Lector de Feeds

Publication date: 10 Jun 2026
Type: security
Affected Mageia releases : 9
CVE: CVE-2023-45676 , CVE-2023-45677 , CVE-2023-45679 , CVE-2023-45680 , CVE-2023-45681 , CVE-2023-45682 , CVE-2025-47256 Description CVE-2023-45679: Attempt to free an uninitialized memory pointer in vorbis_deinit() CVE-2023-45680: Null pointer dereference in vorbis_deinit() CVE-2023-45681: Out of bounds heap buffer write CVE-2023-45676: Multi-byte write heap buffer overflow in start_decoder() CVE-2023-45677: Heap buffer out of bounds write in start_decoder() CVE-2023-45682: Wild address read in vorbis_decode_packet_rest() CVE-2025-47256 stack-based buffer overflow in depack_pha in loaders/prowizard/pha.c via a malformed Pha format tracker module in a .mod file. References

• https://bugs.mageia.org/show_bug.cgi?id=33915
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CVZWMTH36ES7RCJEMRANBDTL76QBE75Z/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FKMOFYKVMD2LPU7O33SEH2RGSY2ZE73K/
• https://www.cve.org/CVERecord?id=CVE-2023-45676
• https://www.cve.org/CVERecord?id=CVE-2023-45677
• https://www.cve.org/CVERecord?id=CVE-2023-45679
• https://www.cve.org/CVERecord?id=CVE-2023-45680
• https://www.cve.org/CVERecord?id=CVE-2023-45681
• https://www.cve.org/CVERecord?id=CVE-2023-45682
• https://www.cve.org/CVERecord?id=CVE-2025-47256

SRPMS 9/core

• libxmp-4.5.0-2.1.mga9

Publication date: 10 Jun 2026
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-45338 Description CVE-2024-45338 An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service. References

• https://bugs.mageia.org/show_bug.cgi?id=34019
• https://github.com/advisories/GHSA-w32m-9786-jp63
• https://www.cve.org/CVERecord?id=CVE-2024-45338

SRPMS 9/core

• golang-x-net-0.7.0-2.1.mga9

Publication date: 10 Jun 2026
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-4877 , CVE-2025-4878 , CVE-2025-5318 , CVE-2025-5351 , CVE-2025-5372 , CVE-2025-5449 , CVE-2025-5987 Description CVE-2025-4877 Write beyond bounds in binary to base64 conversion functions CVE-2025-4878 Use of uninitialized variable in privatekey_from_file() CVE-2025-5318 Likely read beyond bounds in sftp server handle management CVE-2025-5351 Double free in functions exporting keys CVE-2025-5372 ssh_kdf() returns a success code on certain failures CVE-2025-5449 Likely read beyond bounds in sftp server message decoding CVE-2025-5987 Invalid return code for chacha20 poly1305 with OpenSSL backend References

• https://bugs.mageia.org/show_bug.cgi?id=34405
• https://www.openwall.com/lists/oss-security/2025/06/27/2
• https://www.cve.org/CVERecord?id=CVE-2025-4877
• https://www.cve.org/CVERecord?id=CVE-2025-4878
• https://www.cve.org/CVERecord?id=CVE-2025-5318
• https://www.cve.org/CVERecord?id=CVE-2025-5351
• https://www.cve.org/CVERecord?id=CVE-2025-5372
• https://www.cve.org/CVERecord?id=CVE-2025-5449
• https://www.cve.org/CVERecord?id=CVE-2025-5987

SRPMS 9/core

• libssh-0.10.6-1.1.mga9

Publication date: 10 Jun 2026
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-23337 , CVE-2025-48060 , CVE-2026-32316 , CVE-2026-39979 , CVE-2026-33948 , CVE-2026-33947 , CVE-2026-39956 , CVE-2026-40164 Description An integer overflow arises when assigning value using an index of 2147483647, the signed integer limit. This causes a denial of service. (CVE-2024-23337) It was discovered that jq did not correctly handle certain string concatenations. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2026-32316) It was discovered that jq did not correctly handle recursion in certain circumstances. An attacker could possibly use this issue to cause a denial of service. (CVE-2026-33947) It was discovered that jq did not correctly handle improperly terminated strings. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2026-33948) It was discovered that jq did not correctly handle checking certain variable types. An attacker could possibly use this issue to cause a denial of service or leak sensitive information. (CVE-2026-39956) It was discovered that jq did not correctly handle certain string formatting. An attacker could possibly use this issue to leak sensitive information or cause a denial of service. (CVE-2026-39979) It was discovered that jq used a fixed seed for hash table operations. An attacker could possibly use this issue to cause a denial of service. (CVE-2026-40164) A heap-buffer-overflow is present in function `jv_string_vfmt` in the jq_fuzz_execute harness from oss-fuzz. This crash happens on file jv.c, line 1456 `void* p = malloc(sz); (CVE-2025-48060) Top-level jq programs loaded from a file with -f are truncated at the first embedded NUL byte on current upstream HEAD. A crafted filter file such as . followed by x00 and arbitrary suffix compiles and executes as only the prefix before the NUL. This leaves jq with a post-CVE-2026-33948 prefix/full-buffer mismatch on the compilation path even though the JSON parser path has already been fixed. (CVE-2026-41256) The ordinary module loader recurses without cycle detection when two otherwise valid modules include each other (CVE-2026-44777) References

• https://bugs.mageia.org/show_bug.cgi?id=34443
• https://www.openwall.com/lists/oss-security/2026/04/15/8
• https://github.com/jqlang/jq/security/advisories/GHSA-q3h9-m34w-h76f
• https://github.com/jqlang/jq/security/advisories/GHSA-2hhh-px8h-355p
• https://github.com/jqlang/jq/security/advisories/GHSA-32cx-cvvh-2wj9
• https://github.com/jqlang/jq/security/advisories/GHSA-xwrw-4f8h-rjvg
• https://github.com/jqlang/jq/security/advisories/GHSA-6gc3-3g9p-xx28
• https://github.com/jqlang/jq/security/advisories/GHSA-wwj8-gxm6-jc29
• https://github.com/jqlang/jq/security/advisories/GHSA-gf4g-95wj-4q4r
• https://www.cve.org/CVERecord?id=CVE-2024-23337
• https://www.cve.org/CVERecord?id=CVE-2025-48060
• https://www.cve.org/CVERecord?id=CVE-2026-32316
• https://www.cve.org/CVERecord?id=CVE-2026-39979
• https://www.cve.org/CVERecord?id=CVE-2026-33948
• https://www.cve.org/CVERecord?id=CVE-2026-33947
• https://www.cve.org/CVERecord?id=CVE-2026-39956
• https://www.cve.org/CVERecord?id=CVE-2026-40164

SRPMS 9/core

• jq-1.6-3.1.mga9

Publication date: 10 Jun 2026
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-4444 , CVE-2026-44597 , CVE-2026-44599 , CVE-2026-44600 , CVE-2026-44601 , CVE-2026-44602 , CVE-2026-44603 Description This update provides lots of security issues fixed by upstream since our current version. Please see the links for details. References

• https://bugs.mageia.org/show_bug.cgi?id=35486
• https://gitlab.torproject.org/tpo/core/tor/-/blob/tor-0.4.8.25/ReleaseNotes?ref_type=tags#L5
• https://gitlab.torproject.org/tpo/core/tor/-/blob/tor-0.4.9.8/ReleaseNotes?ref_type=tags#L5
• https://www.cve.org/CVERecord?id=CVE-2025-4444
• https://www.cve.org/CVERecord?id=CVE-2026-44597
• https://www.cve.org/CVERecord?id=CVE-2026-44599
• https://www.cve.org/CVERecord?id=CVE-2026-44600
• https://www.cve.org/CVERecord?id=CVE-2026-44601
• https://www.cve.org/CVERecord?id=CVE-2026-44602
• https://www.cve.org/CVERecord?id=CVE-2026-44603

SRPMS 9/core

• tor-0.4.9.8-1.mga9

Publication date: 10 Jun 2026
Type: security
Affected Mageia releases : 9
CVE: CVE-2026-4367 Description libXpm Out-of-bounds read in xpmNextWord(). (CVE-2026-4367) References

• https://bugs.mageia.org/show_bug.cgi?id=35415
• https://www.openwall.com/lists/oss-security/2026/04/21/3
• https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/RVKVREGNUTRNFASWOP3IK7BSE3RXDHLZ/
• https://www.cve.org/CVERecord?id=CVE-2026-4367

SRPMS 9/core

• libxpm-3.5.15-1.2.mga9

Publication date: 10 Jun 2026
Type: security
Affected Mageia releases : 9
CVE: CVE-2026-40959 , CVE-2026-40960 Description Mod security sandbox escape. (CVE-2026-40959) HTTP API and insecure environment access control bypass. (CVE-2026-40960) References

• https://bugs.mageia.org/show_bug.cgi?id=35422
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2K6QTVDXSL7E72EYONNHDCY7I7LTD27B/
• https://lists.debian.org/debian-security-announce/2026/msg00127.html
• https://github.com/luanti-org/luanti/security/advisories/GHSA-g596-mf82-w8c3
• https://github.com/luanti-org/luanti/security/advisories/GHSA-22c4-238c-m5j4
• https://www.cve.org/CVERecord?id=CVE-2026-40959
• https://www.cve.org/CVERecord?id=CVE-2026-40960

SRPMS 9/core

• minetest-5.7.0-1.1.mga9

Publication date: 10 Jun 2026
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-11596 , CVE-2024-9781 , CVE-2025-11626 , CVE-2025-13499 , CVE-2025-13945 , CVE-2025-13946 , CVE-2025-1492 , CVE-2025-5601 , CVE-2025-9817 , CVE-2026-0960 , CVE-2026-5405 , CVE-2026-5653 , CVE-2026-6529 , CVE-2026-6530 , CVE-2026-6867 , CVE-2026-6868 , CVE-2026-6869 , CVE-2026-6870 , CVE-2026-7376 , CVE-2026-7378 , CVE-2026-7379 Description Multiple vulnerabilities have been discovered in Wireshark, a network protocol analyzer, which could result in denial of service or the execution of arbitrary code. This update fixes the reported issue. References

• https://bugs.mageia.org/show_bug.cgi?id=33641
• https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/TDSVQBWNGPIXNB6DJ7GN3MKZXQIAMQNM/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7XDTIEL5AXYD7FSCLZTDTSH5DDELHHLL/
• https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/QKS4A6WNLC3Y3QRK3OCQ4MEHDXODKUI6/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D55JJLGZUIFAWMHEC7HM4552HI7FDQJE/
• https://lists.debian.org/debian-security-announce/2026/msg00160.html
• https://www.cve.org/CVERecord?id=CVE-2024-11596
• https://www.cve.org/CVERecord?id=CVE-2024-9781
• https://www.cve.org/CVERecord?id=CVE-2025-11626
• https://www.cve.org/CVERecord?id=CVE-2025-13499
• https://www.cve.org/CVERecord?id=CVE-2025-13945
• https://www.cve.org/CVERecord?id=CVE-2025-13946
• https://www.cve.org/CVERecord?id=CVE-2025-1492
• https://www.cve.org/CVERecord?id=CVE-2025-5601
• https://www.cve.org/CVERecord?id=CVE-2025-9817
• https://www.cve.org/CVERecord?id=CVE-2026-0960
• https://www.cve.org/CVERecord?id=CVE-2026-5405
• https://www.cve.org/CVERecord?id=CVE-2026-5653
• https://www.cve.org/CVERecord?id=CVE-2026-6529
• https://www.cve.org/CVERecord?id=CVE-2026-6530
• https://www.cve.org/CVERecord?id=CVE-2026-6867
• https://www.cve.org/CVERecord?id=CVE-2026-6868
• https://www.cve.org/CVERecord?id=CVE-2026-6869
• https://www.cve.org/CVERecord?id=CVE-2026-6870
• https://www.cve.org/CVERecord?id=CVE-2026-7376
• https://www.cve.org/CVERecord?id=CVE-2026-7378
• https://www.cve.org/CVERecord?id=CVE-2026-7379

SRPMS 9/core

• wireshark-4.0.17-1.2.mga9

Publication date: 10 Jun 2026
Type: security
Affected Mageia releases : 9
CVE: CVE-2026-33250 Description CVE-2026-33250, freeciv crash with a stack overflow when receiving specially-crafted packets. A remote attacker can use this to take down any public server. A malicious server can use this to crash the game on the player's machine References

• https://bugs.mageia.org/show_bug.cgi?id=35257
• https://lists.debian.org/debian-security-announce/2026/msg00082.html
• https://www.cve.org/CVERecord?id=CVE-2026-33250

SRPMS 9/core

• freeciv-3.0.7-1.2.mga9

‎Artwork: mageia-theme-extra information

← Older revision Revision as of 20:19, 9 June 2026 Line 65: Line 65:     For the main screensavers, we have chosen an image size of 3840×2160 and the JXL format, allowing them to look great on modern 2K and even 4K monitors, while maintaining a disk space footprint similar to those included in Mageia 9, which used lower resolutions and the JPG format. For the main screensavers, we have chosen an image size of 3840×2160 and the JXL format, allowing them to look great on modern 2K and even 4K monitors, while maintaining a disk space footprint similar to those included in Mageia 9, which used lower resolutions and the JPG format.  +  +Remember that we have the {{prog|mageia-theme-extra}} package with some additional backgrounds including some of the previous signature backgrounds for mageia.     == Major developments == == Major developments == Katnatek

Publication date: 09 Jun 2026
Type: security
Affected Mageia releases : 9
CVE: CVE-2023-48795 Description This update fixes CVE-2023-48795: Prefix Truncation Attacks in SSH Specification (Terrapin Attack) , for ruby-net-ssh. References

• https://bugs.mageia.org/show_bug.cgi?id=32682
• https://github.com/net-ssh/net-ssh/blob/v7.3.0/CHANGES.txt
• https://github.com/net-ssh/net-ssh/compare/v7.0.1...v7.3.0
• https://www.openwall.com/lists/oss-security/2023/12/18/3
• https://www.openwall.com/lists/oss-security/2023/12/19/5
• https://www.openwall.com/lists/oss-security/2023/12/20/3
• https://www.cve.org/CVERecord?id=CVE-2023-48795

SRPMS 9/core

• ruby-net-ssh-7.3.0-1.mga9

Publication date: 09 Jun 2026
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-45797 , CVE-2024-47187 , CVE-2024-47188 , CVE-2024-47522 , CVE-2024-45795 , CVE-2024-45796 , CVE-2024-55605 , CVE-2024-55626 , CVE-2024-55627 , CVE-2024-55628 , CVE-2024-55629 , CVE-2025-29916 , CVE-2025-29917 , CVE-2025-29918 Description Various security, performance, accuracy, and stability issues have been fixed, plus we have moved to a supported version. References

• https://bugs.mageia.org/show_bug.cgi?id=33666
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WUPZOFSY4QOLJUU5AJZ7K6EES56A4KEN/
• https://forum.suricata.io/t/suricata-6-is-now-end-of-life-eol/4790
• https://forum.suricata.io/t/suricata-7-0-10-released/5522
• https://forum.suricata.io/t/suricata-7-0-9-released/5495
• https://forum.suricata.io/t/suricata-7-0-8-released/5137
• https://forum.suricata.io/t/suricata-7-0-7-released/4877
• https://www.cve.org/CVERecord?id=CVE-2024-45797
• https://www.cve.org/CVERecord?id=CVE-2024-47187
• https://www.cve.org/CVERecord?id=CVE-2024-47188
• https://www.cve.org/CVERecord?id=CVE-2024-47522
• https://www.cve.org/CVERecord?id=CVE-2024-45795
• https://www.cve.org/CVERecord?id=CVE-2024-45796
• https://www.cve.org/CVERecord?id=CVE-2024-55605
• https://www.cve.org/CVERecord?id=CVE-2024-55626
• https://www.cve.org/CVERecord?id=CVE-2024-55627
• https://www.cve.org/CVERecord?id=CVE-2024-55628
• https://www.cve.org/CVERecord?id=CVE-2024-55629
• https://www.cve.org/CVERecord?id=CVE-2025-29916
• https://www.cve.org/CVERecord?id=CVE-2025-29917
• https://www.cve.org/CVERecord?id=CVE-2025-29918

SRPMS 9/core

• suricata-7.0.10-1.mga9

Publication date: 09 Jun 2026
Type: security
Affected Mageia releases : 9
CVE: CVE-2026-41651 Description PackageKit vulnerable to TOCTOU Race on Transaction Flags leads to arbitrary package installation as root. (CVE-2026-41651) References

• https://bugs.mageia.org/show_bug.cgi?id=35428
• https://lists.debian.org/debian-security-announce/2026/msg00136.html
• https://www.openwall.com/lists/oss-security/2026/04/22/6
• https://lists.freedesktop.org/archives/packagekit/2026-April/026513.html
• https://github.com/PackageKit/PackageKit/security/advisories/GHSA-f55j-vvr9-69xv
• https://github.security.telekom.com/2026/04/pack2theroot-linux-local-privilege-escalation.html
• https://www.cve.org/CVERecord?id=CVE-2026-41651

SRPMS 9/core

• packagekit-1.2.6-2.1.mga9

Publication date: 09 Jun 2026
Type: bugfix
Affected Mageia releases : 9
CVE: CVE-2026-32792 , CVE-2026-33278 , CVE-2026-40622 , CVE-2026-41292 , CVE-2026-42534 , CVE-2026-42923 , CVE-2026-42944 , CVE-2026-42959 , CVE-2026-42960 , CVE-2026-44390 , CVE-2026-44608 Description Updated unbound packages fix various security vulnerabilities, one big critical (CVE-2026-33278) and concerning a possible remote code execution during DNSSEC validation. References

• https://bugs.mageia.org/show_bug.cgi?id=35561
• https://nlnetlabs.nl/projects/unbound/security-advisories/
• https://www.openwall.com/lists/oss-security/2026/05/20/5
• https://www.cve.org/CVERecord?id=CVE-2026-32792
• https://www.cve.org/CVERecord?id=CVE-2026-33278
• https://www.cve.org/CVERecord?id=CVE-2026-40622
• https://www.cve.org/CVERecord?id=CVE-2026-41292
• https://www.cve.org/CVERecord?id=CVE-2026-42534
• https://www.cve.org/CVERecord?id=CVE-2026-42923
• https://www.cve.org/CVERecord?id=CVE-2026-42944
• https://www.cve.org/CVERecord?id=CVE-2026-42959
• https://www.cve.org/CVERecord?id=CVE-2026-42960
• https://www.cve.org/CVERecord?id=CVE-2026-44390
• https://www.cve.org/CVERecord?id=CVE-2026-44608

SRPMS 9/core

• unbound-1.25.1-1.mga9

‎For Qa team:: added doktor5000

← Older revision Revision as of 20:25, 7 June 2026 Line 129: Line 129:     * Flavianoep - Flaviano Matos -  pehteimoso-bugzilla at yahoo dot com * Flavianoep - Flaviano Matos -  pehteimoso-bugzilla at yahoo dot com  +  +* doktor5000 - Florian Hubold - doktor5000 at arcor dot de Doktor5000

Publication date: 07 Jun 2026
Type: security
Affected Mageia releases : 9
CVE: CVE-2023-48795 Description fixes a protocol weakness in the golang.org/x/crypto/ssh package that allowed a MITM attacker to compromise the integrity of the secure channel before it was established, allowing them to prevent transmission of a number of messages immediately after the secure channel was established without either side being aware. The impact of this attack is relatively limited, as it does not compromise confidentiality of the channel. Notably this attack would allow an attacker to prevent the transmission of the SSH2_MSG_EXT_INFO message, disabling a handful of newer security features. References

• https://bugs.mageia.org/show_bug.cgi?id=32674
• https://www.openwall.com/lists/oss-security/2023/12/18/3
• https://www.openwall.com/lists/oss-security/2023/12/19/5
• https://www.openwall.com/lists/oss-security/2023/12/20/3
• https://www.cve.org/CVERecord?id=CVE-2023-48795

SRPMS 9/core

• golang-x-crypto-0.45.0-1.mga9
• golang-x-sys-0.30.0-2.mga9

Publication date: 07 Jun 2026
Type: security
Affected Mageia releases : 9
CVE: CVE-2026-34080 Description A policy parser vulnerability allows bypassing eavesdrop restrictions. The proxy checks for eavesdrop=true in policy rules but fails to handle eavesdrop ='true' (with a space before the equals sign) and similar cases. References

• https://bugs.mageia.org/show_bug.cgi?id=35347
• https://www.openwall.com/lists/oss-security/2026/04/10/15
• https://github.com/flatpak/xdg-dbus-proxy/security/advisories/GHSA-vjp5-hjfm-7677
• https://www.cve.org/CVERecord?id=CVE-2026-34080

SRPMS 9/core

• xdg-dbus-proxy-0.1.7-1.mga9

← Older revision Revision as of 18:52, 6 June 2026 Line 633: Line 633:     Diese Kategorie enthält die folgenden Pakete, alphabetisch: Diese Kategorie enthält die folgenden Pakete, alphabetisch:  +* bookworm Psyca

Publication date: 06 Jun 2026
Type: security
Affected Mageia releases : 9
CVE: CVE-2026-43491 , CVE-2026-43492 , CVE-2026-43493 , CVE-2026-43495 , CVE-2026-43496 , CVE-2026-43497 , CVE-2026-43499 , CVE-2026-43501 , CVE-2026-43502 , CVE-2026-43503 , CVE-2026-46300 , CVE-2026-46333 Description Vanilla upstream kernel version 6.6.141 fixes vulnerabilities. For information about the vulnerabilities see the links. References

• https://bugs.mageia.org/show_bug.cgi?id=35590
• https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.139
• https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.140
• https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.141
• https://www.cve.org/CVERecord?id=CVE-2026-43491
• https://www.cve.org/CVERecord?id=CVE-2026-43492
• https://www.cve.org/CVERecord?id=CVE-2026-43493
• https://www.cve.org/CVERecord?id=CVE-2026-43495
• https://www.cve.org/CVERecord?id=CVE-2026-43496
• https://www.cve.org/CVERecord?id=CVE-2026-43497
• https://www.cve.org/CVERecord?id=CVE-2026-43499
• https://www.cve.org/CVERecord?id=CVE-2026-43501
• https://www.cve.org/CVERecord?id=CVE-2026-43502
• https://www.cve.org/CVERecord?id=CVE-2026-43503
• https://www.cve.org/CVERecord?id=CVE-2026-46300
• https://www.cve.org/CVERecord?id=CVE-2026-46333

SRPMS 9/core

• kernel-linus-6.6.141-1.mga9

Publication date: 06 Jun 2026
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-27551 , CVE-2025-27552 Description The updated perl-DBIx-Class-EncodedColumn and new perl-Crypt-URandom-Token packages fix security issues: DBIx::Class::EncodedColumn until 0.00032 for Perl uses insecure rand() function for salting password hashes in Digest.pm (CVE-2025-27551) DBIx::Class::EncodedColumn until 0.00032 for Perl uses insecure rand() function for salting password hashes in Crypt/Eksblowfish/Bcrypt.pm (CVE-2025-27552) References

• https://bugs.mageia.org/show_bug.cgi?id=34215
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PZO6ZQ5X5UGT2U2IHHPDXAJUDE27HTUX/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CTXKJZJLOFULT3WQ46ITSLDFTLG4YKJ2/
• https://www.cve.org/CVERecord?id=CVE-2025-27551
• https://www.cve.org/CVERecord?id=CVE-2025-27552

SRPMS 9/core

• perl-DBIx-Class-EncodedColumn-0.110.0-1.mga9
• perl-Crypt-URandom-Token-0.005-1.mga9