An invalid memory address reference was discovered in the adjABS function in p_lx_elf.cpp in UPX 4.0.0 via a crafted Mach-O file.

Read More

A heap-based buffer over-read was discovered in the acc_ua_get_be32 function in miniacc.h in UPX 4.0.0 via a crafted Mach-O file.

Read More

A heap-based buffer over-read was discovered in the get_le32 function in bele.h in UPX 4.0.0 via a crafted Mach-O file.

Read More

A heap-based buffer over-read was discovered in the get_le64 function in bele.h in UPX 4.0.0 via a crafted Mach-O file.

Read More

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.

Read More

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.

Read More

FEDORA-2022-3b33d04743

Packages in this update:

vim-9.0.246-1.fc35

Update description:

Security fixes for CVE-2022-2946, CVE-2022-2923, CVE-2022-2845, CVE-2022-2889

Read More

FEDORA-2022-33dd0f2f3e

Packages in this update:

thunderbird-102.2.0-1.fc36

Update description:

Update to 102.2.0 ;
https://www.mozilla.org/en-US/security/advisories/mfsa2022-36/

Read More

FEDORA-2022-ddee3eb27c

Packages in this update:

thunderbird-102.2.0-1.fc35

Update description:

Update to 102.2.0 ;
https://www.mozilla.org/en-US/security/advisories/mfsa2022-36/

Read More

FEDORA-2022-ddfeee50c9

Packages in this update:

webkit2gtk3-2.36.7-1.fc35

Update description:

Update to 2.36.7:

Fix several crashes and rendering issues.
Security fixes: CVE-2022-32793

Add provides for webkit2gtk4.0

webkit2gtk3 is getting renamed to webkit2gtk4.0 in F37+. Add provides for the new names to make it easier for other packages to depend on webkitgtk without having to conditionalize their spec files.

Read More