Lector de Feeds

Publication date: 23 Jan 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-45336 , CVE-2024-45341 Description net/http: sensitive headers incorrectly sent after cross-domain redirect, (CVE-2024-45336). crypto/x509: usage of IPv6 zone IDs can bypass URI name constraints, (CVE-2024-45341). References

• https://bugs.mageia.org/show_bug.cgi?id=33940
• https://www.openwall.com/lists/oss-security/2025/01/17/1
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45336
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45341

SRPMS 9/core

• golang-1.22.11-1.mga9

‎Chromium browser: Update

← Older revision Revision as of 20:53, 22 January 2025 Line 271: Line 271:  === Chromium browser === === Chromium browser ===    −We seem not to have packagers for keeping Chromium browser updated, {{Bug|33609}}. Workarounds: As [[Flatpak|Flatpak]] install app/org.chromium.Chromium/x86_64/stable, or Chrome. Or Chrome rpm from Google.+We seem not to have packagers for keeping Chromium browser updated, {{Bug|33609}}. Workarounds: As [[Flatpak|Flatpak]] install app/org.chromium.Chromium/x86_64/stable, or Chrome. Or Chrome rpm from Google. Update January 2025: currently it is updated. −       === Firefox ESR === === Firefox ESR === Morgano

Publication date: 22 Jan 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-7025 , CVE-2024-9369 , CVE-2024-9370 , CVE-2024-9602 , CVE-2024-9603 , CVE-2024-9954 , CVE-2024-9955 , CVE-2024-9956 , CVE-2024-9957 , CVE-2024-9958 , CVE-2024-9959 , CVE-2024-9960 , CVE-2024-9961 , CVE-2024-9962 , CVE-2024-9963 , CVE-2024-9964 , CVE-2024-9965 , CVE-2024-9966 Description Lot of CVEs were fixed by upstream since our current version; please see the links. References

• https://bugs.mageia.org/show_bug.cgi?id=33609
• https://chromereleases.googleblog.com/2025/01/stable-channel-update-for-desktop_14.html
• https://chromereleases.googleblog.com/2025/01/stable-channel-update-for-desktop.html
• https://chromereleases.googleblog.com/2024/12/stable-channel-update-for-desktop_18.html
• https://chromereleases.googleblog.com/2024/12/stable-channel-update-for-desktop_10.html
• https://chromereleases.googleblog.com/2024/12/stable-channel-update-for-desktop.html
• https://chromereleases.googleblog.com/2024/11/stable-channel-update-for-desktop_19.html
• https://chromereleases.googleblog.com/2024/11/stable-channel-update-for-desktop_12.html
• https://chromereleases.googleblog.com/2024/11/stable-channel-update-for-desktop.html
• https://chromereleases.googleblog.com/2024/10/stable-channel-update-for-desktop_29.html
• https://chromereleases.googleblog.com/2024/10/stable-channel-update-for-desktop_22.html
• https://chromereleases.googleblog.com/2024/10/stable-channel-update-for-desktop_15.html
• https://chromereleases.googleblog.com/2024/10/stable-channel-update-for-desktop_8.html
• https://chromereleases.googleblog.com/2024/10/stable-channel-update-for-desktop.html
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7025
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9369
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9370
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9602
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9603
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9954
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9955
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9956
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9957
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9958
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9959
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9960
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9961
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9962
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9963
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9964
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9965
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9966

SRPMS 9/tainted

• chromium-browser-stable-132.0.6834.84-1.mga9.tainted

‎Internet apps: Suggesting alternatives for our (to be) dropped chromium-browser.

← Older revision Revision as of 16:41, 22 January 2025 Line 344: Line 344:     === Internet apps === === Internet apps === −* Chromium-browser have been dropped due to too much maintenance work. <!--#33609-->+* Chromium-browser have been dropped due to too much maintenance work. <!--#33609--> If you need it, install it as [[Flatpak]]; install app/org.chromium.Chromium/x86_64/stable, or Chrome Flatpak. Or use the Chrome RPM from Google.  * Firefox has been updated to ** * Firefox has been updated to **  * We added browsers for Gemini protocol: Lagrange (SDL), Kristall (Qt), Offpunk (CLI). * We added browsers for Gemini protocol: Lagrange (SDL), Kristall (Qt), Offpunk (CLI). Morgano

Publication date: 22 Jan 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-12084 , CVE-2024-12085 , CVE-2024-12086 , CVE-2024-12087 , CVE-2024-12088 , CVE-2024-12747 Description Heap buffer overflow in rsync due to improper checksum length handling. (CVE-2024-12084) Info leak via uninitialized stack contents. (CVE-2024-12085) Rsync server leaks arbitrary client files. (CVE-2024-12086) Path traversal vulnerability in rsync. (CVE-2024-12087) Rsync --safe-links option bypass leads to path traversal. (CVE-2024-12088) Race condition in rsync handling symbolic links. (CVE-2024-12747) References

• https://bugs.mageia.org/show_bug.cgi?id=33920
• https://www.openwall.com/lists/oss-security/2025/01/14/3
• https://lists.debian.org/debian-security-announce/2025/msg00004.html
• https://ubuntu.com/security/notices/USN-7206-1
• https://ubuntu.com/security/notices/USN-7206-2
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12084
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12085
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12086
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12087
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12088
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12747

SRPMS 9/core

• rsync-3.2.7-1.2.mga9

Add pt-BR

← Older revision Revision as of 23:37, 20 January 2025 Line 2: Line 2:  [[Category:Mageia 10]] [[Category:Mageia 10]]    −{{Multi language banner-fr|[[Mageia 10 Entwicklung-de|Deutsch]] ; [[Mageia_10_Development|English]] ; [[Mageia_10_Développement-fr|Français]]}}+{{Multi language banner-fr|[[Mageia 10 Entwicklung-de|Deutsch]] ; [[Mageia_10_Development|English]] ; [[Mageia_10_Développement-fr|Français]] ; [[Desenvolvimento do Mageia 10-pt-BR|português brasileiro]] ;}}     == État actuel == == État actuel == Xgrind

Add pt-BR

← Older revision Revision as of 23:34, 20 January 2025 Line 2: Line 2:  [[Category:Mageia 10]] [[Category:Mageia 10]]    −{{multi language banner|[[Mageia 10 Entwicklung-de|Deutsch]] ; [[Mageia_10_Development|English]] ; [[Mageia_10_Desarrollo|Español]] ; [[Mageia_10_Développement-fr|Français]]}}+{{multi language banner|[[Mageia 10 Entwicklung-de|Deutsch]] ; [[Mageia_10_Development|English]] ; [[Mageia_10_Desarrollo|Español]] ; [[Mageia_10_Développement-fr|Français]] ; [[Desenvolvimento do Mageia 10-pt-BR|português brasileiro]] ;}}  Esta es la página para el desarrollo de Mageia 10. Esta es la página para el desarrollo de Mageia 10.    Xgrind

Add pt-BR

← Older revision Revision as of 23:34, 20 January 2025 Line 2: Line 2:  [[Category:Mageia 10]] [[Category:Mageia 10]]    −{{multi language banner|[[Mageia 10 Entwicklung-de|Deutsch]] ; [[Mageia_10_Development|English]] ; [[Mageia_10_Desarrollo|Español]] ; [[Mageia_10_Développement-fr|Français]] ; [[Desenvolvimento do Mageia 10 - pt-BR|Português (Brasil)]]}}+{{multi language banner|[[Mageia 10 Entwicklung-de|Deutsch]] ; [[Mageia_10_Development|English]] ; [[Mageia_10_Desarrollo|Español]] ; [[Mageia_10_Développement-fr|Français]] ; [[Desenvolvimento do Mageia 10-pt-BR|português brasileiro]] ;}}  This is the page for Mageia 10 development. This is the page for Mageia 10 development.    Xgrind

Add pt-BR

← Older revision Revision as of 23:34, 20 January 2025 Line 1: Line 1: −{{multi language banner-de|[[Mageia 10 Entwicklung-de|Deutsch]] ; [[Mageia_10_Development|English]] ; [[Mageia_10_Développement-fr|Français]]}}+{{multi language banner-de|[[Mageia 10 Entwicklung-de|Deutsch]] ; [[Mageia_10_Development|English]] ; [[Mageia_10_Développement-fr|Français]] ; [[Desenvolvimento do Mageia 10-pt-BR|português brasileiro]] ;}}       Xgrind

Criando a página Desenvolvimento do Mageia 10-pt-BR

New page

[[Category:Mageia_development]]
[[Category:Mageia 10]]

{{multi language banner-pt-BR|[[Mageia 10 Entwicklung-de|Deutsch]] ; [[Mageia_10_Development|English]] ; [[Mageia_10_Desarrollo|Español]] ; [[Mageia_10_Développement-fr|Français]] ; [[Desenvolvimento do Mageia 10-pt-BR|português brasileiro]]}}

Esta é a página para desenvolvimento do Mageia 10.

== Situação atual ==

As datas estimadas de lançamento listadas a seguir são '''apenas indicativas''', e podem mudar dependendo do progresso da correção de bugs que bloqueiam o lançamento.

{{Note-pt-BR|"Lançaremos quando estiver pronto"!}}

== Cronograma de desenvolvimento ==
Use datas seguindo o formato https://pt.wikipedia.org/wiki/ISO_8601 para evitar conflitos entre EUA e Grã-Bretanha :p

{| style="color:black; cellpadding="5%" cellpadding="5%" cellspacing="0" border="1"
! Estágio
! Data estimada
! Público
! Lançado em
|-
| '''Alfa 1'''
| A definir
| desenvolvedores, empacotadores
|
|-
| Congelamento das versões
| A definir
| desenvolvedores, empacotadores
|
|-
| '''Beta 1'''
| A definir
| desenvolvedores, empacotadores
|
|-
| '''Beta 2'''
| A definir
| desenvolvedores, empacotadores
|
|-
| Congelamento de lançamento
| A definir
| QA, empacotadores, construtores de ISO
|
|-
| '''Release Candidate 1'''
| Beta 2 + 2 semanas
| QA, empacotadores, construtores de ISO
|
|-
| '''[[Notas de lançamento do Mageia 9-pt-BR|Lançamento final]]'''
| Release Candidate 1 + 4 semanas
| qualquer um
|
|}

== Especificações técnicas ==

Veja as [[FeatureMageia10_Review|especificações do Mageia 10]] Xgrind

Publication date: 20 Jan 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-57823 Description In the Raptor RDF Syntax Library there is an integer underflow when normalizing a URI with the turtle parser in raptor_uri_normalize_path(). References

• https://bugs.mageia.org/show_bug.cgi?id=33929
• https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/7S7ZVXAGSBLZGFFVSEHSDXQND2DNAKY2/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57823

SRPMS 9/core

• raptor2-2.0.15-23.1.mga9

Publication date: 20 Jan 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-47796 , CVE-2024-52333 Description An improper array index validation vulnerability exists in the nowindow functionality of OFFIS. A specially crafted DICOM file can lead to an out-of-bounds write. An attacker can provide a malicious file to trigger this vulnerability, CVE-2024-47796. An improper array index validation vulnerability exists in the determineMinMax functionality of OFFIS. A specially crafted DICOM file can lead to an out-of-bounds write. An attacker can provide a malicious file to trigger this vulnerability, CVE-2024-52333. References

• https://bugs.mageia.org/show_bug.cgi?id=33930
• https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/JUKUCNFPV6HQLIZ5S6NYRJ4LAZYRZSXJ/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47796
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-52333

SRPMS 9/core

• dcmtk-3.6.7-4.3.mga9

Link corrigido

← Older revision Revision as of 19:30, 20 January 2025 Line 28: Line 28:  == Como relatar um bug == == Como relatar um bug ==    −Consulte [[Como_reportar_um_bug_corretamente-pt-BR|Como relatar um bug (corretamente)]]+Consulte [[Como_relatar_um_bug_corretamente-pt-BR|Como relatar um bug (corretamente)]]     == Como descrever um bug == == Como descrever um bug == Xgrind

Publication date: 20 Jan 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-50349 , CVE-2024-52006 Description Git does not sanitize URLs when asking for credentials interactively. (CVE-2024-50349) Newline confusion in credential helpers can lead to credential exfiltration in git. (CVE-2024-52006) References

• https://bugs.mageia.org/show_bug.cgi?id=33921
• https://www.openwall.com/lists/oss-security/2025/01/14/4
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50349
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-52006

SRPMS 9/core

• git-2.41.3-1.mga9

Publication date: 20 Jan 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-48651 Description In ProFTPD through 1.3.8b before cec01cc, supplemental group inheritance grants unintended access to GID 0 because of the lack of supplemental groups from mod_sql. (CVE-2024-48651) References

• https://bugs.mageia.org/show_bug.cgi?id=33922
• https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/VVHALJQJ6EOQ3LXU5PV576XZHRQTOZGI/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-48651

SRPMS 9/core

• proftpd-1.3.8c-1.mga9

Publication date: 20 Jan 2025
Type: bugfix
Affected Mageia releases : 9
Description Applications that rely on kio can't expand subfolders on tree view. This update fixes the issue. References

• https://bugs.mageia.org/show_bug.cgi?id=33936
• https://bugs.kde.org/show_bug.cgi?id=479597

SRPMS 9/core

• kio-5.114.0-1.1.mga9

‎Hinweis

← Older revision Revision as of 12:07, 20 January 2025 Line 18: Line 18:     ''Beachten Sie, dass wir diese Seite anhand von, in unserem Bugtracker (z. B. [https://bugs.mageia.org/buglist.cgi?keywords=FOR_ERRATA9 FOR_ERRATA9], [https://bugs.mageia.org/buglist.cgi?keywords=IN_ERRATA9 IN_ERRATA9], [https://bugs.mageia.org/buglist.cgi?keywords=FOR_RELEASENOTES9 FOR_RELEASENOTES9]) gemeldete Probleme, aktualisieren. Wir versuchen es eher entspannt aber dennoch berüchtigt anzugehen und jedes Problem muss kurz und effektiv beschrieben werden um nicht die gesamte Seite zu groß ausfallen zu lassen. Aus diesem Grund auch Beschreibungen der Symptome die zum Punkt kommen und deren mögliche Abhilfe. Manchmal führt ein Link direkt zu einem Kommentar in unseren Bugtracker, in dem ein guter Workaround beschrieben wird oder weiterführende Informationen um Abhilfe zu schaffen.'' ''Beachten Sie, dass wir diese Seite anhand von, in unserem Bugtracker (z. B. [https://bugs.mageia.org/buglist.cgi?keywords=FOR_ERRATA9 FOR_ERRATA9], [https://bugs.mageia.org/buglist.cgi?keywords=IN_ERRATA9 IN_ERRATA9], [https://bugs.mageia.org/buglist.cgi?keywords=FOR_RELEASENOTES9 FOR_RELEASENOTES9]) gemeldete Probleme, aktualisieren. Wir versuchen es eher entspannt aber dennoch berüchtigt anzugehen und jedes Problem muss kurz und effektiv beschrieben werden um nicht die gesamte Seite zu groß ausfallen zu lassen. Aus diesem Grund auch Beschreibungen der Symptome die zum Punkt kommen und deren mögliche Abhilfe. Manchmal führt ein Link direkt zu einem Kommentar in unseren Bugtracker, in dem ein guter Workaround beschrieben wird oder weiterführende Informationen um Abhilfe zu schaffen.''  +  +Die englischsprachige Errata ist die Hauptseite. Die deutschsprachige Version wird für gewöhnlich aktuell gehalten. Andere Übersetzungen hinken oft hinterher und werden nicht aktuell gehalten.     ==Bootvorgang== ==Bootvorgang== Psyca

← Older revision Revision as of 10:37, 20 January 2025 Line 16: Line 16:  |-   |-    | '''Alpha 1''' | '''Alpha 1''' −| 23.09.2024+| noch offen  | Entwickler, Paketersteller | Entwickler, Paketersteller  |    |     |-   |-    | Einfrieren der Paket-Versionen | Einfrieren der Paket-Versionen −| 07.10.2024+| noch offen  | Entwickler, Paketersteller | Entwickler, Paketersteller  |    |     |- |-  | '''Beta 1''' | '''Beta 1''' −| 07.10.2024+| noch offen  | Entwickler, Paketersteller | Entwickler, Paketersteller  |    |     |-   |-    | '''Beta 2''' | '''Beta 2''' −| 21.10.2024+| noch offen  | Entwickler, Paketersteller | Entwickler, Paketersteller  |    |     |-   |-    | Einfrieren der Paket-Veröffentlichungen   | Einfrieren der Paket-Veröffentlichungen   −| TBD+| noch offen  | QA, Paketersteller, ISO-Ersteller | QA, Paketersteller, ISO-Ersteller  |   |   Psyca