Lector de Feeds

‎On guests: link to bug.

← Older revision Revision as of 00:12, 17 November 2025 Line 34: Line 34:  On the guest, if it is Mageia, make sure {{prog|virtualbox-guest-additions}} is installed. Mageia installer normally detects if it is run inside VirtualBox and installs it automatically, but check! This provides the guest with the ability to share files and sync time with the host. Also, you need to add the guest system user to group vboxsf if you want folder sharing with host to work (or else only root can access them). On the guest, if it is Mageia, make sure {{prog|virtualbox-guest-additions}} is installed. Mageia installer normally detects if it is run inside VirtualBox and installs it automatically, but check! This provides the guest with the ability to share files and sync time with the host. Also, you need to add the guest system user to group vboxsf if you want folder sharing with host to work (or else only root can access them).    −For Microsoft Windows guests, after install, in the running guest virtual screen window: menu {{Menu|Devices -> Insert CD image of guest additions}}, and have the guest install it. (VirtualBox may download it automatically from Oracle if needed.)+For Microsoft Windows guests, after install, in the running guest virtual screen window: menu {{Menu|Devices -> Insert CD image of guest additions}}, and have the guest install it. (VirtualBox may download it automatically from Oracle if needed.) Here are often various quirks, see {{Bug|18962}}     == Reaching Documentation == == Reaching Documentation == Morgano

Publication date: 15 Nov 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-48734 Description Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum's declaredClass property by default. (CVE-2025-48734) References

• https://bugs.mageia.org/show_bug.cgi?id=34330
• https://lists.opensuse.org/opensuse-updates/2019-09/msg00017.html
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48734

SRPMS 9/core

• apache-commons-beanutils-1.9.4-7.1.mga9

‎Various software: Wine update

← Older revision Revision as of 13:12, 15 November 2025 Line 336: Line 336:  {{Bug|28582}} - '''phppgadmin''' (umaintained upstream) did not work with php8 - that got FIXED by our patched update. But it still do not work with postgresql15 - '''WORKAROUND:''' downgrade to postgresql13. Both are in Mageia 9. {{Bug|28582}} - '''phppgadmin''' (umaintained upstream) did not work with php8 - that got FIXED by our patched update. But it still do not work with postgresql15 - '''WORKAROUND:''' downgrade to postgresql13. Both are in Mageia 9.    −{{Bug|28814}}, {{Bug|28840}}, {{Bug|31989}} - '''Wine''' missing a few dependencies, especially for 32 bit libs. (Thus also '''PlayOnLinux'''.) '''Manual fix''' and also other tips [[Ways_to_install_programs#Running_MSWindows_programs|'''here''']]. If launching a wine app gives warnings that suitable versions are missing, see {{Bug|16273}}.+'''FIXED BY UPDATE''' ''-mostly-'' '''Wine''' (Thus also '''PlayOnLinux.''') - If still problems see [[Ways_to_install_programs#Running_MSWindows_programs|'''here''']]. Bugs {{Bug|16273}}, {{Bug|28814}}, {{Bug|28840}}, {{Bug|31989}}.     {{Bug|30937}} - '''Thunderbird''' leaves temporary files on desktop if set to open pdf in external program. [https://bugzilla.mozilla.org/show_bug.cgi?id=1793932 Upstream.] Workaround is the default setting to open in TB, see linked bugs. {{Bug|30937}} - '''Thunderbird''' leaves temporary files on desktop if set to open pdf in external program. [https://bugzilla.mozilla.org/show_bug.cgi?id=1793932 Upstream.] Workaround is the default setting to open in TB, see linked bugs. Morgano

‎Wine: #28814 fixed by update

← Older revision Revision as of 13:12, 15 November 2025 Line 232: Line 232:  For Wine integrated into Steam see [[#Proton|Proton]]. For Wine integrated into Steam see [[#Proton|Proton]].    −Sometimes Wine works, other times it doesn't work. There are several bug-reports still open, see there for workarounds.+Wine have a few quirks. Maybe see below for ideas, and ask in forum and upstreams.    −{{Bug|16273}} : If launching a wine app gives warnings that suitable versions are missing, see this bug.+{{Bug|16273}} If launching a wine app gives warnings that suitable versions are missing, see this bug. −   −{{bug|28814}} - Wine 32-bit install on 64-bit system doesn't pull mesa 32-bit drivers      {{bug|28840}} - wine32 should require libjpeg.so.8 {{bug|28840}} - wine32 should require libjpeg.so.8 Morgano

Publication date: 15 Nov 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-55014 Description The YouDao plugin for StarDict, as used in stardict 3.0.7+git20220909+dfsg-6 in Debian trixie and elsewhere, sends an X11 selection to the dict.youdao.com and dict.cn servers via cleartext HTTP. (CVE-2025-55014) References

• https://bugs.mageia.org/show_bug.cgi?id=34533
• https://seclists.org/oss-sec/2025/q3/75
• https://seclists.org/oss-sec/2025/q3/81
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-55014

SRPMS 9/core

• stardict-3.0.6.3-2.1.mga9

Publication date: 15 Nov 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-3155 Description The Gnome user help application allows the help document to execute arbitrary scripts. This vulnerability allows malicious users to input help documents, which may exfiltrate user files to an external environment. (CVE-2025-3155) References

• https://bugs.mageia.org/show_bug.cgi?id=34173
• https://www.openwall.com/lists/oss-security/2025/04/04/1
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/27Z5WA2SKQGJ4UVVHUNWY73Y4PNKT3AA/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LNBXVCRWOMV4OCPACFVW6R4I6T4PSAEM/
• https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/T4HL3S3XNP5C4Q7YW3W22GDBDEEXQDW2/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3155

SRPMS 9/core

• yelp-42.2-1.1.mga9
• yelp-xsl-42.1-1.1.mga9

Publication date: 15 Nov 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-48976 Description Apache Commons FileUpload: FileUpload DoS via part headers. (CVE-2025-48976) References

• https://bugs.mageia.org/show_bug.cgi?id=34377
• https://www.openwall.com/lists/oss-security/2025/06/16/4
• https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/O4NTTRMGJEETFRWJKHNAERLI3E52LN2W/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48976

SRPMS 9/core

• apache-commons-fileupload-1.4-5.1.mga9

Publication date: 15 Nov 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-50383 Description Botan before 3.6.0, when certain GCC versions are used, has a compiler-induced secret-dependent operation in lib/utils/donna128.h in donna128 (used in Chacha-Poly1305 and x25519). An addition can be skipped if a carry is not set. This was observed for GCC 11.3.0 with -O2 on MIPS, and GCC on x86-i386 (only 32-bit processors can be affected). (CVE-2024-50383) References

• https://bugs.mageia.org/show_bug.cgi?id=34391
• https://ubuntu.com/security/notices/USN-7586-1
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50383

SRPMS 9/core

• botan2-2.19.5-1.1.mga9

Publication date: 15 Nov 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-6140 Description Spdlog pattern_formatter-inl.h scoped_padder resource consumption. (CVE-2025-6140) References

• https://bugs.mageia.org/show_bug.cgi?id=34446
• https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/PKLBHCP4H6J6LCEJELBPDKGM2W4ZWDNC/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6140

SRPMS 9/core

• spdlog-1.11.0-4.1.mga9

Publication date: 15 Nov 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-48924 Description Apache Commons Lang, Apache Commons Lang: ClassUtils.getClass(...) can throw a StackOverflowError on very long inputs. (CVE-2025-48924) References

• https://bugs.mageia.org/show_bug.cgi?id=34483
• https://www.openwall.com/lists/oss-security/2025/07/11/1
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48924

SRPMS 9/core

• apache-commons-lang3-3.12.0-3.1.mga9
• apache-commons-lang-2.6-25.1.mga9