Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure.
oath-toolkit could be made overwrite files as the administrator.
cups-filters could be made to run programs if it received specially crafted network traffic.
cups-browsed could be made to run programs if it received specially crafted network traffic.
Fixes CVE-2024-45752: A vulnerability that allows users to remap keys arbitrarily. This allows all users on the system to remap a key unexpectedly to a potentially malicious sequence
Patch the code to use https instead of http (CVE-2024-45321)
The fixes for CVE-2024-38474 and CVE-2024-39884 introduced two regressions in mod_rewrite and mod_proxy. For the stable distribution (bookworm), these problems have been fixed in
Several security issues were fixed in dotnet6, dotnet8.
We’re proud to announce that Mary Hubbard (@4thhubbard) has resigned as the Head of TikTok Americas, Governance and Experience, and will be starting as the next Executive Director of WordPress.org on October 21st! Mary previously worked at Automattic from 2020 to 2023, and was the Chief Product Officer for WordPress.com, so she has deep knowledge […]
WEBrick could allow a HTTP request smuggling attack.
nginx could be made to crash if it received specially crafted network traffic.
Fix login QR code not shown in WhatsApp web. Disable PSON by default again in GTK 3 API versions. Disable DMABuf video sink by default to prevent file descriptor leaks. Fix several crashes and rendering issues. Use Skia instead of cairo for 2D rendering and enable GPU rendering by default.
Fix login QR code not shown in WhatsApp web. Disable PSON by default again in GTK 3 API versions. Disable DMABuf video sink by default to prevent file descriptor leaks. Fix several crashes and rendering issues. Use Skia instead of cairo for 2D rendering and enable GPU rendering by default.
WordPress 6.7 Beta 2 is now ready for testing! This beta version of the WordPress software is under development. Please do not install, run, or test this version of WordPress on production or mission-critical websites. Instead, it is recommended you evaluate Beta 2 on a test server and site. You can test WordPress 6.7 Beta […]
Happy to announce that WP GraphQL is becoming canonical on WordPress.org. I could say more, but I’ll let Jason tell his story.
WEBrick could allow a HTTP request smuggling attack.
cups-filters could be made to run programs if it received specially crafted network traffic.
New upstream version (131.0)
Fix CVE-2024-9014.
update to 129.0.6668.89 High CVE-2024-7025: Integer overflow in Layout High CVE-2024-9369: Insufficient data validation in Mojo High CVE-2024-9370: Inappropriate implementation in V8
Integer overflows flaws were discovered in the Compound Document Binary File format parser of libgsf, the GNOME Project G Structured File Library, which could result in the execution of arbitrary code if a specially crafted file is processed.
Dom Walden discovered that the AbuseFilter extension in MediaWiki, a website engine for collaborative work, performed incomplete authorisation checks.
update to 129.0.6668.89 High CVE-2024-7025: Integer overflow in Layout High CVE-2024-9369: Insufficient data validation in Mojo High CVE-2024-9370: Inappropriate implementation in V8
Fix CVE-2024-39844 https://wiki.znc.in/ChangeLog/1.9.0
Update to new upstream version (closes rhbz#2237124)
Fabian Vogt reported that the PAM module in oath-toolkit, a collection of components to build one-time password authentication systems, does not safely perform file operations in users’s home directories when using the usersfile feature (allowing to place the OTP state in the home
Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code.
PHP version 8.2.24 (26 Sep 2024) CGI: Fixed bug GHSA-p99j-rfp4-xqvq (Bypass of CVE-2024-4577, Parameter Injection Vulnerability). (CVE-2024-8926) (nielsdos) Fixed bug GHSA-94p6-54jq-9mwp (cgi.force_redirect configuration is bypassable
Fix CVE-2024-9014.
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.
58 queries. 8.75 mb Memory usage. 0.806 seconds.