Read Time:6 Second
FEDORA-2023-7aa64e4a41
Packages in this update:
python3.9-3.9.18-1.fc38
Update description:
Update to 3.9.18
Monthly Archives: August 2023
python3.9-3.9.18-1.fc39
Read Time:6 Second
FEDORA-2023-0bd29e992b
Packages in this update:
python3.9-3.9.18-1.fc39
Update description:
Update to 3.9.18
python3.8-3.8.18-1.fc37
Read Time:6 Second
FEDORA-2023-e49d18c283
Packages in this update:
python3.8-3.8.18-1.fc37
Update description:
Update to 3.8.18
python3.8-3.8.18-1.fc38
Read Time:6 Second
FEDORA-2023-af9e3098a5
Packages in this update:
python3.8-3.8.18-1.fc38
Update description:
Update to 3.8.18
python3.8-3.8.18-1.fc39
Read Time:6 Second
FEDORA-2023-e9a4e0f112
Packages in this update:
python3.8-3.8.18-1.fc39
Update description:
Update to 3.8.18
rubygem-actioncable-7.0.7.2-1.fc40 rubygem-actionmailbox-7.0.7.2-1.fc40 rubygem-actionmailer-7.0.7.2-1.fc40 rubygem-actionpack-7.0.7.2-1.fc40 rubygem-actiontext-7.0.7.2-1.fc40 rubygem-actionview-7.0.7.2-1.fc40 rubygem-activejob-7.0.7.2-1.fc40 rubygem-activemodel-7.0.7.2-1.fc40 rubygem-activerecord-7.0.7.2-1.fc40 rubygem-activestorage-7.0.7.2-1.fc40 rubygem-activesupport-7.0.7.2-1.fc40 rubygem-rails-7.0.7.2-1.fc40 rubygem-railties-7.0.7.2-1.fc40
Read Time:44 Second
FEDORA-2023-28962dd58a
Packages in this update:
rubygem-actioncable-7.0.7.2-1.fc40
rubygem-actionmailbox-7.0.7.2-1.fc40
rubygem-actionmailer-7.0.7.2-1.fc40
rubygem-actionpack-7.0.7.2-1.fc40
rubygem-actiontext-7.0.7.2-1.fc40
rubygem-actionview-7.0.7.2-1.fc40
rubygem-activejob-7.0.7.2-1.fc40
rubygem-activemodel-7.0.7.2-1.fc40
rubygem-activerecord-7.0.7.2-1.fc40
rubygem-activestorage-7.0.7.2-1.fc40
rubygem-activesupport-7.0.7.2-1.fc40
rubygem-rails-7.0.7.2-1.fc40
rubygem-railties-7.0.7.2-1.fc40
Update description:
Ruby on Rails security upgrade: https://rubyonrails.org/2023/8/22/Rails-Versions-7-0-7-2-6-1-7-6-have-been-released – incorrect file permissions on encrypted files. Exploit not known.
Identity Theft from 1965 Uncovered through Face Recognition
Read Time:32 Second
Interesting story:
Napoleon Gonzalez, of Etna, assumed the identity of his brother in 1965, a quarter century after his sibling’s death as an infant, and used the stolen identity to obtain Social Security benefits under both identities, multiple passports and state identification cards, law enforcement officials said.
[…]
A new investigation was launched in 2020 after facial identification software indicated Gonzalez’s face was on two state identification cards.
The facial recognition technology is used by the Maine Bureau of Motor Vehicles to ensure no one obtains multiple credentials or credentials under someone else’s name, said Emily Cook, spokesperson for the secretary of state’s office.
php-phpmailer6-6.8.1-1.fc38
Read Time:38 Second
FEDORA-2023-e51479556c
Packages in this update:
php-phpmailer6-6.8.1-1.fc38
Update description:
Minor security note
The DSN support added in 6.8.0 reflects the DSN back to the user in an error message if it is invalid. If a DSN uses user-supplied input (a very bad idea), it opens a distant possibility of XSS if the host app does not escape output. In an abundance of caution, malformed DSNs are no longer reflected in error messages.
Changes
Don’t reflect malformed DSNs in error messages to avert any risk of XSS
Improve Simplified Chinese, Sinhalese, and Norwegian translations
Don’t use setAccessible in PHP >= 8.1 in tests
Avoid a deprecation notice in PHP 8.3
Fix link in readme
php-phpmailer6-6.8.1-1.fc37
Read Time:38 Second
FEDORA-2023-f2be748f28
Packages in this update:
php-phpmailer6-6.8.1-1.fc37
Update description:
Minor security note
The DSN support added in 6.8.0 reflects the DSN back to the user in an error message if it is invalid. If a DSN uses user-supplied input (a very bad idea), it opens a distant possibility of XSS if the host app does not escape output. In an abundance of caution, malformed DSNs are no longer reflected in error messages.
Changes
Don’t reflect malformed DSNs in error messages to avert any risk of XSS
Improve Simplified Chinese, Sinhalese, and Norwegian translations
Don’t use setAccessible in PHP >= 8.1 in tests
Avoid a deprecation notice in PHP 8.3
Fix link in readme
php-phpmailer6-6.8.1-1.fc39
Read Time:38 Second
FEDORA-2023-f9877b5292
Packages in this update:
php-phpmailer6-6.8.1-1.fc39
Update description:
Minor security note
The DSN support added in 6.8.0 reflects the DSN back to the user in an error message if it is invalid. If a DSN uses user-supplied input (a very bad idea), it opens a distant possibility of XSS if the host app does not escape output. In an abundance of caution, malformed DSNs are no longer reflected in error messages.
Changes
Don’t reflect malformed DSNs in error messages to avert any risk of XSS
Improve Simplified Chinese, Sinhalese, and Norwegian translations
Don’t use setAccessible in PHP >= 8.1 in tests
Avoid a deprecation notice in PHP 8.3
Fix link in readme