Lector de Feeds

← Older revision Revision as of 19:36, 7 November 2025 (One intermediate revision by the same user not shown)Line 57: Line 57:    | Marja van Waes || marja || marja11 [at] freedom [dot] nl|| || '''Deputy''' ||   | Marja van Waes || marja || marja11 [at] freedom [dot] nl|| || '''Deputy''' ||    |-   |- −  | José Alberto Valle Cid || kanatek || j.alberto.vc@gmail.com  ||  ||  ||+  | José Alberto Valle Cid || katnatek || j.alberto.vc [at] gmail [dot] com  ||  ||  ||    |-   |- −  | Roelof Wobben || RoelofW || r.wobben@home.nl ||  ||  ||+  | Frank Sturm || sturmvogel || sturm-fr [at] web [dot] de ||  ||  ||  + |-  + | Frank Griffin || ftg || ftg [at] roadrunner [dot] com ||  ||  ||  |} |}    Lewyssmith

update team leaders

← Older revision Revision as of 19:33, 6 November 2025 Line 28: Line 28:  * [https://ml.mageia.org/l/info/bugsquad-discuss the mageia-bugsquad mailing list] * [https://ml.mageia.org/l/info/bugsquad-discuss the mageia-bugsquad mailing list]  * Team leaders: * Team leaders: −** Aurelien Oudelet ''auroud85'' ouaurelien [at] gmail [dot] com    ** Lewis Smith ''lewyssmith'' lewyssmith[at]laposte[dot]net ** Lewis Smith ''lewyssmith'' lewyssmith[at]laposte[dot]net  +** Marja van Waes ''marja'' marja11[at]freedom[dot]nl     |-  valign="top" |-  valign="top" Marja

‎LXQt with Wayland

← Older revision Revision as of 11:42, 6 November 2025 Line 311: Line 311:     We provide {{prog|task-lxqt-wayland}} and {{prog|task-lxqt-wayaland-minimal}} in our repositories, you can install lxqt from the Classical ISO, add the online repositories and install one of the wayland task packages. We provide {{prog|task-lxqt-wayland}} and {{prog|task-lxqt-wayaland-minimal}} in our repositories, you can install lxqt from the Classical ISO, add the online repositories and install one of the wayland task packages.  +  +You can choice the window manager you want to use. The choice includes kwin_wayland, labwc, niri and hyprland.     Some things will not work see the [[Mageia_10_Errata|Errata page]]. Some things will not work see the [[Mageia_10_Errata|Errata page]]. Papoteur

‎Belgium: typo fix

← Older revision Revision as of 10:38, 6 November 2025 (One intermediate revision by the same user not shown)Line 31: Line 31:     === Belgium === === Belgium === −* '''PC-Fixer.be''' - http://www.pc-fixer.be/ (website in French) - Brussels - Selling laptop and desktop computers with Mageia preinstalled+* '''PC-Fixer.be''' - http://www.pc-fixer.be/ (website in French) - Brussels - Selling laptop and d1sktop computers with Mageia preinstalled. Confirmed not only still installing Mageia, but also troubleshooting Mageia installations on 2025-11-06.     === Germany === === Germany === Marja

‎Networking: link to bug comment

← Older revision Revision as of 09:49, 6 November 2025 Line 472: Line 472:     {{Bug|34662}} - '''Possible Broadcom BCM4313 802.11bgn Wireless Network Adapter problem'''<BR> {{Bug|34662}} - '''Possible Broadcom BCM4313 802.11bgn Wireless Network Adapter problem'''<BR> −A user has reported that using the Mageia default driver broadcom-bcma-config + brcmsmac, the WiFi connection is slow but starts automatically. Changing to broadcom-wl-common + dkms-broadcom-wl, the wiFi connection is fast but does not start automatically. Comment 30 proposes a workaround.+A user has reported that using the Mageia default driver broadcom-bcma-config + brcmsmac, the WiFi connection is slow but starts automatically. Changing to broadcom-wl-common + dkms-broadcom-wl, the wiFi connection is fast but does not start automatically. [https://bugs.mageia.org/show_bug.cgi?id=34662#c30 Comment 30] proposes a workaround.     ==== Downloading software ==== ==== Downloading software ==== Morgano

← Older revision Revision as of 09:22, 6 November 2025 Line 470: Line 470:     {{Bug|33236}} - '''openvpn kills Internet when used with resolvconf;''' it really wants openresolv to work with Protonvpn. '''WORKAROUND''' see bug. {{Bug|33236}} - '''openvpn kills Internet when used with resolvconf;''' it really wants openresolv to work with Protonvpn. '''WORKAROUND''' see bug.  +  +{{Bug|34662}} - '''Possible Broadcom BCM4313 802.11bgn Wireless Network Adapter problem'''<BR>  +A user has reported that using the Mageia default driver broadcom-bcma-config + brcmsmac, the WiFi connection is slow but starts automatically. Changing to broadcom-wl-common + dkms-broadcom-wl, the wiFi connection is fast but does not start automatically. Comment 30 proposes a workaround.     ==== Downloading software ==== ==== Downloading software ==== Lewyssmith

Publication date: 06 Nov 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-3887 Description GStreamer H265 Codec Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. (CVE-2025-3887) References

• https://bugs.mageia.org/show_bug.cgi?id=34356
• https://ubuntu.com/security/notices/USN-7558-1
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3887

SRPMS 9/core

• gstreamer1.0-plugins-bad-1.22.11-1.1.mga9

9/tainted

• gstreamer1.0-plugins-bad-1.22.11-1.1.mga9.tainted

Publication date: 06 Nov 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-62229 , CVE-2025-62230 , CVE-2025-62231 Description Use-after-free in XPresentNotify structures creation. (CVE-2025-62229) Use-after-free in Xkb client resource removal. (CVE-2025-62230) Value overflow in Xkb extension XkbSetCompatMap(). (CVE-2025-62231) References

• https://bugs.mageia.org/show_bug.cgi?id=34701
• https://www.openwall.com/lists/oss-security/2025/10/28/7
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-62229
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-62230
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-62231

SRPMS 9/core

• x11-server-21.1.8-7.9.mga9
• x11-server-xwayland-22.1.9-1.9.mga9
• tigervnc-1.13.1-2.9.mga9

Publication date: 06 Nov 2025
Type: bugfix
Affected Mageia releases : 9
Description We are rebuilding packages requiring icu version 72 with icu version 73 to use an icu version with security fixes. These packages are the second set. References

• https://bugs.mageia.org/show_bug.cgi?id=34665

SRPMS 9/core

• brltty-6.5-2.1.mga9
• darktable-4.6.1-1.1.mga9
• dino-0.4.2-1.1.mga9
• gnome-text-editor-44.0-1.1.mga9
• godot-4.5-1.1.mga9
• hfst-ospell-0.5.3-2.1.mga9
• kdb-3.2.90-11.git20220620.mga9
• libe-book-0.1.3-13.1.mga9
• libphonenumber-8.12.57-4.1.mga9
• libical-3.0.16-2.1.mga9
• liblcf-0.7.0-3.1.mga9
• mapnik-3.1.0-9.1.mga9
• libmspub-0.1.4-13.1.mga9
• nuspell-5.1.2-1.1.mga9
• libqalculate-4.5.1-2.1.mga9
• qt5compat6-6.4.1-3.1.mga9
• qt4-4.8.7-45.1.mga9
• libqxp-0.0.2-10.1.mga9
• libvisio-0.1.7-10.1.mga9
• vte-0.72.1-1.2.mga9
• xalan-c-1.12-5.1.mga9
• libzmf-0.0.2-13.1.mga9
• ncmpcpp-0.9.2-11.1.mga9
• openttd-13.3-1.1.mga9
• qtlocation5-5.15.7-2.1.mga9
• rspamd-3.2-3.1.mga9
• slop-7.6-2.1.mga9
• tesseract-5.3.0-3.1.mga9
• texlive-20220321-7.2.mga9
• unar-1.10.7-11.1.mga9
• widelands-1.1-2.1.mga9
• znc-1.8.2-21.2.mga9
• samba-4.17.12-1.1.mga9

Publication date: 06 Nov 2025
Type: bugfix
Affected Mageia releases : 9
Description We are rebuilding packages requiring icu 72 version with icu 73 version to use an icu version with security fixes. These packages are the first set. References

• https://bugs.mageia.org/show_bug.cgi?id=34619

SRPMS 9/core

• 389-adminutil-1.1.22-19.1.mga9
• 389-ds-base-1.4.0.26-17.1.mga9
• 389-dsgw-1.1.11-27.1.mga9
• boost-1.81.0-3.1.mga9
• couchdb-3.2.2-2.2.mga9
• dee-1.2.7-31.1.mga9
• fbembed-2.5.9.27115-13.1.mga9
• freeciv-3.0.7-1.1.mga9
• harfbuzz-7.0.1-1.1.mga9
• ibus-qt4-1.3.3-19.1.mga9
• ircclient-qt-0.3.2-32.1.mga9
• mongo-c-driver-1.23.2-2.1.mga9
• mozjs102-102.6.0-2.1.mga9
• parrot-8.1.0-15.1.mga9
• postfix-3.8.4-1.1.mga9
• prelude-lml-5.2.0-7.1.mga9
• python-icu-2.10.2-1.1.mga9
• sword-1.9.0-9.1.mga9
• tepl-6.4.0-1.1.mga9
• tracker-3.5.3-1.1.mga9
• tracker-miners-3.5.2-1.1.mga9
• xerces-c-3.2.4-1.1.mga9
• xfsprogs-6.6.0-1.1.mga9
• yaz-5.34.0-1.1.mga9

Publication date: 06 Nov 2025
Type: bugfix
Affected Mageia releases : 9
Description The updated packages provide the latest version of xscreensaver to get rid of "This version is very old" and fix a heap buffer overflow. References

• https://bugs.mageia.org/show_bug.cgi?id=34707

SRPMS 9/core

• xscreensaver-6.12-1.1.mga9

9/tainted

• xscreensaver-6.12-1.1.mga9.tainted

Publication date: 05 Nov 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-1153 , CVE-2025-1176 , CVE-2025-1178 , CVE-2025-1181 , CVE-2025-1182 Description GNU Binutils format.c bfd_set_format memory corruption. (CVE-2025-1153) GNU Binutils ld elflink.c _bfd_elf_gc_mark_rsec heap-based overflow. (CVE-2025-1176) GNU Binutils ld libbfd.c bfd_putl64 memory corruption. (CVE-2025-1178) GNU Binutils ld elflink.c _bfd_elf_gc_mark_rsec memory corruption. (CVE-2025-1181) GNU Binutils ld elflink.c bfd_elf_reloc_symbol_deleted_p memory corruption. (CVE-2025-1182) References

• https://bugs.mageia.org/show_bug.cgi?id=34180
• https://ubuntu.com/security/notices/USN-7423-1
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1153
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1176
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1178
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1181
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1182

SRPMS 9/core

• binutils-2.40-11.2.mga9

Publication date: 05 Nov 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-2784 , CVE-2025-32049 , CVE-2025-32050 , CVE-2025-32051 , CVE-2025-32052 , CVE-2025-32053 , CVE-2025-32906 , CVE-2025-32907 , CVE-2025-32908 , CVE-2025-32909 , CVE-2025-32910 , CVE-2025-32911 , CVE-2025-32912 , CVE-2025-32913 , CVE-2025-32914 Description Libsoup: heap buffer over-read in `skip_insignificant_space` when sniffing content. (CVE-2025-2784) Libsoup: denial of service attack to websocket server. (CVE-2025-32049) Libsoup: integer overflow in append_param_quoted. (CVE-2025-32050) Libsoup: segmentation fault when parsing malformed data uri. (CVE-2025-32051) Libsoup: heap buffer overflow in sniff_unknown(). (CVE-2025-32052) Libsoup: heap buffer overflows in sniff_feed_or_html() and skip_insignificant_space(). (CVE-2025-32053) Libsoup: out of bounds reads in soup_headers_parse_request(). (CVE-2025-32906) Libsoup: denial of service in server when client requests a large amount of overlapping ranges with range header. (CVE-2025-32907) Libsoup: denial of service on libsoup through http/2 server. (CVE-2025-32908) Libsoup: null pointer dereference on libsoup through function "sniff_mp4" in soup-content-sniffer.c. (CVE-2025-32909) Libsoup: null pointer deference on libsoup via /auth/soup-auth-digest.c through "soup_auth_digest_authenticate" on client when server omits the "realm" parameter in an unauthorized response with digest authentication. (CVE-2025-32910) Libsoup: double free on soup_message_headers_get_content_disposition() through "soup-message-headers.c" via "params" ghashtable value. (CVE-2025-32911) Libsoup: null pointer dereference in client when server omits the "nonce" parameter in an unauthorized response with digest authentication. (CVE-2025-32912) Libsoup: null pointer dereference in soup_message_headers_get_content_disposition when "filename" parameter is present, but has no value in content-disposition header. (CVE-2025-32913) Libsoup: oob read on libsoup through function "soup_multipart_new_from_message" in soup-multipart.c leads to crash or exit of process. (CVE-2025-32914) Libsoup: memory leak on soup_header_parse_quality_list() via soup-headers.c. (CVE-2025-46420) Libsoup: information disclosure may leads libsoup client sends authorization header to a different host when being redirected by a server. (CVE-2025-46421) Libsoup: null pointer dereference in libsoup may lead to denial of service. (CVE-2025-4476) Libsoup: integer overflow in cookie expiration date handling in libsoup. (CVE-2025-4945) References

• https://bugs.mageia.org/show_bug.cgi?id=34187
• https://ubuntu.com/security/notices/USN-7432-1
• https://openwall.com/lists/oss-security/2025/04/18/4
• https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/53THXHSDPP4TLMFRSP5DPLY4DK72M7XY/
• https://ubuntu.com/security/notices/USN-7543-1
• https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/NK7USYFSJPRTIVISSEDBLS53JCM5ETOI/
• https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/EPLHUVQI4JICGWTVGG7KI7D4BMHB34YD/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-2784
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32049
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32050
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32051
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32052
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32053
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32906
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32907
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32908
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32909
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32910
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32911
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32912
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32913
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32914

SRPMS 9/core

• libsoup3-3.4.2-1.2.mga9
• libsoup-2.74.3-1.2.mga9

Publication date: 05 Nov 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-3469 , CVE-2025-32696 , CVE-2025-32697 , CVE-2025-32698 , CVE-2025-32699 , CVE-2025-32700 , CVE-2025-32072 , CVE-2025-11173 , CVE-2025-11261 , CVE-2025-61635 , CVE-2025-61638 , CVE-2025-61639 , CVE-2025-61640 , CVE-2025-61641 , CVE-2025-61643 , CVE-2025-61646 , CVE-2025-61653 Description i18n XSS vulnerability in HTMLMultiSelectField when sections are used. (CVE-2025-3469) "reupload-own" restriction can be bypassed by reverting file. (CVE-2025-32696) Cascading protection is not preventing file reversions. (CVE-2025-32697) LogPager.php: Restriction enforcer functions do not correctly enforce suppression restrictions. (CVE-2025-32698) Potential javascript injection attack enabled by Unicode normalization in Action API. (CVE-2025-32699) AbuseFilter log interfaces expose global private and hidden filters when central DB is not available. (CVE-2025-32700) HTML injection in feed output from i18n message. (CVE-2025-32072) OATHAuth extension: Reauthentication for enabling 2FA can be bypassed by submitting a form in Special:OATHManage. (CVE-2025-11173) Stored i18n Cross-site scripting (XSS) vulnerability in mw.language.listToText. (CVE-2025-11261) ConfirmEdit extension: Missing rate limiting in ApiFancyCaptchaReload. (CVE-2025-61635) Parsoid: Validation bypass for `data-` attributes. (CVE-2025-61638) Log entries which are hidden from the creation of the entry may be disclosed to the public recent change entry. (CVE-2025-61639) Stored i18n Cross-site scripting (XSS) vulnerability in Special:RecentChangesLinked. (CVE-2025-61640) DDoS vulnerability in QueryAllPages API in miser mode. The `maxsize` value is now ignored in that mode. (CVE-2025-61641) Suppressed recent changes may be disclosed to the public RCFeeds. (CVE-2025-61643) Public Watchlist/RecentChanges pages may disclose hidden usernames when an individual editor makes consecutive revisions on a single page, and only some are marked as hidden username. (CVE-2025-61646) TextExtracts extension: Information disclosure vulnerability in the extracts API action endpoint due to missing read permission check. (CVE-2025-61653) VisualEditor extension: Stored i18n Cross-site scripting (XSS) vulnerability in `lastModifiedAt` system messages. (CVE-2025-61655) VisualEditor extension: Missing attribute validation for attributes unwrapped from `data-ve-attributes`. (CVE-2025-61656) References

• https://bugs.mageia.org/show_bug.cgi?id=34211
• https://lists.debian.org/debian-security-announce/2025/msg00063.html
• https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce@lists.wikimedia.org/thread/CIXFJVC57OFRBCCEIDRLZCLFGMYGEYTT/
• https://lists.debian.org/debian-security-announce/2025/msg00121.html
• https://lists.debian.org/debian-lts-announce/2025/10/msg00034.html
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3469
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32696
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32697
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32698
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32699
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32700
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32072
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11173
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11261
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61635
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61638
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61639
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61640
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61641
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61643
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61646
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61653

SRPMS 9/core

• mediawiki-1.35.14-1.1.mga9

Publication date: 05 Nov 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-46836 Description net-tools Stack-based Buffer Overflow vulnerability. (CVE-2025-46836) References

• https://bugs.mageia.org/show_bug.cgi?id=34295
• https://lists.debian.org/debian-security-announce/2025/msg00086.html
• https://ubuntu.com/security/notices/USN-7537-1
• https://ubuntu.com/security/notices/USN-7537-2
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-46836

SRPMS 9/core

• net-tools-2.10-1.1.mga9

Publication date: 05 Nov 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-36347 Description AMD CPU Microcode Signature Verification Vulnerability. (CVE-2024-36347) References

• https://bugs.mageia.org/show_bug.cgi?id=34706
• https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7033.html
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36347

SRPMS 9/nonfree

• microcode-0.20250812-3.mga9.nonfree