Lector de Feeds

Publication date: 12 May 2025
Type: bugfix
Affected Mageia releases : 9
Description Some translated man pages are badly rendered, like the nmap one in Russian. This changes the file 20less.sh to avoid defining the env variable LESSCHARSET. References

• https://bugs.mageia.org/show_bug.cgi?id=34251

SRPMS 9/core

• less-678-1.1.mga9

Publication date: 11 May 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-2866 Description PDF signature forgery with adbe.pkcs7.sha1 SubFilter. (CVE-2025-2866) References

• https://bugs.mageia.org/show_bug.cgi?id=34234
• https://lists.debian.org/debian-security-announce/2025/msg00070.html
• https://www.libreoffice.org/about-us/security/advisories/cve-2025-2866/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-2866

SRPMS 9/core

• libreoffice-24.2.7.2-1.3.mga9

Publication date: 11 May 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-32873 Description An issue was discovered in Django 4.2 before 4.2.21, 5.1 before 5.1.9, and 5.2 before 5.2.1. The django.utils.html.strip_tags() function is vulnerable to a potential denial-of-service (slow performance) when processing inputs containing large sequences of incomplete HTML tags. The template filter striptags is also vulnerable, because it is built on top of strip_tags(). (CVE-2025-32873) References

• https://bugs.mageia.org/show_bug.cgi?id=34259
• https://ubuntu.com/security/notices/USN-7501-1
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873

SRPMS 9/core

• python-django-4.1.13-1.4.mga9

Publication date: 11 May 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-31162 , CVE-2025-31163 , CVE-2025-31164 Description Floating point exception in fig2dev in version 3.2.9a allows an attacker to availability via local input manipulation via get_slope function. (CVE-2025-31162) Segmentation fault in fig2dev in version 3.2.9a allows an attacker to availability via local input manipulation via put_patternarc function. (CVE-2025-31163) Heap-buffer overflow in fig2dev in version 3.2.9a allows an attacker to availability via local input manipulation via create_line_with_spline. (CVE-2025-31164) References

• https://bugs.mageia.org/show_bug.cgi?id=34260
• https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/MJCOBXBMU3EIKTUVVEJUQTIAIJY6GWXG/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-31162
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-31163
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-31164

SRPMS 9/core

• transfig-3.2.9a-1.mga9

In Mageia/9/x86_64: Mesa is an OpenGL 4.6 compatible 3D graphics library.

In Mageia/9/aarch64: Mesa is an OpenGL 4.6 compatible 3D graphics library.

In Mageia/9/armv7hl: Mesa is an OpenGL 4.6 compatible 3D graphics library.

In Mageia/9/i586: Mesa is an OpenGL 4.6 compatible 3D graphics library.

In Mageia/cauldron/x86_64: Rachota is a portable application for timetracking different projects. It runs everywhere. It displays time data in diagram form, creates customized reports and invoices or analyses measured data and suggests hints to improve user's time usage. The totally portable yet personal timetracker.

In Mageia/cauldron/i586: Rachota is a portable application for timetracking different projects. It runs everywhere. It displays time data in diagram form, creates customized reports and invoices or analyses measured data and suggests hints to improve user's time usage. The totally portable yet personal timetracker.

In Mageia/cauldron/i586: A program to convert images from PPM format into the control language for the Alps Micro-Dry printers, at various times sold by Citizen, Alps and Okidata. This program drives the Alps Micro-Dry series of printers, including the Citizen Printiva series, Alps MD series, and Oki DP series (but not yet the DP-7000). In the current release, the program drives the standard mode fairly well; the dye sublimation mode very well; and the VPhoto mode reasonably well. It supports all the colours available up to the DP-5000, including the foil colours.

In Mageia/cauldron/x86_64: A program to convert images from PPM format into the control language for the Alps Micro-Dry printers, at various times sold by Citizen, Alps and Okidata. This program drives the Alps Micro-Dry series of printers, including the Citizen Printiva series, Alps MD series, and Oki DP series (but not yet the DP-7000). In the current release, the program drives the standard mode fairly well; the dye sublimation mode very well; and the VPhoto mode reasonably well. It supports all the colours available up to the DP-5000, including the foil colours.

In Mageia/cauldron/x86_64: This tool tries to recover JFIF (JPEG) pictures and MOV movies (using recovermov) from a peripheral. This may be useful if you mistakenly overwrite a partition or if a device such as a digital camera memory card is bogus.

In Mageia/cauldron/i586: This tool tries to recover JFIF (JPEG) pictures and MOV movies (using recovermov) from a peripheral. This may be useful if you mistakenly overwrite a partition or if a device such as a digital camera memory card is bogus.

In Mageia/cauldron/x86_64: Rdfind is a program that finds duplicate files. It is useful for compressing backup directories or just finding duplicate files. It compares files based on their content, NOT on their file names.

In Mageia/cauldron/i586: Rdfind is a program that finds duplicate files. It is useful for compressing backup directories or just finding duplicate files. It compares files based on their content, NOT on their file names.

In Mageia/cauldron/x86_64: Unifont is a Unicode font with a glyph for every visible Unicode Basic Multilingual Plane code point and more, with supporting utilities to modify the font. This package contains tools and glyph descriptions.

In Mageia/cauldron/i586: Unifont is a Unicode font with a glyph for every visible Unicode Basic Multilingual Plane code point and more, with supporting utilities to modify the font. This package contains tools and glyph descriptions.

In Mageia/cauldron/i586: RANCID monitors a router's (or more generally a device's) configuration, including software and hardware (cards, serial numbers, etc) and uses CVS (Concurrent Version System) or Subversion to maintain history of changes. RANCID does this by the very simple process summarized here: * login to each device in the router table (router.db), * run various commands to get the information that will be saved, * cook the output; re-format, remove oscillating or incrementing data, * email any differences (sample) from the previous collection to a mail list, * and finally commit those changes to the revision control system RANCID also includes looking glass software. It is based on Ed Kern's looking glass which was once used for http://nitrous.digex.net/, for the old-school folks who remember it. Our version has added functions, supports Cisco, Juniper, and Foundry and uses the login scripts that come with rancid; so it can use telnet or ssh to connect to your devices(s). Rancid currently supports Cisco routers, Juniper routers, Catalyst switches, Foundry switches, Redback NASs, ADC EZT3 muxes, MRTd (and thus likely IRRd), Alteon switches, and HP Procurve switches and a host of others. Rancid is known to be used at: AOL, Global Crossing, MFN, NTT America, Certainty Solutions Inc.