Zac Sims discovered a directory traversal in the URL decoder of librsvg, a SAX-based renderer library for SVG files, which could result in read of arbitrary files when processing a specially crafted SVG file with an include element.
Archive for August 27th, 2023
Nearly 2,000 attendees gathered for two days of keynotes, sessions, and community-building conversations at the Gaylord National Resort & Convention Center in the largest attended WordCamp US ever. Saturday’s sessions concluded with back-to-back keynotes by WordPress co-founder Matt Mullenweg and Executive Director Josepha Haden Chomphosy. What’s Next for WordPress Josepha launched her keynote by celebrating […]
This update takes caddy from 2.5.2 to 2.6.4. The primary purpose is to resolve CVE-2022-41721. This is a fairly significant upgrade with lots of new features and fixes, but after reviewing the upstream release notes I believe it should comply with the Fedora updates policy. The upgrade warnings in the release notes are described as either backwards compatible, marking a directive as deprecated
update to 116.0.5845.96. Fixes following security issues: CVE-2023-2312 CVE-2023-4349 CVE-2023-4350 CVE-2023-4351 CVE-2023-4352 CVE-2023-4353 CVE-2023-4354 CVE-2023-4355 CVE-2023-4356 CVE-2023-4357 CVE-2023-4358 CVE-2023-4359 CVE-2023-4360 CVE-2023-4361 CVE-2023-4362
update to xen-4.16.5 which includes x86/AMD: Speculative Return Stack Overflow [XSA-434, CVE-2023-20569] x86/Intel: Gather Data Sampling [XSA-435, CVE-2022-40982] remove patches now included upstream —- arm: Guests can trigger a deadlock on Cortex-A77 [XSA-436, CVE-2023-34320] (#2228238) —- bugfix for x86/AMD: Zenbleed [XSA-433, CVE-2023-20593] —- x86/AMD: Zenbleed
This update takes caddy from 2.5.2 to 2.6.4. The primary purpose is to resolve a long standing FTBFS related to golang 1.20. The current F38 package is actually a carried-foward F37 build because of that reason. It also resolves CVE-2022-41721. This is a fairly significant upgrade with lots of new features and fixes, but after reviewing the upstream release notes I believe it should