FEDORA-2022-8d01b8b6d3

Packages in this update:

cloudcompare-2.11.3-4.fc36

Update description:

Security fix for CVE-2021-21897

Read More

Posted by Martin Heiland via Fulldisclosure on Sep 01

Dear subscribers,

we’re sharing our latest advisory with you and like to thank everyone who contributed in finding and solving those
vulnerabilities. Feel free to join our bug bounty programs for OX AppSuite, Dovecot and PowerDNS at HackerOne.

Yours sincerely,
Martin Heiland, Open-Xchange GmbH

Product: OX App Suite
Vendor: OX Software GmbH

Internal reference: MWB-1540
Vulnerability type: Cross-Site Scripting (CWE-80)
Vulnerable…

Read More

FEDORA-2022-f83aec6d57

Packages in this update:

mediawiki-1.37.4-1.fc36

Update description:

MediaWiki 1.37.4

This is a maintenance release of the MediaWiki 1.37 branch.
Changes since MediaWiki 1.37.3

Localisation updates.
(T311568) UploadBase::setTempFile() handle $tempPath being passed as null.
(T311559) SpecialListFiles: user parameter isn’t always present.
(T311561) ImageListPager: Don’t call htmlspecialchars() on null.
(T311920) SpecialBlockList: Prevent passing null to trim().
(T311921) SpecialUserrights: Don’t pass null to str_replace.
(T311570) SpecialWithoutInterwiki: Don’t pass null through to

Title::capitalize().

(T311574, T311576) SpecialLinkSearch: Don’t pass null through to the parser.
(T312059) Update guzzlehttp/guzzle to 7.4.5 in vendor.
(T296435, T297669) cache: Add four fields to LinkCache::getSelectFields.

MediaWiki 1.37.3

This is a security and maintenance release of the MediaWiki 1.37 branch.
Changes since MediaWiki 1.37.2

Localisation updates.
(T289879) Type hints for ArrayAccess and JsonSerializable.
(T304783) TemplateParser: avoid warnings when called by NoLocalSettings.
Rebuilt vendor with composer 2.3.3.
Fix old_name in UserLogoutComplete hook.
(T289879) Address some deprecations for PHP 8.1.
(T193565) UserGroupManager: Fix dbDomain in addUserToGroup() deferred update.
(T309114) LocalFile::prerenderThumbnails: Limit the number of thumbnail jobs

triggered.

(T307982) Updated wikimedia/parsoid from v0.14.0 to v0.14.1.
(T308471) SECURITY: Escape welcomeuser message passed to showSuccessPage().
(T308473) SECURITY: Escape contributions-title msg for use within page title.
(T311272) Call parent constructor of AddSite maintenance script first.
MediaWiki: Don’t eagerly initialize action name.
Updated wikimedia/shellbox from v2.0.0 to v2.1.1.
(T311384, CVE-2022-27776) Updated guzzlehttp/guzzle from 7.2.0 to 7.4.5.
(T289926) Avoid passing null to trim() in SkinTemplate.
(T311473) rollbackEdits: Pass user identity to RollbackPage.
(T307282) Avoid passing null to strcasecmp(), for PHP 8.1.
(T311551) ShellboxClientFactory::getUrl(): Check if $this->key is null.
(T311552) ChangesListSpecialPage: Don’t pass null to FormatJson::decode().
(T311569) FileBackend::isStoragePath() Handle being passed null.
(T311544) Pass int to ApiUsageException::newWithMessage()’s $httpCode param.
(T311678) SpecialEditWatchlist: Prevent passing null to strtolower().
(T281741) ChangeTags: Fix adding CSS classes for hidden tags.
(T296642) changetags: Fix management of a ‘0’ tag.
(T311554) ChangeTags: Return early in formatSummaryRow() if $tags === null.
(T303033) Handle null in ChangeTags::modifyDisplayQuery.
Updated wikimedia/common-passwords from 0.3.0 to 0.4.0.

Read More

FEDORA-2022-bca2c95559

Packages in this update:

mediawiki-1.38.2-1.fc37

Update description:

MediaWiki 1.38.2

This is a security and maintenance release of the MediaWiki 1.38 branch.
Changes since MediaWiki 1.38.1

Localisation updates.
(T309426) Repair language selector for SVGs.
(T310013) Fix default value for $wgShowEXIF and $wgUsePathInfo.
(T308471) SECURITY: Escape welcomeuser message passed to showSuccessPage().
(T308473) SECURITY: Escape contributions-title msg for use within page title.
(T311272) Call parent constructor of AddSite maintenance script first.
MediaWiki: Don’t eagerly initialize action name.
(T311384, CVE-2022-27776) Updated guzzlehttp/guzzle from 7.4.1 to 7.4.5.
(T289926) Avoid passing null to trim() in SkinTemplate.
(T289879) Address deprecations for PHP 8.1.
(T311473) rollbackEdits: Pass user identity to RollbackPage.
Upgrade wikimedia/remex-html from 3.0.1 to 3.0.2.
(T311551) ShellboxClientFactory::getUrl(): Check if $this->key is null.
(T311552) ChangesListSpecialPage: Don’t pass null to FormatJson::decode().
(T311569) FileBackend::isStoragePath() Handle being passed null.
(T311544) Pass int to ApiUsageException::newWithMessage()’s $httpCode param.
(T311678) SpecialEditWatchlist: Prevent passing null to strtolower().
(T311554) ChangeTags: Return early in formatSummaryRow() if $tags === null.
Upgrade wikimedia/common-passwords from 0.3.0 to 0.4.0.

Read More

FEDORA-2022-d0be6938e2

Packages in this update:

cloudcompare-2.11.3-4.fc38

Update description:

Automatic update for cloudcompare-2.11.3-4.fc38.

Changelog

* Thu Aug 25 2022 Miro Hrončok <mhroncok@redhat.com> – 2.11.3-4
– Security fix for CVE-2021-21897
– Fixes: rhbz#2080986

Read More

A vulnerability was found in the Linux kernel, where accessing a deallocated instance in printer_ioctl() printer_ioctl() tries to access of a printer_dev instance. However, use-after-free arises because it had been freed by gprinter_free().

Read More

In SQlite 3.31.1, a potential null pointer derreference was found in the INTERSEC query processing.

Read More

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none.

Read More

In SQLite 3.31.1, there is an out of bounds access problem through ALTER TABLE for views that have a nested FROM clause.

Read More

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none.

Read More