file writes

CVE-2025-48385

More information

Severity

Important

References

• https://access.redhat.com/security/cve/CVE-2025-48385
• https://bugzilla.redhat.com/show_bug.cgi?id=2378808
• https://www.cve.org/CVERecord?id=CVE-2025-48385
• https://nvd.nist.gov/vuln/detail/CVE-2025-48385
• https://github.com/git/git/security/advisories/GHSA-m98c-vgpc-9655

---

git: Git arbitrary code execution

CVE-2025-48384

More information

Severity

Important

References

• https://access.redhat.com/security/cve/CVE-2025-48384
• https://bugzilla.redhat.com/show_bug.cgi?id=2378806
• https://www.cve.org/CVERecord?id=CVE-2025-48384
• https://nvd.nist.gov/vuln/detail/CVE-2025-48384
• https://dgl.cx/2025/07/git-clone-submodule-cve-2025-48384
• https://github.com/git/git/commit/05e9cd64ee23bbadcea6bcffd6660ed02b8eab89
• https://github.com/git/git/security/advisories/GHSA-vwqx-4fm8-6qc9
• https://www.cisa.gov/known-exploited-vulnerabilities-catalog

---

gitk: Git file creation flaw

CVE-2025-27613

More information

Severity

Important

References

• https://access.redhat.com/security/cve/CVE-2025-27613
• https://bugzilla.redhat.com/show_bug.cgi?id=2379124
• https://www.cve.org/CVERecord?id=CVE-2025-27613
• https://nvd.nist.gov/vuln/detail/CVE-2025-27613
• https://github.com/j6t/gitk/security/advisories/GHSA-f3cw-xrj3-wr2v
• https://lore.kernel.org/git/[email protected]/
• https://www.openwall.com/lists/oss-security/2025/07/08/4

---

jq: jq has signed integer overflow in jv.c:jvp_array_write

CVE-2024-23337

More information

Severity

Moderate

References

• https://access.redhat.com/security/cve/CVE-2024-23337
• https://bugzilla.redhat.com/show_bug.cgi?id=2367807
• https://www.cve.org/CVERecord?id=CVE-2024-23337
• https://nvd.nist.gov/vuln/detail/CVE-2024-23337
• https://github.com/jqlang/jq/commit/de21386681c0df0104a99d9d09db23a9b2a78b1e
• https://github.com/jqlang/jq/issues/3262
• https://github.com/jqlang/jq/security/advisories/GHSA-2q6r-344g-cx46

---

jq: AddressSanitizer: stack-buffer-overflow in jq_fuzz_execute (jv_string_vfmt)

CVE-2025-48060

More information

Severity

Moderate

References

• https://access.redhat.com/security/cve/CVE-2025-48060
• https://bugzilla.redhat.com/show_bug.cgi?id=2367842
• https://www.cve.org/CVERecord?id=CVE-2025-48060
• https://nvd.nist.gov/vuln/detail/CVE-2025-48060
• https://github.com/jqlang/jq/security/advisories/GHSA-p7rr-28xf-3m5w

---

cpython: python: Extraction filter bypass for linking outside extraction directory

CVE-2025-4330

More information

Severity

Important

References

• https://access.redhat.com/security/cve/CVE-2025-4330
• https://bugzilla.redhat.com/show_bug.cgi?id=2370014
• https://www.cve.org/CVERecord?id=CVE-2025-4330
• https://nvd.nist.gov/vuln/detail/CVE-2025-4330
• https://gist.github.com/sethmlarson/52398e33eff261329a0180ac1d54f42f
• https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a
• https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a
• https://github.com/python/cpython/issues/135034
• https://github.com/python/cpython/pull/135037
• https://mail.python.org/archives/list/[email protected]/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/

---

cpython: python: Bypass extraction filter to modify file metadata outside extraction directory

CVE-2024-12718

More information

Severity

Important

References

• https://access.redhat.com/security/cve/CVE-2024-12718
• https://bugzilla.redhat.com/show_bug.cgi?id=2370013
• https://www.cve.org/CVERecord?id=CVE-2024-12718
• https://nvd.nist.gov/vuln/detail/CVE-2024-12718
• https://gist.github.com/sethmlarson/52398e33eff261329a0180ac1d54f42f
• https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a
• https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a
• https://github.com/python/cpython/issues/127987
• https://github.com/python/cpython/issues/135034
• https://github.com/python/cpython/pull/135037
• https://mail.python.org/archives/list/[email protected]/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/

---

cpython: Cpython infinite loop when parsing a tarfile

CVE-2025-8194

More information

Severity

Moderate

References

• https://access.redhat.com/security/cve/CVE-2025-8194
• https://bugzilla.redhat.com/show_bug.cgi?id=2384043
• https://www.cve.org/CVERecord?id=CVE-2025-8194
• https://nvd.nist.gov/vuln/detail/CVE-2025-8194
• https://github.com/python/cpython/issues/130577
• https://github.com/python/cpython/pull/137027
• https://mail.python.org/archives/list/[email protected]/thread/ZULLF3IZ726XP5EY7XJ7YIN3K5MDYR2D/

---

cpython: Tarfile extracts filtered members when errorlevel=0

CVE-2025-4435

More information

Severity

Important

References

• https://access.redhat.com/security/cve/CVE-2025-4435
• https://bugzilla.redhat.com/show_bug.cgi?id=2370010
• https://www.cve.org/CVERecord?id=CVE-2025-4435
• https://nvd.nist.gov/vuln/detail/CVE-2025-4435
• https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a
• https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a
• https://github.com/python/cpython/issues/135034
• https://github.com/python/cpython/pull/135037
• https://mail.python.org/archives/list/[email protected]/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/

---

python: cpython: Arbitrary writes via tarfile realpath overflow

CVE-2025-4517

More information

Severity

Important

References

• https://access.redhat.com/security/cve/CVE-2025-4517
• https://bugzilla.redhat.com/show_bug.cgi?id=2370016
• https://www.cve.org/CVERecord?id=CVE-2025-4517
• https://nvd.nist.gov/vuln/detail/CVE-2025-4517
• https://gist.github.com/sethmlarson/52398e33eff261329a0180ac1d54f42f
• https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a
• https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a
• https://github.com/python/cpython/issues/135034
• https://github.com/python/cpython/pull/135037
• https://mail.python.org/archives/list/[email protected]/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/

---

cpython: python: Bypassing extraction filter to create symlinks to arbitrary targets outside extraction directory

CVE-2025-4138

More information

Severity

Important

References

• https://access.redhat.com/security/cve/CVE-2025-4138
• https://bugzilla.redhat.com/show_bug.cgi?id=2372426
• https://www.cve.org/CVERecord?id=CVE-2025-4138
• https://nvd.nist.gov/vuln/detail/CVE-2025-4138
• https://gist.github.com/sethmlarson/52398e33eff261329a0180ac1d54f42f
• https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a
• https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a
• https://github.com/python/cpython/issues/135034
• https://github.com/python/cpython/pull/135037
• https://mail.python.org/archives/list/[email protected]/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/

---

setuptools: Path Traversal Vulnerability in setuptools PackageIndex

CVE-2025-47273

More information

Severity

Moderate

References

• https://access.redhat.com/security/cve/CVE-2025-47273
• https://bugzilla.redhat.com/show_bug.cgi?id=2366982
• https://www.cve.org/CVERecord?id=CVE-2025-47273
• https://nvd.nist.gov/vuln/detail/CVE-2025-47273
• https://github.com/pypa/setuptools/blob/6ead555c5fb29bc57fe6105b1bffc163f56fd558/setuptools/package_index.py#L810C1-L825C88
• https://github.com/pypa/setuptools/commit/250a6d17978f9f6ac3ac887091f2d32886fbbb0b
• https://github.com/pypa/setuptools/issues/4946
• https://github.com/pypa/setuptools/security/advisories/GHSA-5rjg-fvgr-3xxf

---

linux-pam: Incomplete fix for CVE-2025-6020

CVE-2025-8941

More information

Severity

Important

References

• https://access.redhat.com/security/cve/CVE-2025-8941
• https://bugzilla.redhat.com/show_bug.cgi?id=2388220
• https://www.cve.org/CVERecord?id=CVE-2025-8941
• https://nvd.nist.gov/vuln/detail/CVE-2025-8941

---

linux-pam: Linux-pam directory Traversal

CVE-2025-6020

More information

Severity

Important

References

• https://access.redhat.com/security/cve/CVE-2025-6020
• https://bugzilla.redhat.com/show_bug.cgi?id=2372512
• https://www.cve.org/CVERecord?id=CVE-2025-6020
• https://nvd.nist.gov/vuln/detail/CVE-2025-6020

🔧 This Pull Request updates lock files to use the latest dependency versions.

---

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

To execute skipped test pipelines write comment /ok-to-test.

This PR has been generated by MintMaker (powered by Renovate Bot).