Aggregator

FEDORA-2024-31e83b461d Packages in this update:

• cockpit-311.2-1.fc38

Update description:

sosreport: Fix command injection with crafted report names [CVE-2024-2947]

Version:next-20240402 (linux-next) Released:2024-04-02

FEDORA-2024-1ef4b14811 Packages in this update:

• dotnet8.0-8.0.103-1.fc38

Update description:

This is the March 2024 monthly update for .NET 8 for Fedora.

Release Notes: https://github.com/dotnet/core/blob/main/release-notes/8.0/8.0.3/8.0.3.md

FEDORA-2024-6462d0aa27 Packages in this update:

• dotnet8.0-8.0.103-1.fc39

Update description:

This is the March 2024 monthly update for .NET 8 for Fedora.

Release Notes: https://github.com/dotnet/core/blob/main/release-notes/8.0/8.0.3/8.0.3.md

FEDORA-2024-6574d3c361 Packages in this update:

• dotnet8.0-8.0.103-1.fc40

Update description:

This is the March 2024 monthly update for .NET 8 for Fedora.

Release Notes: https://github.com/dotnet/core/blob/main/release-notes/8.0/8.0.3/8.0.3.md

FEDORA-EPEL-2024-58f1740d29 Packages in this update:

• mbedtls-2.28.8-1.el9

Update description:

• Update to 2.28.8

Release notes: https://github.com/Mbed-TLS/mbedtls/releases/tag/v2.28.8

FEDORA-EPEL-2024-8791118dee Packages in this update:

• mbedtls-2.28.8-1.el8

Update description:

• Update to 2.28.8

Release notes: https://github.com/Mbed-TLS/mbedtls/releases/tag/v2.28.8

FEDORA-2024-a23b5f0783 Packages in this update:

• mbedtls-2.28.8-1.fc40

Update description:

• Update to 2.28.8

Release notes: https://github.com/Mbed-TLS/mbedtls/releases/tag/v2.28.8

FEDORA-2024-666210bd74 Packages in this update:

• mbedtls-2.28.8-1.fc39

Update description:

• Update to 2.28.8

Release notes: https://github.com/Mbed-TLS/mbedtls/releases/tag/v2.28.8

FEDORA-2024-1249d56928 Packages in this update:

• mbedtls-2.28.8-1.fc38

Update description:

• Update to 2.28.8

Release notes: https://github.com/Mbed-TLS/mbedtls/releases/tag/v2.28.8

FEDORA-EPEL-2024-d0d107787c Packages in this update:

• assimp-5.0.1-7.el8

Update description:

Security fix for CVE-2023-45661 CVE-2023-45662 CVE-2023-45663 CVE-2023-45664 CVE-2023-45666 CVE-2023-45667

Version:6.9-rc2 (mainline) Released:2024-03-31 Source:linux-6.9-rc2.tar.gz Patch:full (incremental)

FEDORA-2024-d351e7318e Packages in this update:

• c-ares-1.28.1-1.fc38

Update description:

1.28.1 fixes a significant bug in 1.28.0.

Update to 1.28.0. Also fixes CVE-2024-25629.

FEDORA-2024-9963d77dcb Packages in this update:

• c-ares-1.28.1-1.fc40

Update description:

1.28.1 fixes a significant bug in 1.28.0.

Update to 1.28.0. Also fixes CVE-2024-25629.

FEDORA-2024-835800b552 Packages in this update:

• c-ares-1.28.1-1.fc39

Update description:

1.28.1 fixes a significant bug in 1.28.0.

Update to 1.28.0. Also fixes CVE-2024-25629.

FEDORA-2024-ebf015aa4e Packages in this update:

• libvirt-sandbox-0.8.0-15.fc40

Update description:

rebuild to ensure vulnerable xz isn't statically linked

FEDORA-EPEL-2024-acb47e6aea Packages in this update:

• libopenmpt-0.7.6-1.el8

Update description: libopenmpt 0.7.6 (2024-03-24)

• [Sec] Potential heap out-of-bounds read or write past sample end with malformed sustain loops in SymMOD files (r20420).
• MED: Transposed samples were playing too low in some files (e.g. mix94.mmd1).
• OKT: Some files with garbage at the end were rejected (e.g. katharsis - piano lesson.okta).
• Compressor DMO: It was possible that the plugin would not behave as intended at mix rates above 500 kHz.
• Avoid re-allocating the loop state map contents on every playthrough of the module.

libopenmpt 0.7.5 (2024-03-17)

• [Sec] Null-pointer write (32bit platforms) or excessive memory allocation (64bit platforms) when reading close to 4GiB of data from unseekable files (r20336, r20338).
• [Sec] Write buffer overflow when reading unseekable files close to 4GiB in size (r20339).
• [Sec] Possible out-of-memory (32bit platforms) or excessive memory allocation (64bit platforms) when reading malformed data from unseekable files (r20340).
• [Sec] DMF: Possible null-pointer write or excessive memory allocation when reading DMF files (r20323).
• IT: In the previous version, Zxx macros in IT files made with older MPT versions were no longer working.
• There was a periodic click when playing a module using the Chorus or Flanger DMO plugin at a mix rate exceeding ~136.5 kHz.
• An older bugfix for undefined behaviour in the Distortion DMO plugin was incorrect, causing the distorted sound to be different in some situations.
• xmp-openmpt: Metadata retrievel for playlist items was broken.

libopenmpt 0.7.4 (2024-03-03)

• [Bug] Makefile: libopenmpt 0.7.3 broke running the test suite for Emscripten builds.
• openmpt123: openmpt123 now uses a narrower layout on terminal windows with a width of less than 72 characters.
• Setting all possible load_skip flags resulted in nothing being loaded at all, instead of just not loading the selected module parts.
• When playing all subsongs, set_position_seconds didn’t always calculate the correct subsong to jump to.
• IT: A few more compatibility flags are now disabled for modules saved with earlier Schism Tracker versions.
• IT: MIDI macros were reset in IT 2.14 / 2.15 files that declared to be compatible with older IT versions (fixes spx-visionsofthepast.it).
• OKT: Work around missing negative arpeggio implementation by transposing the notes up an octave.
• OKT: Channel volume commands were sometimes lost over less important effects.
• IMF: Ignore magic bytes in sample header. “Leaving All Behind” by Karsten Koch uses unexpected magic bytes, Orpheus ignores them just like the instrument header magic bytes.
• zlib: Update to v1.3.1 (2024-01-22).
• mpg123: Update to v1.32.5 (2024-02-17).
• pugixml: Update to v1.14 (2023-10-01).