Lector de Feeds
MGASA-2025-0228 - Updated thunderbird packages fix vulnerabilities
Publication date: 05 Sep 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-6424 , CVE-2025-6425 , CVE-2025-6429 , CVE-2025-6430 , CVE-2025-8027 , CVE-2025-8028 , CVE-2025-8029 , CVE-2025-8030 , CVE-2025-8031 , CVE-2025-8032 , CVE-2025-8033 , CVE-2025-8034 , CVE-2025-8035 , CVE-2025-9179 , CVE-2025-9180 , CVE-2025-9181 , CVE-2025--9185 Description Use-after-free in FontFaceSet. (CVE-2025-6424) The WebCompat WebExtension shipped exposed a persistent UUID. (CVE-2025-6425) Incorrect parsing of URLs could have allowed embedding of youtube.com. (CVE-2025-6429) Content-Disposition header ignored when a file is included in an embed or object tag. (CVE-2025-6430) JavaScript engine only wrote partial return value to stack. (CVE-2025-8027) Large branch table could lead to truncated instruction. (CVE-2025-8028) Javascript: URLs executed on object and embed tags. (CVE-2025-8029) Potential user-assisted code execution in “Copy as cURL” command. (CVE-2025-8030) Incorrect URL stripping in CSP reports. (CVE-2025-8031) XSLT documents could bypass CSP. (CVE-2025-8032) Incorrect JavaScript state machine for generators. (CVE-2025-8033) Memory safety bugs fixed in Firefox ESR 115.26, Firefox ESR 128.13, Thunderbird ESR 128.13, Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141. (CVE-2025-8034) Memory safety bugs fixed in Firefox ESR 128.13, Thunderbird ESR 128.13, Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141. (CVE-2025-8035) Sandbox escape due to invalid pointer in the Audio/Video: GMP component. (CVE-2025-9179) Same-origin policy bypass in the Graphics: Canvas2D component. (CVE-2025-9180) Uninitialized memory in the JavaScript Engine component. (CVE-2025-9181) Memory safety bugs fixed in Firefox ESR 115.27, Firefox ESR 128.14, Thunderbird ESR 128.14, Firefox ESR 140.2, Thunderbird ESR 140.2, Firefox 142 and Thunderbird 142. (CVE-2025-9185). For the armv7hl architecture this package fixes additional vulnerabilities; see the links below: https://advisories.mageia.org/MGASA-2025-0197.html https://advisories.mageia.org/MGASA-2025-0168.html https://advisories.mageia.org/MGASA-2025-0151.html https://advisories.mageia.org/MGASA-2025-0126.html https://advisories.mageia.org/MGASA-2025-0093.html https://advisories.mageia.org/MGASA-2025-0048.html https://advisories.mageia.org/MGASA-2025-0010.html https://advisories.mageia.org/MGASA-2024-0395.html https://advisories.mageia.org/MGASA-2024-0384.html https://advisories.mageia.org/MGASA-2024-0365.html https://advisories.mageia.org/MGASA-2024-0350.html https://advisories.mageia.org/MGASA-2024-0336.html https://advisories.mageia.org/MGASA-2024-0332.html References
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-6424 , CVE-2025-6425 , CVE-2025-6429 , CVE-2025-6430 , CVE-2025-8027 , CVE-2025-8028 , CVE-2025-8029 , CVE-2025-8030 , CVE-2025-8031 , CVE-2025-8032 , CVE-2025-8033 , CVE-2025-8034 , CVE-2025-8035 , CVE-2025-9179 , CVE-2025-9180 , CVE-2025-9181 , CVE-2025--9185 Description Use-after-free in FontFaceSet. (CVE-2025-6424) The WebCompat WebExtension shipped exposed a persistent UUID. (CVE-2025-6425) Incorrect parsing of URLs could have allowed embedding of youtube.com. (CVE-2025-6429) Content-Disposition header ignored when a file is included in an embed or object tag. (CVE-2025-6430) JavaScript engine only wrote partial return value to stack. (CVE-2025-8027) Large branch table could lead to truncated instruction. (CVE-2025-8028) Javascript: URLs executed on object and embed tags. (CVE-2025-8029) Potential user-assisted code execution in “Copy as cURL” command. (CVE-2025-8030) Incorrect URL stripping in CSP reports. (CVE-2025-8031) XSLT documents could bypass CSP. (CVE-2025-8032) Incorrect JavaScript state machine for generators. (CVE-2025-8033) Memory safety bugs fixed in Firefox ESR 115.26, Firefox ESR 128.13, Thunderbird ESR 128.13, Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141. (CVE-2025-8034) Memory safety bugs fixed in Firefox ESR 128.13, Thunderbird ESR 128.13, Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141. (CVE-2025-8035) Sandbox escape due to invalid pointer in the Audio/Video: GMP component. (CVE-2025-9179) Same-origin policy bypass in the Graphics: Canvas2D component. (CVE-2025-9180) Uninitialized memory in the JavaScript Engine component. (CVE-2025-9181) Memory safety bugs fixed in Firefox ESR 115.27, Firefox ESR 128.14, Thunderbird ESR 128.14, Firefox ESR 140.2, Thunderbird ESR 140.2, Firefox 142 and Thunderbird 142. (CVE-2025-9185). For the armv7hl architecture this package fixes additional vulnerabilities; see the links below: https://advisories.mageia.org/MGASA-2025-0197.html https://advisories.mageia.org/MGASA-2025-0168.html https://advisories.mageia.org/MGASA-2025-0151.html https://advisories.mageia.org/MGASA-2025-0126.html https://advisories.mageia.org/MGASA-2025-0093.html https://advisories.mageia.org/MGASA-2025-0048.html https://advisories.mageia.org/MGASA-2025-0010.html https://advisories.mageia.org/MGASA-2024-0395.html https://advisories.mageia.org/MGASA-2024-0384.html https://advisories.mageia.org/MGASA-2024-0365.html https://advisories.mageia.org/MGASA-2024-0350.html https://advisories.mageia.org/MGASA-2024-0336.html https://advisories.mageia.org/MGASA-2024-0332.html References
- https://bugs.mageia.org/show_bug.cgi?id=34415
- https://www.thunderbird.net/en-US/thunderbird/128.12.0esr/releasenotes/
- https://www.mozilla.org/en-US/security/advisories/mfsa2025-55/
- https://www.thunderbird.net/en-US/thunderbird/128.13.0esr/releasenotes/
- https://www.mozilla.org/en-US/security/advisories/mfsa2025-62/
- https://www.thunderbird.net/en-US/thunderbird/128.14.0esr/releasenotes/
- https://www.mozilla.org/en-US/security/advisories/mfsa2025-71/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6424
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6425
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6429
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6430
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8027
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8028
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8029
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8030
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8031
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8032
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8033
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8034
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8035
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9179
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9180
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9181
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025--9185
- thunderbird-128.14.0-1.mga9
- thunderbird-l10n-128.14.0-1.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2025-0227 - Updated rootcerts, nspr, nss & firefox packages fix vulnerabilities
Publication date: 05 Sep 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-8027 , CVE-2025-8028 , CVE-2025-8029 , CVE-2025-8030 , CVE-2025-8031 , CVE-2025-8032 , CVE-2025-8033 , CVE-2025-8034 , CVE-2025-8035 , CVE-2025-9179 , CVE-2025-9180 , CVE-2025-9181 , CVE-2025-9185 Description JavaScript engine only wrote partial return value to stack. (CVE-2025-8027) Large branch table could lead to truncated instruction. (CVE-2025-8028) Javascript: URLs executed on object and embed tags. (CVE-2025-8029) Potential user-assisted code execution in “Copy as cURL” command. (CVE-2025-8030) Incorrect URL stripping in CSP reports. (CVE-2025-8031) XSLT documents could bypass CSP. (CVE-2025-8032) Incorrect JavaScript state machine for generators. (CVE-2025-8033) Memory safety bugs fixed in Firefox ESR 115.26, Firefox ESR 128.13, Thunderbird ESR 128.13, Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141. (CVE-2025-8034) Memory safety bugs fixed in Firefox ESR 128.13, Thunderbird ESR 128.13, Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141. (CVE-2025-8035) Sandbox escape due to invalid pointer in the Audio/Video: GMP component. (CVE-2025-9179) Same-origin policy bypass in the Graphics: Canvas2D component. (CVE-2025-9180) Uninitialized memory in the JavaScript Engine component. (CVE-2025-9181) Memory safety bugs fixed in Firefox ESR 115.27, Firefox ESR 128.14, Thunderbird ESR 128.14, Firefox ESR 140.2, Thunderbird ESR 140.2, Firefox 142 and Thunderbird 142. (CVE-2025-9185) References
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-8027 , CVE-2025-8028 , CVE-2025-8029 , CVE-2025-8030 , CVE-2025-8031 , CVE-2025-8032 , CVE-2025-8033 , CVE-2025-8034 , CVE-2025-8035 , CVE-2025-9179 , CVE-2025-9180 , CVE-2025-9181 , CVE-2025-9185 Description JavaScript engine only wrote partial return value to stack. (CVE-2025-8027) Large branch table could lead to truncated instruction. (CVE-2025-8028) Javascript: URLs executed on object and embed tags. (CVE-2025-8029) Potential user-assisted code execution in “Copy as cURL” command. (CVE-2025-8030) Incorrect URL stripping in CSP reports. (CVE-2025-8031) XSLT documents could bypass CSP. (CVE-2025-8032) Incorrect JavaScript state machine for generators. (CVE-2025-8033) Memory safety bugs fixed in Firefox ESR 115.26, Firefox ESR 128.13, Thunderbird ESR 128.13, Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141. (CVE-2025-8034) Memory safety bugs fixed in Firefox ESR 128.13, Thunderbird ESR 128.13, Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141. (CVE-2025-8035) Sandbox escape due to invalid pointer in the Audio/Video: GMP component. (CVE-2025-9179) Same-origin policy bypass in the Graphics: Canvas2D component. (CVE-2025-9180) Uninitialized memory in the JavaScript Engine component. (CVE-2025-9181) Memory safety bugs fixed in Firefox ESR 115.27, Firefox ESR 128.14, Thunderbird ESR 128.14, Firefox ESR 140.2, Thunderbird ESR 140.2, Firefox 142 and Thunderbird 142. (CVE-2025-9185) References
- https://bugs.mageia.org/show_bug.cgi?id=34552
- https://www.firefox.com/en-US/firefox/128.13.0/releasenotes/
- https://www.mozilla.org/en-US/security/advisories/mfsa2025-58/
- https://www.firefox.com/en-US/firefox/128.14.0/releasenotes/
- https://www.mozilla.org/en-US/security/advisories/mfsa2025-66/
- https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_114.html
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8027
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8028
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8029
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8030
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8031
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8032
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8033
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8034
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8035
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9179
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9180
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9181
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9185
- firefox-128.14.0-1.4.mga9
- firefox-l10n-128.14.0-1.mga9
- nss-3.115.1-1.mga9
- nspr-4.37-1.mga9
- rootcerts-20250808.00-1.mga9
Categorías: Actualizaciones de Seguridad
mesa-24.2.3-1.mga9.tainted.src.rpm
In Mageia/9/x86_64:
Mesa is an OpenGL 4.6 compatible 3D graphics library.
Categorías: RPMs
mesa-24.2.3-1.mga9.tainted.src.rpm
In Mageia/9/aarch64:
Mesa is an OpenGL 4.6 compatible 3D graphics library.
Categorías: RPMs
mesa-24.2.3-1.mga9.tainted.src.rpm
In Mageia/9/armv7hl:
Mesa is an OpenGL 4.6 compatible 3D graphics library.
Categorías: RPMs
mesa-24.2.3-1.mga9.tainted.src.rpm
In Mageia/9/i586:
Mesa is an OpenGL 4.6 compatible 3D graphics library.
Categorías: RPMs
rachota-2.4-0.602hg.1.mga10.src.rpm
In Mageia/cauldron/x86_64:
Rachota is a portable application for timetracking different projects. It runs
everywhere. It displays time data in diagram form, creates customized reports
and invoices or analyses measured data and suggests hints to improve user's
time usage. The totally portable yet personal timetracker.
Categorías: RPMs
rachota-2.4-0.602hg.1.mga10.src.rpm
In Mageia/cauldron/i586:
Rachota is a portable application for timetracking different projects. It runs
everywhere. It displays time data in diagram form, creates customized reports
and invoices or analyses measured data and suggests hints to improve user's
time usage. The totally portable yet personal timetracker.
Categorías: RPMs
ppmtomd-1.6-9.mga10.src.rpm
In Mageia/cauldron/i586:
A program to convert images from PPM format into the control language for the
Alps Micro-Dry printers, at various times sold by Citizen, Alps and Okidata.
This program drives the Alps Micro-Dry series of printers, including the
Citizen Printiva series, Alps MD series, and Oki DP series (but not yet the
DP-7000).
In the current release, the program drives the standard mode fairly well; the
dye sublimation mode very well; and the VPhoto mode reasonably well.
It supports all the colours available up to the DP-5000, including the foil
colours.
Categorías: RPMs
