Fedora 39 Update: chromium-124.0.6367.155-1.fc39
Fedora 39 Update: stb-0^20240213gitae721c5-6.fc39
Fedora 38 Update: stb-0^20240213gitae721c5-5.fc38
Fedora 40 Update: chromium-124.0.6367.155-1.fc40
Fedora 40 Update: php-wikimedia-cdb-3.0.0-1.fc40
Fedora 40 Update: mediawiki-1.41.1-1.fc40
Fedora 40 Update: tcpdump-4.99.4-7.fc40
Fedora 40 Update: php-wikimedia-utfnormal-4.0.0-1.fc40
Fedora 40 Update: stb-0^20240213gitae721c5-6.fc40
Fedora 39 Update: chromium-124.0.6367.155-1.fc39
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-55e7e839f1
2024-05-11 02:21:29.208748
--------------------------------------------------------------------------------
Name : chromium
Product : Fedora 39
Version : 124.0.6367.155
Release : 1.fc39
URL : http://www.chromium.org/Home
Summary : A WebKit (Blink) powered web browser that Google doesn't want you to use
Description :
Chromium is an open-source web browser, powered by WebKit (Blink).
--------------------------------------------------------------------------------
Update Information:
update to 124.0.6367.155
High CVE-2024-4558: Use after free in ANGLE
High CVE-2024-4559: Heap buffer overflow in WebAudio
--------------------------------------------------------------------------------
ChangeLog:
* Wed May 8 2024 Than Ngo [than@redhat.com] - 124.0.6367.155-1
- update to 124.0.6367.155
* High CVE-2024-4558: Use after free in ANGLE
* High CVE-2024-4559: Heap buffer overflow in WebAudio
* Sun May 5 2024 Than Ngo [than@redhat.com] - 124.0.6367.118-2
- fixed build errors on el8
- refreshed clean_ffmpeg.sh
- added missing files for bundle ffmpeg
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2274695 - CVE-2023-49528 chromium: FFmpeg: Heap Buffer Overflow vulnerability [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2274695
[ 2 ] Bug #2275841 - CVE-2024-31578 CVE-2024-31581 CVE-2024-31582 CVE-2024-31585 chromium: ffmpeg: multiple vulnerabilities [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2275841
[ 3 ] Bug #2276116 - CVE-2023-49501 CVE-2023-49502 CVE-2023-51791 CVE-2023-51792 CVE-2023-51793 chromium: ffmpeg: multiple vulnerabilities [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2276116
[ 4 ] Bug #2276123 - CVE-2023-51795 CVE-2023-51796 CVE-2023-51797 CVE-2023-51798 chromium: ffmpeg: multiple vulnerabilites [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2276123
[ 5 ] Bug #2276130 - CVE-2023-50007 CVE-2023-50008 CVE-2023-50009 CVE-2023-50010 chromium: ffmpeg: multiple vulnerabilitites [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2276130
[ 6 ] Bug #2278765 - CVE-2024-4331 chromium: chromium-browser: Use after free in Picture In Picture [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2278765
[ 7 ] Bug #2278766 - CVE-2024-4331 chromium: chromium-browser: Use after free in Picture In Picture [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2278766
[ 8 ] Bug #2278770 - CVE-2024-4368 chromium: chromium-browser: Use after free in Dawn [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2278770
[ 9 ] Bug #2278771 - CVE-2024-4368 chromium: chromium-browser: Use after free in Dawn [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2278771
[ 10 ] Bug #2279687 - CVE-2024-4559 chromium: chromium-browser: Heap buffer overflow in WebAudio [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2279687
[ 11 ] Bug #2279688 - CVE-2024-4559 chromium: chromium-browser: Heap buffer overflow in WebAudio [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2279688
[ 12 ] Bug #2279690 - CVE-2024-4558 chromium: chromium-browser: Use after free in ANGLE [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2279690
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-55e7e839f1' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
Fedora 39 Update: stb-0^20240213gitae721c5-6.fc39
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-4c8d4cda0d
2024-05-11 02:21:29.208699
--------------------------------------------------------------------------------
Name : stb
Product : Fedora 39
Version : 0^20240213gitae721c5
Release : 6.fc39
URL : https://github.com/nothings/stb
Summary : Single-file public domain libraries for C/C++
Description :
Single-file public domain libraries for C/C++.
--------------------------------------------------------------------------------
Update Information:
Security fix for CVE-2023-45681 / CVE-2023-47212
--------------------------------------------------------------------------------
ChangeLog:
* Thu May 2 2024 Benjamin A. Beasley [code@musicinmybrain.net] - 0^20240213gitae721c5-6
- Patch for GHSL-2023-171/CVE-2023-45681/CVE-2023-47212
* Thu May 2 2024 Benjamin A. Beasley [code@musicinmybrain.net] - 0^20240213gitae721c5-5
- Fix a description to use American English orthography
* Thu May 2 2024 David Abdurachmanov [davidlt@rivosinc.com] - 0^20240213gitae721c5-2
- Fix compile error on riscv64
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2278401 - CVE-2023-47212 stb: stb_vorbis.c comment heap-based buffer overflow vulnerability
https://bugzilla.redhat.com/show_bug.cgi?id=2278401
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-4c8d4cda0d' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
Fedora 38 Update: stb-0^20240213gitae721c5-5.fc38
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-5e5d8c2581
2024-05-11 01:36:38.084622
--------------------------------------------------------------------------------
Name : stb
Product : Fedora 38
Version : 0^20240213gitae721c5
Release : 5.fc38
URL : https://github.com/nothings/stb
Summary : Single-file public domain libraries for C/C++
Description :
Single-file public domain libraries for C/C++.
--------------------------------------------------------------------------------
Update Information:
Security fix for CVE-2023-45681 / CVE-2023-47212
--------------------------------------------------------------------------------
ChangeLog:
* Thu May 2 2024 Benjamin A. Beasley [code@musicinmybrain.net] - 0^20240213gitae721c5-5
- Patch for GHSL-2023-171/CVE-2023-45681/CVE-2023-47212
* Thu May 2 2024 Benjamin A. Beasley [code@musicinmybrain.net] - 0^20240213gitae721c5-4
- Fix a description to use American English orthography
* Thu May 2 2024 David Abdurachmanov [davidlt@rivosinc.com] - 0^20240213gitae721c5-2
- Fix compile error on riscv64
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2278401 - CVE-2023-47212 stb: stb_vorbis.c comment heap-based buffer overflow vulnerability
https://bugzilla.redhat.com/show_bug.cgi?id=2278401
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-5e5d8c2581' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
Fedora 40 Update: chromium-124.0.6367.155-1.fc40
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-92780a83f9
2024-05-11 01:29:32.567833
--------------------------------------------------------------------------------
Name : chromium
Product : Fedora 40
Version : 124.0.6367.155
Release : 1.fc40
URL : http://www.chromium.org/Home
Summary : A WebKit (Blink) powered web browser that Google doesn't want you to use
Description :
Chromium is an open-source web browser, powered by WebKit (Blink).
--------------------------------------------------------------------------------
Update Information:
update to 124.0.6367.155
High CVE-2024-4558: Use after free in ANGLE
High CVE-2024-4559: Heap buffer overflow in WebAudio
--------------------------------------------------------------------------------
ChangeLog:
* Wed May 8 2024 Than Ngo [than@redhat.com] - 124.0.6367.155-1
- update to 124.0.6367.155
* High CVE-2024-4558: Use after free in ANGLE
* High CVE-2024-4559: Heap buffer overflow in WebAudio
* Sun May 5 2024 Than Ngo [than@redhat.com] - 124.0.6367.118-2
- fixed build errors on el8
- refreshed clean_ffmpeg.sh
- added missing files for bundle ffmpeg
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2274695 - CVE-2023-49528 chromium: FFmpeg: Heap Buffer Overflow vulnerability [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2274695
[ 2 ] Bug #2275841 - CVE-2024-31578 CVE-2024-31581 CVE-2024-31582 CVE-2024-31585 chromium: ffmpeg: multiple vulnerabilities [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2275841
[ 3 ] Bug #2276116 - CVE-2023-49501 CVE-2023-49502 CVE-2023-51791 CVE-2023-51792 CVE-2023-51793 chromium: ffmpeg: multiple vulnerabilities [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2276116
[ 4 ] Bug #2276123 - CVE-2023-51795 CVE-2023-51796 CVE-2023-51797 CVE-2023-51798 chromium: ffmpeg: multiple vulnerabilites [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2276123
[ 5 ] Bug #2276130 - CVE-2023-50007 CVE-2023-50008 CVE-2023-50009 CVE-2023-50010 chromium: ffmpeg: multiple vulnerabilitites [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2276130
[ 6 ] Bug #2278765 - CVE-2024-4331 chromium: chromium-browser: Use after free in Picture In Picture [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2278765
[ 7 ] Bug #2278766 - CVE-2024-4331 chromium: chromium-browser: Use after free in Picture In Picture [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2278766
[ 8 ] Bug #2278770 - CVE-2024-4368 chromium: chromium-browser: Use after free in Dawn [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2278770
[ 9 ] Bug #2278771 - CVE-2024-4368 chromium: chromium-browser: Use after free in Dawn [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2278771
[ 10 ] Bug #2279687 - CVE-2024-4559 chromium: chromium-browser: Heap buffer overflow in WebAudio [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2279687
[ 11 ] Bug #2279688 - CVE-2024-4559 chromium: chromium-browser: Heap buffer overflow in WebAudio [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2279688
[ 12 ] Bug #2279690 - CVE-2024-4558 chromium: chromium-browser: Use after free in ANGLE [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2279690
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-92780a83f9' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
Fedora 40 Update: php-wikimedia-cdb-3.0.0-1.fc40
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-2c564b942d
2024-05-11 01:29:32.567764
--------------------------------------------------------------------------------
Name : php-wikimedia-cdb
Product : Fedora 40
Version : 3.0.0
Release : 1.fc40
URL : http://www.mediawiki.org/wiki/CDB
Summary : CDB functions for PHP
Description :
CDB, short for "constant database", refers to a very fast and highly reliable
database system which uses a simple file with key value pairs. This library
wraps the CDB functionality exposed in PHP via the dba_* functions. In cases
where dba_* functions are not present or are not compiled with CDB support,
a pure-PHP implementation is provided for falling back.
--------------------------------------------------------------------------------
Update Information:
https://www.mediawiki.org/wiki/Release_notes/1.41
--------------------------------------------------------------------------------
ChangeLog:
* Fri May 3 2024 Michael Cronenworth [mike@cchtml.com] - 3.0.0-1
- version update
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2240808 - CVE-2023-3550 mediawiki: stored XSS leads to privilege escalation [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2240808
[ 2 ] Bug #2241397 - mediawiki-1.41.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2241397
[ 3 ] Bug #2247804 - CVE-2023-45360 mediawiki: XSS in youhavenewmessagesmanyusers and youhavenewmessages i18n messages [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2247804
[ 4 ] Bug #2247806 - CVE-2023-45362 mediawiki: diff-multi-sameuser ("X intermediate revisions by the same user not shown") ignores username suppression [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2247806
[ 5 ] Bug #2255583 - CVE-2023-51704 mediawiki: group-.*-member messages are not properly escaped on Special:log/rights [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2255583
[ 6 ] Bug #2261492 - php-oojs-oojs-ui: FTBFS in Fedora rawhide/f40
https://bugzilla.redhat.com/show_bug.cgi?id=2261492
[ 7 ] Bug #2278773 - mediawiki: XSS in edit summary parser [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2278773
[ 8 ] Bug #2278774 - mediawiki: denial of service via GET request to Special:MovePage [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2278774
[ 9 ] Bug #2279230 - CVE-2024-34507 mediawiki: cross-site scripting [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2279230
[ 10 ] Bug #2279232 - CVE-2024-34506 mediawiki: denial of service [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2279232
[ 11 ] Bug #2279234 - CVE-2024-34500 mediawiki: XSS through interface message in UnlinkedWikibase [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2279234
[ 12 ] Bug #2279239 - CVE-2024-34502 mediawiki: MergeLexemes makes edits on GET requests without edit tokens [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2279239
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-2c564b942d' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
Fedora 40 Update: mediawiki-1.41.1-1.fc40
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-2c564b942d
2024-05-11 01:29:32.567764
--------------------------------------------------------------------------------
Name : mediawiki
Product : Fedora 40
Version : 1.41.1
Release : 1.fc40
URL : https://www.mediawiki.org/
Summary : A wiki engine
Description :
MediaWiki is the software used for Wikipedia and the other Wikimedia
Foundation websites. Compared to other wikis, it has an excellent
range of features and support for high-traffic websites using multiple
servers
This package supports wiki farms. Read the instructions for creating wiki
instances under /usr/share/doc/mediawiki/README.RPM.
Remember to remove the config dir after completing the configuration.
--------------------------------------------------------------------------------
Update Information:
https://www.mediawiki.org/wiki/Release_notes/1.41
--------------------------------------------------------------------------------
ChangeLog:
* Fri May 3 2024 Michael Cronenworth [mike@cchtml.com] - 1.41.1-1
- Update to 1.41.1
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2240808 - CVE-2023-3550 mediawiki: stored XSS leads to privilege escalation [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2240808
[ 2 ] Bug #2241397 - mediawiki-1.41.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2241397
[ 3 ] Bug #2247804 - CVE-2023-45360 mediawiki: XSS in youhavenewmessagesmanyusers and youhavenewmessages i18n messages [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2247804
[ 4 ] Bug #2247806 - CVE-2023-45362 mediawiki: diff-multi-sameuser ("X intermediate revisions by the same user not shown") ignores username suppression [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2247806
[ 5 ] Bug #2255583 - CVE-2023-51704 mediawiki: group-.*-member messages are not properly escaped on Special:log/rights [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2255583
[ 6 ] Bug #2261492 - php-oojs-oojs-ui: FTBFS in Fedora rawhide/f40
https://bugzilla.redhat.com/show_bug.cgi?id=2261492
[ 7 ] Bug #2278773 - mediawiki: XSS in edit summary parser [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2278773
[ 8 ] Bug #2278774 - mediawiki: denial of service via GET request to Special:MovePage [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2278774
[ 9 ] Bug #2279230 - CVE-2024-34507 mediawiki: cross-site scripting [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2279230
[ 10 ] Bug #2279232 - CVE-2024-34506 mediawiki: denial of service [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2279232
[ 11 ] Bug #2279234 - CVE-2024-34500 mediawiki: XSS through interface message in UnlinkedWikibase [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2279234
[ 12 ] Bug #2279239 - CVE-2024-34502 mediawiki: MergeLexemes makes edits on GET requests without edit tokens [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2279239
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-2c564b942d' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
Fedora 40 Update: tcpdump-4.99.4-7.fc40
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-e375e28b45
2024-05-11 01:29:32.567772
--------------------------------------------------------------------------------
Name : tcpdump
Product : Fedora 40
Version : 4.99.4
Release : 7.fc40
URL : http://www.tcpdump.org
Summary : A network traffic monitoring tool
Description :
Tcpdump is a command-line tool for monitoring network traffic.
Tcpdump can capture and display the packet headers on a particular
network interface or on all interfaces. Tcpdump can display all of
the packet headers, or just the ones that match particular criteria.
Install tcpdump if you need a program to monitor network traffic.
--------------------------------------------------------------------------------
Update Information:
Fix for CVE-2024-2397
--------------------------------------------------------------------------------
ChangeLog:
* Sun May 5 2024 Michal Ruprich [mruprich@redhat.com] - 14:4.99.4-7
- Resolves: #2274793 - Crafted .pcap file may lead to Denial of Service
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2274793 - TRIAGE CVE-2024-2397 tcpdump: Crafted .pcap file may lead to Denial of Service [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2274793
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-e375e28b45' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
Fedora 40 Update: php-wikimedia-utfnormal-4.0.0-1.fc40
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-2c564b942d
2024-05-11 01:29:32.567764
--------------------------------------------------------------------------------
Name : php-wikimedia-utfnormal
Product : Fedora 40
Version : 4.0.0
Release : 1.fc40
URL : http://www.mediawiki.org/wiki/Utfnormal
Summary : Unicode normalization functions
Description :
utfnormal is a library that contains unicode normalization functions. It was
split out of MediaWiki core during the 1.25 development cycle.
--------------------------------------------------------------------------------
Update Information:
https://www.mediawiki.org/wiki/Release_notes/1.41
--------------------------------------------------------------------------------
ChangeLog:
* Fri May 3 2024 Michael Cronenworth [mike@cchtml.com] - 4.0.0-1
- version update
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2240808 - CVE-2023-3550 mediawiki: stored XSS leads to privilege escalation [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2240808
[ 2 ] Bug #2241397 - mediawiki-1.41.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2241397
[ 3 ] Bug #2247804 - CVE-2023-45360 mediawiki: XSS in youhavenewmessagesmanyusers and youhavenewmessages i18n messages [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2247804
[ 4 ] Bug #2247806 - CVE-2023-45362 mediawiki: diff-multi-sameuser ("X intermediate revisions by the same user not shown") ignores username suppression [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2247806
[ 5 ] Bug #2255583 - CVE-2023-51704 mediawiki: group-.*-member messages are not properly escaped on Special:log/rights [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2255583
[ 6 ] Bug #2261492 - php-oojs-oojs-ui: FTBFS in Fedora rawhide/f40
https://bugzilla.redhat.com/show_bug.cgi?id=2261492
[ 7 ] Bug #2278773 - mediawiki: XSS in edit summary parser [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2278773
[ 8 ] Bug #2278774 - mediawiki: denial of service via GET request to Special:MovePage [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2278774
[ 9 ] Bug #2279230 - CVE-2024-34507 mediawiki: cross-site scripting [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2279230
[ 10 ] Bug #2279232 - CVE-2024-34506 mediawiki: denial of service [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2279232
[ 11 ] Bug #2279234 - CVE-2024-34500 mediawiki: XSS through interface message in UnlinkedWikibase [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2279234
[ 12 ] Bug #2279239 - CVE-2024-34502 mediawiki: MergeLexemes makes edits on GET requests without edit tokens [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2279239
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-2c564b942d' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
Fedora 40 Update: stb-0^20240213gitae721c5-6.fc40
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-8f4d69d2ec
2024-05-11 01:29:32.567673
--------------------------------------------------------------------------------
Name : stb
Product : Fedora 40
Version : 0^20240213gitae721c5
Release : 6.fc40
URL : https://github.com/nothings/stb
Summary : Single-file public domain libraries for C/C++
Description :
Single-file public domain libraries for C/C++.
--------------------------------------------------------------------------------
Update Information:
Security fix for CVE-2023-45681 / CVE-2023-47212
--------------------------------------------------------------------------------
ChangeLog:
* Thu May 2 2024 Benjamin A. Beasley [code@musicinmybrain.net] - 0^20240213gitae721c5-6
- Patch for GHSL-2023-171/CVE-2023-45681/CVE-2023-47212
* Wed Apr 3 2024 Benjamin A. Beasley [code@musicinmybrain.net] - 0^20240213gitae721c5-5
- Fix a description to use American English orthography
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2278401 - CVE-2023-47212 stb: stb_vorbis.c comment heap-based buffer overflow vulnerability
https://bugzilla.redhat.com/show_bug.cgi?id=2278401
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-8f4d69d2ec' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
