Lector de Feeds

Publication date: 27 Jan 2025
Type: bugfix
Affected Mageia releases : 9
Description Fixed an issue which prevents executing pgadmin on php 8. Please note that just work with postgresql13. References

• https://bugs.mageia.org/show_bug.cgi?id=28582
• https://wiki.mageia.org/en/Mageia_9_Errata#Various_software
• https://github.com/phppgadmin/phppgadmin/issues/119

SRPMS 9/core

• phppgadmin-7.13.0-2.1.mga9

← Older revision Revision as of 12:00, 27 January 2025 Line 6: Line 6:     Am 15. Juni 2021 waren wir gezwungen, unsere [[Mageia IRC Kanäle-de|IRC Kanäle auf Freenode]] nach [https://libera.chat/ Liberachat]zu verlegen. Sie können diese im Libera Chat Netzwerk besuchen (ircs://irc.libera.chat:6697). Am 15. Juni 2021 waren wir gezwungen, unsere [[Mageia IRC Kanäle-de|IRC Kanäle auf Freenode]] nach [https://libera.chat/ Liberachat]zu verlegen. Sie können diese im Libera Chat Netzwerk besuchen (ircs://irc.libera.chat:6697). −  −Stellen Sie eine Verbindung zum Server ircs://irc.libera.chat:6697 her und geben Sie /join channelname ein, wobei Sie channelname durch den Namen des Kanals (einschließlich des führenden "#") ersetzen. Alle Kanäle verwenden Englisch, sofern nicht anders angegeben. Die Verwendung einer sicheren Verbindung mit SSL über Port 6697 ist obligatorisch.      Die Absicht war, ein Backup auf Liberachat für jeden unserer Kanäle auf Freenode zu haben. Sie können diese unten finden, aber einige sind vielleicht noch nicht bevölkert oder registriert. Wenn Sie eine Frage zu einem leeren Kanal haben, dann fragen Sie bitte in  [ircs://irc.libera.chat:6697/#mageia #mageia] Die Absicht war, ein Backup auf Liberachat für jeden unserer Kanäle auf Freenode zu haben. Sie können diese unten finden, aber einige sind vielleicht noch nicht bevölkert oder registriert. Wenn Sie eine Frage zu einem leeren Kanal haben, dann fragen Sie bitte in  [ircs://irc.libera.chat:6697/#mageia #mageia]     In den Kanälen finden regelmäßig Treffen statt (siehe [[Meetings-de|Meetings]]). In den Kanälen finden regelmäßig Treffen statt (siehe [[Meetings-de|Meetings]]).  +  +Alle Kanäle verwenden die englische Sprache, außer es ist etwas angegeben.     Einige Channels haben (werden) nützliche Bots, siehe [[IRC bots]]. Einige Channels haben (werden) nützliche Bots, siehe [[IRC bots]].  +  +Stellen Sie eine Verbindung zum Server ircs://irc.libera.chat:6697 her und geben Sie /join channelname ein, wobei Sie channelname durch den Namen des Kanals (einschließlich des führenden "#") ersetzen. Alle Kanäle verwenden Englisch, sofern nicht anders angegeben. Die Verwendung einer sicheren Verbindung mit SSL über Port 6697 ist obligatorisch.  +  +Verbinden über einen Browser: https://web.libera.chat/  +  +Verwenden eines IRC Clienten, wie zum Beispiel {{prog|hexchat}} : wählen Sie das Netwerk Libera.Chat aus und unter Menü Server > Einem Kanal beitreten > #mageia-irgendwas, aus der unten angezeigten Liste.     == Projektweite Kanäle == == Projektweite Kanäle == Psyca

← Older revision Revision as of 11:56, 27 January 2025 Line 13: Line 13:  * Die Mageia Webseiten (Forum, Wiki, Bugzilla, Mailinglisten) verwenden alle die gleichen Zugänge, welche du [https://identity.mageia.org/ hier] bearbeiten kannst, wie z.B. ändern deiner E-Mail-Adresse etc. Um dich bei einer Mailingliste einzuschreiben, meldest du dich am Anfang der Seite mit deiner registrierten E-Mail Adresse und Passwort an und klickst danach einfach auf "subscribe" bei der Liste, in der du dich einschreiben möchtest. * Die Mageia Webseiten (Forum, Wiki, Bugzilla, Mailinglisten) verwenden alle die gleichen Zugänge, welche du [https://identity.mageia.org/ hier] bearbeiten kannst, wie z.B. ändern deiner E-Mail-Adresse etc. Um dich bei einer Mailingliste einzuschreiben, meldest du dich am Anfang der Seite mit deiner registrierten E-Mail Adresse und Passwort an und klickst danach einfach auf "subscribe" bei der Liste, in der du dich einschreiben möchtest.  * Durch Anmelden auf der [https://ml.mageia.org/l/info/qa-discuss QA-Discuss] Mailingliste. Wenn du möchtest kannst du zudem ein Mail an diese Liste senden, um dich vorzustellen. * Durch Anmelden auf der [https://ml.mageia.org/l/info/qa-discuss QA-Discuss] Mailingliste. Wenn du möchtest kannst du zudem ein Mail an diese Liste senden, um dich vorzustellen. −* Durch Betreten des [ircs://irc.libera.chat:6697/#mageia-qa #mageia-qa] IRC Kanal von Liberachat. Wie: Durch Aufrufen von https://web.libera.chat/ über einen Webbrowser, einem IRC Klienten, wie zum Beispiel {{prog|hexchat}}: wähle als Netzwerk Libera.Chat und im Menü Server > Einem Kanal beitreten > #mageia-qa+* Durch Betreten des [ircs://irc.libera.chat:6697/#mageia-qa #mageia-qa] IRC Kanal von Liberachat. Wie: Durch Aufrufen von https://web.libera.chat/ über einen Webbrowser, einem IRC Klienten, wie zum Beispiel {{prog|hexchat}}: wähle als Netzwerk Libera.Chat und im Menü Server > Einem Kanal beitreten > #mageia-qa. Weitere Kanäle finden Sie auf der Seite [[Mageia_IRC_Channels_Liberachat|Mageia IRC Channels Liberachat]]  * Teamleiter: Thomas J Andrews (MageiaTJ) - andrewsfarm AT gmail dot com * Teamleiter: Thomas J Andrews (MageiaTJ) - andrewsfarm AT gmail dot com  * Stellvertreter: Jose Manuel Lopez (joselp) - joselp AT e dot email * Stellvertreter: Jose Manuel Lopez (joselp) - joselp AT e dot email Psyca

← Older revision Revision as of 11:02, 27 January 2025 Line 209: Line 209:  == Software == == Software ==  === Chromium Browser === === Chromium Browser === −Wir haben zur Zeit keinen Paketbetreuer um den Chromium Browser aktuell zu halten, {{Bug|33609}}. Workaround: Installieren Sie app/org.chromium.Chromium/x86_64/stable als [[Flatpak-de|Flatpak]], oder den Chrome Browser. Alternativ kann auch Chrome als rpm von Google installiert werden.+Wir haben zur Zeit keinen Paketbetreuer um den Chromium Browser aktuell zu halten, {{Bug|33609}}. Workaround: Installieren Sie app/org.chromium.Chromium/x86_64/stable als [[Flatpak-de|Flatpak]], oder den Chrome Browser. Alternativ kann auch Chrome als rpm von Google installiert werden. Aktualisierung Januar 2025: zur Zeit ist Chromium auf dem aktuellen Stand.     === Firefox ESR === === Firefox ESR === Line 244: Line 244:  === Verschiedene Software === === Verschiedene Software ===  {{Bug|27926}} - '''Xine''' stürzt möglicherweise beim Startvorgang ab oder schließt sich ohne Fehlermeldung, wenn versucht wird verschiedene Mediendateien abzuspielen. '''WORKAROUNDS:'''  1.)''' versuchen Sie einen anderen Abspieler. (Xine ist der Standard in LXDE). '''2.)''' Falls es nicht startet können Sie einen anderen Grafikkartentreiber versuchen? (z. B. modesetting anstelle von nvidia)  '''3.)''' ''(Wenn es eine Fehlermeldung über vdpau anzeigt)'' Um den Video- und Audio-Codec ändern zu können, ändern Sie zu erst "Erfahrenheit einstellen", in den Einstellungen, auf "Advanced" und wählen Sie danach den "Video Tab". Wählen Sie anschließend dort unter "Zu benutzender Videotreiber" "opengl2". Wählen Sie nun den "Audio Tab" und wählen Sie "Zu benutzender Audiotreiber" von "auto" auf "puleaudio". Klicken Sie danach auf OK und starten Sie Xine neu. {{Bug|27926}} - '''Xine''' stürzt möglicherweise beim Startvorgang ab oder schließt sich ohne Fehlermeldung, wenn versucht wird verschiedene Mediendateien abzuspielen. '''WORKAROUNDS:'''  1.)''' versuchen Sie einen anderen Abspieler. (Xine ist der Standard in LXDE). '''2.)''' Falls es nicht startet können Sie einen anderen Grafikkartentreiber versuchen? (z. B. modesetting anstelle von nvidia)  '''3.)''' ''(Wenn es eine Fehlermeldung über vdpau anzeigt)'' Um den Video- und Audio-Codec ändern zu können, ändern Sie zu erst "Erfahrenheit einstellen", in den Einstellungen, auf "Advanced" und wählen Sie danach den "Video Tab". Wählen Sie anschließend dort unter "Zu benutzender Videotreiber" "opengl2". Wählen Sie nun den "Audio Tab" und wählen Sie "Zu benutzender Audiotreiber" von "auto" auf "puleaudio". Klicken Sie danach auf OK und starten Sie Xine neu.  +  +{{Bug|28582}} - '''phppgadmin''' (upstream nicht weiterentwickelt) funktioniert nicht mit php8 - dies wurde durch unseren Patch BEHOBEN. Es funktioniert allerdings noch nicht mit postgresql15 - '''WORKAROUND:''' postgresql auf Version 13 herunterstufen. Beide Versionen sind in Mageia 9 verfügbar.     {{bug-de|28814}}, {{bug-de|28840}}, {{Bug|31989}} - '''Wine''' fehlen ein paar Abhängigkeiten, vor allem für die 32-Bit Bibliotheken. (Betrifft auch '''PlayOnLinux'''.) '''Manuelle Behebung''' und weitere Tipps [[Möglichkeiten_um_Anwendungen_zu_installieren-de#MS_Windows_Programme_ausf.C3.BChren|'''finden Sie hier''']]. Falls Sie eine Meldung erhalten, dass die geeignete Version fehlt, schauen Sie unter {{bug-de|16273}} {{bug-de|28814}}, {{bug-de|28840}}, {{Bug|31989}} - '''Wine''' fehlen ein paar Abhängigkeiten, vor allem für die 32-Bit Bibliotheken. (Betrifft auch '''PlayOnLinux'''.) '''Manuelle Behebung''' und weitere Tipps [[Möglichkeiten_um_Anwendungen_zu_installieren-de#MS_Windows_Programme_ausf.C3.BChren|'''finden Sie hier''']]. Falls Sie eine Meldung erhalten, dass die geeignete Version fehlt, schauen Sie unter {{bug-de|16273}} Psyca

‎Various software

← Older revision Revision as of 17:22, 26 January 2025 (2 intermediate revisions by the same user not shown)Line 326: Line 326:     {{Bug|27926}} - '''Xine''' may crash at launch, or exit silently when trying to play various multimedia files. '''WORKAROUNDS: 1.)''' try another player.  (Xine is default in LXDE).  '''2.)''' If not starting, can you use another video driver?  (i.e modesetting instead of nvidia) '''3.)''' ''(At least if it throws an error about vdpau)'' To be able to change Video and Audio codec, first change "configuration experience level" to "Advanced", then select "video tab" and select "video driver to use", change from "Auto" to "opengl2". Now select "Audio tab" and select "audio driver to use", change from "auto" to "pulseaudio", click OK, close and restart Xine. {{Bug|27926}} - '''Xine''' may crash at launch, or exit silently when trying to play various multimedia files. '''WORKAROUNDS: 1.)''' try another player.  (Xine is default in LXDE).  '''2.)''' If not starting, can you use another video driver?  (i.e modesetting instead of nvidia) '''3.)''' ''(At least if it throws an error about vdpau)'' To be able to change Video and Audio codec, first change "configuration experience level" to "Advanced", then select "video tab" and select "video driver to use", change from "Auto" to "opengl2". Now select "Audio tab" and select "audio driver to use", change from "auto" to "pulseaudio", click OK, close and restart Xine.  +  +{{Bug|28582}} - '''phppgadmin''' (umaintained upstream) did not work with php8 - that got FIXED by our patched update. But it still do not work with postgresql15 - '''WORKAROUND:''' downgrade to postgresql13. Both are in Mageia 9.     {{Bug|28814}}, {{Bug|28840}}, {{Bug|31989}} - '''Wine''' missing a few dependencies, especially for 32 bit libs. (Thus also '''PlayOnLinux'''.) '''Manual fix''' and also other tips [[Ways_to_install_programs#Running_MSWindows_programs|'''here''']]. If launching a wine app gives warnings that suitable versions are missing, see {{Bug|16273}}. {{Bug|28814}}, {{Bug|28840}}, {{Bug|31989}} - '''Wine''' missing a few dependencies, especially for 32 bit libs. (Thus also '''PlayOnLinux'''.) '''Manual fix''' and also other tips [[Ways_to_install_programs#Running_MSWindows_programs|'''here''']]. If launching a wine app gives warnings that suitable versions are missing, see {{Bug|16273}}. Line 358: Line 360:     {{Bug|33697}} - '''Nextcloud client''' - We fail to keep it updated.  Instead, upstream AppImage can be used, see [[Nextcloud-client]]. {{Bug|33697}} - '''Nextcloud client''' - We fail to keep it updated.  Instead, upstream AppImage can be used, see [[Nextcloud-client]].  +  +     <br> <br> Morgano

Publication date: 26 Jan 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-0395 Description When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size. (CVE-2025-0395) References

• https://bugs.mageia.org/show_bug.cgi?id=33953
• https://www.openwall.com/lists/oss-security/2025/01/22/4
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0395

SRPMS 9/core

• glibc-2.36-55.mga9

Publication date: 26 Jan 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-13176 Description Timing side-channel in ECDSA signature computation. (CVE-2024-13176) References

• https://bugs.mageia.org/show_bug.cgi?id=33942
• https://openssl-library.org/news/secadv/20250120.txt
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176

SRPMS 9/core

• openssl-3.0.15-1.2.mga9

Add more specifics for certain languages & a skeletal proposal

← Older revision Revision as of 22:28, 25 January 2025 Line 1: Line 1: −A '''vendored dependency''' is an aggregation of code (such as a package, module or library) that is included as part a larger aggregation (usually an application) but which is also available separately standalone (such as a dynamic library). A typical example is an application (e.g. Mariadb) that distributes the source for a separate library within its source tree (e.g. readline). This can be done for a number of reasons, such as licensing issues that prevent using of the module separately, custom code changes made for the application's use that are not/can not be upstreamed, and ease of compilation for the developer.+A '''vendored dependency''' is an aggregation of code (such as a package, module or library) that is included as part a larger aggregation (usually an application) but which is also available separately standalone (such as a dynamic library). A typical example is an application (e.g. Mariadb) that distributes the source for a separate library within its source tree (e.g. readline). This can be done for a number of reasons, such as licensing issues that prevent using of the module separately, custom code changes made for the application's use that are not/can not be upstreamed, and ease of compilation for the developer. ''git modules'' one mechanism developers use do this (in Mageia we always start from a source tar ball and never directly from a source code control system).     There are many downsides to this approach. Probably the biggest one is that when a standalone dynamic library is updated to fix a security bug, the vendored versions included in other applications are not automatically updated. These applications must be updated separately, and the upstream developer may not immediately (or even ever) include the security fixes in the vendored copy, leaving the application vulnerable to security issues. There are many downsides to this approach. Probably the biggest one is that when a standalone dynamic library is updated to fix a security bug, the vendored versions included in other applications are not automatically updated. These applications must be updated separately, and the upstream developer may not immediately (or even ever) include the security fixes in the vendored copy, leaving the application vulnerable to security issues. Line 5: Line 5:  For these reasons, vendored libraries are discouraged in Mageia ''(TBD: point to the policy)'' For these reasons, vendored libraries are discouraged in Mageia ''(TBD: point to the policy)''    −A closely related issue is using '''dependencies that are downloaded''' at compile time. This are common in languages such as Go, Rust and Javascript (npm) and it ends up with similar problems to vendoring. The result is even worse problems because it can not only be difficult to determine which dependencies have been used, but downright impossible to determine the version numbers actually used at compile time. Without dependency names and version numbers, it becomes impossible to tell when a package is affected by a security issue in a dependency. When a security issue is reported, it can result in the need to recompile many application packages instead of a single one. It is also difficult to ensure that the licenses of all downloaded packages match those allowed by the distribution. And when packages have licenses like the GPL that require source code be supplied with the binary, it becomes mandatory to make a copy of the downloaded source available to users.+A closely related issue is using '''dependencies that are downloaded''' at compile time. This are common in languages such as Go (''go install''), Rust (''cargo'') and Javascript (''npm'') and using them ends up with similar problems to vendoring. The result is even worse because it can not only be difficult to determine which dependencies have been used, but downright impossible to determine the version numbers actually used at compile time. Without dependency names and version numbers, it becomes impossible to tell when a package is affected by a security issue in a dependency. When a security issue is reported, it can result in the need to recompile many application packages instead of a single one. It is also difficult to ensure that the licenses of all downloaded packages match those allowed by the distribution. And when packages have licenses like the GPL that require source code be supplied with the binary, it becomes mandatory to make a copy of the downloaded source available to users.     For these reasons, files downloaded at compile time are disallowed in Mageia ''(TBD: point to the policy)'' For these reasons, files downloaded at compile time are disallowed in Mageia ''(TBD: point to the policy)'' Line 33: Line 33:  If we can find a way to satisfy those requirements to a reasonable degree while still allowing vendoring and downloading of modules at compile time, we can ease the burden on our packagers and infrastructure. If we can find a way to satisfy those requirements to a reasonable degree while still allowing vendoring and downloading of modules at compile time, we can ease the burden on our packagers and infrastructure.    −== A way forward ==+== Language landscape ==    −=== Go ===+To give a rough idea of what languages might benefit from easing restrictions on vendoring, here are the languages with the most number of modules in Mageia as of this writing (in approximate decreasing order):    −The following proposal satisfies the reasons for the anti-vendoring policies above, while allowing applications to be packaged without individually packaging each dependency. The specifics listed in this section are for handling Go applications, but it can be generalized for other languages in the future.+# C/C++  +# Rust  +# Perl*  +# Python*  +# Java  +# Go  +# Ruby*  +# OCaml  +# Nodejs (Javascript)*  +# PHP*  +# Erlang*    −TBD +<nowiki>*</nowiki> Interpreted languages that don't statically link dependencies into applications or modules     === C/C++ === === C/C++ ===    −Since these languages support dynamic linking and the developer culture does not generally encourage a huge number of small dependencies, no proposal is currently being made to ease the vendoring restrictions in C or C++ applications.+These languages support dynamic linking and the developer culture does not generally encourage either a huge number of small dependencies or vendored dependencies. There are also no popular cross-platform build mechanisms that many upstream developers uses to download and building dependencies alongside their applications (although Conda, Conary and vcpkg are changing this) that could be utilized to save packager time. No proposal is therefore currently being made to ease the vendoring restrictions in C or C++ applications.  +   +=== Erlang, Nodejs, Perl, PHP, Python, Ruby ===  +   +These are all interpreted languages that either have no concept of bundling dependencies somehow into submodules (a static linking equivalent) or developers don't generally use them. They generally do, however, have means to automatically obtain dependent modules at build time (e.g. ''pip'', ''cpan'', ''npm'') that Mageia's current policies forbid. Generally, interpreted languages rely on modules being installed in the system when they are executed and do not compile/bind/link them into an independent blob like compiled languages are forced to do.  +   +=== Go, Java, OCaml, Rust ===  +   +These languages result in statically-linked (or equivalent) binaries. If a dependency has a security issue, every application using that dependency must be recompiled.  +   +== A way forward ==  +   +The following proposal satisfies the reasons for the anti-vendoring policies in the introduction, while allowing applications to be packaged without separately needing to package each dependency. It handles vendored dependencies, dependencies downloaded at build time, as well as statically-linked applications.  +   +Overview:  +   +# Developer builds a package SRPM containing all application source code as well as any unpackaged dependency source code for an application (i.e. vendoring it), including a software attestation  +# The build system adds packaged dependencies to the software attestation  +# For interpreted languages, the build system puts any vendored code into a filesystem location specific to the application  +# The build system stores the software attestation at the end of the build into a central repository  +# A security scanner periodically scans all software attestations to look for dependencies that have reported security vulnerabilities  +# If a security vulnerability is found, it outputs a list of packages that need to be updated and rebuilt and opens one or more bugs  +# Each package needing a rebuild goes back to step 1 (if a local patch to fix a vulnerability has been added, it is noted in the software attestation)    −=== Others ===+Software attestations will be stored in the [https://spdx.dev/ SPDX] format.    −The proposals for Go should be able to be generalized to work for applications in other compiled languages as well. It is possible to develop infrastructure to support interpreted languages as well, but the benefits may not be as clear.+=== Go ===    −The languages with the most number of modules in Mageia as of this writing (in approximate decreasing order) are:+The specifics listed in this section are for handling Go applications, but it can be generalized for other languages in the future. These should be able to be generalized to work for applications in other compiled languages as well. It is possible to develop infrastructure to support interpreted languages as well, but the benefits may not be as clear; any such applications that ship vendored modules ''would'' benefit, but it's unclear how many of those (if any) actually exist.    −# Rust+''details TBD'' −# Perl  −# Python  −# Java  −# Go  −# Ruby  −# OCaml  −# Nodejs (Javascript)  −# PHP  −# Erlang      == See Also == == See Also == Danf

Publication date: 25 Jan 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-53580 Description It was discovered that iperf 3.17.1 contains a segmentation violation via the iperf_exchange_parameters() function. References

• https://bugs.mageia.org/show_bug.cgi?id=33914
• https://lists.almalinux.org/archives/list/announce@lists.almalinux.org/message/77I3GUDI3ZWMFAYZRZIRL3FI5TCBTNBQ/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53580

SRPMS 9/core

• iperf-3.18-1.mga9

Connecting examples web browser link and hexchat usage.

← Older revision Revision as of 17:08, 25 January 2025 Line 9: Line 9:     On 15 June 2021, we were forced to move [[Mageia IRC Channels|our IRC channels on Freenode]] to [https://libera.chat/ Liberachat]. You can visit them on the Libera Chat Network (ircs://irc.libera.chat:6697) On 15 June 2021, we were forced to move [[Mageia IRC Channels|our IRC channels on Freenode]] to [https://libera.chat/ Liberachat]. You can visit them on the Libera Chat Network (ircs://irc.libera.chat:6697) −  −Connect to server ircs://irc.libera.chat:6697 and type /join channelname, replacing channelname with the name of the channel (including the leading "#"). All channels use English unless otherwise specified. Using a secure connection with SSL by connecting to port 6697 is obligatory.      The intention was to have a backup on Liberachat for each of our channels on Freenode. You can find them below, but some might not yet be populated or registered. If you have a question about an empty channel, then please ask in [ircs://irc.libera.chat:6697/#mageia #mageia] The intention was to have a backup on Liberachat for each of our channels on Freenode. You can find them below, but some might not yet be populated or registered. If you have a question about an empty channel, then please ask in [ircs://irc.libera.chat:6697/#mageia #mageia]     The channels will host regular meetings (see [[meetings|summaries and logs]]). The channels will host regular meetings (see [[meetings|summaries and logs]]).  +  +All channels use English unless otherwise specified.     Some channels (will) have useful bots; [[IRC bots|learn about them]]. Some channels (will) have useful bots; [[IRC bots|learn about them]].  +  +Connect to server ircs://irc.libera.chat:6697 and type /join channelname, replacing channelname with the name of the channel (including the leading "#"). Using a secure connection with SSL by connecting to port 6697 is obligatory.  +  +Using a browser: https://web.libera.chat/  +  +Using an IRC client such as for example {{prog|hexchat}} : choose network Libera.Chat, and menu Server > Join a channel > #mageia-something from list below.     == Project-wide channels: == == Project-wide channels: == Morgano

‎Contact the team: link to other channels

← Older revision Revision as of 16:59, 25 January 2025 Line 16: Line 16:     * Subscribing to the [https://ml.mageia.org/l/info/qa-discuss QA-Discuss] mailing list and then send a mail message to it, to introduce yourself * Subscribing to the [https://ml.mageia.org/l/info/qa-discuss QA-Discuss] mailing list and then send a mail message to it, to introduce yourself −* By joining the [irc://irc.libera.chat/#mageia-qa #mageia-qa] IRC channel on libera.chat. How: web browser using https://web.libera.chat/, or an IRC client such as for example {{prog|hexchat}} : choose network Libera.Chat, and menu Server > Join a channel > #mageia-qa+* By joining the [irc://irc.libera.chat/#mageia-qa #mageia-qa] IRC channel on libera.chat. How: web browser using https://web.libera.chat/, or an IRC client such as for example {{prog|hexchat}} : choose network Libera.Chat, and menu Server > Join a channel > #mageia-qa. Other channels see: [[Mageia_IRC_Channels_Liberachat|Mageia IRC Channels Liberachat]].     * Team  leader : Thomas J Andrews (MageiaTJ) - andrewsfarm AT gmail dot com * Team  leader : Thomas J Andrews (MageiaTJ) - andrewsfarm AT gmail dot com Morgano

Publication date: 24 Jan 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2023-30536 , CVE-2024-2961 Description fix possible security issue with library code slim/psr7 (CVE-2023-30536) fix possible security issue relating to iconv (CVE-2024-2961, PMASA-2025-3) fix an XSS vulnerability in the check tables feature (PMASA-2025-1) fix an XSS vulnerability in the Insert tab (PMASA-2025-2) References

• https://bugs.mageia.org/show_bug.cgi?id=33948
• https://www.phpmyadmin.net/news/2025/1/21/phpMyAdmin-522-is-released/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30536
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2961

SRPMS 9/core

• phpmyadmin-5.2.2-1.mga9

Publication date: 24 Jan 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-56378 Description libpoppler.so has an out-of-bounds read vulnerability within the JBIG2Bitmap::combine function in JBIG2Stream.cc. (CVE-2024-56378) References

• https://bugs.mageia.org/show_bug.cgi?id=33932
• https://ubuntu.com/security/notices/USN-7213-1
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56378

SRPMS 9/core

• poppler-23.02.0-1.4.mga9