Fedora Security Advisories

• lemonldap-ng-2.21.3-1.fc42

See https://projects.ow2.org/view/lemonldap-ng/lemonldap-ng-2-21-3-is-out/

• lemonldap-ng-2.21.3-1.el10_1

See https://projects.ow2.org/view/lemonldap-ng/lemonldap-ng-2-21-3-is-out/

• lemonldap-ng-2.21.3-1.el10_0

See https://projects.ow2.org/view/lemonldap-ng/lemonldap-ng-2-21-3-is-out/

• lemonldap-ng-2.21.3-1.fc43

See https://projects.ow2.org/view/lemonldap-ng/lemonldap-ng-2-21-3-is-out/

• lemonldap-ng-2.21.3-1.el9

See https://projects.ow2.org/view/lemonldap-ng/lemonldap-ng-2-21-3-is-out/

• lemonldap-ng-2.21.3-1.fc41

See https://projects.ow2.org/view/lemonldap-ng/lemonldap-ng-2-21-3-is-out/

• lemonldap-ng-2.21.3-1.el10_2

See https://projects.ow2.org/view/lemonldap-ng/lemonldap-ng-2-21-3-is-out/

• lemonldap-ng-2.21.3-1.el8

See https://projects.ow2.org/view/lemonldap-ng/lemonldap-ng-2-21-3-is-out/

• perl-JSON-XS-4.04-1.fc41

This update updates perl-JSON-XS 4.04. This version fixes heap overflow causing crashes, possibly information disclosure or worse (CVE-2025-40928) and causes JSON::XS to accept invalid JSON texts as valid in some cases.

• perl-JSON-XS-4.04-1.fc43

This update updates perl-JSON-XS 4.04. This version fixes heap overflow causing crashes, possibly information disclosure or worse (CVE-2025-40928) and causes JSON::XS to accept invalid JSON texts as valid in some cases.

• perl-JSON-XS-4.04-1.fc42

This update updates perl-JSON-XS 4.04. This version fixes heap overflow causing crashes, possibly information disclosure or worse (CVE-2025-40928) and causes JSON::XS to accept invalid JSON texts as valid in some cases.

• perl-Plack-Middleware-Session-0.36-1.fc42

This update upgrade the package to version 0.36. This version fixes CVE-2025-40923 by using Crypt::SysRandom to generate secure session IDs.

• perl-Catalyst-Plugin-Session-0.44-1.fc42

This update upgrade the package to version 0.44. This version fixes CVE-2025-40924 by using Crypt::SysRandom to generate properly random session IDs.

• perl-Catalyst-Authentication-Credential-HTTP-1.019-1.fc42

This update upgrade the package to version 1.019. This version fixes CVE-2025-40920 by using Crypt::SysRandom to generate nonces instead of Data::UUID.

• libopenmpt-0.8.3-1.el10_2

• [Bug] libopenmpt is now compatible with most non-standard builds of libmpg123 which do not by default output signed 16bit PCM.
• [Bug] openmpt123: Pausing playback using the space key did not work since 0.8.0.
• [Bug] Windows 10 binaries wrongly targeted Windows 11 22H2. They now target Windows 10 2004.
• [Bug] in_openmpt: in_openmpt for Windows XP or later did not ever work in Winamp 2.x. We now provide a build specifically for Winamp 2.x in the Winamp2/ folder inside the retro.winxp package. The retro.win98 build was not affected.
• [Change] in_openmpt: Modern and legacy builds of in_openmpt now officially only support Winamp 5.x.
• IT: Even when the filter cutoff envelope is stopped before its first tick is applied, the filter should still be activated.
• mpg123: Update to v1.33.2 (2025-08-05).

• [Sec] Possible out-of-bounds sample data read in a specific combination of reverse sample playback + offset past sample loop.
• [Bug] Fixed pre-C++20 undefined behaviour due to left-shifting negative integer values.
• [New] Makefile now supports DragonFly BSD.
• openmpt123: FLAC multithreaded encoding has been enabled for Windows builds.
• Since libopenmpt 0.8.0, swapping between samples on the rear channels could introduce a click on the front channels.
• IT: Volume column slides no longer propagate their effect memory to the regular effect column volume slides.
• FC: Allow files with a sequence size of 0 to load (fixes a broken copy of cult.smod).
• ogg: Update to v1.3.6 (2025-06-16).

• libopenmpt-0.8.3-1.el10_0

• [Bug] libopenmpt is now compatible with most non-standard builds of libmpg123 which do not by default output signed 16bit PCM.
• [Bug] openmpt123: Pausing playback using the space key did not work since 0.8.0.
• [Bug] Windows 10 binaries wrongly targeted Windows 11 22H2. They now target Windows 10 2004.
• [Bug] in_openmpt: in_openmpt for Windows XP or later did not ever work in Winamp 2.x. We now provide a build specifically for Winamp 2.x in the Winamp2/ folder inside the retro.winxp package. The retro.win98 build was not affected.
• [Change] in_openmpt: Modern and legacy builds of in_openmpt now officially only support Winamp 5.x.
• IT: Even when the filter cutoff envelope is stopped before its first tick is applied, the filter should still be activated.
• mpg123: Update to v1.33.2 (2025-08-05).

• [Sec] Possible out-of-bounds sample data read in a specific combination of reverse sample playback + offset past sample loop.
• [Bug] Fixed pre-C++20 undefined behaviour due to left-shifting negative integer values.
• [New] Makefile now supports DragonFly BSD.
• openmpt123: FLAC multithreaded encoding has been enabled for Windows builds.
• Since libopenmpt 0.8.0, swapping between samples on the rear channels could introduce a click on the front channels.
• IT: Volume column slides no longer propagate their effect memory to the regular effect column volume slides.
• FC: Allow files with a sequence size of 0 to load (fixes a broken copy of cult.smod).
• ogg: Update to v1.3.6 (2025-06-16).

• libopenmpt-0.8.3-1.el8

• [Bug] libopenmpt is now compatible with most non-standard builds of libmpg123 which do not by default output signed 16bit PCM.
• [Bug] openmpt123: Pausing playback using the space key did not work since 0.8.0.
• [Bug] Windows 10 binaries wrongly targeted Windows 11 22H2. They now target Windows 10 2004.
• [Bug] in_openmpt: in_openmpt for Windows XP or later did not ever work in Winamp 2.x. We now provide a build specifically for Winamp 2.x in the Winamp2/ folder inside the retro.winxp package. The retro.win98 build was not affected.
• [Change] in_openmpt: Modern and legacy builds of in_openmpt now officially only support Winamp 5.x.
• IT: Even when the filter cutoff envelope is stopped before its first tick is applied, the filter should still be activated.
• mpg123: Update to v1.33.2 (2025-08-05).

• [Sec] Possible out-of-bounds sample data read in a specific combination of reverse sample playback + offset past sample loop.
• [Bug] Fixed pre-C++20 undefined behaviour due to left-shifting negative integer values.
• [New] Makefile now supports DragonFly BSD.
• openmpt123: FLAC multithreaded encoding has been enabled for Windows builds.
• Since libopenmpt 0.8.0, swapping between samples on the rear channels could introduce a click on the front channels.
• IT: Volume column slides no longer propagate their effect memory to the regular effect column volume slides.
• FC: Allow files with a sequence size of 0 to load (fixes a broken copy of cult.smod).
• ogg: Update to v1.3.6 (2025-06-16).

• libopenmpt-0.8.3-1.el10_1

• [Bug] libopenmpt is now compatible with most non-standard builds of libmpg123 which do not by default output signed 16bit PCM.
• [Bug] openmpt123: Pausing playback using the space key did not work since 0.8.0.
• [Bug] Windows 10 binaries wrongly targeted Windows 11 22H2. They now target Windows 10 2004.
• [Bug] in_openmpt: in_openmpt for Windows XP or later did not ever work in Winamp 2.x. We now provide a build specifically for Winamp 2.x in the Winamp2/ folder inside the retro.winxp package. The retro.win98 build was not affected.
• [Change] in_openmpt: Modern and legacy builds of in_openmpt now officially only support Winamp 5.x.
• IT: Even when the filter cutoff envelope is stopped before its first tick is applied, the filter should still be activated.
• mpg123: Update to v1.33.2 (2025-08-05).

• [Sec] Possible out-of-bounds sample data read in a specific combination of reverse sample playback + offset past sample loop.
• [Bug] Fixed pre-C++20 undefined behaviour due to left-shifting negative integer values.
• [New] Makefile now supports DragonFly BSD.
• openmpt123: FLAC multithreaded encoding has been enabled for Windows builds.
• Since libopenmpt 0.8.0, swapping between samples on the rear channels could introduce a click on the front channels.
• IT: Volume column slides no longer propagate their effect memory to the regular effect column volume slides.
• FC: Allow files with a sequence size of 0 to load (fixes a broken copy of cult.smod).
• ogg: Update to v1.3.6 (2025-06-16).

• libopenmpt-0.8.3-1.el9

• [Bug] libopenmpt is now compatible with most non-standard builds of libmpg123 which do not by default output signed 16bit PCM.
• [Bug] openmpt123: Pausing playback using the space key did not work since 0.8.0.
• [Bug] Windows 10 binaries wrongly targeted Windows 11 22H2. They now target Windows 10 2004.
• [Bug] in_openmpt: in_openmpt for Windows XP or later did not ever work in Winamp 2.x. We now provide a build specifically for Winamp 2.x in the Winamp2/ folder inside the retro.winxp package. The retro.win98 build was not affected.
• [Change] in_openmpt: Modern and legacy builds of in_openmpt now officially only support Winamp 5.x.
• IT: Even when the filter cutoff envelope is stopped before its first tick is applied, the filter should still be activated.
• mpg123: Update to v1.33.2 (2025-08-05).

• [Sec] Possible out-of-bounds sample data read in a specific combination of reverse sample playback + offset past sample loop.
• [Bug] Fixed pre-C++20 undefined behaviour due to left-shifting negative integer values.
• [New] Makefile now supports DragonFly BSD.
• openmpt123: FLAC multithreaded encoding has been enabled for Windows builds.
• Since libopenmpt 0.8.0, swapping between samples on the rear channels could introduce a click on the front channels.
• IT: Volume column slides no longer propagate their effect memory to the regular effect column volume slides.
• FC: Allow files with a sequence size of 0 to load (fixes a broken copy of cult.smod).
• ogg: Update to v1.3.6 (2025-06-16).

• linenoise-1.0-12.20200312git97d2850.fc42

CVE-2025-9810