It was discovered that VLC incorrectly handled certain media files.
A remote attacker could possibly use this issue to cause VLC to crash,
resulting in a denial of service, or potential arbitrary code execution.
chromium-125.0.6422.76-1.fc40
update to 125.0.6422.76
* High CVE-2024-5157: Use after free in Scheduling
* High CVE-2024-5158: Type Confusion in V8
* High CVE-2024-5159: Heap buffer overflow in ANGLE
* High CVE-2024-5160: Heap buffer overflow in Dawn
chromium-125.0.6422.76-1.fc39
update to 125.0.6422.76
* High CVE-2024-5157: Use after free in Scheduling
* High CVE-2024-5158: Type Confusion in V8
* High CVE-2024-5159: Heap buffer overflow in ANGLE
* High CVE-2024-5160: Heap buffer overflow in Dawn
wireshark-4.0.15-1.fc39
New version 4.2.5. Includes fixes for CVE-2024-4853, CVE-2024-4854, CVE-2024-4855.
wireshark-4.2.5-1.fc40
New version 4.2.5. Includes fixes for CVE-2024-4853, CVE-2024-4854, CVE-2024-4855.
roundcubemail-1.5.7-1.el9
Release 1.5.7
Enigma: Fix finding of a private key when decrypting a message using GnuPG v2.3
Fix TinyMCE localization installation (#9266)
Makefile: Use phpDocumentor v3.4 for the Framework docs (#9313)
Fix command injection via crafted im_convert_path/im_identify_path on Windows
Fix cross-site scripting (XSS) vulnerability in handling list columns from user preferences
Fix cross-site scripting (XSS) vulnerability in handling SVG animate attributes
roundcubemail-1.6.7-1.fc39
Release 1.6.7
Makefile: Use phpDocumentor v3.4 for the Framework docs (#9313)
Fix bug where HTML entities in URLs were not decoded on HTML to plain text conversion (#9312)
Fix bug in collapsing/expanding folders with some special characters in names (#9324)
Fix PHP8 warnings (#9363, #9365, #9429)
Fix missing field labels in CSV import, for some locales (#9393)
Fix command injection via crafted im_convert_path/im_identify_path on Windows
Fix cross-site scripting (XSS) vulnerability in handling list columns from user preferences
Fix cross-site scripting (XSS) vulnerability in handling SVG animate attributes
roundcubemail-1.6.7-1.fc40
Release 1.6.7
Makefile: Use phpDocumentor v3.4 for the Framework docs (#9313)
Fix bug where HTML entities in URLs were not decoded on HTML to plain text conversion (#9312)
Fix bug in collapsing/expanding folders with some special characters in names (#9324)
Fix PHP8 warnings (#9363, #9365, #9429)
Fix missing field labels in CSV import, for some locales (#9393)
Fix command injection via crafted im_convert_path/im_identify_path on Windows
Fix cross-site scripting (XSS) vulnerability in handling list columns from user preferences
Fix cross-site scripting (XSS) vulnerability in handling SVG animate attributes
cacti-1.2.27-1.el9
cacti-spine-1.2.27-1.el9
Update cacti and cacti-spine to version 1.2.27. This includes the upstream fixes for many CVEs, including a critical remote code execution bug.
https://github.com/Cacti/cacti/blob/release/1.2.27/CHANGELOG
https://github.com/Cacti/spine/blob/release/1.2.27/CHANGELOG
cacti-1.2.27-1.el7
cacti-spine-1.2.27-1.el7
Update cacti and cacti-spine to version 1.2.27. This includes the upstream fixes for many CVEs, including a critical remote code execution bug.
https://github.com/Cacti/cacti/blob/release/1.2.27/CHANGELOG
https://github.com/Cacti/spine/blob/release/1.2.27/CHANGELOG
