Principal

Lector de Feeds

Re: [dev] maintained packages - dan@coneharvesters.com

Mageia Cauldron - 12 Noviembre, 2025 - 23:04

MGASA-2025-0282 - Updated python-tornado packages fix security vulnerability

Mageia Security - 12 Noviembre, 2025 - 22:29
Publication date: 12 Nov 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-47287 Description Tornado vulnerable to excessive logging caused by malformed multipart form data. (CVE-2025-47287) References SRPMS 9/core
  • python-tornado-6.3.2-1.2.mga9
Categorías: Actualizaciones de Seguridad

MGASA-2025-0281 - Updated python-urllib3 & python-pip packages fix security vulnerability

Mageia Security - 12 Noviembre, 2025 - 22:29
Publication date: 12 Nov 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-50181 Description Urllib3 redirects are not disabled when retries are disabled on PoolManager instantiation. (CVE-2025-50181) References SRPMS 9/core
  • python-urllib3-1.26.20-1.1.mga9
  • python-pip-23.0.1-1.2.mga9
Categorías: Actualizaciones de Seguridad

MGASA-2025-0280 - Updated python3 packages fix security vulnerabilities

Mageia Security - 12 Noviembre, 2025 - 22:29
Publication date: 12 Nov 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-0938 , CVE-2025-1795 , CVE-2024-9287 , CVE-2025-4516 , CVE-2024-12718 , CVE-2025-4138 , CVE-2025-4330 , CVE-2025-4435 , CVE-2025-4517 , CVE-2025-8194 Description URL parser allowed square brackets in domain names. (CVE-2025-0938) Mishandling of comma during folding and unicode-encoding of email headers. (CVE-2025-1795) Virtual environment (venv) activation scripts don't quote paths. (CVE-2024-9287) Use-after-free in "unicode_escape" decoder with error handler. (CVE-2025-4516) Bypass extraction filter to modify file metadata outside extraction directory. (CVE-2024-12718) Bypassing extraction filter to create symlinks to arbitrary targets outside extraction directory. (CVE-2025-4138) Extraction filter bypass for linking outside extraction directory. (CVE-2025-4330) Tarfile extracts filtered members when errorlevel=0. (CVE-2025-4435) Arbitrary writes via tarfile realpath overflow. (CVE-2025-4517) Tarfile infinite loop during parsing with negative member offset. (CVE-2025-8194) References SRPMS 9/core
  • python3-3.10.18-1.4.mga9
Categorías: Actualizaciones de Seguridad

MGASA-2025-0279 - Updated perl-Data-Entropy packages fix security vulnerability

Mageia Security - 12 Noviembre, 2025 - 22:29
Publication date: 12 Nov 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-1860 Description Data::Entropy for Perl uses insecure rand() function for cryptographic functions. (CVE-2025-1860) References SRPMS 9/core
  • perl-Data-Entropy-0.7.0-10.1.mga9
Categorías: Actualizaciones de Seguridad

MGASA-2025-0278 - Updated perl-File-Find-Rule packages fix security vulnerability

Mageia Security - 12 Noviembre, 2025 - 22:29
Publication date: 12 Nov 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2011-10007 Description File::Find::Rule through 0.34 for Perl is vulnerable to Arbitrary Code Execution when `grep()` encounters a crafted file name. (CVE-2011-10007) References SRPMS 9/core
  • perl-File-Find-Rule-0.340.0-5.1.mga9
Categorías: Actualizaciones de Seguridad

MGASA-2025-0277 - Updated perl-FCGI packages fix security vulnerability

Mageia Security - 12 Noviembre, 2025 - 22:29
Publication date: 12 Nov 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-40907 Description FCGI versions 0.44 through 0.82, for Perl, include a vulnerable version of the FastCGI fcgi2 (aka fcgi) library. (CVE-2025-40907) References SRPMS 9/core
  • perl-FCGI-0.820.0-3.1.mga9
Categorías: Actualizaciones de Seguridad

MGASA-2025-0276 - Updated perl-CPAN & perl-HTTP-Tiny packages fix security vulnerabilities

Mageia Security - 12 Noviembre, 2025 - 22:29
Publication date: 12 Nov 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2023-31484 , CVE-2023-31486 Description CPAN.pm before 2.35 does not verify TLS certificates when downloading distributions over HTTPS. (CVE-2023-31484) HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and available standalone on CPAN, has an insecure default TLS configuration where users must opt in to verify certificates. (CVE-2023-31486) References SRPMS 9/core
  • perl-CPAN-2.340.0-1.1.mga9
  • perl-HTTP-Tiny-0.82.0-1.1.mga9
Categorías: Actualizaciones de Seguridad

MGASA-2025-0275 - Updated perl-YAML-LibYAML packages fix security vulnerability

Mageia Security - 12 Noviembre, 2025 - 22:29
Publication date: 12 Nov 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-40908 Description YAML-LibYAML prior to 0.903.0 for Perl uses 2-args open, allowing existing files to be modified. (CVE-2025-40908) References SRPMS 9/core
  • perl-YAML-LibYAML-0.860.0-1.1.mga9
Categorías: Actualizaciones de Seguridad

MGASA-2025-0274 - Updated perl packages fix security vulnerabilities

Mageia Security - 12 Noviembre, 2025 - 22:29
Publication date: 12 Nov 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2023-31484 , CVE-2024-56406 , CVE-2025-40909 Description CPAN.pm before 2.35 does not verify TLS certificates when downloading distributions over HTTPS. (CVE-2023-31484) Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes. (CVE-2024-56406) Perl threads have a working directory race condition where file operations may target unintended paths. (CVE-2025-40909) References SRPMS 9/core
  • perl-5.36.0-1.2.mga9
Categorías: Actualizaciones de Seguridad

Re: [dev] maintained packages - pterjan@gmail.com

Mageia Cauldron - 12 Noviembre, 2025 - 22:15

Re: [dev] baloo is consuming my disk - mageia@mtailounie.net

Mageia Cauldron - 12 Noviembre, 2025 - 22:10

Re: [dev] baloo is consuming my disk - fri@tribun.eu

Mageia Cauldron - 12 Noviembre, 2025 - 18:50

Re: [dev] baloo is consuming my disk - davidwhodgins@gmail.com

Mageia Cauldron - 12 Noviembre, 2025 - 18:09

MGASA-2025-0273 - Updated unbound packages fix security vulnerability

Mageia Security - 12 Noviembre, 2025 - 18:08
Publication date: 12 Nov 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-11411 Description Several multi-vendor cache poisoning vulnerabilities have been discovered in caching resolvers for non-DNSSEC protected data. Unbound is vulnerable for some of these cases that could lead to domain hijacking (CVE-2025-11411). References SRPMS 9/core
  • unbound-1.24.1-1.mga9
Categorías: Actualizaciones de Seguridad

MGAA-2025-0094 - Updated nvidia-current packages fix bug

Mageia Security - 12 Noviembre, 2025 - 18:08
Publication date: 12 Nov 2025
Type: bugfix
Affected Mageia releases : 9
Description Fixed an issue that caused the vfio-pci module to soft lockup after powering off a VM with passed-through NVIDIA GPUs. Fixed a recent regression which prevented HDMI FRL from working after hot unplugging and replugging a display. Fixed a bug that caused Rage2 to crash when loading the game menu: https://forums.developer.nvidia.com/t/rage-2-crashes-when-entering-the-m ap-seems-nvidia-specific-problem/169063 Fixed a bug that caused Metro Exodus EE to crash: https://forums.developer.nvidia.com/t/580-release-feedback-discussion/34 1205/53 Fixed a bug that allowed VRR to be enabled on some modes where it isn't actually possible, leading to a black screen. Fixed a bug that could cause some HDMI displays to remain blank after unplugging and re-plugging the display. Fixed an issue that would prevent large resolution or high References SRPMS 9/nonfree
  • nvidia-current-580.105.08-1.mga9.nonfree
Categorías: Actualizaciones de Seguridad

Re: [dev] maintained packages - wally@mageia.org

Mageia Cauldron - 12 Noviembre, 2025 - 15:57

[dev] baloo is consuming my disk - mageia@mtailounie.net

Mageia Cauldron - 12 Noviembre, 2025 - 15:53

Re: [dev] maintained packages - filip.komar@gmail.com

Mageia Cauldron - 12 Noviembre, 2025 - 06:37

Re: [dev] maintained packages - j.biernacki+mga@free.fr

Mageia Cauldron - 12 Noviembre, 2025 - 06:20
Feed