Lector de Feeds

Publication date: 05 Nov 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-3469 , CVE-2025-32696 , CVE-2025-32697 , CVE-2025-32698 , CVE-2025-32699 , CVE-2025-32700 , CVE-2025-32072 , CVE-2025-11173 , CVE-2025-11261 , CVE-2025-61635 , CVE-2025-61638 , CVE-2025-61639 , CVE-2025-61640 , CVE-2025-61641 , CVE-2025-61643 , CVE-2025-61646 , CVE-2025-61653 Description i18n XSS vulnerability in HTMLMultiSelectField when sections are used. (CVE-2025-3469) "reupload-own" restriction can be bypassed by reverting file. (CVE-2025-32696) Cascading protection is not preventing file reversions. (CVE-2025-32697) LogPager.php: Restriction enforcer functions do not correctly enforce suppression restrictions. (CVE-2025-32698) Potential javascript injection attack enabled by Unicode normalization in Action API. (CVE-2025-32699) AbuseFilter log interfaces expose global private and hidden filters when central DB is not available. (CVE-2025-32700) HTML injection in feed output from i18n message. (CVE-2025-32072) OATHAuth extension: Reauthentication for enabling 2FA can be bypassed by submitting a form in Special:OATHManage. (CVE-2025-11173) Stored i18n Cross-site scripting (XSS) vulnerability in mw.language.listToText. (CVE-2025-11261) ConfirmEdit extension: Missing rate limiting in ApiFancyCaptchaReload. (CVE-2025-61635) Parsoid: Validation bypass for `data-` attributes. (CVE-2025-61638) Log entries which are hidden from the creation of the entry may be disclosed to the public recent change entry. (CVE-2025-61639) Stored i18n Cross-site scripting (XSS) vulnerability in Special:RecentChangesLinked. (CVE-2025-61640) DDoS vulnerability in QueryAllPages API in miser mode. The `maxsize` value is now ignored in that mode. (CVE-2025-61641) Suppressed recent changes may be disclosed to the public RCFeeds. (CVE-2025-61643) Public Watchlist/RecentChanges pages may disclose hidden usernames when an individual editor makes consecutive revisions on a single page, and only some are marked as hidden username. (CVE-2025-61646) TextExtracts extension: Information disclosure vulnerability in the extracts API action endpoint due to missing read permission check. (CVE-2025-61653) VisualEditor extension: Stored i18n Cross-site scripting (XSS) vulnerability in `lastModifiedAt` system messages. (CVE-2025-61655) VisualEditor extension: Missing attribute validation for attributes unwrapped from `data-ve-attributes`. (CVE-2025-61656) References

• https://bugs.mageia.org/show_bug.cgi?id=34211
• https://lists.debian.org/debian-security-announce/2025/msg00063.html
• https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce@lists.wikimedia.org/thread/CIXFJVC57OFRBCCEIDRLZCLFGMYGEYTT/
• https://lists.debian.org/debian-security-announce/2025/msg00121.html
• https://lists.debian.org/debian-lts-announce/2025/10/msg00034.html
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3469
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32696
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32697
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32698
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32699
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32700
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32072
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11173
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11261
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61635
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61638
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61639
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61640
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61641
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61643
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61646
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61653

SRPMS 9/core

• mediawiki-1.35.14-1.1.mga9

Publication date: 05 Nov 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-46836 Description net-tools Stack-based Buffer Overflow vulnerability. (CVE-2025-46836) References

• https://bugs.mageia.org/show_bug.cgi?id=34295
• https://lists.debian.org/debian-security-announce/2025/msg00086.html
• https://ubuntu.com/security/notices/USN-7537-1
• https://ubuntu.com/security/notices/USN-7537-2
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-46836

SRPMS 9/core

• net-tools-2.10-1.1.mga9

Publication date: 05 Nov 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-36347 Description AMD CPU Microcode Signature Verification Vulnerability. (CVE-2024-36347) References

• https://bugs.mageia.org/show_bug.cgi?id=34706
• https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7033.html
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36347

SRPMS 9/nonfree

• microcode-0.20250812-3.mga9.nonfree

Remove the temporary copy of the English translation of our constitution, because it has been available on https://www.mageia.org/en/about/constitution/ since long ago

Show changes Marja

‎USA: Update the Remy Services entry

← Older revision Revision as of 15:29, 5 November 2025 Line 16: Line 16:  === USA === === USA ===    −* '''Remy Services, LLC''' - https://community.spiceworks.com/service-providers/975-remy-services-llc - We offer remote and onsite computer maintenance and repair to help you with all your computer needs. Everything from virus or malware removal, data recovery, network installations, hardware installation, laptop repairs and general cleanup. Our recent work: Mageia Package QA Testing.+* '''Remy Services, LLC''' - https://www.remyservices.net/remyservices/about/ - (2025-11-05: currently only for existing customers) We offer remote and onsite computer maintenance and repair to help you with all your computer needs. Everything from virus or malware removal, data recovery, network installations, hardware installation, laptop repairs and general cleanup. Our recent work: Mageia Package QA Testing.     <!--- * '''Name''' - url or contact - City, Country <!--- * '''Name''' - url or contact - City, Country Marja

‎USA: Update the Remy Services entry

← Older revision Revision as of 15:29, 5 November 2025 (2 intermediate revisions by the same user not shown)Line 1: Line 1:  {{multi language banner|[[Commercial_vendors|English]] ; [[Commercial_vendors_pl|Polski]] ; [[Área_Comercial_pt-PT|Português (Portugal)]] ; [[Fornecedores comerciais - pt-BR|português brasileiro]] ;}} {{multi language banner|[[Commercial_vendors|English]] ; [[Commercial_vendors_pl|Polski]] ; [[Área_Comercial_pt-PT|Português (Portugal)]] ; [[Fornecedores comerciais - pt-BR|português brasileiro]] ;}}    −{{Draft}}      For-profit organizations are part of the Mageia ecosystem. The following companies provide commercial services with or around Mageia software, tools or project. For-profit organizations are part of the Mageia ecosystem. The following companies provide commercial services with or around Mageia software, tools or project. Line 8: Line 7:     == Consulting, training, development services == == Consulting, training, development services ==  +  +=== France ===  +  +* '''Open Source Software Assurance''' - https://www.linagora.com/ - From Open Source Leader company ! Our mission : bug hunting, support, assistance and Open Source lifecycle management from Open Source experts !  +  +* '''SIVEO''' - http://www.siveo.net/ - SIVEO is an infrastructure automation software company; it is a young company creates innovative in November 2008. First French company labelled in the INTEL CLOUD Builder initiative for its eVA solution, SIVEO works with publishers, SSII, public and private accounts. [https://blog.mageia.org/en/2015/11/17/siveo-joins-mageia/ SIVEO joins Mageia <!--is first official sponsor of the Mageia project (To be discussed, this is ambiguous - Stormi). (Commenting that part out for now, to avoid that companies feel offended who have donated in whichever way to Mageia and were earlier in time to do that marja, 2016-04-21)-->] [https://twitter.com/eVPlanet Follow us on twitter.]  +  +=== USA ===  +  +* '''Remy Services, LLC''' - https://www.remyservices.net/remyservices/about/ - (2025-11-05: currently only for existing customers) We offer remote and onsite computer maintenance and repair to help you with all your computer needs. Everything from virus or malware removal, data recovery, network installations, hardware installation, laptop repairs and general cleanup. Our recent work: Mageia Package QA Testing.     <!--- * '''Name''' - url or contact - City, Country <!--- * '''Name''' - url or contact - City, Country Line 13: Line 22:     == Hosting == == Hosting ==  +*  '''GigaTux''' - http://www.gigatux.com/distro/mageia_vps Gigatux supports the latest Mageia stable version on demand     <!--- * '''Name''' - url, city --> <!--- * '''Name''' - url, city -->     == Hardware vendors == == Hardware vendors ==  +=== United Kingdom ===  +* '''Ministry of Freedom''' - https://minifree.org/ (website in English) - Essex - Selling laptop, desktop and server computers with Mageia preinstalled, along with a free/opensource BIOS called [https://libreboot.org/ Libreboot]  +  +=== Belgium ===  +* '''PC-Fixer.be''' - http://www.pc-fixer.be/ (website in French) - Brussels - Selling laptop and desktop computers with Mageia preinstalled     === Germany === === Germany === Marja

Publication date: 04 Nov 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-48174 , CVE-2025-48175 Description In libavif before 1.3.0, makeRoom in stream.c has an integer overflow and resultant buffer overflow in stream->offset+size. (CVE-2025-48174) In libavif before 1.3.0, avifImageRGBToYUV in reformat.c has integer overflows in multiplications involving rgbRowBytes, yRowBytes, uRowBytes, and vRowBytes. (CVE-2025-48175) References

• https://bugs.mageia.org/show_bug.cgi?id=34336
• https://lists.debian.org/debian-security-announce/2025/msg00094.html
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48174
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48175

SRPMS 9/core

• libavif-0.11.1-1.1.mga9

Publication date: 04 Nov 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-47912 , CVE-2025-58183 , CVE-2025-58185 , CVE-2025-58186 , CVE-2025-58187 , CVE-2025-58188 , CVE-2025-58189 , CVE-2025-61723 , CVE-2025-61724 , CVE-2025-61725 Description Insufficient validation of bracketed IPv6 hostnames in net/url. (CVE-2025-47912) Unbounded allocation when parsing GNU sparse map in archive/tar. (CVE-2025-58183) Parsing DER payload can cause memory exhaustion in encoding/asn1. (CVE-2025-58185) Lack of limit when parsing cookies can cause memory exhaustion in net/http. (CVE-2025-58186) Quadratic complexity when checking name constraints in crypto/x509. (CVE-2025-58187) Panic when validating certificates with DSA public keys in crypto/x509. (CVE-2025-58188) ALPN negotiation error contains attacker controlled information in crypto/tls. (CVE-2025-58189) Quadratic complexity when parsing some invalid inputs in encoding/pem. (CVE-2025-61723) Excessive CPU consumption in Reader.ReadResponse in net/textproto. (CVE-2025-61724) Excessive CPU consumption in ParseAddress in net/mail. (CVE-2025-61725) These packages fix the issues for the compiler only; applications using the functions still need to be rebuilt. References

• https://bugs.mageia.org/show_bug.cgi?id=34651
• https://www.openwall.com/lists/oss-security/2025/10/08/1
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-47912
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58183
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58185
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58186
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58187
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58188
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58189
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61723
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61724
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61725

SRPMS 9/core

• golang-1.24.9-1.mga9

‎France: Removing Hupstream because it no longer exists since 2023-12-31 https://www.pappers.fr/entreprise/hupstream-532262268

← Older revision Revision as of 12:44, 4 November 2025 (One intermediate revision by the same user not shown)Line 1: Line 1:  {{multi language banner|[[Commercial_vendors|English]] ; [[Commercial_vendors_pl|Polski]] ; [[Área_Comercial_pt-PT|Português (Portugal)]] ; [[Fornecedores comerciais - pt-BR|português brasileiro]] ;}} {{multi language banner|[[Commercial_vendors|English]] ; [[Commercial_vendors_pl|Polski]] ; [[Área_Comercial_pt-PT|Português (Portugal)]] ; [[Fornecedores comerciais - pt-BR|português brasileiro]] ;}}    −{{Draft}}      For-profit organizations are part of the Mageia ecosystem. The following companies provide commercial services with or around Mageia software, tools or project. For-profit organizations are part of the Mageia ecosystem. The following companies provide commercial services with or around Mageia software, tools or project. Line 8: Line 7:     == Consulting, training, development services == == Consulting, training, development services ==  +  +=== France ===  +  +* '''Open Source Software Assurance''' - https://www.linagora.com/ - From Open Source Leader company ! Our mission : bug hunting, support, assistance and Open Source lifecycle management from Open Source experts !  +  +* '''SIVEO''' - http://www.siveo.net/ - SIVEO is an infrastructure automation software company; it is a young company creates innovative in November 2008. First French company labelled in the INTEL CLOUD Builder initiative for its eVA solution, SIVEO works with publishers, SSII, public and private accounts. [https://blog.mageia.org/en/2015/11/17/siveo-joins-mageia/ SIVEO joins Mageia <!--is first official sponsor of the Mageia project (To be discussed, this is ambiguous - Stormi). (Commenting that part out for now, to avoid that companies feel offended who have donated in whichever way to Mageia and were earlier in time to do that marja, 2016-04-21)-->] [https://twitter.com/eVPlanet Follow us on twitter.]  +  +=== USA ===  +  +* '''Remy Services, LLC''' - https://community.spiceworks.com/service-providers/975-remy-services-llc - We offer remote and onsite computer maintenance and repair to help you with all your computer needs. Everything from virus or malware removal, data recovery, network installations, hardware installation, laptop repairs and general cleanup. Our recent work: Mageia Package QA Testing.     <!--- * '''Name''' - url or contact - City, Country <!--- * '''Name''' - url or contact - City, Country Line 13: Line 22:     == Hosting == == Hosting ==  +*  '''GigaTux''' - http://www.gigatux.com/distro/mageia_vps Gigatux supports the latest Mageia stable version on demand     <!--- * '''Name''' - url, city --> <!--- * '''Name''' - url, city -->     == Hardware vendors == == Hardware vendors ==  +=== United Kingdom ===  +* '''Ministry of Freedom''' - https://minifree.org/ (website in English) - Essex - Selling laptop, desktop and server computers with Mageia preinstalled, along with a free/opensource BIOS called [https://libreboot.org/ Libreboot]  +  +=== Belgium ===  +* '''PC-Fixer.be''' - http://www.pc-fixer.be/ (website in French) - Brussels - Selling laptop and desktop computers with Mageia preinstalled     === Germany === === Germany === Marja

‎Reply to Marja: Reply to Yuusha

← Older revision Revision as of 10:48, 4 November 2025 Line 64: Line 64:  --[[User:Yuusha|yuusha]] ([[User talk:Yuusha|talk]]) 20:54, 29 October 2025 (UTC) --[[User:Yuusha|yuusha]] ([[User talk:Yuusha|talk]]) 20:54, 29 October 2025 (UTC)  No, I don't take time to contact the vendors. But I was very conservative with the deletion. I delete link only when I was almost certain that these websites doesn't have any activities related to Mageia or even related to Linux distributions. That's why I let the websites that seem to still have Mageia product. No, I don't take time to contact the vendors. But I was very conservative with the deletion. I delete link only when I was almost certain that these websites doesn't have any activities related to Mageia or even related to Linux distributions. That's why I let the websites that seem to still have Mageia product.  +===Reply to Yuusha===  +--[[User:Marja|marja]] ([[User talk:Marja|talk]]) 10:48, 4 November 2025 (UTC)  +Thanks for the reply.  +The last note on the page is there for a reason, it happened before that a vendor was wrongly removed. Therefore I'll revert your changes, even if I think it was very good that you looked into this.  +The companies should be contacted and asked whether their entry on the page is still valid and, if not, asked whether it should be updated (and then how) or removed.  +If you don't receive a mail from me to our council and board about this today, then please send one yourself or ping me. Marja

add some templates

← Older revision Revision as of 23:35, 1 November 2025 (One intermediate revision by the same user not shown)Line 1: Line 1: −{{Multi language banner-fr|[[Play commercial Blu-ray discs with Mageia|English]] ; [[Lire les Blu ray commerciaux avec Mageia-fr|français]] ; }}+{{Multi language banner|[[Play commercial Blu-ray discs with Mageia|English]] ; [[Lire les Blu ray commerciaux avec Mageia-fr|français]] ; }}     You need the following packages: You need the following packages:    −VLC (and its dependencies)+{{prog|vlc}} (and its dependencies)    −libbluray2 (for playing Blu-ray discs)+{{prog|libbluray2}} (for playing Blu-ray discs)    −lib64aacs0, libaacs, and libbdplus0 (for decrypting Blu-ray discs)+{{prog|lib64aacs0}}, {{prog|libaacs}}, and {{prog|libbdplus0}} (for decrypting Blu-ray discs)    −libbluray-java and OpenJDK (for displaying menus)+{{prog|libbluray-java}} and OpenJDK (for displaying menus)       −Once installed, go to the following website: http://fvonline-db.bplaced.net/ and download one of the keydb.cfg files, depending on your language (there is very little difference between the files). This file contains the decryption keys for protected Blu-rays. If you want to play very recent Blu-rays, they may not be playable yet, as their keys may not have been retrieved. You will therefore need to update this file from time to time.+Once installed, go to the following website: http://fvonline-db.bplaced.net/ and download one of the {{file|keydb.cfg}} files, depending on your language (there is very little difference between the files). This file contains the decryption keys for protected Blu-rays. If you want to play very recent Blu-rays, they may not be playable yet, as their keys may not have been retrieved. You will therefore need to update this file from time to time.    −Then go to the ~/.config folder. Create a folder called aacs (in lowercase) and put your KEYDB.cfg file in it (the file name MUST be written like this, otherwise it will not work).+Then go to the {{folder|~/.config}} folder. Create a folder called {{folder|aacs}} (in lowercase) and put your {{file|KEYDB.cfg}} file in it (the file name MUST be written like this, otherwise it will not work).     Then insert the Blu-ray disc, open VLC, go to Media -> Open Disc... select Blu-ray AND you have to browse and select the Blu-ray disc and open it. The name of the Blu-ray disc will then appear, click on Play. Then insert the Blu-ray disc, open VLC, go to Media -> Open Disc... select Blu-ray AND you have to browse and select the Blu-ray disc and open it. The name of the Blu-ray disc will then appear, click on Play. Katnatek