Aggregator

FEDORA-EPEL-2025-0ed4170aed Packages in this update:

• lemonldap-ng-2.21.3-1.el8

Update description:

See https://projects.ow2.org/view/lemonldap-ng/lemonldap-ng-2-21-3-is-out/

Version:next-20250909 (linux-next) Released:2025-09-09

FEDORA-2025-86573bd5d5 Packages in this update:

• perl-JSON-XS-4.04-1.fc41

Update description:

This update updates perl-JSON-XS 4.04. This version fixes heap overflow causing crashes, possibly information disclosure or worse (CVE-2025-40928) and causes JSON::XS to accept invalid JSON texts as valid in some cases.

FEDORA-2025-8b24ea25bb Packages in this update:

• perl-JSON-XS-4.04-1.fc43

Update description:

This update updates perl-JSON-XS 4.04. This version fixes heap overflow causing crashes, possibly information disclosure or worse (CVE-2025-40928) and causes JSON::XS to accept invalid JSON texts as valid in some cases.

FEDORA-2025-53273e282c Packages in this update:

• perl-JSON-XS-4.04-1.fc42

Update description:

This update updates perl-JSON-XS 4.04. This version fixes heap overflow causing crashes, possibly information disclosure or worse (CVE-2025-40928) and causes JSON::XS to accept invalid JSON texts as valid in some cases.

Dean Rasheed discovered that PostgreSQL incorrectly handled access control lists. An attacker could possibly use this issue to obtain sensitive information. (CVE-2025-8713) Martin Rakhmanov, Matthieu Denais, and RyotaK discovered that the PostgreSQL pg_dump utility allowed untrusted data inclusion. A malicious superuser could use this issue to execute arbitrary code when a dump script is reloaded. (CVE-2025-8714) Noah Misch discovered that the PostgreSQL pg_dump utility incorrectly filtered line breaks in object names. An attacker could create object names that execute arbitrary SQL commands when a dump script is reloaded. (CVE-2025-8715)

It was discovered that LibEtPan incorrectly handled memory when parsing IMAP STATUS responses. A remote attacker could possibly use this issue to cause LibEtPan to crash, resulting in a denial of service.

Version:next-20250908 (linux-next) Released:2025-09-08

Greg Kuechle discovered that Bind incorrectly handled certain incremental zone updates. A remote attacker could possibly use this issue to cause Bind to crash, resulting in a denial of service. (CVE-2021-25214) Siva Kakarla discovered that Bind incorrectly handled certain DNAME records. A remote attacker could possibly use this issue to cause Bind to crash, resulting in a denial of service. (CVE-2021-25215) It was discovered that Bind incorrectly handled GSSAPI security policy negotiation. A remote attacker could use this issue to cause Bind to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2021-25216)

Version:6.17-rc5 (mainline) Released:2025-09-07 Source:linux-6.17-rc5.tar.gz Patch:full (incremental)

FEDORA-2025-ca07c36a0a Packages in this update:

• perl-Plack-Middleware-Session-0.36-1.fc42

Update description:

This update upgrade the package to version 0.36. This version fixes CVE-2025-40923 by using Crypt::SysRandom to generate secure session IDs.

FEDORA-2025-90d5989bee Packages in this update:

• perl-Catalyst-Plugin-Session-0.44-1.fc42

Update description:

This update upgrade the package to version 0.44. This version fixes CVE-2025-40924 by using Crypt::SysRandom to generate properly random session IDs.

FEDORA-2025-d72429a1f8 Packages in this update:

• perl-Catalyst-Authentication-Credential-HTTP-1.019-1.fc42

Update description:

This update upgrade the package to version 1.019. This version fixes CVE-2025-40920 by using Crypt::SysRandom to generate nonces instead of Data::UUID.

FEDORA-EPEL-2025-3f414a0955 Packages in this update:

• libopenmpt-0.8.3-1.el10_2

Update description: libopenmpt 0.8.3 (2025-09-06)

• [Bug] libopenmpt is now compatible with most non-standard builds of libmpg123 which do not by default output signed 16bit PCM.
• [Bug] openmpt123: Pausing playback using the space key did not work since 0.8.0.
• [Bug] Windows 10 binaries wrongly targeted Windows 11 22H2. They now target Windows 10 2004.
• [Bug] in_openmpt: in_openmpt for Windows XP or later did not ever work in Winamp 2.x. We now provide a build specifically for Winamp 2.x in the Winamp2/ folder inside the retro.winxp package. The retro.win98 build was not affected.
• [Change] in_openmpt: Modern and legacy builds of in_openmpt now officially only support Winamp 5.x.
• IT: Even when the filter cutoff envelope is stopped before its first tick is applied, the filter should still be activated.
• mpg123: Update to v1.33.2 (2025-08-05).

libopenmpt 0.8.2 (2025-07-19)

• [Sec] Possible out-of-bounds sample data read in a specific combination of reverse sample playback + offset past sample loop.
• [Bug] Fixed pre-C++20 undefined behaviour due to left-shifting negative integer values.
• [New] Makefile now supports DragonFly BSD.
• openmpt123: FLAC multithreaded encoding has been enabled for Windows builds.
• Since libopenmpt 0.8.0, swapping between samples on the rear channels could introduce a click on the front channels.
• IT: Volume column slides no longer propagate their effect memory to the regular effect column volume slides.
• FC: Allow files with a sequence size of 0 to load (fixes a broken copy of cult.smod).
• ogg: Update to v1.3.6 (2025-06-16).

FEDORA-EPEL-2025-dc43510de4 Packages in this update:

• libopenmpt-0.8.3-1.el10_0

Update description: libopenmpt 0.8.3 (2025-09-06)

• [Bug] libopenmpt is now compatible with most non-standard builds of libmpg123 which do not by default output signed 16bit PCM.
• [Bug] openmpt123: Pausing playback using the space key did not work since 0.8.0.
• [Bug] Windows 10 binaries wrongly targeted Windows 11 22H2. They now target Windows 10 2004.
• [Bug] in_openmpt: in_openmpt for Windows XP or later did not ever work in Winamp 2.x. We now provide a build specifically for Winamp 2.x in the Winamp2/ folder inside the retro.winxp package. The retro.win98 build was not affected.
• [Change] in_openmpt: Modern and legacy builds of in_openmpt now officially only support Winamp 5.x.
• IT: Even when the filter cutoff envelope is stopped before its first tick is applied, the filter should still be activated.
• mpg123: Update to v1.33.2 (2025-08-05).

libopenmpt 0.8.2 (2025-07-19)

• [Sec] Possible out-of-bounds sample data read in a specific combination of reverse sample playback + offset past sample loop.
• [Bug] Fixed pre-C++20 undefined behaviour due to left-shifting negative integer values.
• [New] Makefile now supports DragonFly BSD.
• openmpt123: FLAC multithreaded encoding has been enabled for Windows builds.
• Since libopenmpt 0.8.0, swapping between samples on the rear channels could introduce a click on the front channels.
• IT: Volume column slides no longer propagate their effect memory to the regular effect column volume slides.
• FC: Allow files with a sequence size of 0 to load (fixes a broken copy of cult.smod).
• ogg: Update to v1.3.6 (2025-06-16).

FEDORA-EPEL-2025-8aaa96c683 Packages in this update:

• libopenmpt-0.8.3-1.el8

Update description: libopenmpt 0.8.3 (2025-09-06)

• [Bug] libopenmpt is now compatible with most non-standard builds of libmpg123 which do not by default output signed 16bit PCM.
• [Bug] openmpt123: Pausing playback using the space key did not work since 0.8.0.
• [Bug] Windows 10 binaries wrongly targeted Windows 11 22H2. They now target Windows 10 2004.
• [Bug] in_openmpt: in_openmpt for Windows XP or later did not ever work in Winamp 2.x. We now provide a build specifically for Winamp 2.x in the Winamp2/ folder inside the retro.winxp package. The retro.win98 build was not affected.
• [Change] in_openmpt: Modern and legacy builds of in_openmpt now officially only support Winamp 5.x.
• IT: Even when the filter cutoff envelope is stopped before its first tick is applied, the filter should still be activated.
• mpg123: Update to v1.33.2 (2025-08-05).

libopenmpt 0.8.2 (2025-07-19)

• [Sec] Possible out-of-bounds sample data read in a specific combination of reverse sample playback + offset past sample loop.
• [Bug] Fixed pre-C++20 undefined behaviour due to left-shifting negative integer values.
• [New] Makefile now supports DragonFly BSD.
• openmpt123: FLAC multithreaded encoding has been enabled for Windows builds.
• Since libopenmpt 0.8.0, swapping between samples on the rear channels could introduce a click on the front channels.
• IT: Volume column slides no longer propagate their effect memory to the regular effect column volume slides.
• FC: Allow files with a sequence size of 0 to load (fixes a broken copy of cult.smod).
• ogg: Update to v1.3.6 (2025-06-16).

FEDORA-EPEL-2025-3f99ee4dca Packages in this update:

• libopenmpt-0.8.3-1.el10_1

Update description: libopenmpt 0.8.3 (2025-09-06)

• [Bug] libopenmpt is now compatible with most non-standard builds of libmpg123 which do not by default output signed 16bit PCM.
• [Bug] openmpt123: Pausing playback using the space key did not work since 0.8.0.
• [Bug] Windows 10 binaries wrongly targeted Windows 11 22H2. They now target Windows 10 2004.
• [Bug] in_openmpt: in_openmpt for Windows XP or later did not ever work in Winamp 2.x. We now provide a build specifically for Winamp 2.x in the Winamp2/ folder inside the retro.winxp package. The retro.win98 build was not affected.
• [Change] in_openmpt: Modern and legacy builds of in_openmpt now officially only support Winamp 5.x.
• IT: Even when the filter cutoff envelope is stopped before its first tick is applied, the filter should still be activated.
• mpg123: Update to v1.33.2 (2025-08-05).

libopenmpt 0.8.2 (2025-07-19)

• [Sec] Possible out-of-bounds sample data read in a specific combination of reverse sample playback + offset past sample loop.
• [Bug] Fixed pre-C++20 undefined behaviour due to left-shifting negative integer values.
• [New] Makefile now supports DragonFly BSD.
• openmpt123: FLAC multithreaded encoding has been enabled for Windows builds.
• Since libopenmpt 0.8.0, swapping between samples on the rear channels could introduce a click on the front channels.
• IT: Volume column slides no longer propagate their effect memory to the regular effect column volume slides.
• FC: Allow files with a sequence size of 0 to load (fixes a broken copy of cult.smod).
• ogg: Update to v1.3.6 (2025-06-16).

FEDORA-EPEL-2025-305ac41026 Packages in this update:

• libopenmpt-0.8.3-1.el9

Update description: libopenmpt 0.8.3 (2025-09-06)

• [Bug] libopenmpt is now compatible with most non-standard builds of libmpg123 which do not by default output signed 16bit PCM.
• [Bug] openmpt123: Pausing playback using the space key did not work since 0.8.0.
• [Bug] Windows 10 binaries wrongly targeted Windows 11 22H2. They now target Windows 10 2004.
• [Bug] in_openmpt: in_openmpt for Windows XP or later did not ever work in Winamp 2.x. We now provide a build specifically for Winamp 2.x in the Winamp2/ folder inside the retro.winxp package. The retro.win98 build was not affected.
• [Change] in_openmpt: Modern and legacy builds of in_openmpt now officially only support Winamp 5.x.
• IT: Even when the filter cutoff envelope is stopped before its first tick is applied, the filter should still be activated.
• mpg123: Update to v1.33.2 (2025-08-05).

libopenmpt 0.8.2 (2025-07-19)

• [Sec] Possible out-of-bounds sample data read in a specific combination of reverse sample playback + offset past sample loop.
• [Bug] Fixed pre-C++20 undefined behaviour due to left-shifting negative integer values.
• [New] Makefile now supports DragonFly BSD.
• openmpt123: FLAC multithreaded encoding has been enabled for Windows builds.
• Since libopenmpt 0.8.0, swapping between samples on the rear channels could introduce a click on the front channels.
• IT: Volume column slides no longer propagate their effect memory to the regular effect column volume slides.
• FC: Allow files with a sequence size of 0 to load (fixes a broken copy of cult.smod).
• ogg: Update to v1.3.6 (2025-06-16).

FEDORA-2025-b83972992e Packages in this update:

• linenoise-1.0-12.20200312git97d2850.fc42

Update description:

CVE-2025-9810