Lector de Feeds

Publication date: 15 Dec 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-14321 , CVE-2025-14322 , CVE-2025-14323 , CVE-2025-14324 , CVE-2025-14325 , CVE-2025-14328 , CVE-2025-14329 , CVE-2025-14330 , CVE-2025-14331 , CVE-2025-14333 Description Use-after-free in the WebRTC: Signaling component. (CVE-2025-14321) Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component. (CVE-2025-14322) Privilege escalation in the DOM: Notifications component. (CVE-2025-14323) IT miscompilation in the JavaScript Engine: JIT component. (CVE-2025-14324, CVE-2025-14325, CVE-2025-14330) Privilege escalation in the Netmonitor component. (CVE-2025-14328, CVE-2025-14329) Same-origin policy bypass in the Request Handling component. (CVE-2025-14331) Memory safety bugs fixed in Firefox ESR 140.6, Thunderbird ESR 140.6, Firefox 146 and Thunderbird 146. (CVE-2025-14333) References

• https://bugs.mageia.org/show_bug.cgi?id=34820
• https://www.thunderbird.net/en-US/thunderbird/140.6.0esr/releasenotes/
• https://www.mozilla.org/en-US/security/advisories/mfsa2025-96/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14321
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14322
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14323
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14324
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14325
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14328
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14329
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14330
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14331
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14333

SRPMS 9/core

• thunderbird-140.6.0-1.mga9
• thunderbird-l10n-140.6.0-1.mga9

Publication date: 15 Dec 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-14321 , CVE-2025-14322 , CVE-2025-14323 , CVE-2025-14324 , CVE-2025-14325 , CVE-2025-14328 , CVE-2025-14329 , CVE-2025-14330 , CVE-2025-14331 , CVE-2025-14333 Description Use-after-free in the WebRTC: Signaling component. (CVE-2025-14321) Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component. (CVE-2025-14322) Privilege escalation in the DOM: Notifications component. (CVE-2025-14323) JIT miscompilation in the JavaScript Engine: JIT component. (CVE-2025-14324, CVE-2025-14325, CVE-2025-14330) Privilege escalation in the Netmonitor component. (CVE-2025-14328, CVE-2025-14329) Same-origin policy bypass in the Request Handling component. (CVE-2025-14331) Memory safety bugs fixed in Firefox ESR 140.6, Thunderbird ESR 140.6, Firefox 146 and Thunderbird 146. (CVE-2025-14333) References

• https://bugs.mageia.org/show_bug.cgi?id=34814
• https://groups.google.com/a/mozilla.org/g/dev-tech-crypto/c/-FCacePkmj8
• https://groups.google.com/a/mozilla.org/g/dev-tech-crypto/c/V7GVSScpn5w
• https://groups.google.com/a/mozilla.org/g/dev-tech-crypto/c/qFuz87KunGc
• https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_118.html
• https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_118_1.html
• https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_119.html
• https://www.firefox.com/en-US/firefox/140.6.0/releasenotes/
• https://www.mozilla.org/en-US/security/advisories/mfsa2025-94/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14321
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14322
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14323
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14324
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14325
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14328
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14329
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14330
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14331
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14333

SRPMS 9/core

• nspr-4.38.2-1.mga9
• nss-3.119.0-1.mga9
• firefox-140.6.0-1.mga9
• firefox-l10n-140.6.0-1.mga9

Publication date: 15 Dec 2025
Type: security
Affected Mageia releases : 9
Description Several vulnerabilities have been discovered in the FFmpeg multimedia framework, which could result in denial of service or potentially the execution of arbitrary code if malformed files/streams are processed. References

• https://bugs.mageia.org/show_bug.cgi?id=34832
• https://lists.debian.org/debian-security-announce/2025/msg00245.html

SRPMS 9/core

• ffmpeg-5.1.8-1.mga9

9/tainted

• ffmpeg-5.1.8-1.mga9.tainted

Publication date: 15 Dec 2025
Type: bugfix
Affected Mageia releases : 9
Description Current version has a bogus requirement on python3-sip. Current version misses a python3-lxml requirement. Current version crashes after downloading images. The updated package fixes the reported issues. References

• https://bugs.mageia.org/show_bug.cgi?id=34027
• https://github.com/dglent/sansimera-qt/issues/1

SRPMS 9/core

• sansimera-qt-1.1.0-1.3.mga9

← Older revision Revision as of 12:41, 15 December 2025 Line 55: Line 55:     User:ftg User:ftg  +  +User:geex     User:ghibo User:ghibo Papoteur

← Older revision Revision as of 08:44, 15 December 2025 Line 139: Line 139:     [[User:Nikos5446]] [[User:Nikos5446]]  +----  +[[User:Morgano|morgano]] ([[User talk:Morgano|talk]]) 08:44, 15 December 2025 (UTC)  +  +>> writing is the slowest bottleneck  +  +> A constant reason for freezing and just waiting...  +  +I wonder if it is  possible to implement a large write buffer, that dynamically use all free RAM to swallow writes and then write lazily to USB. Morgano

wget DOWNLOAD_LINK

← Older revision Revision as of 08:28, 15 December 2025 Line 120: Line 120:     If you can come up with a trick to enable users to i.e save files from Firefox, it would be a great addition to that tip :-) If you can come up with a trick to enable users to i.e save files from Firefox, it would be a great addition to that tip :-)  +  +----  +  +> writing is the slowest bottleneck  +  +A constant reason for freezing and just waiting...  +  +> If you can come up with a trick to enable users to i.e save files from Firefox...  +  +The only solution I came up with was to copy the download link (in some cases while it was still "hot", meaning that this often is a temporary link that will expire after, let's say, the connection with the webpage is finished by closing the browser tab).  +Then I would open a terminal and use the command...  + wget DOWNLOAD_LINK  +or...  + wget "DOWNLOAD_LINK"  +if the link address was complicated.  +  +It is not the best tip for beginners though. That's why I was reluctant to add it in the first place. For example, a beginner in linux might not know the "cd" command and would be trying to find the downloaded file all over the place.  +  +[[User:Nikos5446]] Nikos5446

‎Various software: Add 2 bugs

← Older revision Revision as of 20:05, 14 December 2025 Line 197: Line 197:     === Various software === === Various software ===  +{{Bug|34293}}, {{Bug|34812}} Some KDE applications like {{prog|plasmatube}} and {{prog|kdenlive}}, can fail when are installed for use in systems that not include Plasma Desktop with '''module "org.kde.desktop" is not installed''' exist two workarounds see {{Bug|34812#c3}}     {{Bug|34634}} - '''CodeBlocks:''' For now, we had to disable the wxSmith plugin. {{Bug|34634}} - '''CodeBlocks:''' For now, we had to disable the wxSmith plugin. Katnatek

‎Dorsync

← Older revision Revision as of 16:59, 14 December 2025 (One intermediate revision by the same user not shown)Line 197: Line 197:     The ''dorsync'' tool is downloaded by   The ''dorsync'' tool is downloaded by   −  $ wget https://dl.dropboxusercontent.com/u/4147101/QA/dorsync+  $ wget https://gitweb.mageia.org/qa/dorsync/tree/dorsync  See the "ISO_testing_rsync_tools" [[ISO_testing_rsync_tools|Wiki page]] for a fuller note, and setting it up ("Dorsync->Preparation"). If you ''only'' want it as an ISO dumping tool, then just the following item should need defining: See the "ISO_testing_rsync_tools" [[ISO_testing_rsync_tools|Wiki page]] for a fuller note, and setting it up ("Dorsync->Preparation"). If you ''only'' want it as an ISO dumping tool, then just the following item should need defining:    # location is where you stored the ISOs    #   # location is where you stored the ISOs    # Line 207: Line 207:  USB drives found: USB drives found:       Device Size When Found Model      Device Size When Found Model −1) /dev/sdb 4Gb Dydd Llun 17 mis Tachwedd 2014 18:29:29 CET CBM Flash Disk+1) /dev/sdb 4Gb Monday, November 17, 2014 18:29:29 CET CBM Flash Disk  Please choose which USB to use or Q to quit and press <enter>: 1 </nowiki> Please choose which USB to use or Q to quit and press <enter>: 1 </nowiki>  Then it shows a list of ISO images it finds in your ISO directories, for you to chose which one to write out, e.g. Then it shows a list of ISO images it finds in your ISO directories, for you to chose which one to write out, e.g. Line 220: Line 220:    <nowiki>   <nowiki>  About to dump /mnt/common/Mageia/KDE64/Mageia-5-beta1-LiveDVD-KDE4-x86_64-DVD.iso About to dump /mnt/common/Mageia/KDE64/Mageia-5-beta1-LiveDVD-KDE4-x86_64-DVD.iso −onto /dev/sdb (4Gb CBM Flash Disk found at Dydd Llun 17 mis Tachwedd 2014 18:29:29 CET)+onto /dev/sdb (4Gb CBM Flash Disk found at Monday, November 17, 2014 18:29:29 CET)  This will destroy any data already on the USB device. This will destroy any data already on the USB device.  Press Y to confirm or Q to quit: y Press Y to confirm or Q to quit: y Lpsolit

‎Development Schedule

← Older revision Revision as of 00:57, 14 December 2025 Line 23: Line 23:  | 2025-12-05 | 2025-12-05  | developers, packagers | developers, packagers −|  +| 2025-12-09  |- |-  | Versions freeze | Versions freeze Bcornec

‎Various software

← Older revision Revision as of 18:03, 13 December 2025 (One intermediate revision by the same user not shown)Line 197: Line 197:     === Various software === === Various software ===  +  +{{Bug|34634}} - '''CodeBlocks:''' For now, we had to disable the wxSmith plugin.     === External software === === External software === Morgano