FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

rpm4 -- Multiple Vulnerabilities

Affected packages
rpm4 < 4.18.0

Details

VuXML ID 0c52abde-717b-11ed-98ca-40b034429ecf
Discovery 2022-08-22
Entry 2022-12-01

rpm project reports:

Fix intermediate symlinks not verified (CVE-2021-35939).

Fix subkey binding signatures not checked on PGP public keys (CVE-2021-3521).

Refactor file and directory operations to use fd-based APIs throughout (CVE-2021-35938)

References

CVE Name CVE-2021-3521
CVE Name CVE-2021-35938
CVE Name CVE-2021-35939