https://bugzilla.redhat.com/show_bug.cgi?id=2293164
Bug ID: 2293164 Summary: CVE-2024-37891 google-roboto-mono-fonts: urllib3: proxy-authorization request header is not stripped during cross-origin redirects [fedora-all] Product: Fedora Version: 40 Status: NEW Component: google-roboto-mono-fonts Keywords: Security, SecurityTracking Severity: medium Priority: medium Assignee: link@sub-pop.net Reporter: ahanwate@redhat.com QA Contact: extras-qa@fedoraproject.org CC: fonts-bugs@lists.fedoraproject.org, i18n-bugs@lists.fedoraproject.org, link@sub-pop.net Target Milestone: --- Classification: Fedora
More information about this security flaw is available in the following bug:
http://bugzilla.redhat.com/show_bug.cgi?id=2292788
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.