Lector de Feeds

Publication date: 15 Aug 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-42010 , CVE-2024-42009 , CVE-2024-42008 Description Fix XSS vulnerability in post-processing of sanitized HTML content [CVE-2024-42009] Fix XSS vulnerability in serving of attachments other than HTML or SVG [CVE-2024-42008] Fix information leak (access to remote content) via insufficient CSS filtering [CVE-2024-42010] References

• https://bugs.mageia.org/show_bug.cgi?id=33460
• https://github.com/roundcube/roundcubemail/releases/tag/1.6.8
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42010
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42009
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42008

SRPMS 9/core

• roundcubemail-1.6.8-1.mga9

Publication date: 15 Aug 2024
Type: bugfix
Affected Mageia releases : 9
Description yt-dlp has long since ceased working correctly on many sites including YouTube. This update fixes the reported behavior. References

• https://bugs.mageia.org/show_bug.cgi?id=33462

SRPMS 9/core

• yt-dlp-2024.08.06-1.mga9

Publication date: 15 Aug 2024
Type: bugfix
Affected Mageia releases : 9
Description Since the current version in Mageia 9, upstream has fixed some bugs and provided enhancements. References

• https://bugs.mageia.org/show_bug.cgi?id=33465
• https://github.com/pdfarranger/pdfarranger/releases/tag/1.10.0
• https://github.com/pdfarranger/pdfarranger/releases/tag/1.10.1
• https://github.com/pdfarranger/pdfarranger/releases/tag/1.11.0

SRPMS 9/core

• pdfarranger-1.11.0-1.mga9

In Mageia/cauldron/x86_64: Bubblewrap (/usr/bin/bwrap) is a core execution engine for unprivileged containers that works as a setuid binary on kernels without user namespaces.

In Mageia/cauldron/i586: Bubblewrap (/usr/bin/bwrap) is a core execution engine for unprivileged containers that works as a setuid binary on kernels without user namespaces.

In Mageia/cauldron/x86_64: Nginx [engine x] is an HTTP(S) server, HTTP(S) reverse proxy and IMAP/POP3 proxy server written by Igor Sysoev.

In Mageia/cauldron/i586: Nginx [engine x] is an HTTP(S) server, HTTP(S) reverse proxy and IMAP/POP3 proxy server written by Igor Sysoev.

In Mageia/cauldron/i586: Windows Mono library required for Wine.

In Mageia/cauldron/x86_64: Windows Mono library required for Wine.

In Mageia/cauldron/x86_64: Dovecot is an IMAP and POP3 server for Linux/UNIX-like systems, written with security primarily in mind. Although it's written with C, it uses several coding techniques to avoid most of the common pitfalls. Dovecot can work with standard mbox and maildir formats and it's fully compatible with UW-IMAP and Courier IMAP servers as well as mail clients accessing the mailboxes directly. You can build dovecot with some conditional build switches; (ie. use with rpm --rebuild): --with[out] gssapi GSSAPI support (enabled) --with[out] ldap LDAP support (enabled) --with[out] lucene Lucene support (enabled) --with[out] solr Solr support (enabled) --with[out] mysql MySQL support (enabled) --with[out] pgsql PostgreSQL support (enabled) --with[out] sqlite SQLite support (enabled) --with[out] sieve Pigeonhole Sieve and ManageSieve support (enabled)

In Mageia/cauldron/i586: Dovecot is an IMAP and POP3 server for Linux/UNIX-like systems, written with security primarily in mind. Although it's written with C, it uses several coding techniques to avoid most of the common pitfalls. Dovecot can work with standard mbox and maildir formats and it's fully compatible with UW-IMAP and Courier IMAP servers as well as mail clients accessing the mailboxes directly. You can build dovecot with some conditional build switches; (ie. use with rpm --rebuild): --with[out] gssapi GSSAPI support (enabled) --with[out] ldap LDAP support (enabled) --with[out] lucene Lucene support (enabled) --with[out] solr Solr support (enabled) --with[out] mysql MySQL support (enabled) --with[out] pgsql PostgreSQL support (enabled) --with[out] sqlite SQLite support (enabled) --with[out] sieve Pigeonhole Sieve and ManageSieve support (enabled)

In Mageia/cauldron/x86_64: The Go Programming Language.

In Mageia/cauldron/i586: The Go Programming Language.

In Mageia/cauldron/i586: The vkd3d project includes libraries, shaders, utilities, and demos for translating D3D12 to Vulkan.

In Mageia/cauldron/x86_64: The vkd3d project includes libraries, shaders, utilities, and demos for translating D3D12 to Vulkan.

In Mageia/cauldron/i586: This is a cycle-based version of a C64 music playing library developed by Simon White. This library provides no internal SID emulation. Instead a means to drive any external SID hardware or emulation has been provided using the SID Builder Classes. A ReSID Builder Class using a modified version of ReSID 0.13 is included in this package. Alternative/updated classes can be obtained from the SIDPlay2 homepage. This is a fork of the original libsidplay2 aimed at improved sound quality.

In Mageia/cauldron/x86_64: This is a cycle-based version of a C64 music playing library developed by Simon White. This library provides no internal SID emulation. Instead a means to drive any external SID hardware or emulation has been provided using the SID Builder Classes. A ReSID Builder Class using a modified version of ReSID 0.13 is included in this package. Alternative/updated classes can be obtained from the SIDPlay2 homepage. This is a fork of the original libsidplay2 aimed at improved sound quality.

In Mageia/cauldron/x86_64: MusicBrainz Picard is the official MusicBrainz tagger, written in Python 3. Picard supports the majority of audio file formats, is capable of using audio fingerprints (PUIDs), performing CD lookups and disc ID submissions, and it has excellent Unicode support. Additionally, there are several plugins available that extend Picard's features. When tagging files, Picard uses an album-oriented approach. This approach allows it to utilize the MusicBrainz data as effectively as possible and correctly tag your music. For more information, see the illustrated quick start guide to tagging. Picard is named after Captain Jean-Luc Picard from the TV series Star Trek: The Next Generation.