This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of GitLab. Authentication is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 4.3. The following CVEs are assigned: CVE-2024-2818.
This vulnerability allows remote attackers to bypass the Mark-Of-The-Web protection mechanism on affected installations of RARLAB WinRAR. User interaction is required to exploit this vulnerability in that the target must perform a specific action on a malicious page. The ZDI has assigned a CVSS rating of 4.3. The following CVEs are assigned: CVE-2024-30370.
assimp-5.0.1-7.el8
Security fix for CVE-2023-45661 CVE-2023-45662 CVE-2023-45663 CVE-2023-45664 CVE-2023-45666 CVE-2023-45667
c-ares-1.28.1-1.fc38
1.28.1 fixes a significant bug in 1.28.0.
Update to 1.28.0. Also fixes CVE-2024-25629.
c-ares-1.28.1-1.fc40
1.28.1 fixes a significant bug in 1.28.0.
Update to 1.28.0. Also fixes CVE-2024-25629.
c-ares-1.28.1-1.fc39
1.28.1 fixes a significant bug in 1.28.0.
Update to 1.28.0. Also fixes CVE-2024-25629.
Skyler Ferrante discovered that the wall tool from util-linux does not
properly handle escape sequences from command line arguments. A local
attacker can take advantage of this flaw for information disclosure.
With this update wall and write are not anymore installed with setgid
tty.
Two security issues were discovered in MediaWiki, a website engine for
collaborative work, which could result in cross-site scripting or denial
of service.
libvirt-sandbox-0.8.0-15.fc40
rebuild to ensure vulnerable xz isn’t statically linked
libopenmpt-0.7.6-1.el8
[Sec] Potential heap out-of-bounds read or write past sample end with malformed sustain loops in SymMOD files (r20420).
MED: Transposed samples were playing too low in some files (e.g. mix94.mmd1).
OKT: Some files with garbage at the end were rejected (e.g. katharsis – piano lesson.okta).
Compressor DMO: It was possible that the plugin would not behave as intended at mix rates above 500 kHz.
Avoid re-allocating the loop state map contents on every playthrough of the module.
[Sec] Null-pointer write (32bit platforms) or excessive memory allocation (64bit platforms) when reading close to 4GiB of data from unseekable files (r20336, r20338).
[Sec] Write buffer overflow when reading unseekable files close to 4GiB in size (r20339).
[Sec] Possible out-of-memory (32bit platforms) or excessive memory allocation (64bit platforms) when reading malformed data from unseekable files (r20340).
[Sec] DMF: Possible null-pointer write or excessive memory allocation when reading DMF files (r20323).
IT: In the previous version, Zxx macros in IT files made with older MPT versions were no longer working.
There was a periodic click when playing a module using the Chorus or Flanger DMO plugin at a mix rate exceeding ~136.5 kHz.
An older bugfix for undefined behaviour in the Distortion DMO plugin was incorrect, causing the distorted sound to be different in some situations.
xmp-openmpt: Metadata retrievel for playlist items was broken.
[Bug] Makefile: libopenmpt 0.7.3 broke running the test suite for Emscripten builds.
openmpt123: openmpt123 now uses a narrower layout on terminal windows with a width of less than 72 characters.
Setting all possible load_skip flags resulted in nothing being loaded at all, instead of just not loading the selected module parts.
When playing all subsongs, set_position_seconds didn’t always calculate the correct subsong to jump to.
IT: A few more compatibility flags are now disabled for modules saved with earlier Schism Tracker versions.
IT: MIDI macros were reset in IT 2.14 / 2.15 files that declared to be compatible with older IT versions (fixes spx-visionsofthepast.it).
OKT: Work around missing negative arpeggio implementation by transposing the notes up an octave.
OKT: Channel volume commands were sometimes lost over less important effects.
IMF: Ignore magic bytes in sample header. “Leaving All Behind” by Karsten Koch uses unexpected magic bytes, Orpheus ignores them just like the instrument header magic bytes.
zlib: Update to v1.3.1 (2024-01-22).
mpg123: Update to v1.32.5 (2024-02-17).
pugixml: Update to v1.14 (2023-10-01).
