The following two new security updates are available for Fedora Linux 40:

Fedora 40 Update: kitty-0.35.1-4.fc40
Fedora 40 Update: webkitgtk-2.44.2-2.fc40

Fedora 40 Update: kitty-0.35.1-4.fc40

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-15039ba9f9
2024-06-19 02:04:18.080114
--------------------------------------------------------------------------------

Name : kitty
Product : Fedora 40
Version : 0.35.1
Release : 4.fc40
URL : https://sw.kovidgoyal.net/kitty
Summary : Cross-platform, fast, feature full, GPU based terminal emulator
Description :
- Offloads rendering to the GPU for lower system load and buttery smooth
scrolling. Uses threaded rendering to minimize input latency.

- Supports all modern terminal features: graphics (images), unicode, true-color,
OpenType ligatures, mouse protocol, focus tracking, bracketed paste and
several new terminal protocol extensions.

- Supports tiling multiple terminal windows side by side in different layouts
without needing to use an extra program like tmux.

- Can be controlled from scripts or the shell prompt, even over SSH.

- Has a framework for Kittens, small terminal programs that can be used to
extend kitty's functionality. For example, they are used for Unicode input,
Hints and Side-by-side diff.

- Supports startup sessions which allow you to specify the window/tab layout,
working directories and programs to run on startup.

- Cross-platform: kitty works on Linux and macOS, but because it uses only
OpenGL for rendering, it should be trivial to port to other Unix-like
platforms.

- Allows you to open the scrollback buffer in a separate window using arbitrary
programs of your choice. This is useful for browsing the history comfortably
in a pager or editor.

- Has multiple copy/paste buffers, like vim.

--------------------------------------------------------------------------------
Update Information:

rebuild for rhbz#2292712
--------------------------------------------------------------------------------
ChangeLog:

* Mon Jun 17 2024 Pavel Solovev [daron439@gmail.com] - 0.35.1-4
- rebuild for rhbz#2292712
* Thu Jun 13 2024 Pavel Solovev [daron439@gmail.com] - 0.35.1-3
- patch for python 3.13 (rhbz#2265524)
* Sat Jun 8 2024 Python Maint - 0.35.1-2
- Rebuilt for Python 3.13
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2292712 - CVE-2024-24789 kitty: golang: archive/zip: Incorrect handling of certain ZIP files [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2292712
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-15039ba9f9' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--

Fedora 40 Update: webkitgtk-2.44.2-2.fc40

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-4d71f28349
2024-06-19 02:04:18.079913
--------------------------------------------------------------------------------

Name : webkitgtk
Product : Fedora 40
Version : 2.44.2
Release : 2.fc40
URL : https://www.webkitgtk.org/
Summary : GTK web content engine library
Description :
WebKitGTK is the port of the WebKit web rendering engine to the
GTK platform.

--------------------------------------------------------------------------------
Update Information:

Update to 2.44.2:
Make gamepads visible on axis movements, and not only on button presses.
Disable the gst-libav AAC decoder.
Make user scripts and style sheets visible in the Web Inspector.
Use the geolocation portal where available, with the existing geoclue as
fallback if the portal is not usable.
Use the printing portal when running sandboxed.
Use the file transfer portal for drag and drop when running sandboxed.
Avoid notifying an empty cursor rectangle to input methods.
Remove empty bar shown in detached inspector windows.
Consider keycode when activating application accelerators.
Fix several crashes and rendering issues.
Fix CVE-2024-27834
--------------------------------------------------------------------------------
ChangeLog:

* Sat Jun 8 2024 Michael Catanzaro [mcatanzaro@redhat.com] - 2.44.2-2
- Bump revision to rebuild against GStreamer 1.24
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2282415 - CVE-2024-27834 webkitgtk: webkit: pointer authentication bypass [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2282415
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-4d71f28349' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--