Lector de Feeds

Publication date: 02 Jul 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-5914 , CVE-2025-5915 , CVE-2025-5916 , CVE-2025-5917 Description Double free at archive_read_format_rar_seek_data() in archive_read_support_format_rar.c. (CVE-2025-5914) Heap buffer over read in copy_from_lzss_window() at archive_read_support_format_rar.c. (CVE-2025-5915) Integer overflow while reading warc files at archive_read_support_format_warc.c. (CVE-2025-5916) Off by one error in build_ustar_entry_name() at archive_write_set_format_pax.c. (CVE-2025-5917) References

• https://bugs.mageia.org/show_bug.cgi?id=34402
• https://ubuntu.com/security/notices/USN-7601-1
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5914
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5915
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5916
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5917

SRPMS 9/core

• libarchive-3.6.2-5.5.mga9

← Older revision Revision as of 23:10, 28 June 2025 Line 286: Line 286:     {{Bug|34029}} - '''grisbi''' Wir aktualisieren grisbi, um Nutzern, welche von anderen Distributionen kommen, welche die Version 3.0.4 einsetzen, eine Kompatibilität anzubieten. Allerdings kann der 1st time wizard kein benutzerdefiniertes Verzeichnis für Sicherungen auswählen. Bitte wählen Sie dieses später unter Bearbeiten -> Einstellungen aus. {{Bug|34029}} - '''grisbi''' Wir aktualisieren grisbi, um Nutzern, welche von anderen Distributionen kommen, welche die Version 3.0.4 einsetzen, eine Kompatibilität anzubieten. Allerdings kann der 1st time wizard kein benutzerdefiniertes Verzeichnis für Sicherungen auswählen. Bitte wählen Sie dieses später unter Bearbeiten -> Einstellungen aus.  +  +'''BEHOBEN durch eine Aktualisierung''' {{Bug|34351}} - '''muse''' Bei einigen Desktop-Umgebungen friert muse ein, wenn eine benutzerdefinierte Farbe für einen Track ausgewählt wird. Die gewählte Methode um dieses Problem zu beheben hat einen Seiteneffekt im qt5ct Paket. Näheres hierzu im [https://advisories.mageia.org/MGAA-2025-0064.html advisory].     === Externe Software === === Externe Software === Psyca

‎Various software: Add muse

← Older revision Revision as of 22:59, 28 June 2025 Line 368: Line 368:     {{Bug|34029}} - '''grisbi''' We update grisbi to offer compatibility to users comming from other distributions that have the 3.0.4 version, but the 1st time wizard can't select custom folder for backups, please select it later in Edit -> Preferences {{Bug|34029}} - '''grisbi''' We update grisbi to offer compatibility to users comming from other distributions that have the 3.0.4 version, but the 1st time wizard can't select custom folder for backups, please select it later in Edit -> Preferences  +  +'''FIXED BY UPDATE''' {{Bug|34351}} - '''muse''' In some desktops, Muse freezes when you set a custom color for a track. The selected method to fix the issue have a side effect in the qt5ct package see the [https://advisories.mageia.org/MGAA-2025-0064.html advisory].     <br> <br> Katnatek

Publication date: 28 Jun 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-49175 , CVE-2025-49176 , CVE-2025-49177 , CVE-2025-49178 , CVE-2025-49179 , CVE-2025-49180 Description Out-of-bounds access in X Rendering extension (Animated cursors). (CVE-2025-49175) Integer overflow in Big Requests Extension. (CVE-2025-49176) Data leak in XFIXES Extension 6 (XFixesSetClientDisconnectMode). (CVE-2025-49177) Unprocessed client request via bytes to ignore. (CVE-2025-49178) Integer overflow in X Record extension. (CVE-2025-49179) Integer overflow in RandR extension (RRChangeProviderProperty). (CVE-2025-49180) References

• https://bugs.mageia.org/show_bug.cgi?id=34381
• https://www.openwall.com/lists/oss-security/2025/06/17/3
• https://www.openwall.com/lists/oss-security/2025/06/18/2
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-49175
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-49176
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-49177
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-49178
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-49179
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-49180

SRPMS 9/core

• x11-server-21.1.8-7.8.mga9
• x11-server-xwayland-22.1.9-1.8.mga9
• tigervnc-1.13.1-2.8.mga9

Publication date: 28 Jun 2025
Type: bugfix
Affected Mageia releases : 9
Description In some desktops, Muse freezes when you set a custom color for a track. We fixed the issue requiring the qt5ct package and forcing QT_QPA_PLATFORMTHEME=qt5ct muse4 in the desktop file. But, to not introduce unwanted side effects in systems with mixed desktops (Plasma KDE with others), we split the profile.d files of qt5ct in the package qt5ct-profile; the package is not fetched as part of the update and if you want to keep the effects of qt5ct at desktop start you should install qt5ct-profile after the update. References

• https://bugs.mageia.org/show_bug.cgi?id=34351

SRPMS 9/core

• muse-4.2.1-1.3.mga9
• qt5ct-1.7-1.1.mga9