FEDORA-2022-dd3eb7e0a8
Packages in this update:
xorg-x11-server-1.20.14-12.fc36
Update description:
Fix buggy patch to CVE-2022-46340
CVE fix for: CVE-2022-4283, CVE-2022-46340, CVE-2022-46341, CVE-2022-46342, CVE-2022-46343, CVE-2022-46344
xorg-x11-server-1.20.14-12.fc36
Fix buggy patch to CVE-2022-46340
CVE fix for: CVE-2022-4283, CVE-2022-46340, CVE-2022-46341, CVE-2022-46342, CVE-2022-46343, CVE-2022-46344
xorg-x11-server-1.20.14-12.fc37
Fix buggy patch to CVE-2022-46340
** DISPUTED ** A vulnerability was found in ewxrjk sftpserver. It has been declared as problematic. Affected by this vulnerability is the function sftp_parse_path of the file parse.c. The manipulation leads to uninitialized pointer. The real existence of this vulnerability is still doubted at the moment. The name of the patch is bf4032f34832ee11d79aa60a226cc018e7ec5eed. It is recommended to apply a patch to fix this issue. The identifier VDB-216205 was assigned to this vulnerability. NOTE: In some deployment models this would be a vulnerability. README specifically warns about avoiding such deployment models.
thunderbird-stable-3720221217163557.1
Update to 102.6.0 ;
https://www.mozilla.org/en-US/security/advisories/mfsa2022-53/ ;
https://www.thunderbird.net/en-US/thunderbird/102.6.0/releasenotes/
A vulnerability was found in roxlukas LMeve and classified as critical. Affected by this issue is some unknown functionality of the component Login Page. The manipulation of the argument X-Forwarded-For leads to sql injection. The attack may be launched remotely. The name of the patch is 29e1ead3bb1c1fad53b77dfc14534496421c5b5d. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-216176.