A vulnerability, which was classified as critical, has been found in The Next Generation of Genealogy Sitebuilding up to 11.1.0. This issue affects some unknown processing of the file /timeline2.php. The manipulation of the argument primaryID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 11.1.1 is able to address this issue. It is recommended to upgrade the affected component.

Read More

FEDORA-2022-1176b501f0

Packages in this update:

ntfs-3g-system-compression-1.0-9.fc35

Update description:

Rebuild for ntfs-3g CVE

Read More

FEDORA-2022-13bc8c91b0

Packages in this update:

ntfs-3g-system-compression-1.0-9.fc36

Update description:

Rebuild for ntfs-3g CVE

Read More

FEDORA-EPEL-2022-1fbc5ebf38

Packages in this update:

python-elasticsearch-7.17.4-1.el9

Update description:

Update to 7.17.4 (rhbz #2066385 + #2072294 and #2094515)

Read More

FEDORA-2022-8fa7e5aeaf

Packages in this update:

ntfs-3g-2022.5.17-1.fc35

Update description:

New upstream version 2022.5.17

Read More

FEDORA-2022-8f775872c9

Packages in this update:

ntfs-3g-2022.5.17-1.fc36

Update description:

New upstream version 2022.5.17

Read More

A vulnerability was found in Sricam IP CCTV Camera and classified as critical. This issue affects some unknown processing of the component Device Viewer. The manipulation leads to memory corruption. An attack has to be approached locally. The exploit has been disclosed to the public and may be used.

Read More

A vulnerability was found in Sricam IP CCTV Camera. It has been classified as critical. Affected is an unknown function of the component Device Viewer. The manipulation leads to memory corruption. Local access is required to approach this attack.

Read More

FEDORA-2022-f3fc52428e

Packages in this update:

php-8.1.7-1.fc36

Update description:

PHP version 8.1.7 (09 Jun 2022)

CLI:

Fixed bug GH-8575 (CLI closes standard streams too early). (Levi Morrison)

Date:

Fixed bug php#51934 (strtotime plurals / incorrect time). (Derick)
Fixed bug php#51987 (Datetime fails to parse an ISO 8601 ordinal date (extended format)). (Derick)
Fixed bug php#66019 (DateTime object does not support short ISO 8601 time format – YYYY-MM-DDTHH) (cmb, Derick)
Fixed bug php#68549 (Timezones and offsets are not properly used when working with dates) (Derick, Roel Harbers)
Fixed bug php#81565 (date parsing fails when provided with timezones including seconds). (Derick)
Fixed bug GH-7758 (Problems with negative timestamps and fractions). (Derick, Ilija)

FPM:

Fixed ACL build check on MacOS. (David Carlier)
Fixed bug php#72185: php-fpm writes empty fcgi record causing nginx 502. (Jakub Zelenka, loveharmful)

mysqlnd:

Fixed bug php#81719: mysqlnd/pdo password buffer overflow. (CVE-2022-31626) (c dot fol at ambionics dot io)

OPcache:

Fixed bug GH-8461 (tracing JIT crash after function/method change). (Arnaud, Dmitry)

OpenSSL:

Fixed bug php#79589 (error:14095126:SSL routines:ssl3_read_n:unexpected eof while reading). (Jakub Zelenka)

Pcntl:

Fixed Haiku build. (David Carlier)

pgsql

Fixed bug php#81720: Uninitialized array in pg_query_params(). (CVE-2022-31625) (cmb)

Soap:

Fixed bug GH-8578 (Error on wrong parameter on SoapHeader constructor). (robertnisipeanu)
Fixed bug GH-8538 (SoapClient may strip parts of nmtokens). (cmb)

SPL:

Fixed bug GH-8235 (iterator_count() may run indefinitely). (cmb)

Standard:

Fixed bug GH-8185 (Crash during unloading of extension after dl() in ZTS). (Arnaud)

Read More

FEDORA-2022-0a96e5b9b1

Packages in this update:

php-8.0.20-1.fc35

Update description:

PHP version 8.0.20 (09 Jun 2022)

CLI:

Fixed bug GH-8575 (CLI closes standard streams too early). (Levi Morrison)

Core:

Fixed Haiku ZTS builds. (David Carlier)

Date:

Fixed bug GH-8471 (Segmentation fault when converting immutable and mutable DateTime instances created using reflection). (Derick)

FPM:

Fixed ACL build check on MacOS. (David Carlier)
Fixed bug php#72185: php-fpm writes empty fcgi record causing nginx 502. (Jakub Zelenka, loveharmful)

Mysqlnd:

Fixed bug php#81719: mysqlnd/pdo password buffer overflow. (CVE-2022-31626) (c dot fol at ambionics dot io)

OPcache:

Fixed bug GH-8466 (ini_get() is optimized out when the option does not exist). (Arnaud)

Pcntl:

Fixed Haiku build. (David Carlier)

Pgsql:

Fixed bug php#81720: Uninitialized array in pg_query_params(). (CVE-2022-31625) (cmb)

Soap:

Fixed bug GH-8578 (Error on wrong parameter on SoapHeader constructor). (robertnisipeanu)
Fixed bug GH-8538 (SoapClient may strip parts of nmtokens). (cmb)

SPL:

Fixed bug GH-8235 (iterator_count() may run indefinitely). (cmb)

Read More