Lector de Feeds

← Older revision Revision as of 19:36, 7 November 2025 (One intermediate revision by the same user not shown)Line 57: Line 57:    | Marja van Waes || marja || marja11 [at] freedom [dot] nl|| || '''Deputy''' ||   | Marja van Waes || marja || marja11 [at] freedom [dot] nl|| || '''Deputy''' ||    |-   |- −  | José Alberto Valle Cid || kanatek || j.alberto.vc@gmail.com  ||  ||  ||+  | José Alberto Valle Cid || katnatek || j.alberto.vc [at] gmail [dot] com  ||  ||  ||    |-   |- −  | Roelof Wobben || RoelofW || r.wobben@home.nl ||  ||  ||+  | Frank Sturm || sturmvogel || sturm-fr [at] web [dot] de ||  ||  ||  + |-  + | Frank Griffin || ftg || ftg [at] roadrunner [dot] com ||  ||  ||  |} |}    Lewyssmith

Publication date: 07 Nov 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-53057 , CVE-2025-53066 Description Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. (CVE-2025-53057) Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. (CVE-2025-53066) References

• https://bugs.mageia.org/show_bug.cgi?id=34697
• https://access.redhat.com/errata/RHSA-2025:18815
• https://access.redhat.com/errata/RHSA-2025:18818
• https://access.redhat.com/errata/RHSA-2025:18821
• https://www.oracle.com/security-alerts/cpuoct2025.html#AppendixJAVA
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-53057
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-53066

SRPMS 9/core

• java-1.8.0-openjdk-1.8.0.472.b08-1.mga9
• java-11-openjdk-11.0.29.0.7-1.mga9
• java-17-openjdk-17.0.17.0.10-1.mga9
• java-latest-openjdk-25.0.1.0.8-1.rolling.1.mga9

Publication date: 07 Nov 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-6965 Description Integer Truncation on SQLite. (CVE-2025-6965) References

• https://bugs.mageia.org/show_bug.cgi?id=34626
• https://www.openwall.com/lists/oss-security/2025/09/06/1
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6965

SRPMS 9/core

• sqlite3-3.40.1-1.3.mga9

Publication date: 07 Nov 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-5283 Description Double-free in libvpx encoder. (CVE-2025-5283) References

• https://bugs.mageia.org/show_bug.cgi?id=34346
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KFW4D73K3AUKLCFQCO3CMQVM3FH6SE6V/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5283

SRPMS 9/core

• libvpx-1.12.0-1.4.mga9

Publication date: 07 Nov 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-9732 Description A vulnerability was identified in DCMTK up to 3.6.9. This affects an unknown function in the library dcmimage/include/dcmtk/dcmimage/diybrpxt.h of the component dcm2img. Such manipulation leads to memory corruption. Local access is required to approach this attack. The name of the patch is 7ad81d69b. It is best practice to apply a patch to resolve this issue. References

• https://bugs.mageia.org/show_bug.cgi?id=34718
• https://lists.debian.org/debian-lts-announce/2025/11/msg00006.html
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9732

SRPMS 9/core

• dcmtk-3.6.7-4.6.mga9

Publication date: 07 Nov 2025
Type: bugfix
Affected Mageia releases : 9
Description Added support for YCbCr 4:2:2 display modes over HDMI Fixed Rate Link (FRL). This capability is only supported on Blackwell or later. Downgraded an error message "Failed to allocate NvKmsKapiDevice" to an informational message "NUMA was not set up yet; ignoring this device" when initializing nvidia-drm in cases where initialization is expected to fail due to NUMA not being online. Fixed a bug that caused interactive object outlines to not be rendered in Indiana Jones and the Great Circle. Fixed a regression introduced in the 575 driver series that caused GPUs to be powered on unnecessarily when processing redundant system power source notifications from the ACPI subsystem. References

• https://bugs.mageia.org/show_bug.cgi?id=34712
• https://www.nvidia.com/en-us/drivers/details/254665/

SRPMS 9/nonfree

• nvidia-current-580.95.05-1.mga9.nonfree

update team leaders

← Older revision Revision as of 19:33, 6 November 2025 Line 28: Line 28:  * [https://ml.mageia.org/l/info/bugsquad-discuss the mageia-bugsquad mailing list] * [https://ml.mageia.org/l/info/bugsquad-discuss the mageia-bugsquad mailing list]  * Team leaders: * Team leaders: −** Aurelien Oudelet ''auroud85'' ouaurelien [at] gmail [dot] com    ** Lewis Smith ''lewyssmith'' lewyssmith[at]laposte[dot]net ** Lewis Smith ''lewyssmith'' lewyssmith[at]laposte[dot]net  +** Marja van Waes ''marja'' marja11[at]freedom[dot]nl     |-  valign="top" |-  valign="top" Marja

‎LXQt with Wayland

← Older revision Revision as of 11:42, 6 November 2025 Line 311: Line 311:     We provide {{prog|task-lxqt-wayland}} and {{prog|task-lxqt-wayaland-minimal}} in our repositories, you can install lxqt from the Classical ISO, add the online repositories and install one of the wayland task packages. We provide {{prog|task-lxqt-wayland}} and {{prog|task-lxqt-wayaland-minimal}} in our repositories, you can install lxqt from the Classical ISO, add the online repositories and install one of the wayland task packages.  +  +You can choice the window manager you want to use. The choice includes kwin_wayland, labwc, niri and hyprland.     Some things will not work see the [[Mageia_10_Errata|Errata page]]. Some things will not work see the [[Mageia_10_Errata|Errata page]]. Papoteur

‎Belgium: typo fix

← Older revision Revision as of 10:38, 6 November 2025 (One intermediate revision by the same user not shown)Line 31: Line 31:     === Belgium === === Belgium === −* '''PC-Fixer.be''' - http://www.pc-fixer.be/ (website in French) - Brussels - Selling laptop and desktop computers with Mageia preinstalled+* '''PC-Fixer.be''' - http://www.pc-fixer.be/ (website in French) - Brussels - Selling laptop and d1sktop computers with Mageia preinstalled. Confirmed not only still installing Mageia, but also troubleshooting Mageia installations on 2025-11-06.     === Germany === === Germany === Marja

‎Networking: link to bug comment

← Older revision Revision as of 09:49, 6 November 2025 Line 472: Line 472:     {{Bug|34662}} - '''Possible Broadcom BCM4313 802.11bgn Wireless Network Adapter problem'''<BR> {{Bug|34662}} - '''Possible Broadcom BCM4313 802.11bgn Wireless Network Adapter problem'''<BR> −A user has reported that using the Mageia default driver broadcom-bcma-config + brcmsmac, the WiFi connection is slow but starts automatically. Changing to broadcom-wl-common + dkms-broadcom-wl, the wiFi connection is fast but does not start automatically. Comment 30 proposes a workaround.+A user has reported that using the Mageia default driver broadcom-bcma-config + brcmsmac, the WiFi connection is slow but starts automatically. Changing to broadcom-wl-common + dkms-broadcom-wl, the wiFi connection is fast but does not start automatically. [https://bugs.mageia.org/show_bug.cgi?id=34662#c30 Comment 30] proposes a workaround.     ==== Downloading software ==== ==== Downloading software ==== Morgano

← Older revision Revision as of 09:22, 6 November 2025 Line 470: Line 470:     {{Bug|33236}} - '''openvpn kills Internet when used with resolvconf;''' it really wants openresolv to work with Protonvpn. '''WORKAROUND''' see bug. {{Bug|33236}} - '''openvpn kills Internet when used with resolvconf;''' it really wants openresolv to work with Protonvpn. '''WORKAROUND''' see bug.  +  +{{Bug|34662}} - '''Possible Broadcom BCM4313 802.11bgn Wireless Network Adapter problem'''<BR>  +A user has reported that using the Mageia default driver broadcom-bcma-config + brcmsmac, the WiFi connection is slow but starts automatically. Changing to broadcom-wl-common + dkms-broadcom-wl, the wiFi connection is fast but does not start automatically. Comment 30 proposes a workaround.     ==== Downloading software ==== ==== Downloading software ==== Lewyssmith

Publication date: 06 Nov 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-3887 Description GStreamer H265 Codec Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. (CVE-2025-3887) References

• https://bugs.mageia.org/show_bug.cgi?id=34356
• https://ubuntu.com/security/notices/USN-7558-1
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3887

SRPMS 9/core

• gstreamer1.0-plugins-bad-1.22.11-1.1.mga9

9/tainted

• gstreamer1.0-plugins-bad-1.22.11-1.1.mga9.tainted

Publication date: 06 Nov 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-62229 , CVE-2025-62230 , CVE-2025-62231 Description Use-after-free in XPresentNotify structures creation. (CVE-2025-62229) Use-after-free in Xkb client resource removal. (CVE-2025-62230) Value overflow in Xkb extension XkbSetCompatMap(). (CVE-2025-62231) References

• https://bugs.mageia.org/show_bug.cgi?id=34701
• https://www.openwall.com/lists/oss-security/2025/10/28/7
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-62229
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-62230
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-62231

SRPMS 9/core

• x11-server-21.1.8-7.9.mga9
• x11-server-xwayland-22.1.9-1.9.mga9
• tigervnc-1.13.1-2.9.mga9

Publication date: 06 Nov 2025
Type: bugfix
Affected Mageia releases : 9
Description We are rebuilding packages requiring icu version 72 with icu version 73 to use an icu version with security fixes. These packages are the second set. References

• https://bugs.mageia.org/show_bug.cgi?id=34665

SRPMS 9/core

• brltty-6.5-2.1.mga9
• darktable-4.6.1-1.1.mga9
• dino-0.4.2-1.1.mga9
• gnome-text-editor-44.0-1.1.mga9
• godot-4.5-1.1.mga9
• hfst-ospell-0.5.3-2.1.mga9
• kdb-3.2.90-11.git20220620.mga9
• libe-book-0.1.3-13.1.mga9
• libphonenumber-8.12.57-4.1.mga9
• libical-3.0.16-2.1.mga9
• liblcf-0.7.0-3.1.mga9
• mapnik-3.1.0-9.1.mga9
• libmspub-0.1.4-13.1.mga9
• nuspell-5.1.2-1.1.mga9
• libqalculate-4.5.1-2.1.mga9
• qt5compat6-6.4.1-3.1.mga9
• qt4-4.8.7-45.1.mga9
• libqxp-0.0.2-10.1.mga9
• libvisio-0.1.7-10.1.mga9
• vte-0.72.1-1.2.mga9
• xalan-c-1.12-5.1.mga9
• libzmf-0.0.2-13.1.mga9
• ncmpcpp-0.9.2-11.1.mga9
• openttd-13.3-1.1.mga9
• qtlocation5-5.15.7-2.1.mga9
• rspamd-3.2-3.1.mga9
• slop-7.6-2.1.mga9
• tesseract-5.3.0-3.1.mga9
• texlive-20220321-7.2.mga9
• unar-1.10.7-11.1.mga9
• widelands-1.1-2.1.mga9
• znc-1.8.2-21.2.mga9
• samba-4.17.12-1.1.mga9

Publication date: 06 Nov 2025
Type: bugfix
Affected Mageia releases : 9
Description We are rebuilding packages requiring icu 72 version with icu 73 version to use an icu version with security fixes. These packages are the first set. References

• https://bugs.mageia.org/show_bug.cgi?id=34619

SRPMS 9/core

• 389-adminutil-1.1.22-19.1.mga9
• 389-ds-base-1.4.0.26-17.1.mga9
• 389-dsgw-1.1.11-27.1.mga9
• boost-1.81.0-3.1.mga9
• couchdb-3.2.2-2.2.mga9
• dee-1.2.7-31.1.mga9
• fbembed-2.5.9.27115-13.1.mga9
• freeciv-3.0.7-1.1.mga9
• harfbuzz-7.0.1-1.1.mga9
• ibus-qt4-1.3.3-19.1.mga9
• ircclient-qt-0.3.2-32.1.mga9
• mongo-c-driver-1.23.2-2.1.mga9
• mozjs102-102.6.0-2.1.mga9
• parrot-8.1.0-15.1.mga9
• postfix-3.8.4-1.1.mga9
• prelude-lml-5.2.0-7.1.mga9
• python-icu-2.10.2-1.1.mga9
• sword-1.9.0-9.1.mga9
• tepl-6.4.0-1.1.mga9
• tracker-3.5.3-1.1.mga9
• tracker-miners-3.5.2-1.1.mga9
• xerces-c-3.2.4-1.1.mga9
• xfsprogs-6.6.0-1.1.mga9
• yaz-5.34.0-1.1.mga9

Publication date: 06 Nov 2025
Type: bugfix
Affected Mageia releases : 9
Description The updated packages provide the latest version of xscreensaver to get rid of "This version is very old" and fix a heap buffer overflow. References

• https://bugs.mageia.org/show_bug.cgi?id=34707

SRPMS 9/core

• xscreensaver-6.12-1.1.mga9

9/tainted

• xscreensaver-6.12-1.1.mga9.tainted