Lector de Feeds

‎Cauldron Package Removal: Show how to use mga-move-pkg

← Older revision Revision as of 15:20, 3 April 2025 Line 79: Line 79:  # Evaluate the request. Will deleting the package break the repository (is it a dependency of something else)? Is there a prior version still available in the repository that would be used in its place? Was this asked by the packager that built the package or the registered maintainer of the package?   # Evaluate the request. Will deleting the package break the repository (is it a dependency of something else)? Is there a prior version still available in the repository that would be used in its place? Was this asked by the packager that built the package or the registered maintainer of the package?    # In most cases, the requester will want to delete the latest version of a package and restore an older version. Make sure the old packages are still available under '''/var/lib/schedbot/old/''' # In most cases, the requester will want to delete the latest version of a package and restore an older version. Make sure the old packages are still available under '''/var/lib/schedbot/old/''' −# Find the RPMs under '''/distrib/bootstrap/distrib/cauldron/*/media/core/updates_testing/''' (or the relevant location)+# Find the RPMs under '''/distrib/bootstrap/distrib/cauldron/*/media/core/updates_testing/''' (or the relevant location). If the RPMs to remove are indeed from ''updates_testing'' (or ''backports_testing''), then you can use the "Raw Commands" output of '''mga-move-pkg --dry-run 9/core/foobar-0.1-1.mga9.src.rpm''' to find the RPM paths given the SRPM names (add '''--backport''' as appropriate).  # Delete package(s) manually, making sure all architectures, the SRPM and all subpackages are removed. # Delete package(s) manually, making sure all architectures, the SRPM and all subpackages are removed.  # If this is the '''release''' subsection, copy ALL the equivalent older version files back as replacements. # If this is the '''release''' subsection, copy ALL the equivalent older version files back as replacements. Danf

Publication date: 03 Apr 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-0167 , CVE-2025-0665 , CVE-2025-0725 Description When asked to use a .netrc file for credentials and to follow HTTP redirects, curl could leak the password used for the first host to the followed-to host under certain circumstances. The fix was included previously as part of MGAA-2025-0004. References

• https://bugs.mageia.org/show_bug.cgi?id=33992
• https://bugs.mageia.org/show_bug.cgi?id=33893
• https://curl.se/docs/CVE-2025-0167.html
• https://advisories.mageia.org/MGAA-2025-0004.html
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0167
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0665
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0725

SRPMS 9/core

• curl-7.88.1-4.6.mga9

Publication date: 03 Apr 2025
Type: bugfix
Affected Mageia releases : 9
Description opencpn-celestial-navigation-plugin, opencpn-weather-routing-plugin and opencpn-weatherfax-plugin have improvements, useful for sailors using OpenCPN (a navigation chart plotter). References

• https://bugs.mageia.org/show_bug.cgi?id=34150

SRPMS 9/core

• opencpn-celestial-navigation-plugin-2.4.47.0-1.mga9
• opencpn-weather-routing-plugin-1.15.21.22-1.mga9
• opencpn-weatherfax-plugin-1.10.17.0-1.mga9

Publication date: 03 Apr 2025
Type: bugfix
Affected Mageia releases : 9
Description This new version of opencpn-o-charts-plugin contains a new nonfree binary for aarch64 but no major change for the other arches. References

• https://bugs.mageia.org/show_bug.cgi?id=34148

SRPMS 9/nonfree

• opencpn-o-charts-plugin-2.0.30.0-1.mga9.nonfree

Publication date: 02 Apr 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-2849 Description UPX p_lx_elf.cpp un_DT_INIT heap-based overflow. (CVE-2025-2849) References

• https://bugs.mageia.org/show_bug.cgi?id=34157
• https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/4FBRFLGSEHNFULMPARVADU2TACHDQM4L/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-2849

SRPMS 9/core

• upx-4.2.3-1.1.mga9

Publication date: 31 Mar 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-2173 , CVE-2025-2174 , CVE-2025-2175 , CVE-2025-2176 , CVE-2025-2177 Description A vulnerability was found in libzvbi up to 0.2.43. It has been classified as problematic. Affected is the function vbi_strndup_iconv_ucs2 of the file src/conv.c. The manipulation of the argument src_length leads to uninitialized pointer. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 0.2.44 is able to address this issue (CVE-2025-2173). A vulnerability classified as critical has been found in libzvbi up to 0.2.43. This affects the function vbi_capture_sim_load_caption of the file src/io-sim.c. The manipulation leads to integer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 0.2.44 is able to address this issue(A vulnerability classified as critical has been found in libzvbi up to 0.2.43. This affects the function vbi_capture_sim_load_caption of the file src/io-sim.c. The manipulation leads to integer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 0.2.44 is able to address this issue (CVE-2025-2176). A vulnerability was found in libzvbi up to 0.2.43. It has been rated as problematic. Affected by this issue is the function _vbi_strndup_iconv. The manipulation leads to integer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 0.2.44 is able to address this issue (CVE-2025-2175). A vulnerability classified as critical was found in libzvbi up to 0.2.43. This vulnerability affects the function vbi_search_new of the file src/search.c. The manipulation of the argument pat_len leads to integer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 0.2.44 is able to address this issue (CVE-2025-2177) A vulnerability was found in libzvbi up to 0.2.43. It has been declared as problematic. Affected by this vulnerability is the function vbi_strndup_iconv_ucs2 of the file src/conv.c. The manipulation of the argument src_length leads to integer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 0.2.44 is able to address this issue (CVE-2025-2174). References

• https://bugs.mageia.org/show_bug.cgi?id=34136
• https://ubuntu.com/security/notices/USN-7367-1
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-2173
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-2174
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-2175
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-2176
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-2177

SRPMS 9/core

• zvbi-0.2.44-1.mga9

Publication date: 31 Mar 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-2361 Description Mercurial SCM Web Interface cross site scripting. (CVE-2025-2361) References

• https://bugs.mageia.org/show_bug.cgi?id=34129
• https://www.openwall.com/lists/oss-security/2025/03/21/2
• https://lists.mercurial-scm.org/pipermail/mercurial-packaging/2025-March/000754.html
• https://lists.debian.org/debian-security-announce/2025/msg00045.html
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-2361

SRPMS 9/core

• mercurial-6.5.1-1.1.mga9

Publication date: 31 Mar 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-25260 , CVE-2025-1372 , CVE-2025-1377 Description elfutils v0.189 was discovered to contain a NULL pointer dereference via the handle_verdef() function at readelf.c. (CVE-2024-25260) GNU elfutils eu-readelf readelf.c print_string_section buffer overflow. (CVE-2025-1372) GNU elfutils eu-strip strip.c gelf_getsymshndx denial of service. (CVE-2025-1377) References

• https://bugs.mageia.org/show_bug.cgi?id=34134
• https://ubuntu.com/security/notices/USN-7369-1
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25260
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1372
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1377

SRPMS 9/core

• elfutils-0.189-1.1.mga9