Lector de Feeds

Publication date: 12 Mar 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-26699 Description An issue was discovered in Django 5.1 before 5.1.7, 5.0 before 5.0.13, and 4.2 before 4.2.20. The django.utils.text.wrap() method and wordwrap template filter are subject to a potential denial-of-service attack when used with very long strings. (CVE-2025-26699) References

• https://bugs.mageia.org/show_bug.cgi?id=34073
• https://ubuntu.com/security/notices/USN-7335-1
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699

SRPMS 9/core

• python-django-4.1.13-1.3.mga9

Publication date: 12 Mar 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-27516 Description Jinja sandbox breakout through attr filter selecting format method. (CVE-2025-27516) References

• https://bugs.mageia.org/show_bug.cgi?id=34081
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MUH4YM6G3UIVK2776BABUYJKVIBPTUT5/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27516

SRPMS 9/core

• python-jinja2-3.1.6-1.mga9

Publication date: 12 Mar 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-43097 , CVE-2025-1931 , CVE-2025-1932 , CVE-2025-1933 , CVE-2025-1934 , CVE-2025-1935 , CVE-2025-1936 , CVE-2025-1937 , CVE-2025-1938 Description CVE-2024-43097: Overflow when growing an SkRegion's RunArray CVE-2025-1930: AudioIPC StreamData could trigger a use-after-free in the Browser process CVE-2025-1931: Use-after-free in WebTransportChild CVE-2025-1932: Inconsistent comparator in XSLT sorting led to out-of-bounds access CVE-2025-1933: JIT corruption of WASM i32 return values on 64-bit CPUs CVE-2025-1934: Unexpected GC during RegExp bailout processing CVE-2025-1935: Clickjacking the registerProtocolHandler info-bar CVE-2025-1936: Adding %00 and a fake extension to a jar: URL changed the interpretation of the contents CVE-2025-1937: Memory safety bugs fixed in Firefox 136, Thunderbird 136, Firefox ESR 115.21, Firefox ESR 128.8, and Thunderbird 128.8 CVE-2025-1938: Memory safety bugs fixed in Firefox 136, Thunderbird 136, Firefox ESR 128.8, and Thunderbird 128.8 References

• https://bugs.mageia.org/show_bug.cgi?id=34065
• https://www.thunderbird.net/en-US/thunderbird/128.8.0esr/releasenotes/
• https://www.mozilla.org/en-US/security/advisories/mfsa2025-18/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43097
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1931
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1932
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1933
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1934
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1935
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1936
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1937
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1938

SRPMS 9/core

• thunderbird-128.8.0-1.mga9
• thunderbird-l10n-128.8.0-1.mga9

Publication date: 12 Mar 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-43097 , CVE-2025-1931 , CVE-2025-1932 , CVE-2025-1933 , CVE-2025-1934 , CVE-2025-1935 , CVE-2025-1936 , CVE-2025-1937 , CVE-2025-1938 Description CVE-2024-43097: Overflow when growing an SkRegion's RunArray CVE-2025-1930: AudioIPC StreamData could trigger a use-after-free in the Browser process CVE-2025-1931: Use-after-free in WebTransportChild CVE-2025-1932: Inconsistent comparator in XSLT sorting led to out-of-bounds access CVE-2025-1933: JIT corruption of WASM i32 return values on 64-bit CPUs CVE-2025-1934: Unexpected GC during RegExp bailout processing CVE-2025-1935: Clickjacking the registerProtocolHandler info-bar CVE-2025-1936: Adding %00 and a fake extension to a jar: URL changed the interpretation of the contents CVE-2025-1937: Memory safety bugs fixed in Firefox 136, Thunderbird 136, Firefox ESR 115.21, Firefox ESR 128.8, and Thunderbird 128.8 CVE-2025-1938: Memory safety bugs fixed in Firefox 136, Thunderbird 136, Firefox ESR 128.8, and Thunderbird 128.8 References

• https://bugs.mageia.org/show_bug.cgi?id=34064
• https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_109.html
• https://www.mozilla.org/en-US/firefox/128.8.0/releasenotes/
• https://www.mozilla.org/en-US/security/advisories/mfsa2025-16/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43097
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1931
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1932
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1933
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1934
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1935
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1936
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1937
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1938

SRPMS 9/core

• firefox-128.8.0-1.mga9
• firefox-l10n-128.8.0-1.mga9
• nss-3.109.0-1.mga9

Publication date: 12 Mar 2025
Type: bugfix
Affected Mageia releases : 9
Description To fully work on some light desktops, neochat needs to require a password management application. This update fixes the issue. References

• https://bugs.mageia.org/show_bug.cgi?id=33366

SRPMS 9/core

• neochat-23.04.3-1.2.mga9

Publication date: 10 Mar 2025
Type: bugfix
Affected Mageia releases : 9
Description The updated packages fix the message stating that the previous version is too old by providing that latest version. References

• https://bugs.mageia.org/show_bug.cgi?id=34062

SRPMS 9/core

• xscreensaver-6.09-1.mga9

9/tainted

• xscreensaver-6.09-1.mga9.tainted