Lector de Feeds

Publication date: 27 Mar 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-2476 Description Use after free in Lens. (CVE-2025-2476) References

• https://bugs.mageia.org/show_bug.cgi?id=34125
• https://chromereleases.googleblog.com/2025/03/stable-channel-update-for-desktop_19.html
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-2476

SRPMS 9/tainted

• chromium-browser-stable-134.0.6998.117-1.mga9.tainted

← Older revision Revision as of 23:03, 26 March 2025 Line 5: Line 5:  As you can imagine, we are from all over the world so it is impossible to actually meet face to face, so we meet using IRC at [ircs://irc.libera.chat:6697/#mageia-qa #mageia-qa] on Liberachat. As you can imagine, we are from all over the world so it is impossible to actually meet face to face, so we meet using IRC at [ircs://irc.libera.chat:6697/#mageia-qa #mageia-qa] on Liberachat.    −We hold meetings there each week on Thursdays. Meetings once were logged using a meetbot which can create action and info points similar to normal minuted meetings. Logs of the previous meetings can be found [http://meetbot.mageia.org/mageia-qa/ here].  +We hold meetings there on the first and third Thursdays of each month. Meetings once were logged using a meetbot which can create action and info points similar to normal minuted meetings. Logs of the previous meetings can be found [http://meetbot.mageia.org/mageia-qa/ here].       As of june 2021 our meetings have been moved to [ircs://irc.libera.chat:6697/#mageia-meeting #mageia-meeting] and the logs of those meetings can be found [http://meetbot.mageia.org/mageia-meeting/ here]. As of june 2021 our meetings have been moved to [ircs://irc.libera.chat:6697/#mageia-meeting #mageia-meeting] and the logs of those meetings can be found [http://meetbot.mageia.org/mageia-meeting/ here]. Tandrews16

← Older revision Revision as of 23:01, 26 March 2025 Line 35: Line 35:  * [[Your first steps in the QA team|Get involved!]] * [[Your first steps in the QA team|Get involved!]]    −That's it. Really. Somebody will then welcome you to the team. Most of what you need to know to get started is already [[Your first steps in the QA team|here on the wiki]]. It is useful if you can also join us [irc://irc.libera.chat/#mageia-qa #mageia-qa on Libera Chat] where questions can be quickly answered, and [[Sophie|a bot]] can provide useful information on the various Mageia packages. Also, meetings are held there every Thursday.+That's it. Really. Somebody will then welcome you to the team. Most of what you need to know to get started is already [[Your first steps in the QA team|here on the wiki]]. It is useful if you can also join us [irc://irc.libera.chat/#mageia-qa #mageia-qa on Libera Chat] where questions can be quickly answered, and [[Sophie|a bot]] can provide useful information on the various Mageia packages. Also, meetings are held there on the first and third Thursdays of the month. Tandrews16

← Older revision Revision as of 22:57, 26 March 2025 Line 26: Line 26:       −Please try to attend the weekly team meetings which take place [irc://irc.libera.chat/#mageia-qa on IRC] in #mageia-qa on irc.libera.chat every Thursday+Please try to attend the team meetings which take place [irc://irc.libera.chat/#mageia-qa on IRC] in #mageia-qa on irc.libera.chat on the first and third Thursdays of the month.       Tandrews16

Publication date: 26 Mar 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-2357 Description DCMTK dcmjpls JPEG-LS Decoder memory corruption. (CVE-2025-2357) References

• https://bugs.mageia.org/show_bug.cgi?id=34120
• https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/4KKPT4TUWSBKUZJOLDBLHRTKHRBW4RIQ/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-2357

SRPMS 9/core

• dcmtk-3.6.7-4.5.mga9

Publication date: 26 Mar 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-56737 , CVE-2025-1744 , CVE-2025-1864 Description Buffer overflow in the HFS parser from grub2. (CVE-2024-56737) Out-of-bounds Write in radare2. (CVE-2025-1744) Buffer Overflow and Potential Code Execution in Radare2. (CVE-2025-1864) References

• https://bugs.mageia.org/show_bug.cgi?id=34122
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JESFQCNT2ONAGTVQXEDREBQFC7NUDPEC/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56737
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1744
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1864

SRPMS 9/core

• radare2-5.8.8-1.6.mga9

Publication date: 26 Mar 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2023-44431 , CVE-2023-51580 , CVE-2023-51589 , CVE-2023-51592 , CVE-2023-51594 , CVE-2023-51596 Description BlueZ Audio Profile AVRCP Stack-based Buffer Overflow Remote Code Execution Vulnerability. (CVE-2023-44431) BlueZ Audio Profile AVRCP avrcp_parse_attribute_list Out-Of-Bounds Read Information Disclosure Vulnerability. (CVE-2023-51580) BlueZ Audio Profile AVRCP parse_media_element Out-Of-Bounds Read Information Disclosure Vulnerability. (CVE-2023-51589) BlueZ Audio Profile AVRCP parse_media_folder Out-Of-Bounds Read Information Disclosure Vulnerability. (CVE-2023-51592) BlueZ OBEX Library Out-Of-Bounds Read Information Disclosure Vulnerability. (CVE-2023-51594) BlueZ Phone Book Access Profile Heap-based Buffer Overflow Remote Code Execution Vulnerability. (CVE-2023-51596) References

• https://bugs.mageia.org/show_bug.cgi?id=34123
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M6KKJVC5RPR5AMR4ZTMHWP7TATS4SY47/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44431
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-51580
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-51589
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-51592
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-51594
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-51596

SRPMS 9/core

• bluez-5.80-1.mga9

Publication date: 26 Mar 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-12361 Description FFmpeg NULL Pointer Dereference. (CVE-2024-12361) References

• https://bugs.mageia.org/show_bug.cgi?id=34130
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RJNUZFKKYTUNYVVV4IRSNIJAOCMVCKVS/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12361

SRPMS 9/core

• ffmpeg-5.1.6-1.5.mga9

9/tainted

• ffmpeg-5.1.6-1.5.mga9.tainted

Publication date: 24 Mar 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-24912 Description hostapd fails to process crafted RADIUS packets properly. When hostapd authenticates wi-fi devices with RADIUS authentication, an attacker in the position between the hostapd and the RADIUS server may inject crafted RADIUS packets and force RADIUS authentications to fail. (CVE-2025-24912) References

• https://bugs.mageia.org/show_bug.cgi?id=34117
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-24912

SRPMS 9/core

• hostapd-2.11-1.1.mga9
• wpa_supplicant-2.11-1.1.mga9

Publication date: 24 Mar 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-58088 , CVE-2025-21838 , CVE-2025-21844 , CVE-2025-21846 , CVE-2025-21847 , CVE-2025-21848 , CVE-2025-21853 , CVE-2025-21854 , CVE-2025-21855 , CVE-2025-21856 , CVE-2025-21857 , CVE-2025-21858 , CVE-2025-21859 , CVE-2025-21862 , CVE-2025-21863 , CVE-2025-21864 , CVE-2025-21865 , CVE-2025-21866 Description Vanilla upstream kernel version 6.6.83 fixes bugs and vulnerabilities. For information about the vulnerabilities see the links. References

• https://bugs.mageia.org/show_bug.cgi?id=34115
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58088
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21838
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21844
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21846
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21847
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21848
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21853
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21854
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21855
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21856
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21857
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21858
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21859
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21862
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21863
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21864
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21865
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21866

SRPMS 9/core

• kernel-linus-6.6.83-1.mga9

Publication date: 24 Mar 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-58088 , CVE-2025-21838 , CVE-2025-21844 , CVE-2025-21846 , CVE-2025-21847 , CVE-2025-21848 , CVE-2025-21853 , CVE-2025-21854 , CVE-2025-21855 , CVE-2025-21856 , CVE-2025-21857 , CVE-2025-21858 , CVE-2025-21859 , CVE-2025-21862 , CVE-2025-21863 , CVE-2025-21864 , CVE-2025-21865 , CVE-2025-21866 Description Upstream kernel version 6.6.83 fixes bugs and vulnerabilities. The kmod-virtualbox and kmod-xtables-addons packages have been updated to work with this new kernel. For information about the vulnerabilities see the links. References

• https://bugs.mageia.org/show_bug.cgi?id=34114
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58088
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21838
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21844
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21846
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21847
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21848
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21853
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21854
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21855
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21856
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21857
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21858
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21859
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21862
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21863
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21864
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21865
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21866

SRPMS 9/core

• kernel-6.6.83-1.mga9
• kmod-virtualbox-7.0.24-68.mga9
• kmod-xtables-addons-3.24-74.mga9