1. Ubuntu Security Notices
  2. USN-7984-1

USN-7984-1: Pagure vulnerabilities

Publication date

29 January 2026

Overview

Several security issues were fixed in Pagure.

Releases

Packages

  • pagure - A git-centered forge using pygit2

Details

Thomas Chauchefoin discovered that Pagure incorrectly handled symbolic
links in Git repositories. A remote attacker could possibly use this
issue to cause Pagure to expose files outside the intended repository
boundaries. (CVE-2024-4981)

Thomas Chauchefoin discovered that Pagure did not properly sanitize path
inputs. A remote attacker could possibly use this issue to read arbitrary
files. (CVE-2024-4982)

Thomas Chauchefoin discovered that Pagure incorrectly handled symbolic
links during repository archiving. A remote attacker could possibly use
this issue to disclose local files on the server. (CVE-2024-47515)

Thomas Chauchefoin discovered that Pagure incorrectly handled certain
inputs. A remote attacker could possibly use this issue to execute
arbitrary code on the server. (

Thomas Chauchefoin discovered that Pagure incorrectly handled symbolic
links in Git repositories. A remote attacker could possibly use this
issue to cause Pagure to expose files outside the intended repository
boundaries. (CVE-2024-4981)

Thomas Chauchefoin discovered that Pagure did not properly sanitize path
inputs. A remote attacker could possibly use this issue to read arbitrary
files. (CVE-2024-4982)

Thomas Chauchefoin discovered that Pagure incorrectly handled symbolic
links during repository archiving. A remote attacker could possibly use
this issue to disclose local files on the server. (CVE-2024-47515)

Thomas Chauchefoin discovered that Pagure incorrectly handled certain
inputs. A remote attacker could possibly use this issue to execute
arbitrary code on the server. (CVE-2024-47516)

Update instructions

In general, a standard system update will make all the necessary changes.

Learn more about how to get the fixes.

The problem can be corrected by updating your system to the following package versions:

Ubuntu Release Package Version
24.04 LTS noble pagure –  5.11.3+dfsg-2.1ubuntu0.2
22.04 LTS jammy pagure –  5.11.3+dfsg-1ubuntu0.1
20.04 LTS focal pagure –  5.8.1+dfsg-3ubuntu0.1~esm1  

Reduce your security exposure

Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.

Get Ubuntu Pro

References

Have additional questions?

Talk to a member of the team ›