chromium-125.0.6422.76-1.fc39
update to 125.0.6422.76
* High CVE-2024-5157: Use after free in Scheduling
* High CVE-2024-5158: Type Confusion in V8
* High CVE-2024-5159: Heap buffer overflow in ANGLE
* High CVE-2024-5160: Heap buffer overflow in Dawn
wireshark-4.0.15-1.fc39
New version 4.2.5. Includes fixes for CVE-2024-4853, CVE-2024-4854, CVE-2024-4855.
wireshark-4.2.5-1.fc40
New version 4.2.5. Includes fixes for CVE-2024-4853, CVE-2024-4854, CVE-2024-4855.
roundcubemail-1.5.7-1.el9
Release 1.5.7
Enigma: Fix finding of a private key when decrypting a message using GnuPG v2.3
Fix TinyMCE localization installation (#9266)
Makefile: Use phpDocumentor v3.4 for the Framework docs (#9313)
Fix command injection via crafted im_convert_path/im_identify_path on Windows
Fix cross-site scripting (XSS) vulnerability in handling list columns from user preferences
Fix cross-site scripting (XSS) vulnerability in handling SVG animate attributes
roundcubemail-1.6.7-1.fc39
Release 1.6.7
Makefile: Use phpDocumentor v3.4 for the Framework docs (#9313)
Fix bug where HTML entities in URLs were not decoded on HTML to plain text conversion (#9312)
Fix bug in collapsing/expanding folders with some special characters in names (#9324)
Fix PHP8 warnings (#9363, #9365, #9429)
Fix missing field labels in CSV import, for some locales (#9393)
Fix command injection via crafted im_convert_path/im_identify_path on Windows
Fix cross-site scripting (XSS) vulnerability in handling list columns from user preferences
Fix cross-site scripting (XSS) vulnerability in handling SVG animate attributes
roundcubemail-1.6.7-1.fc40
Release 1.6.7
Makefile: Use phpDocumentor v3.4 for the Framework docs (#9313)
Fix bug where HTML entities in URLs were not decoded on HTML to plain text conversion (#9312)
Fix bug in collapsing/expanding folders with some special characters in names (#9324)
Fix PHP8 warnings (#9363, #9365, #9429)
Fix missing field labels in CSV import, for some locales (#9393)
Fix command injection via crafted im_convert_path/im_identify_path on Windows
Fix cross-site scripting (XSS) vulnerability in handling list columns from user preferences
Fix cross-site scripting (XSS) vulnerability in handling SVG animate attributes
cacti-1.2.27-1.el9
cacti-spine-1.2.27-1.el9
Update cacti and cacti-spine to version 1.2.27. This includes the upstream fixes for many CVEs, including a critical remote code execution bug.
https://github.com/Cacti/cacti/blob/release/1.2.27/CHANGELOG
https://github.com/Cacti/spine/blob/release/1.2.27/CHANGELOG
cacti-1.2.27-1.el7
cacti-spine-1.2.27-1.el7
Update cacti and cacti-spine to version 1.2.27. This includes the upstream fixes for many CVEs, including a critical remote code execution bug.
https://github.com/Cacti/cacti/blob/release/1.2.27/CHANGELOG
https://github.com/Cacti/spine/blob/release/1.2.27/CHANGELOG
cacti-1.2.27-1.el8
cacti-spine-1.2.27-1.el8
Update cacti and cacti-spine to version 1.2.27. This includes the upstream fixes for many CVEs, including a critical remote code execution bug.
https://github.com/Cacti/cacti/blob/release/1.2.27/CHANGELOG
https://github.com/Cacti/spine/blob/release/1.2.27/CHANGELOG
Multiple security issues were discovered in Thunderbird. If a user were
tricked into opening a specially crafted website in a browsing context, an
attacker could potentially exploit these to cause a denial of service,
obtain sensitive information, bypass security restrictions, cross-site
tracing, or execute arbitrary code. (CVE-2024-4767, CVE-2024-4768,
CVE-2024-4769, CVE-2024-4777)
Thomas Rinsma discovered that Thunderbird did not properly handle type check
when handling fonts in PDF.js. An attacker could potentially exploit this
issue to execute arbitrary javascript code in PDF.js. (CVE-2024-4367)
Irvan Kurniawan discovered that Thunderbird did not properly handle certain
font styles when saving a page to PDF. An attacker could potentially
exploit this issue to cause a denial of service. (CVE-2024-4770)
