Mageia Security

Publication date: 15 Aug 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-42010 , CVE-2024-42009 , CVE-2024-42008 Description Fix XSS vulnerability in post-processing of sanitized HTML content [CVE-2024-42009] Fix XSS vulnerability in serving of attachments other than HTML or SVG [CVE-2024-42008] Fix information leak (access to remote content) via insufficient CSS filtering [CVE-2024-42010] References

• https://bugs.mageia.org/show_bug.cgi?id=33460
• https://github.com/roundcube/roundcubemail/releases/tag/1.6.8
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42010
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42009
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42008

SRPMS 9/core

• roundcubemail-1.6.8-1.mga9

Publication date: 15 Aug 2024
Type: bugfix
Affected Mageia releases : 9
Description yt-dlp has long since ceased working correctly on many sites including YouTube. This update fixes the reported behavior. References

• https://bugs.mageia.org/show_bug.cgi?id=33462

SRPMS 9/core

• yt-dlp-2024.08.06-1.mga9

Publication date: 15 Aug 2024
Type: bugfix
Affected Mageia releases : 9
Description Since the current version in Mageia 9, upstream has fixed some bugs and provided enhancements. References

• https://bugs.mageia.org/show_bug.cgi?id=33465
• https://github.com/pdfarranger/pdfarranger/releases/tag/1.10.0
• https://github.com/pdfarranger/pdfarranger/releases/tag/1.10.1
• https://github.com/pdfarranger/pdfarranger/releases/tag/1.11.0

SRPMS 9/core

• pdfarranger-1.11.0-1.mga9