Lector de Feeds

Publication date: 13 Mar 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-8443 , CVE-2024-45615 , CVE-2024-45616 , CVE-2024-45617 , CVE-2024-45618 , CVE-2024-45619 , CVE-2024-45620 Description Heap buffer overflow in openpgp driver when generating key. (CVE-2024-8443) Usage of uninitialized values in libopensc and pkcs15init. (CVE-2024-45615) Uninitialized values after incorrect check or usage of apdu response values in libopensc. (CVE-2024-45616) Uninitialized values after incorrect or missing checking return values of functions in libopensc. (CVE-2024-45617) Uninitialized values after incorrect or missing checking return values of functions in pkcs15init. (CVE-2024-45618) Incorrect handling length of buffers or files in libopensc. (CVE-2024-45619) Incorrect handling of the length of buffers or files in pkcs15init. (CVE-2024-45620) References

• https://bugs.mageia.org/show_bug.cgi?id=34087
• https://ubuntu.com/security/notices/USN-7346-1
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-8443
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45615
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45616
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45617
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45618
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45619
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45620

SRPMS 9/core

• opensc-0.25.0-1.1.mga9

‎Various software: Use folder template in folders

← Older revision Revision as of 17:50, 13 March 2025 Line 359: Line 359:  {{Bug|33330}} - '''aegisub crashes at start in wayland session. - WORKAROUND:''' Start it from command line this way: {{cmd|<nowiki>env GDK_BACKEND=x11 aegisub</nowiki>}}.   {{Bug|33330}} - '''aegisub crashes at start in wayland session. - WORKAROUND:''' Start it from command line this way: {{cmd|<nowiki>env GDK_BACKEND=x11 aegisub</nowiki>}}.      −'''FIXED BY UPDATE''' {{Bug|33366}} -  After first run '''neochat''' in light desktops can't start a new session once you quit from application icon in taskbar. It is fixed in the update, but if you already bite by this you note still can't start a new session, I hope you have your account data because you need to remove {{file|~/.local/share/KDE/neochat}}, {{file|~/.config/neochatrc}}, {{file|~/.config/KDE/neochat.conf}}, {{file|~/.cache/KDE/neochat}}.+'''FIXED BY UPDATE''' {{Bug|33366}} -  After first run '''neochat''' in light desktops can't start a new session once you quit from application icon in taskbar. It is fixed in the update, but if you already bite by this you note still can't start a new session, I hope you have your account data because you need to remove {{folder|~/.local/share/KDE/neochat}}, {{file|~/.config/neochatrc}}, {{file|~/.config/KDE/neochat.conf}}, {{folder|~/.cache/KDE/neochat}}.     Also if you have some preference in password manager application ({{prog|gnome-keyring}} , {{prog|kwalletmanager}}, {{prog|keepassxc}}) please install before the update and for [https://bugs.mageia.org/show_bug.cgi?id=32712#c18 kwallet] and keepassxc you have to make some configurations. Also if you have some preference in password manager application ({{prog|gnome-keyring}} , {{prog|kwalletmanager}}, {{prog|keepassxc}}) please install before the update and for [https://bugs.mageia.org/show_bug.cgi?id=32712#c18 kwallet] and keepassxc you have to make some configurations. Katnatek

‎Various software: In errata we try to keep each bug note compact.

← Older revision Revision as of 09:46, 13 March 2025 Line 359: Line 359:  {{Bug|33330}} - '''aegisub crashes at start in wayland session. - WORKAROUND:''' Start it from command line this way: {{cmd|<nowiki>env GDK_BACKEND=x11 aegisub</nowiki>}}.   {{Bug|33330}} - '''aegisub crashes at start in wayland session. - WORKAROUND:''' Start it from command line this way: {{cmd|<nowiki>env GDK_BACKEND=x11 aegisub</nowiki>}}.      −'''FIXED''' {{Bug|33366}} -  After 1st run '''neochat''' in light desktops can't start session once you quit from application icon in taskbar, its fixed but if you already bite by this you note still can't star session, I hope you have your account data because you need to remove+'''FIXED BY UPDATE''' {{Bug|33366}} -  After first run '''neochat''' in light desktops can't start a new session once you quit from application icon in taskbar. It is fixed in the update, but if you already bite by this you note still can't start a new session, I hope you have your account data because you need to remove {{file|~/.local/share/KDE/neochat}}, {{file|~/.config/neochatrc}}, {{file|~/.config/KDE/neochat.conf}}, {{file|~/.cache/KDE/neochat}}. − ~/.local/share/KDE/neochat  − ~/.config/neochatrc  − ~/.config/KDE/neochat.conf  − ~/.cache/KDE/neochat      Also if you have some preference in password manager application ({{prog|gnome-keyring}} , {{prog|kwalletmanager}}, {{prog|keepassxc}}) please install before the update and for [https://bugs.mageia.org/show_bug.cgi?id=32712#c18 kwallet] and keepassxc you have to make some configurations. Also if you have some preference in password manager application ({{prog|gnome-keyring}} , {{prog|kwalletmanager}}, {{prog|keepassxc}}) please install before the update and for [https://bugs.mageia.org/show_bug.cgi?id=32712#c18 kwallet] and keepassxc you have to make some configurations. Morgano

‎Various software: neochat

← Older revision Revision as of 23:46, 12 March 2025 Line 358: Line 358:     {{Bug|33330}} - '''aegisub crashes at start in wayland session. - WORKAROUND:''' Start it from command line this way: {{cmd|<nowiki>env GDK_BACKEND=x11 aegisub</nowiki>}}.   {{Bug|33330}} - '''aegisub crashes at start in wayland session. - WORKAROUND:''' Start it from command line this way: {{cmd|<nowiki>env GDK_BACKEND=x11 aegisub</nowiki>}}.    +  +'''FIXED''' {{Bug|33366}} -  After 1st run '''neochat''' in light desktops can't start session once you quit from application icon in taskbar, its fixed but if you already bite by this you note still can't star session, I hope you have your account data because you need to remove  + ~/.local/share/KDE/neochat  + ~/.config/neochatrc  + ~/.config/KDE/neochat.conf  + ~/.cache/KDE/neochat  +  +Also if you have some preference in password manager application ({{prog|gnome-keyring}} , {{prog|kwalletmanager}}, {{prog|keepassxc}}) please install before the update and for [https://bugs.mageia.org/show_bug.cgi?id=32712#c18 kwallet] and keepassxc you have to make some configurations.     {{Bug|33697}} - '''Nextcloud client''' - We fail to keep it updated.  Instead, upstream AppImage can be used, see [[Nextcloud-client]]. {{Bug|33697}} - '''Nextcloud client''' - We fail to keep it updated.  Instead, upstream AppImage can be used, see [[Nextcloud-client]]. Katnatek

Publication date: 12 Mar 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-26699 Description An issue was discovered in Django 5.1 before 5.1.7, 5.0 before 5.0.13, and 4.2 before 4.2.20. The django.utils.text.wrap() method and wordwrap template filter are subject to a potential denial-of-service attack when used with very long strings. (CVE-2025-26699) References

• https://bugs.mageia.org/show_bug.cgi?id=34073
• https://ubuntu.com/security/notices/USN-7335-1
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699

SRPMS 9/core

• python-django-4.1.13-1.3.mga9

Publication date: 12 Mar 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-27516 Description Jinja sandbox breakout through attr filter selecting format method. (CVE-2025-27516) References

• https://bugs.mageia.org/show_bug.cgi?id=34081
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MUH4YM6G3UIVK2776BABUYJKVIBPTUT5/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27516

SRPMS 9/core

• python-jinja2-3.1.6-1.mga9

Publication date: 12 Mar 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-43097 , CVE-2025-1931 , CVE-2025-1932 , CVE-2025-1933 , CVE-2025-1934 , CVE-2025-1935 , CVE-2025-1936 , CVE-2025-1937 , CVE-2025-1938 Description CVE-2024-43097: Overflow when growing an SkRegion's RunArray CVE-2025-1930: AudioIPC StreamData could trigger a use-after-free in the Browser process CVE-2025-1931: Use-after-free in WebTransportChild CVE-2025-1932: Inconsistent comparator in XSLT sorting led to out-of-bounds access CVE-2025-1933: JIT corruption of WASM i32 return values on 64-bit CPUs CVE-2025-1934: Unexpected GC during RegExp bailout processing CVE-2025-1935: Clickjacking the registerProtocolHandler info-bar CVE-2025-1936: Adding %00 and a fake extension to a jar: URL changed the interpretation of the contents CVE-2025-1937: Memory safety bugs fixed in Firefox 136, Thunderbird 136, Firefox ESR 115.21, Firefox ESR 128.8, and Thunderbird 128.8 CVE-2025-1938: Memory safety bugs fixed in Firefox 136, Thunderbird 136, Firefox ESR 128.8, and Thunderbird 128.8 References

• https://bugs.mageia.org/show_bug.cgi?id=34065
• https://www.thunderbird.net/en-US/thunderbird/128.8.0esr/releasenotes/
• https://www.mozilla.org/en-US/security/advisories/mfsa2025-18/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43097
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1931
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1932
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1933
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1934
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1935
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1936
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1937
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1938

SRPMS 9/core

• thunderbird-128.8.0-1.mga9
• thunderbird-l10n-128.8.0-1.mga9

Publication date: 12 Mar 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-43097 , CVE-2025-1931 , CVE-2025-1932 , CVE-2025-1933 , CVE-2025-1934 , CVE-2025-1935 , CVE-2025-1936 , CVE-2025-1937 , CVE-2025-1938 Description CVE-2024-43097: Overflow when growing an SkRegion's RunArray CVE-2025-1930: AudioIPC StreamData could trigger a use-after-free in the Browser process CVE-2025-1931: Use-after-free in WebTransportChild CVE-2025-1932: Inconsistent comparator in XSLT sorting led to out-of-bounds access CVE-2025-1933: JIT corruption of WASM i32 return values on 64-bit CPUs CVE-2025-1934: Unexpected GC during RegExp bailout processing CVE-2025-1935: Clickjacking the registerProtocolHandler info-bar CVE-2025-1936: Adding %00 and a fake extension to a jar: URL changed the interpretation of the contents CVE-2025-1937: Memory safety bugs fixed in Firefox 136, Thunderbird 136, Firefox ESR 115.21, Firefox ESR 128.8, and Thunderbird 128.8 CVE-2025-1938: Memory safety bugs fixed in Firefox 136, Thunderbird 136, Firefox ESR 128.8, and Thunderbird 128.8 References

• https://bugs.mageia.org/show_bug.cgi?id=34064
• https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_109.html
• https://www.mozilla.org/en-US/firefox/128.8.0/releasenotes/
• https://www.mozilla.org/en-US/security/advisories/mfsa2025-16/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43097
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1931
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1932
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1933
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1934
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1935
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1936
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1937
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1938

SRPMS 9/core

• firefox-128.8.0-1.mga9
• firefox-l10n-128.8.0-1.mga9
• nss-3.109.0-1.mga9

Publication date: 12 Mar 2025
Type: bugfix
Affected Mageia releases : 9
Description To fully work on some light desktops, neochat needs to require a password management application. This update fixes the issue. References

• https://bugs.mageia.org/show_bug.cgi?id=33366

SRPMS 9/core

• neochat-23.04.3-1.2.mga9