Posted by Georgi Guninski on Apr 21
In short in Firefox 112, it is possible to check existence
of firewalled web servers. This doesn’t work in Chrome and Chromium 112
for me.
If user A has tcp connection to web server B, then in the
following html:
<iframe src=”http://B" onload=”load()” onerror=”alert(‘error’)” id=”i1″ />
the javascript function load() will get executed if B serves
valid document to A’s browser…
webkitgtk-2.40.1-1.fc37
The Bubblewrap sandbox no longer requires setting an application identifier via GApplication to operate correctly. Using GApplication is still recommended, but optional.
Adjust the scrolling speed for mouse wheels to make it feel more natural.
Allow pasting content using the Asynchronous Clipboard API when the origin is the same as the clipboard contents.
Improvements to the GStreamer multimedia playback, in particular around MSE, WebRTC, and seeking.
Make all supported image types appear in the Accept HTTP header.
Fix text caret blinking when blinking is disabled in the GTK settings.
Fix default database quota size definition.
Fix application of all caps tags listed in the font-feature-settings CSS property.
Fix font height calculations for the font-size-adjust CSS property.
Fix several crashes and rendering issues.
Security fixes: CVE-2022-0108, CVE-2022-32885, CVE-2023-25358, CVE-2023-27932, CVE-2023-27954, CVE-2023-28205
kernel-6.2.12-200.fc37
The 6.2.12 stable kernel update contains a number of important fixes across the tree.
kernel-6.2.12-100.fc36
The 6.2.12 stable kernel update contains a number of important fixes across the tree.
kernel-6.2.12-300.fc38
The 6.2.12 stable kernel update contains a number of important fixes across the tree.
Ribose RNP before 0.15.1 does not implement a required step in a cryptographic algorithm, resulting in weaker encryption than on the tin of the algorithm.
It was discovered that PatchELF was not properly performing bounds
checks, which could lead to an out-of-bounds read via a specially
crafted file. An attacker could possibly use this issue to cause a
denial of service or to expose sensitive information. (CVE-2022-44940)
An issue in Mobicint Backend for Credit Unions v3 allows attackers to retrieve partial email addresses and user entered information via submission to the forgotten-password endpoint.
webkit2gtk3-2.40.1-1.fc36
The Bubblewrap sandbox no longer requires setting an application identifier via GApplication to operate correctly. Using GApplication is still recommended, but optional.
Adjust the scrolling speed for mouse wheels to make it feel more natural.
Allow pasting content using the Asynchronous Clipboard API when the origin is the same as the clipboard contents.
Improvements to the GStreamer multimedia playback, in particular around MSE, WebRTC, and seeking.
Make all supported image types appear in the Accept HTTP header.
Fix text caret blinking when blinking is disabled in the GTK settings.
Fix default database quota size definition.
Fix application of all caps tags listed in the font-feature-settings CSS property.
Fix font height calculations for the font-size-adjust CSS property.
Fix several crashes and rendering issues.
Security fixes: CVE-2022-0108, CVE-2022-32885, CVE-2023-25358, CVE-2023-27932, CVE-2023-27954, CVE-2023-28205
rust-askama-0.11.1-4.fc36
rust-askama_shared-0.12.2-4.fc36
rust-comrak-0.18.0-1.fc36
Update comrak to version 0.18.0.
Disable the unused markdown support in askama and askama_shared crates, which depends on an ancient version of comrak.
This update also includes fixes for two medium-severity security issues in comrak (CVE-2023-28631 and CVE-2023-28626).
