Fedora 40 Update: chromium-131.0.6778.204-1.fc40
Fedora 40 Update: mingw-gstreamer1-plugins-base-1.24.10-1.fc40
Fedora 40 Update: mingw-directxmath-3.20-1.fc40
Fedora 40 Update: mingw-gstreamer1-plugins-good-1.24.10-1.fc40
Fedora 40 Update: mingw-orc-0.4.40-1.fc40
Fedora 40 Update: mingw-gstreamer1-plugins-bad-free-1.24.10-1.fc40
Fedora 40 Update: mingw-gstreamer1-1.24.10-1.fc40
Fedora 41 Update: chromium-131.0.6778.204-1.fc41
Fedora 41 Update: mingw-gstreamer1-plugins-base-1.24.10-1.fc41
Fedora 41 Update: mingw-gstreamer1-1.24.10-1.fc41
Fedora 41 Update: mingw-directxmath-3.20-1.fc41
Fedora 41 Update: mingw-gstreamer1-plugins-good-1.24.10-1.fc41
Fedora 41 Update: mingw-gstreamer1-plugins-bad-free-1.24.10-1.fc41
Fedora 41 Update: python3-docs-3.13.1-1.fc41
Fedora 41 Update: python3.13-3.13.1-2.fc41
Fedora 41 Update: libdnf-0.73.4-2.fc41
Fedora 41 Update: libcomps-0.1.21-4.fc41
[SECURITY] Fedora 40 Update: chromium-131.0.6778.204-1.fc40
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-4808dce926
2024-12-22 02:11:13.806220+00:00
--------------------------------------------------------------------------------
Name : chromium
Product : Fedora 40
Version : 131.0.6778.204
Release : 1.fc40
URL : http://www.chromium.org/Home
Summary : A WebKit (Blink) powered web browser that Google doesn't want you to use
Description :
Chromium is an open-source web browser, powered by WebKit (Blink).
--------------------------------------------------------------------------------
Update Information:
Update to 131.0.6778.204
High CVE-2024-12692: Type Confusion in V8
High CVE-2024-12693: Out of bounds memory access in V8
High CVE-2024-12694: Use after free in Compositing
High CVE-2024-12695: Out of bounds write in V8
--------------------------------------------------------------------------------
ChangeLog:
* Thu Dec 19 2024 Than Ngo [than@redhat.com] - 131.0.6778.204-1
- Update to 131.0.6778.204
* High CVE-2024-12692: Type Confusion in V8
* High CVE-2024-12693: Out of bounds memory access in V8
* High CVE-2024-12694: Use after free in Compositing
* High CVE-2024-12695: Out of bounds write in V8
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2333152 - CVE-2024-12692 chromium: Type Confusion in V8 [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2333152
[ 2 ] Bug #2333153 - CVE-2024-12692 chromium: Type Confusion in V8 [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2333153
[ 3 ] Bug #2333154 - CVE-2024-12693 chromium: Out of bounds memory access in V8 [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2333154
[ 4 ] Bug #2333155 - CVE-2024-12693 chromium: Out of bounds memory access in V8 [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2333155
[ 5 ] Bug #2333156 - CVE-2024-12694 chromium: Use after free in Compositing [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2333156
[ 6 ] Bug #2333157 - CVE-2024-12694 chromium: Use after free in Compositing [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2333157
[ 7 ] Bug #2333159 - CVE-2024-12695 chromium: Out of bounds write in V8 [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2333159
[ 8 ] Bug #2333160 - CVE-2024-12695 chromium: Out of bounds write in V8 [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2333160
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-4808dce926' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 40 Update: mingw-gstreamer1-plugins-base-1.24.10-1.fc40
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-2284729772
2024-12-22 02:11:13.806114+00:00
--------------------------------------------------------------------------------
Name : mingw-gstreamer1-plugins-base
Product : Fedora 40
Version : 1.24.10
Release : 1.fc40
URL : http://gstreamer.freedesktop.org/
Summary : Cross compiled GStreamer1 media framework base plug-ins
Description :
GStreamer is a streaming media framework, based on graphs of filters which
operate on media data. Applications using this library can do anything
from real-time sound processing to playing videos, and just about anything
else media-related. Its plugin-based architecture means that new data
types or processing capabilities can be added simply by installing new
plug-ins.
This package contains a set of well-maintained base plug-ins.
--------------------------------------------------------------------------------
Update Information:
Update to 1.24.10, fixes multiple CVEs.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Dec 6 2024 Sandro Mani [manisandro@gmail.com] - 1.24.10-1
- Update to 1.24.10
* Tue Nov 5 2024 Sandro Mani [manisandro@gmail.com] - 1.24.9-1
- Update to 1.24.9
* Mon Sep 23 2024 Sandro Mani [manisandro@gmail.com] - 1.24.8-1
- Update to 1.24.8
* Fri Aug 23 2024 Sandro Mani [manisandro@gmail.com] - 1.24.7-1
- Update to 1.24.7
* Tue Jul 30 2024 Sandro Mani [manisandro@gmail.com] - 1.24.6-1
- Update to 1.24.6
* Thu Jul 18 2024 Fedora Release Engineering [releng@fedoraproject.org] - 1.24.5-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
* Sun Jun 23 2024 Sandro Mani [manisandro@gmail.com] - 1.24.5-1
- Update to 1.24.5
* Thu Jun 6 2024 Sandro Mani [manisandro@gmail.com] - 1.24.4-1
- Update to 1.24.4
* Wed May 1 2024 Sandro Mani [manisandro@gmail.com] - 1.24.3-1
- Update to 1.24.3
* Thu Mar 7 2024 Sandro Mani [manisandro@gmail.com] - 1.24.0-1
- Update to 1.24.0
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2331792 - CVE-2024-47542 mingw-gstreamer1-plugins-base: ID3v2 parser out-of-bounds read and NULL-pointer dereference [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2331792
[ 2 ] Bug #2331796 - CVE-2024-47540 mingw-gstreamer1-plugins-good: uninitialized stack memory in Matroska/WebM demuxer [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2331796
[ 3 ] Bug #2331813 - CVE-2024-47537 mingw-gstreamer1-plugins-good: OOB-write in isomp4/qtdemux.c [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2331813
[ 4 ] Bug #2331817 - CVE-2024-47539 mingw-gstreamer1-plugins-good: OOB-write in convert_to_s334_1a [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2331817
[ 5 ] Bug #2331825 - CVE-2024-47538 mingw-gstreamer1-plugins-base: GStreamer has a stack-buffer overflow in vorbis_handle_identification_packet [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2331825
[ 6 ] Bug #2331863 - CVE-2024-47615 mingw-gstreamer1-plugins-base: out-of-bounds write in Ogg demuxer [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2331863
[ 7 ] Bug #2331867 - CVE-2024-47613 mingw-gstreamer1-plugins-good: null pointer dereference in gst_gdk_pixbuf_dec_flush [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2331867
[ 8 ] Bug #2331873 - CVE-2024-47607 mingw-gstreamer1-plugins-base: stack-buffer overflow in gst_opus_dec_parse_header [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2331873
[ 9 ] Bug #2331888 - CVE-2024-47606 mingw-gstreamer1-plugins-good: integer overflows in MP4/MOV demuxer and memory allocator that can lead to out-of-bounds writes [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2331888
[ 10 ] Bug #2331892 - CVE-2024-47543 mingw-gstreamer1-plugins-good: OOB-read in qtdemux_parse_container [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2331892
[ 11 ] Bug #2331897 - CVE-2024-47541 mingw-gstreamer1-plugins-base: GStreamer has an out-of-bounds write in SSA subtitle parser [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2331897
[ 12 ] Bug #2331901 - CVE-2024-47600 mingw-gstreamer1-plugins-base: GStreamer has an OOB-read in format_channel_mask [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2331901
[ 13 ] Bug #2331905 - CVE-2024-47774 mingw-gstreamer1-plugins-good: GStreamer has an OOB-read in gst_avi_subtitle_parse_gab2_chunk [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2331905
[ 14 ] Bug #2332090 - CVE-2024-47777 mingw-gstreamer1-plugins-good: OOB-read in gst_wavparse_smpl_chunk [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2332090
[ 15 ] Bug #2332092 - CVE-2024-47835 mingw-gstreamer1-plugins-base: NULL-pointer dereference in LRC subtitle parser [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2332092
[ 16 ] Bug #2332095 - CVE-2024-47778 mingw-gstreamer1-plugins-good: OOB-read in gst_wavparse_adtl_chunk [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2332095
[ 17 ] Bug #2332097 - CVE-2024-47775 mingw-gstreamer1-plugins-good: OOB-read in parse_ds64 [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2332097
[ 18 ] Bug #2332099 - CVE-2024-47596 mingw-gstreamer1-plugins-good: OOB-read in FOURCC_SMI_ parsing [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2332099
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-2284729772' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 40 Update: mingw-directxmath-3.20-1.fc40
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-2284729772
2024-12-22 02:11:13.806114+00:00
--------------------------------------------------------------------------------
Name : mingw-directxmath
Product : Fedora 40
Version : 3.20
Release : 1.fc40
URL : https://github.com/microsoft/DirectXMath
Summary : MinGW Windows directxmath library
Description :
MinGW Windows directxmath library.
--------------------------------------------------------------------------------
Update Information:
Update to 1.24.10, fixes multiple CVEs.
--------------------------------------------------------------------------------
ChangeLog:
* Sun Nov 17 2024 Sandro Mani [manisandro@gmail.com] - 3.20-1
- Update to 3.20
* Thu Jul 18 2024 Fedora Release Engineering [releng@fedoraproject.org] - 3.19-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
* Fri Mar 8 2024 Sandro Mani [manisandro@gmail.com] - 3.19-1
- Initial package
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2331792 - CVE-2024-47542 mingw-gstreamer1-plugins-base: ID3v2 parser out-of-bounds read and NULL-pointer dereference [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2331792
[ 2 ] Bug #2331796 - CVE-2024-47540 mingw-gstreamer1-plugins-good: uninitialized stack memory in Matroska/WebM demuxer [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2331796
[ 3 ] Bug #2331813 - CVE-2024-47537 mingw-gstreamer1-plugins-good: OOB-write in isomp4/qtdemux.c [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2331813
[ 4 ] Bug #2331817 - CVE-2024-47539 mingw-gstreamer1-plugins-good: OOB-write in convert_to_s334_1a [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2331817
[ 5 ] Bug #2331825 - CVE-2024-47538 mingw-gstreamer1-plugins-base: GStreamer has a stack-buffer overflow in vorbis_handle_identification_packet [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2331825
[ 6 ] Bug #2331863 - CVE-2024-47615 mingw-gstreamer1-plugins-base: out-of-bounds write in Ogg demuxer [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2331863
[ 7 ] Bug #2331867 - CVE-2024-47613 mingw-gstreamer1-plugins-good: null pointer dereference in gst_gdk_pixbuf_dec_flush [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2331867
[ 8 ] Bug #2331873 - CVE-2024-47607 mingw-gstreamer1-plugins-base: stack-buffer overflow in gst_opus_dec_parse_header [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2331873
[ 9 ] Bug #2331888 - CVE-2024-47606 mingw-gstreamer1-plugins-good: integer overflows in MP4/MOV demuxer and memory allocator that can lead to out-of-bounds writes [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2331888
[ 10 ] Bug #2331892 - CVE-2024-47543 mingw-gstreamer1-plugins-good: OOB-read in qtdemux_parse_container [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2331892
[ 11 ] Bug #2331897 - CVE-2024-47541 mingw-gstreamer1-plugins-base: GStreamer has an out-of-bounds write in SSA subtitle parser [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2331897
[ 12 ] Bug #2331901 - CVE-2024-47600 mingw-gstreamer1-plugins-base: GStreamer has an OOB-read in format_channel_mask [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2331901
[ 13 ] Bug #2331905 - CVE-2024-47774 mingw-gstreamer1-plugins-good: GStreamer has an OOB-read in gst_avi_subtitle_parse_gab2_chunk [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2331905
[ 14 ] Bug #2332090 - CVE-2024-47777 mingw-gstreamer1-plugins-good: OOB-read in gst_wavparse_smpl_chunk [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2332090
[ 15 ] Bug #2332092 - CVE-2024-47835 mingw-gstreamer1-plugins-base: NULL-pointer dereference in LRC subtitle parser [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2332092
[ 16 ] Bug #2332095 - CVE-2024-47778 mingw-gstreamer1-plugins-good: OOB-read in gst_wavparse_adtl_chunk [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2332095
[ 17 ] Bug #2332097 - CVE-2024-47775 mingw-gstreamer1-plugins-good: OOB-read in parse_ds64 [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2332097
[ 18 ] Bug #2332099 - CVE-2024-47596 mingw-gstreamer1-plugins-good: OOB-read in FOURCC_SMI_ parsing [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2332099
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-2284729772' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 40 Update: mingw-gstreamer1-plugins-good-1.24.10-1.fc40
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-2284729772
2024-12-22 02:11:13.806114+00:00
--------------------------------------------------------------------------------
Name : mingw-gstreamer1-plugins-good
Product : Fedora 40
Version : 1.24.10
Release : 1.fc40
URL : http://gstreamer.freedesktop.org/
Summary : Cross compiled GStreamer1 plug-ins good
Description :
GStreamer is a streaming media framework, based on graphs of filters which
operate on media data. Applications using this library can do anything
from real-time sound processing to playing videos, and just about anything
else media-related. Its plugin-based architecture means that new data
types or processing capabilities can be added simply by installing new
plugins.
GStreamer Good Plugins is a collection of well-supported plugins of
good quality and under the LGPL license.
--------------------------------------------------------------------------------
Update Information:
Update to 1.24.10, fixes multiple CVEs.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Dec 6 2024 Sandro Mani [manisandro@gmail.com] - 1.24.10-1
- Update to 1.24.10
* Tue Nov 5 2024 Sandro Mani [manisandro@gmail.com] - 1.24.9-1
- Update to 1.24.9
* Mon Sep 23 2024 Sandro Mani [manisandro@gmail.com] - 1.24.8-1
- Update to 1.24.8
* Fri Aug 23 2024 Sandro Mani [manisandro@gmail.com] - 1.24.7-1
- Update to 1.24.7
* Tue Jul 30 2024 Sandro Mani [manisandro@gmail.com] - 1.24.6-1
- Update to 1.24.6
* Thu Jul 18 2024 Fedora Release Engineering [releng@fedoraproject.org] - 1.24.5-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
* Sun Jun 23 2024 Sandro Mani [manisandro@gmail.com] - 1.24.5-1
- Update to 1.24.5
* Thu Jun 6 2024 Sandro Mani [manisandro@gmail.com] - 1.24.4-1
- Update to 1.24.4
* Wed May 1 2024 Sandro Mani [manisandro@gmail.com] - 1.24.3-1
- Update to 1.24.3
* Thu Mar 7 2024 Sandro Mani [manisandro@gmail.com] - 1.24.0-1
- Update to 1.24.0
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2331792 - CVE-2024-47542 mingw-gstreamer1-plugins-base: ID3v2 parser out-of-bounds read and NULL-pointer dereference [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2331792
[ 2 ] Bug #2331796 - CVE-2024-47540 mingw-gstreamer1-plugins-good: uninitialized stack memory in Matroska/WebM demuxer [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2331796
[ 3 ] Bug #2331813 - CVE-2024-47537 mingw-gstreamer1-plugins-good: OOB-write in isomp4/qtdemux.c [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2331813
[ 4 ] Bug #2331817 - CVE-2024-47539 mingw-gstreamer1-plugins-good: OOB-write in convert_to_s334_1a [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2331817
[ 5 ] Bug #2331825 - CVE-2024-47538 mingw-gstreamer1-plugins-base: GStreamer has a stack-buffer overflow in vorbis_handle_identification_packet [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2331825
[ 6 ] Bug #2331863 - CVE-2024-47615 mingw-gstreamer1-plugins-base: out-of-bounds write in Ogg demuxer [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2331863
[ 7 ] Bug #2331867 - CVE-2024-47613 mingw-gstreamer1-plugins-good: null pointer dereference in gst_gdk_pixbuf_dec_flush [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2331867
[ 8 ] Bug #2331873 - CVE-2024-47607 mingw-gstreamer1-plugins-base: stack-buffer overflow in gst_opus_dec_parse_header [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2331873
[ 9 ] Bug #2331888 - CVE-2024-47606 mingw-gstreamer1-plugins-good: integer overflows in MP4/MOV demuxer and memory allocator that can lead to out-of-bounds writes [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2331888
[ 10 ] Bug #2331892 - CVE-2024-47543 mingw-gstreamer1-plugins-good: OOB-read in qtdemux_parse_container [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2331892
[ 11 ] Bug #2331897 - CVE-2024-47541 mingw-gstreamer1-plugins-base: GStreamer has an out-of-bounds write in SSA subtitle parser [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2331897
[ 12 ] Bug #2331901 - CVE-2024-47600 mingw-gstreamer1-plugins-base: GStreamer has an OOB-read in format_channel_mask [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2331901
[ 13 ] Bug #2331905 - CVE-2024-47774 mingw-gstreamer1-plugins-good: GStreamer has an OOB-read in gst_avi_subtitle_parse_gab2_chunk [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2331905
[ 14 ] Bug #2332090 - CVE-2024-47777 mingw-gstreamer1-plugins-good: OOB-read in gst_wavparse_smpl_chunk [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2332090
[ 15 ] Bug #2332092 - CVE-2024-47835 mingw-gstreamer1-plugins-base: NULL-pointer dereference in LRC subtitle parser [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2332092
[ 16 ] Bug #2332095 - CVE-2024-47778 mingw-gstreamer1-plugins-good: OOB-read in gst_wavparse_adtl_chunk [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2332095
[ 17 ] Bug #2332097 - CVE-2024-47775 mingw-gstreamer1-plugins-good: OOB-read in parse_ds64 [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2332097
[ 18 ] Bug #2332099 - CVE-2024-47596 mingw-gstreamer1-plugins-good: OOB-read in FOURCC_SMI_ parsing [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2332099
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-2284729772' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 40 Update: mingw-orc-0.4.40-1.fc40
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-2284729772
2024-12-22 02:11:13.806114+00:00
--------------------------------------------------------------------------------
Name : mingw-orc
Product : Fedora 40
Version : 0.4.40
Release : 1.fc40
URL : http://code.entropywave.com/projects/orc/
Summary : Cross compiled Oil Run-time Compiler
Description :
Orc is a library and set of tools for compiling and executing
very simple programs that operate on arrays of data. The "language"
is a generic assembly language that represents many of the features
available in SIMD architectures, including saturated addition and
subtraction, and many arithmetic operations.
--------------------------------------------------------------------------------
Update Information:
Update to 1.24.10, fixes multiple CVEs.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Sep 23 2024 Marc-André Lureau <marcandre.lureau@redhat.com> - 0.4.40-1
- new version
* Mon Sep 2 2024 Miroslav Suchý <msuchy@redhat.com> - 0.4.38-4
- convert license to SPDX
* Thu Jul 18 2024 Fedora Release Engineering <releng@fedoraproject.org> - 0.4.38-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
* Wed May 1 2024 Sandro Mani <manisandro@gmail.com> - 0.4.38-2
- Rebuild
* Thu Mar 7 2024 Sandro Mani <manisandro@gmail.com> - 0.4.38-1
- Update to 0.4.38
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2331792 - CVE-2024-47542 mingw-gstreamer1-plugins-base: ID3v2 parser out-of-bounds read and NULL-pointer dereference [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2331792
[ 2 ] Bug #2331796 - CVE-2024-47540 mingw-gstreamer1-plugins-good: uninitialized stack memory in Matroska/WebM demuxer [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2331796
[ 3 ] Bug #2331813 - CVE-2024-47537 mingw-gstreamer1-plugins-good: OOB-write in isomp4/qtdemux.c [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2331813
[ 4 ] Bug #2331817 - CVE-2024-47539 mingw-gstreamer1-plugins-good: OOB-write in convert_to_s334_1a [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2331817
[ 5 ] Bug #2331825 - CVE-2024-47538 mingw-gstreamer1-plugins-base: GStreamer has a stack-buffer overflow in vorbis_handle_identification_packet [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2331825
[ 6 ] Bug #2331863 - CVE-2024-47615 mingw-gstreamer1-plugins-base: out-of-bounds write in Ogg demuxer [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2331863
[ 7 ] Bug #2331867 - CVE-2024-47613 mingw-gstreamer1-plugins-good: null pointer dereference in gst_gdk_pixbuf_dec_flush [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2331867
[ 8 ] Bug #2331873 - CVE-2024-47607 mingw-gstreamer1-plugins-base: stack-buffer overflow in gst_opus_dec_parse_header [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2331873
[ 9 ] Bug #2331888 - CVE-2024-47606 mingw-gstreamer1-plugins-good: integer overflows in MP4/MOV demuxer and memory allocator that can lead to out-of-bounds writes [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2331888
[ 10 ] Bug #2331892 - CVE-2024-47543 mingw-gstreamer1-plugins-good: OOB-read in qtdemux_parse_container [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2331892
[ 11 ] Bug #2331897 - CVE-2024-47541 mingw-gstreamer1-plugins-base: GStreamer has an out-of-bounds write in SSA subtitle parser [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2331897
[ 12 ] Bug #2331901 - CVE-2024-47600 mingw-gstreamer1-plugins-base: GStreamer has an OOB-read in format_channel_mask [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2331901
[ 13 ] Bug #2331905 - CVE-2024-47774 mingw-gstreamer1-plugins-good: GStreamer has an OOB-read in gst_avi_subtitle_parse_gab2_chunk [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2331905
[ 14 ] Bug #2332090 - CVE-2024-47777 mingw-gstreamer1-plugins-good: OOB-read in gst_wavparse_smpl_chunk [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2332090
[ 15 ] Bug #2332092 - CVE-2024-47835 mingw-gstreamer1-plugins-base: NULL-pointer dereference in LRC subtitle parser [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2332092
[ 16 ] Bug #2332095 - CVE-2024-47778 mingw-gstreamer1-plugins-good: OOB-read in gst_wavparse_adtl_chunk [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2332095
[ 17 ] Bug #2332097 - CVE-2024-47775 mingw-gstreamer1-plugins-good: OOB-read in parse_ds64 [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2332097
[ 18 ] Bug #2332099 - CVE-2024-47596 mingw-gstreamer1-plugins-good: OOB-read in FOURCC_SMI_ parsing [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2332099
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-2284729772' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
[SECURITY] Fedora 40 Update: mingw-gstreamer1-plugins-bad-free-1.24.10-1.fc40
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-2284729772
2024-12-22 02:11:13.806114+00:00
--------------------------------------------------------------------------------
Name : mingw-gstreamer1-plugins-bad-free
Product : Fedora 40
Version : 1.24.10
Release : 1.fc40
URL : http://gstreamer.freedesktop.org/
Summary : Cross compiled GStreamer1 plug-ins "bad"
Description :
GStreamer is a streaming media framework, based on graphs of elements which
operate on media data.
This package contains plug-ins that aren't tested
well enough, or the code is not of good enough quality.
--------------------------------------------------------------------------------
Update Information:
Update to 1.24.10, fixes multiple CVEs.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Dec 6 2024 Sandro Mani <manisandro@gmail.com> - 1.24.10-1
- Update to 1.24.10
* Wed Nov 27 2024 Marc-André Lureau <marcandre.lureau@redhat.com> - 1.24.9-3
- Rebuild (openexr)
* Thu Nov 14 2024 Sandro Mani <manisandro@gmail.com> - 1.24.9-2
- Rebuild (openexr)
* Tue Nov 5 2024 Sandro Mani <manisandro@gmail.com> - 1.24.9-1
- Update to 1.24.9
* Mon Sep 23 2024 Sandro Mani <manisandro@gmail.com> - 1.24.8-1
- Update to 1.24.8
* Fri Aug 23 2024 Sandro Mani <manisandro@gmail.com> - 1.24.7-1
- Update to 1.24.7
* Tue Jul 30 2024 Sandro Mani <manisandro@gmail.com> - 1.24.6-1
- Update to 1.24.6
* Thu Jul 18 2024 Fedora Release Engineering <releng@fedoraproject.org> - 1.24.5-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
* Sun Jun 23 2024 Sandro Mani <manisandro@gmail.com> - 1.24.5-1
- Update to 1.24.5
* Tue Jun 11 2024 Sandro Mani <manisandro@gmail.com> - 1.24.4-2
- Rebuild (openexr)
* Thu Jun 6 2024 Sandro Mani <manisandro@gmail.com> - 1.24.4-1
- Update to 1.24.4
* Wed May 1 2024 Sandro Mani <manisandro@gmail.com> - 1.24.3-1
- Update to 1.24.3
* Thu Mar 7 2024 Sandro Mani <manisandro@gmail.com> - 1.24.0-1
- Update to 1.24.0
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2331792 - CVE-2024-47542 mingw-gstreamer1-plugins-base: ID3v2 parser out-of-bounds read and NULL-pointer dereference [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2331792
[ 2 ] Bug #2331796 - CVE-2024-47540 mingw-gstreamer1-plugins-good: uninitialized stack memory in Matroska/WebM demuxer [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2331796
[ 3 ] Bug #2331813 - CVE-2024-47537 mingw-gstreamer1-plugins-good: OOB-write in isomp4/qtdemux.c [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2331813
[ 4 ] Bug #2331817 - CVE-2024-47539 mingw-gstreamer1-plugins-good: OOB-write in convert_to_s334_1a [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2331817
[ 5 ] Bug #2331825 - CVE-2024-47538 mingw-gstreamer1-plugins-base: GStreamer has a stack-buffer overflow in vorbis_handle_identification_packet [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2331825
[ 6 ] Bug #2331863 - CVE-2024-47615 mingw-gstreamer1-plugins-base: out-of-bounds write in Ogg demuxer [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2331863
[ 7 ] Bug #2331867 - CVE-2024-47613 mingw-gstreamer1-plugins-good: null pointer dereference in gst_gdk_pixbuf_dec_flush [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2331867
[ 8 ] Bug #2331873 - CVE-2024-47607 mingw-gstreamer1-plugins-base: stack-buffer overflow in gst_opus_dec_parse_header [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2331873
[ 9 ] Bug #2331888 - CVE-2024-47606 mingw-gstreamer1-plugins-good: integer overflows in MP4/MOV demuxer and memory allocator that can lead to out-of-bounds writes [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2331888
[ 10 ] Bug #2331892 - CVE-2024-47543 mingw-gstreamer1-plugins-good: OOB-read in qtdemux_parse_container [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2331892
[ 11 ] Bug #2331897 - CVE-2024-47541 mingw-gstreamer1-plugins-base: GStreamer has an out-of-bounds write in SSA subtitle parser [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2331897
[ 12 ] Bug #2331901 - CVE-2024-47600 mingw-gstreamer1-plugins-base: GStreamer has an OOB-read in format_channel_mask [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2331901
[ 13 ] Bug #2331905 - CVE-2024-47774 mingw-gstreamer1-plugins-good: GStreamer has an OOB-read in gst_avi_subtitle_parse_gab2_chunk [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2331905
[ 14 ] Bug #2332090 - CVE-2024-47777 mingw-gstreamer1-plugins-good: OOB-read in gst_wavparse_smpl_chunk [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2332090
[ 15 ] Bug #2332092 - CVE-2024-47835 mingw-gstreamer1-plugins-base: NULL-pointer dereference in LRC subtitle parser [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2332092
[ 16 ] Bug #2332095 - CVE-2024-47778 mingw-gstreamer1-plugins-good: OOB-read in gst_wavparse_adtl_chunk [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2332095
[ 17 ] Bug #2332097 - CVE-2024-47775 mingw-gstreamer1-plugins-good: OOB-read in parse_ds64 [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2332097
[ 18 ] Bug #2332099 - CVE-2024-47596 mingw-gstreamer1-plugins-good: OOB-read in FOURCC_SMI_ parsing [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2332099
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-2284729772' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
----------------------------------------------------------------------------------
[SECURITY] Fedora 40 Update: mingw-gstreamer1-1.24.10-1.fc40
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-2284729772
2024-12-22 02:11:13.806114+00:00
--------------------------------------------------------------------------------
Name : mingw-gstreamer1
Product : Fedora 40
Version : 1.24.10
Release : 1.fc40
URL : http://gstreamer.freedesktop.org/
Summary : MinGW Windows Streaming-Media Framework Runtime
Description :
GStreamer is a streaming-media framework, based on graphs of filters
which operate on media data. Applications using this library can do
anything from real-time sound processing to playing videos, and just
about anything else media-related. Its plug-in-based architecture
means that new data types or processing capabilities can be added by
installing new plug-ins.
--------------------------------------------------------------------------------
Update Information:
Update to 1.24.10, fixes multiple CVEs.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Dec 6 2024 Sandro Mani [manisandro@gmail.com] - 1.24.10-1
- Update to 1.24.10
* Tue Nov 5 2024 Sandro Mani [manisandro@gmail.com] - 1.24.9-1
- Update to 1.24.9
* Mon Sep 23 2024 Sandro Mani [manisandro@gmail.com] - 1.24.8-1
- Update to 1.24.8
* Fri Aug 23 2024 Sandro Mani [manisandro@gmail.com] - 1.24.7-1
- Update to 1.24.7
* Tue Jul 30 2024 Sandro Mani [manisandro@gmail.com] - 1.24.6-1
- Update to 1.24.6
* Thu Jul 18 2024 Fedora Release Engineering [releng@fedoraproject.org] - 1.24.5-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
* Sun Jun 23 2024 Sandro Mani [manisandro@gmail.com] - 1.24.5-1
- Update to 1.24.5
* Tue Jun 4 2024 Sandro Mani [manisandro@gmail.com] - 1.24.4-1
- Update to 1.24.4
* Wed May 1 2024 Sandro Mani [manisandro@gmail.com] - 1.24.3-1
- Update to 1.24.3
* Wed Mar 6 2024 Sandro Mani [manisandro@gmail.com] - 1.24.0-1
- Update to 1.24.0
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2331792 - CVE-2024-47542 mingw-gstreamer1-plugins-base: ID3v2 parser out-of-bounds read and NULL-pointer dereference [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2331792
[ 2 ] Bug #2331796 - CVE-2024-47540 mingw-gstreamer1-plugins-good: uninitialized stack memory in Matroska/WebM demuxer [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2331796
[ 3 ] Bug #2331813 - CVE-2024-47537 mingw-gstreamer1-plugins-good: OOB-write in isomp4/qtdemux.c [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2331813
[ 4 ] Bug #2331817 - CVE-2024-47539 mingw-gstreamer1-plugins-good: OOB-write in convert_to_s334_1a [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2331817
[ 5 ] Bug #2331825 - CVE-2024-47538 mingw-gstreamer1-plugins-base: GStreamer has a stack-buffer overflow in vorbis_handle_identification_packet [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2331825
[ 6 ] Bug #2331863 - CVE-2024-47615 mingw-gstreamer1-plugins-base: out-of-bounds write in Ogg demuxer [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2331863
[ 7 ] Bug #2331867 - CVE-2024-47613 mingw-gstreamer1-plugins-good: null pointer dereference in gst_gdk_pixbuf_dec_flush [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2331867
[ 8 ] Bug #2331873 - CVE-2024-47607 mingw-gstreamer1-plugins-base: stack-buffer overflow in gst_opus_dec_parse_header [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2331873
[ 9 ] Bug #2331888 - CVE-2024-47606 mingw-gstreamer1-plugins-good: integer overflows in MP4/MOV demuxer and memory allocator that can lead to out-of-bounds writes [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2331888
[ 10 ] Bug #2331892 - CVE-2024-47543 mingw-gstreamer1-plugins-good: OOB-read in qtdemux_parse_container [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2331892
[ 11 ] Bug #2331897 - CVE-2024-47541 mingw-gstreamer1-plugins-base: GStreamer has an out-of-bounds write in SSA subtitle parser [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2331897
[ 12 ] Bug #2331901 - CVE-2024-47600 mingw-gstreamer1-plugins-base: GStreamer has an OOB-read in format_channel_mask [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2331901
[ 13 ] Bug #2331905 - CVE-2024-47774 mingw-gstreamer1-plugins-good: GStreamer has an OOB-read in gst_avi_subtitle_parse_gab2_chunk [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2331905
[ 14 ] Bug #2332090 - CVE-2024-47777 mingw-gstreamer1-plugins-good: OOB-read in gst_wavparse_smpl_chunk [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2332090
[ 15 ] Bug #2332092 - CVE-2024-47835 mingw-gstreamer1-plugins-base: NULL-pointer dereference in LRC subtitle parser [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2332092
[ 16 ] Bug #2332095 - CVE-2024-47778 mingw-gstreamer1-plugins-good: OOB-read in gst_wavparse_adtl_chunk [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2332095
[ 17 ] Bug #2332097 - CVE-2024-47775 mingw-gstreamer1-plugins-good: OOB-read in parse_ds64 [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2332097
[ 18 ] Bug #2332099 - CVE-2024-47596 mingw-gstreamer1-plugins-good: OOB-read in FOURCC_SMI_ parsing [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2332099
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-2284729772' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 41 Update: chromium-131.0.6778.204-1.fc41
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-21c7531146
2024-12-22 02:00:45.594184+00:00
--------------------------------------------------------------------------------
Name : chromium
Product : Fedora 41
Version : 131.0.6778.204
Release : 1.fc41
URL : http://www.chromium.org/Home
Summary : A WebKit (Blink) powered web browser that Google doesn't want you to use
Description :
Chromium is an open-source web browser, powered by WebKit (Blink).
--------------------------------------------------------------------------------
Update Information:
Update to 131.0.6778.204
High CVE-2024-12692: Type Confusion in V8
High CVE-2024-12693: Out of bounds memory access in V8
High CVE-2024-12694: Use after free in Compositing
High CVE-2024-12695: Out of bounds write in V8
--------------------------------------------------------------------------------
ChangeLog:
* Thu Dec 19 2024 Than Ngo [than@redhat.com] - 131.0.6778.204-1
- Update to 131.0.6778.204
* High CVE-2024-12692: Type Confusion in V8
* High CVE-2024-12693: Out of bounds memory access in V8
* High CVE-2024-12694: Use after free in Compositing
* High CVE-2024-12695: Out of bounds write in V8
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2333152 - CVE-2024-12692 chromium: Type Confusion in V8 [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2333152
[ 2 ] Bug #2333153 - CVE-2024-12692 chromium: Type Confusion in V8 [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2333153
[ 3 ] Bug #2333154 - CVE-2024-12693 chromium: Out of bounds memory access in V8 [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2333154
[ 4 ] Bug #2333155 - CVE-2024-12693 chromium: Out of bounds memory access in V8 [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2333155
[ 5 ] Bug #2333156 - CVE-2024-12694 chromium: Use after free in Compositing [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2333156
[ 6 ] Bug #2333157 - CVE-2024-12694 chromium: Use after free in Compositing [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2333157
[ 7 ] Bug #2333159 - CVE-2024-12695 chromium: Out of bounds write in V8 [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2333159
[ 8 ] Bug #2333160 - CVE-2024-12695 chromium: Out of bounds write in V8 [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2333160
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-21c7531146' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 41 Update: mingw-gstreamer1-plugins-base-1.24.10-1.fc41
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-0a5722a980
2024-12-22 02:00:45.594041+00:00
--------------------------------------------------------------------------------
Name : mingw-gstreamer1-plugins-base
Product : Fedora 41
Version : 1.24.10
Release : 1.fc41
URL : http://gstreamer.freedesktop.org/
Summary : Cross compiled GStreamer1 media framework base plug-ins
Description :
GStreamer is a streaming media framework, based on graphs of filters which
operate on media data. Applications using this library can do anything
from real-time sound processing to playing videos, and just about anything
else media-related. Its plugin-based architecture means that new data
types or processing capabilities can be added simply by installing new
plug-ins.
This package contains a set of well-maintained base plug-ins.
--------------------------------------------------------------------------------
Update Information:
Update to gstreamer-1.24.10, fixes multiple CVEs.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Dec 6 2024 Sandro Mani [manisandro@gmail.com] - 1.24.10-1
- Update to 1.24.10
* Tue Nov 5 2024 Sandro Mani [manisandro@gmail.com] - 1.24.9-1
- Update to 1.24.9
* Mon Sep 23 2024 Sandro Mani [manisandro@gmail.com] - 1.24.8-1
- Update to 1.24.8
* Fri Aug 23 2024 Sandro Mani [manisandro@gmail.com] - 1.24.7-1
- Update to 1.24.7
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2331794 - CVE-2024-47542 mingw-gstreamer1-plugins-base: ID3v2 parser out-of-bounds read and NULL-pointer dereference [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2331794
[ 2 ] Bug #2331798 - CVE-2024-47540 mingw-gstreamer1-plugins-good: uninitialized stack memory in Matroska/WebM demuxer [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2331798
[ 3 ] Bug #2331815 - CVE-2024-47537 mingw-gstreamer1-plugins-good: OOB-write in isomp4/qtdemux.c [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2331815
[ 4 ] Bug #2331819 - CVE-2024-47539 mingw-gstreamer1-plugins-good: OOB-write in convert_to_s334_1a [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2331819
[ 5 ] Bug #2331829 - CVE-2024-47538 mingw-gstreamer1-plugins-base: GStreamer has a stack-buffer overflow in vorbis_handle_identification_packet [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2331829
[ 6 ] Bug #2331865 - CVE-2024-47615 mingw-gstreamer1-plugins-base: out-of-bounds write in Ogg demuxer [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2331865
[ 7 ] Bug #2331875 - CVE-2024-47607 mingw-gstreamer1-plugins-base: stack-buffer overflow in gst_opus_dec_parse_header [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2331875
[ 8 ] Bug #2331890 - CVE-2024-47606 mingw-gstreamer1-plugins-good: integer overflows in MP4/MOV demuxer and memory allocator that can lead to out-of-bounds writes [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2331890
[ 9 ] Bug #2331894 - CVE-2024-47543 mingw-gstreamer1-plugins-good: OOB-read in qtdemux_parse_container [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2331894
[ 10 ] Bug #2331899 - CVE-2024-47541 mingw-gstreamer1-plugins-base: GStreamer has an out-of-bounds write in SSA subtitle parser [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2331899
[ 11 ] Bug #2331903 - CVE-2024-47600 mingw-gstreamer1-plugins-base: GStreamer has an OOB-read in format_channel_mask [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2331903
[ 12 ] Bug #2331907 - CVE-2024-47774 mingw-gstreamer1-plugins-good: GStreamer has an OOB-read in gst_avi_subtitle_parse_gab2_chunk [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2331907
[ 13 ] Bug #2332091 - CVE-2024-47777 mingw-gstreamer1-plugins-good: OOB-read in gst_wavparse_smpl_chunk [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2332091
[ 14 ] Bug #2332093 - CVE-2024-47835 mingw-gstreamer1-plugins-base: NULL-pointer dereference in LRC subtitle parser [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2332093
[ 15 ] Bug #2332096 - CVE-2024-47778 mingw-gstreamer1-plugins-good: OOB-read in gst_wavparse_adtl_chunk [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2332096
[ 16 ] Bug #2332098 - CVE-2024-47775 mingw-gstreamer1-plugins-good: OOB-read in parse_ds64 [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2332098
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-0a5722a980' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 41 Update: mingw-gstreamer1-1.24.10-1.fc41
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-0a5722a980
2024-12-22 02:00:45.594041+00:00
--------------------------------------------------------------------------------
Name : mingw-gstreamer1
Product : Fedora 41
Version : 1.24.10
Release : 1.fc41
URL : http://gstreamer.freedesktop.org/
Summary : MinGW Windows Streaming-Media Framework Runtime
Description :
GStreamer is a streaming-media framework, based on graphs of filters
which operate on media data. Applications using this library can do
anything from real-time sound processing to playing videos, and just
about anything else media-related. Its plug-in-based architecture
means that new data types or processing capabilities can be added by
installing new plug-ins.
--------------------------------------------------------------------------------
Update Information:
Update to gstreamer-1.24.10, fixes multiple CVEs.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Dec 6 2024 Sandro Mani [manisandro@gmail.com] - 1.24.10-1
- Update to 1.24.10
* Tue Nov 5 2024 Sandro Mani [manisandro@gmail.com] - 1.24.9-1
- Update to 1.24.9
* Mon Sep 23 2024 Sandro Mani [manisandro@gmail.com] - 1.24.8-1
- Update to 1.24.8
* Fri Aug 23 2024 Sandro Mani [manisandro@gmail.com] - 1.24.7-1
- Update to 1.24.7
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2331794 - CVE-2024-47542 mingw-gstreamer1-plugins-base: ID3v2 parser out-of-bounds read and NULL-pointer dereference [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2331794
[ 2 ] Bug #2331798 - CVE-2024-47540 mingw-gstreamer1-plugins-good: uninitialized stack memory in Matroska/WebM demuxer [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2331798
[ 3 ] Bug #2331815 - CVE-2024-47537 mingw-gstreamer1-plugins-good: OOB-write in isomp4/qtdemux.c [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2331815
[ 4 ] Bug #2331819 - CVE-2024-47539 mingw-gstreamer1-plugins-good: OOB-write in convert_to_s334_1a [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2331819
[ 5 ] Bug #2331829 - CVE-2024-47538 mingw-gstreamer1-plugins-base: GStreamer has a stack-buffer overflow in vorbis_handle_identification_packet [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2331829
[ 6 ] Bug #2331865 - CVE-2024-47615 mingw-gstreamer1-plugins-base: out-of-bounds write in Ogg demuxer [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2331865
[ 7 ] Bug #2331875 - CVE-2024-47607 mingw-gstreamer1-plugins-base: stack-buffer overflow in gst_opus_dec_parse_header [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2331875
[ 8 ] Bug #2331890 - CVE-2024-47606 mingw-gstreamer1-plugins-good: integer overflows in MP4/MOV demuxer and memory allocator that can lead to out-of-bounds writes [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2331890
[ 9 ] Bug #2331894 - CVE-2024-47543 mingw-gstreamer1-plugins-good: OOB-read in qtdemux_parse_container [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2331894
[ 10 ] Bug #2331899 - CVE-2024-47541 mingw-gstreamer1-plugins-base: GStreamer has an out-of-bounds write in SSA subtitle parser [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2331899
[ 11 ] Bug #2331903 - CVE-2024-47600 mingw-gstreamer1-plugins-base: GStreamer has an OOB-read in format_channel_mask [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2331903
[ 12 ] Bug #2331907 - CVE-2024-47774 mingw-gstreamer1-plugins-good: GStreamer has an OOB-read in gst_avi_subtitle_parse_gab2_chunk [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2331907
[ 13 ] Bug #2332091 - CVE-2024-47777 mingw-gstreamer1-plugins-good: OOB-read in gst_wavparse_smpl_chunk [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2332091
[ 14 ] Bug #2332093 - CVE-2024-47835 mingw-gstreamer1-plugins-base: NULL-pointer dereference in LRC subtitle parser [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2332093
[ 15 ] Bug #2332096 - CVE-2024-47778 mingw-gstreamer1-plugins-good: OOB-read in gst_wavparse_adtl_chunk [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2332096
[ 16 ] Bug #2332098 - CVE-2024-47775 mingw-gstreamer1-plugins-good: OOB-read in parse_ds64 [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2332098
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-0a5722a980' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 41 Update: mingw-directxmath-3.20-1.fc41
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-0a5722a980
2024-12-22 02:00:45.594041+00:00
--------------------------------------------------------------------------------
Name : mingw-directxmath
Product : Fedora 41
Version : 3.20
Release : 1.fc41
URL : https://github.com/microsoft/DirectXMath
Summary : MinGW Windows directxmath library
Description :
MinGW Windows directxmath library.
--------------------------------------------------------------------------------
Update Information:
Update to gstreamer-1.24.10, fixes multiple CVEs.
--------------------------------------------------------------------------------
ChangeLog:
* Sun Nov 17 2024 Sandro Mani [manisandro@gmail.com] - 3.20-1
- Update to 3.20
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2331794 - CVE-2024-47542 mingw-gstreamer1-plugins-base: ID3v2 parser out-of-bounds read and NULL-pointer dereference [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2331794
[ 2 ] Bug #2331798 - CVE-2024-47540 mingw-gstreamer1-plugins-good: uninitialized stack memory in Matroska/WebM demuxer [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2331798
[ 3 ] Bug #2331815 - CVE-2024-47537 mingw-gstreamer1-plugins-good: OOB-write in isomp4/qtdemux.c [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2331815
[ 4 ] Bug #2331819 - CVE-2024-47539 mingw-gstreamer1-plugins-good: OOB-write in convert_to_s334_1a [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2331819
[ 5 ] Bug #2331829 - CVE-2024-47538 mingw-gstreamer1-plugins-base: GStreamer has a stack-buffer overflow in vorbis_handle_identification_packet [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2331829
[ 6 ] Bug #2331865 - CVE-2024-47615 mingw-gstreamer1-plugins-base: out-of-bounds write in Ogg demuxer [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2331865
[ 7 ] Bug #2331875 - CVE-2024-47607 mingw-gstreamer1-plugins-base: stack-buffer overflow in gst_opus_dec_parse_header [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2331875
[ 8 ] Bug #2331890 - CVE-2024-47606 mingw-gstreamer1-plugins-good: integer overflows in MP4/MOV demuxer and memory allocator that can lead to out-of-bounds writes [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2331890
[ 9 ] Bug #2331894 - CVE-2024-47543 mingw-gstreamer1-plugins-good: OOB-read in qtdemux_parse_container [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2331894
[ 10 ] Bug #2331899 - CVE-2024-47541 mingw-gstreamer1-plugins-base: GStreamer has an out-of-bounds write in SSA subtitle parser [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2331899
[ 11 ] Bug #2331903 - CVE-2024-47600 mingw-gstreamer1-plugins-base: GStreamer has an OOB-read in format_channel_mask [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2331903
[ 12 ] Bug #2331907 - CVE-2024-47774 mingw-gstreamer1-plugins-good: GStreamer has an OOB-read in gst_avi_subtitle_parse_gab2_chunk [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2331907
[ 13 ] Bug #2332091 - CVE-2024-47777 mingw-gstreamer1-plugins-good: OOB-read in gst_wavparse_smpl_chunk [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2332091
[ 14 ] Bug #2332093 - CVE-2024-47835 mingw-gstreamer1-plugins-base: NULL-pointer dereference in LRC subtitle parser [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2332093
[ 15 ] Bug #2332096 - CVE-2024-47778 mingw-gstreamer1-plugins-good: OOB-read in gst_wavparse_adtl_chunk [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2332096
[ 16 ] Bug #2332098 - CVE-2024-47775 mingw-gstreamer1-plugins-good: OOB-read in parse_ds64 [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2332098
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-0a5722a980' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 41 Update: mingw-gstreamer1-plugins-good-1.24.10-1.fc41
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-0a5722a980
2024-12-22 02:00:45.594041+00:00
--------------------------------------------------------------------------------
Name : mingw-gstreamer1-plugins-good
Product : Fedora 41
Version : 1.24.10
Release : 1.fc41
URL : http://gstreamer.freedesktop.org/
Summary : Cross compiled GStreamer1 plug-ins good
Description :
GStreamer is a streaming media framework, based on graphs of filters which
operate on media data. Applications using this library can do anything
from real-time sound processing to playing videos, and just about anything
else media-related. Its plugin-based architecture means that new data
types or processing capabilities can be added simply by installing new
plugins.
GStreamer Good Plugins is a collection of well-supported plugins of
good quality and under the LGPL license.
--------------------------------------------------------------------------------
Update Information:
Update to gstreamer-1.24.10, fixes multiple CVEs.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Dec 6 2024 Sandro Mani [manisandro@gmail.com] - 1.24.10-1
- Update to 1.24.10
* Tue Nov 5 2024 Sandro Mani [manisandro@gmail.com] - 1.24.9-1
- Update to 1.24.9
* Mon Sep 23 2024 Sandro Mani [manisandro@gmail.com] - 1.24.8-1
- Update to 1.24.8
* Fri Aug 23 2024 Sandro Mani [manisandro@gmail.com] - 1.24.7-1
- Update to 1.24.7
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2331794 - CVE-2024-47542 mingw-gstreamer1-plugins-base: ID3v2 parser out-of-bounds read and NULL-pointer dereference [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2331794
[ 2 ] Bug #2331798 - CVE-2024-47540 mingw-gstreamer1-plugins-good: uninitialized stack memory in Matroska/WebM demuxer [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2331798
[ 3 ] Bug #2331815 - CVE-2024-47537 mingw-gstreamer1-plugins-good: OOB-write in isomp4/qtdemux.c [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2331815
[ 4 ] Bug #2331819 - CVE-2024-47539 mingw-gstreamer1-plugins-good: OOB-write in convert_to_s334_1a [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2331819
[ 5 ] Bug #2331829 - CVE-2024-47538 mingw-gstreamer1-plugins-base: GStreamer has a stack-buffer overflow in vorbis_handle_identification_packet [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2331829
[ 6 ] Bug #2331865 - CVE-2024-47615 mingw-gstreamer1-plugins-base: out-of-bounds write in Ogg demuxer [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2331865
[ 7 ] Bug #2331875 - CVE-2024-47607 mingw-gstreamer1-plugins-base: stack-buffer overflow in gst_opus_dec_parse_header [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2331875
[ 8 ] Bug #2331890 - CVE-2024-47606 mingw-gstreamer1-plugins-good: integer overflows in MP4/MOV demuxer and memory allocator that can lead to out-of-bounds writes [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2331890
[ 9 ] Bug #2331894 - CVE-2024-47543 mingw-gstreamer1-plugins-good: OOB-read in qtdemux_parse_container [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2331894
[ 10 ] Bug #2331899 - CVE-2024-47541 mingw-gstreamer1-plugins-base: GStreamer has an out-of-bounds write in SSA subtitle parser [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2331899
[ 11 ] Bug #2331903 - CVE-2024-47600 mingw-gstreamer1-plugins-base: GStreamer has an OOB-read in format_channel_mask [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2331903
[ 12 ] Bug #2331907 - CVE-2024-47774 mingw-gstreamer1-plugins-good: GStreamer has an OOB-read in gst_avi_subtitle_parse_gab2_chunk [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2331907
[ 13 ] Bug #2332091 - CVE-2024-47777 mingw-gstreamer1-plugins-good: OOB-read in gst_wavparse_smpl_chunk [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2332091
[ 14 ] Bug #2332093 - CVE-2024-47835 mingw-gstreamer1-plugins-base: NULL-pointer dereference in LRC subtitle parser [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2332093
[ 15 ] Bug #2332096 - CVE-2024-47778 mingw-gstreamer1-plugins-good: OOB-read in gst_wavparse_adtl_chunk [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2332096
[ 16 ] Bug #2332098 - CVE-2024-47775 mingw-gstreamer1-plugins-good: OOB-read in parse_ds64 [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2332098
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-0a5722a980' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 41 Update: mingw-gstreamer1-plugins-bad-free-1.24.10-1.fc41
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-0a5722a980
2024-12-22 02:00:45.594041+00:00
--------------------------------------------------------------------------------
Name : mingw-gstreamer1-plugins-bad-free
Product : Fedora 41
Version : 1.24.10
Release : 1.fc41
URL : http://gstreamer.freedesktop.org/
Summary : Cross compiled GStreamer1 plug-ins "bad"
Description :
GStreamer is a streaming media framework, based on graphs of elements which
operate on media data.
This package contains plug-ins that aren't tested
well enough, or the code is not of good enough quality.
--------------------------------------------------------------------------------
Update Information:
Update to gstreamer-1.24.10, fixes multiple CVEs.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Dec 6 2024 Sandro Mani <manisandro@gmail.com> - 1.24.10-1
- Update to 1.24.10
* Wed Nov 27 2024 Marc-André Lureau <marcandre.lureau@redhat.com> - 1.24.9-3
- Rebuild (openexr)
* Thu Nov 14 2024 Sandro Mani <manisandro@gmail.com> - 1.24.9-2
- Rebuild (openexr)
* Tue Nov 5 2024 Sandro Mani <manisandro@gmail.com> - 1.24.9-1
- Update to 1.24.9
* Mon Sep 23 2024 Sandro Mani <manisandro@gmail.com> - 1.24.8-1
- Update to 1.24.8
* Fri Aug 23 2024 Sandro Mani <manisandro@gmail.com> - 1.24.7-1
- Update to 1.24.7
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2331794 - CVE-2024-47542 mingw-gstreamer1-plugins-base: ID3v2 parser out-of-bounds read and NULL-pointer dereference [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2331794
[ 2 ] Bug #2331798 - CVE-2024-47540 mingw-gstreamer1-plugins-good: uninitialized stack memory in Matroska/WebM demuxer [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2331798
[ 3 ] Bug #2331815 - CVE-2024-47537 mingw-gstreamer1-plugins-good: OOB-write in isomp4/qtdemux.c [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2331815
[ 4 ] Bug #2331819 - CVE-2024-47539 mingw-gstreamer1-plugins-good: OOB-write in convert_to_s334_1a [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2331819
[ 5 ] Bug #2331829 - CVE-2024-47538 mingw-gstreamer1-plugins-base: GStreamer has a stack-buffer overflow in vorbis_handle_identification_packet [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2331829
[ 6 ] Bug #2331865 - CVE-2024-47615 mingw-gstreamer1-plugins-base: out-of-bounds write in Ogg demuxer [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2331865
[ 7 ] Bug #2331875 - CVE-2024-47607 mingw-gstreamer1-plugins-base: stack-buffer overflow in gst_opus_dec_parse_header [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2331875
[ 8 ] Bug #2331890 - CVE-2024-47606 mingw-gstreamer1-plugins-good: integer overflows in MP4/MOV demuxer and memory allocator that can lead to out-of-bounds writes [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2331890
[ 9 ] Bug #2331894 - CVE-2024-47543 mingw-gstreamer1-plugins-good: OOB-read in qtdemux_parse_container [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2331894
[ 10 ] Bug #2331899 - CVE-2024-47541 mingw-gstreamer1-plugins-base: GStreamer has an out-of-bounds write in SSA subtitle parser [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2331899
[ 11 ] Bug #2331903 - CVE-2024-47600 mingw-gstreamer1-plugins-base: GStreamer has an OOB-read in format_channel_mask [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2331903
[ 12 ] Bug #2331907 - CVE-2024-47774 mingw-gstreamer1-plugins-good: GStreamer has an OOB-read in gst_avi_subtitle_parse_gab2_chunk [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2331907
[ 13 ] Bug #2332091 - CVE-2024-47777 mingw-gstreamer1-plugins-good: OOB-read in gst_wavparse_smpl_chunk [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2332091
[ 14 ] Bug #2332093 - CVE-2024-47835 mingw-gstreamer1-plugins-base: NULL-pointer dereference in LRC subtitle parser [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2332093
[ 15 ] Bug #2332096 - CVE-2024-47778 mingw-gstreamer1-plugins-good: OOB-read in gst_wavparse_adtl_chunk [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2332096
[ 16 ] Bug #2332098 - CVE-2024-47775 mingw-gstreamer1-plugins-good: OOB-read in parse_ds64 [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2332098
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-0a5722a980' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
[SECURITY] Fedora 41 Update: python3-docs-3.13.1-1.fc41
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-3c18fe0d93
2024-12-22 02:00:45.593936+00:00
--------------------------------------------------------------------------------
Name : python3-docs
Product : Fedora 41
Version : 3.13.1
Release : 1.fc41
URL : https://www.python.org/
Summary : Documentation for the Python 3 programming language
Description :
The python3-docs package contains documentation on the Python 3
programming language and interpreter.
--------------------------------------------------------------------------------
Update Information:
This is the first maintenance release of Python 3.13
Python 3.13 is the newest major release of the Python programming language, and
it contains many new features and optimizations compared to Python 3.12. 3.13.1
is the latest maintenance release, containing almost 400 bugfixes, build
improvements and documentation changes since 3.13.0.
Security content in this release
gh-122792: Changed IPv4-mapped ipaddress.IPv6Address to consistently use the
mapped IPv4 address value for deciding properties. Properties which have their
behavior fixed are is_multicast, is_reserved, is_link_local, is_global, and
is_unspecified.
CVE-2024-9287: gh-124651: Properly quote template strings in venv activation
scripts.
gh-125140: Remove the current directory from sys.path when using PyREPL.
CVE-2024-12254: Unbounded memory buffering in
SelectorSocketTransport.writelines() fixed.
libdnf and libcomps fixes
Fix segfaults in iterators (Python 3.13.1 made this crash happen in regular
usage)
--------------------------------------------------------------------------------
ChangeLog:
* Tue Dec 3 2024 Charalampos Stratakis [cstratak@redhat.com] - 3.13.1-1
- Update to Python 3.13.1
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2321657 - CVE-2024-9287 python3.13: Virtual environment (venv) activation scripts don't quote paths [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2321657
[ 2 ] Bug #2330562 - python3-libdnf segfaults when iterating over an iterator of a ConfigParser section
https://bugzilla.redhat.com/show_bug.cgi?id=2330562
[ 3 ] Bug #2330927 - CVE-2024-12254 python3.13: Unbounded memory buffering in SelectorSocketTransport.writelines() [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2330927
[ 4 ] Bug #2331665 - libcomps segfaults when iterating over and iterator from an iterator
https://bugzilla.redhat.com/show_bug.cgi?id=2331665
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-3c18fe0d93' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 41 Update: python3.13-3.13.1-2.fc41
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-3c18fe0d93
2024-12-22 02:00:45.593936+00:00
--------------------------------------------------------------------------------
Name : python3.13
Product : Fedora 41
Version : 3.13.1
Release : 2.fc41
URL : https://www.python.org/
Summary : Version 3.13 of the Python interpreter
Description :
Python 3.13 is an accessible, high-level, dynamically typed, interpreted
programming language, designed with an emphasis on code readability.
It includes an extensive standard library, and has a vast ecosystem of
third-party libraries.
--------------------------------------------------------------------------------
Update Information:
This is the first maintenance release of Python 3.13
Python 3.13 is the newest major release of the Python programming language, and
it contains many new features and optimizations compared to Python 3.12. 3.13.1
is the latest maintenance release, containing almost 400 bugfixes, build
improvements and documentation changes since 3.13.0.
Security content in this release
gh-122792: Changed IPv4-mapped ipaddress.IPv6Address to consistently use the
mapped IPv4 address value for deciding properties. Properties which have their
behavior fixed are is_multicast, is_reserved, is_link_local, is_global, and
is_unspecified.
CVE-2024-9287: gh-124651: Properly quote template strings in venv activation
scripts.
gh-125140: Remove the current directory from sys.path when using PyREPL.
CVE-2024-12254: Unbounded memory buffering in
SelectorSocketTransport.writelines() fixed.
libdnf and libcomps fixes
Fix segfaults in iterators (Python 3.13.1 made this crash happen in regular
usage)
--------------------------------------------------------------------------------
ChangeLog:
* Mon Dec 9 2024 Miro Hrončok <mhroncok@redhat.com> - 3.13.1-2
- Security fix for CVE-2024-12254
- Fixes: rhbz#2330927
* Tue Dec 3 2024 Charalampos Stratakis <cstratak@redhat.com> - 3.13.1-1
- Update to 3.13.1
- Security fix for CVE-2024-9287
- Fixes: rhbz#2321657
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2321657 - CVE-2024-9287 python3.13: Virtual environment (venv) activation scripts don't quote paths [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2321657
[ 2 ] Bug #2330562 - python3-libdnf segfaults when iterating over an iterator of a ConfigParser section
https://bugzilla.redhat.com/show_bug.cgi?id=2330562
[ 3 ] Bug #2330927 - CVE-2024-12254 python3.13: Unbounded memory buffering in SelectorSocketTransport.writelines() [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2330927
[ 4 ] Bug #2331665 - libcomps segfaults when iterating over and iterator from an iterator
https://bugzilla.redhat.com/show_bug.cgi?id=2331665
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-3c18fe0d93' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
[SECURITY] Fedora 41 Update: libdnf-0.73.4-2.fc41
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-3c18fe0d93
2024-12-22 02:00:45.593936+00:00
--------------------------------------------------------------------------------
Name : libdnf
Product : Fedora 41
Version : 0.73.4
Release : 2.fc41
URL : https://github.com/rpm-software-management/libdnf
Summary : Library providing simplified C and Python API to libsolv
Description :
A Library providing simplified C and Python API to libsolv.
--------------------------------------------------------------------------------
Update Information:
This is the first maintenance release of Python 3.13
Python 3.13 is the newest major release of the Python programming language, and
it contains many new features and optimizations compared to Python 3.12. 3.13.1
is the latest maintenance release, containing almost 400 bugfixes, build
improvements and documentation changes since 3.13.0.
Security content in this release
gh-122792: Changed IPv4-mapped ipaddress.IPv6Address to consistently use the
mapped IPv4 address value for deciding properties. Properties which have their
behavior fixed are is_multicast, is_reserved, is_link_local, is_global, and
is_unspecified.
CVE-2024-9287: gh-124651: Properly quote template strings in venv activation
scripts.
gh-125140: Remove the current directory from sys.path when using PyREPL.
CVE-2024-12254: Unbounded memory buffering in
SelectorSocketTransport.writelines() fixed.
libdnf and libcomps fixes
Fix segfaults in iterators (Python 3.13.1 made this crash happen in regular
usage)
--------------------------------------------------------------------------------
ChangeLog:
* Tue Dec 10 2024 Miro Hrončok <mhroncok@redhat.com> - 0.73.4-2
- Fix a segfault in iterator of a ConfigParser section
- Fixes: rhbz#2330562
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2321657 - CVE-2024-9287 python3.13: Virtual environment (venv) activation scripts don't quote paths [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2321657
[ 2 ] Bug #2330562 - python3-libdnf segfaults when iterating over an iterator of a ConfigParser section
https://bugzilla.redhat.com/show_bug.cgi?id=2330562
[ 3 ] Bug #2330927 - CVE-2024-12254 python3.13: Unbounded memory buffering in SelectorSocketTransport.writelines() [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2330927
[ 4 ] Bug #2331665 - libcomps segfaults when iterating over and iterator from an iterator
https://bugzilla.redhat.com/show_bug.cgi?id=2331665
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-3c18fe0d93' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
[SECURITY] Fedora 41 Update: libcomps-0.1.21-4.fc41
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-3c18fe0d93
2024-12-22 02:00:45.593936+00:00
--------------------------------------------------------------------------------
Name : libcomps
Product : Fedora 41
Version : 0.1.21
Release : 4.fc41
URL : https://github.com/rpm-software-management/libcomps
Summary : Comps XML file manipulation library
Description :
Libcomps is library for structure-like manipulation with content of
comps XML files. Supports read/write XML file, structure(s) modification.
--------------------------------------------------------------------------------
Update Information:
This is the first maintenance release of Python 3.13
Python 3.13 is the newest major release of the Python programming language, and
it contains many new features and optimizations compared to Python 3.12. 3.13.1
is the latest maintenance release, containing almost 400 bugfixes, build
improvements and documentation changes since 3.13.0.
Security content in this release
gh-122792: Changed IPv4-mapped ipaddress.IPv6Address to consistently use the
mapped IPv4 address value for deciding properties. Properties which have their
behavior fixed are is_multicast, is_reserved, is_link_local, is_global, and
is_unspecified.
CVE-2024-9287: gh-124651: Properly quote template strings in venv activation
scripts.
gh-125140: Remove the current directory from sys.path when using PyREPL.
CVE-2024-12254: Unbounded memory buffering in
SelectorSocketTransport.writelines() fixed.
libdnf and libcomps fixes
Fix segfaults in iterators (Python 3.13.1 made this crash happen in regular
usage)
--------------------------------------------------------------------------------
ChangeLog:
* Wed Dec 11 2024 Miro Hrončok <mhroncok@redhat.com> - 0.1.21-4
- Python: Return self from iter(iterator) to prevent a segfault
- Fixes: rhbz#2331665
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2321657 - CVE-2024-9287 python3.13: Virtual environment (venv) activation scripts don't quote paths [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2321657
[ 2 ] Bug #2330562 - python3-libdnf segfaults when iterating over an iterator of a ConfigParser section
https://bugzilla.redhat.com/show_bug.cgi?id=2330562
[ 3 ] Bug #2330927 - CVE-2024-12254 python3.13: Unbounded memory buffering in SelectorSocketTransport.writelines() [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2330927
[ 4 ] Bug #2331665 - libcomps segfaults when iterating over and iterator from an iterator
https://bugzilla.redhat.com/show_bug.cgi?id=2331665
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-3c18fe0d93' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
