Lector de Feeds

← Older revision Revision as of 18:15, 18 March 2025 (2 intermediate revisions by the same user not shown)Line 13: Line 13:  * [[Packagers groups]] * [[Packagers groups]]  * [[Packagers linkpage|External links]] * [[Packagers linkpage|External links]] −* [[Mandriva_packagers|Mandriva packagers]]+* [[Mandriva_packagers|Mageia packagers]]     |style="-moz-border-radius:10px; width:48%; background: #F6F6F6;"| '''Packagers communication''' |style="-moz-border-radius:10px; width:48%; background: #F6F6F6;"| '''Packagers communication''' Mokraemer

Publication date: 18 Mar 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-1080 Description Macro URL arbitrary script execution. (CVE-2025-1080) References

• https://bugs.mageia.org/show_bug.cgi?id=34068
• https://lists.debian.org/debian-security-announce/2025/msg00035.html
• https://www.libreoffice.org/about-us/security/advisories/cve-2025-1080/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1080

SRPMS 9/core

• libreoffice-24.2.7.2-1.1.mga9

Add example commit, more details

← Older revision Revision as of 18:36, 17 March 2025 Line 2: Line 2:     * take a checkout of puppet configuration * take a checkout of puppet configuration −* go to modules/buildsystem/templates+* go to ''modules/buildsystem/templates'' −* edit submit-todo.conf+* edit ''submit-todo.conf''    −in checks/version/cauldron ( yaml hierarchy )+in ''checks/version/cauldron'' ( yaml hierarchy )     * change mode from   * change mode from   Line 13: Line 13:     * commit and push * commit and push −* connect on valstar and apply puppet manifest+   +The change will come into effect on the next Puppet run (up to 45 minutes). Here is [https://gitweb.mageia.org/infrastructure/puppet/commit/?id=7827863672e52cfdf43d20a7d776cc1ba6ec313a an example] of such a commit.  +   +A Release Freeze is done similarly, but with  +   + mode: freeze     == How to add someone to the list of users able to upload == == How to add someone to the list of users able to upload ==    −* connect on ldap.mageia.org with sysadmin account+* add the user to the group ''mga-release_managers'' using the [[SOP Adding user to group]] procedure −* add the user to the group "mga-release_managers"      [[Category:Sysadmin]] [[Category:Sysadmin]] Danf

Publication date: 17 Mar 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-25724 Description list_item_verbose in tar/util.c in libarchive through 3.7.7 does not check an strftime return value, which can lead to a denial of service or unspecified other impact via a crafted TAR archive that is read with a verbose value of 2. For example, the 100-byte buffer may not be sufficient for a custom locale. (CVE-2025-25724 References

• https://bugs.mageia.org/show_bug.cgi?id=34102
• https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/2VPBSF65DTMKEEGFEJY6QEGJSZY7TSKV/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-25724

SRPMS 9/core

• libarchive-3.6.2-5.4.mga9

Publication date: 17 Mar 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-13176 Description Timing side-channel in ECDSA signature computation. (CVE-2024-13176) References

• https://bugs.mageia.org/show_bug.cgi?id=34106
• https://openssl-library.org/news/secadv/20250120.txt
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176

SRPMS 9/core

• quictls-3.0.15-1.2.mga9