ALT-BU-2024-11613-1
Branch sisyphus_loongarch64 update bulletin.
Package gem-rails updated to version 6.1.7.8-alt1 for branch sisyphus_loongarch64.
Closed vulnerabilities
Modified: 2024-12-06
CVE-2024-28103
Action Pack is a framework for handling and responding to web requests. Since 6.1.0, the application configurable Permissions-Policy is only served on responses with an HTML related Content-Type. This vulnerability is fixed in 6.1.7.8, 7.0.8.2, and 7.1.3.3.
- https://github.com/rails/rails/commit/35858f1d9d57f6c4050a8d9ab754bd5d088b4523
- https://github.com/rails/rails/commit/35858f1d9d57f6c4050a8d9ab754bd5d088b4523
- https://github.com/rails/rails/security/advisories/GHSA-fwhr-88qx-h9g7
- https://github.com/rails/rails/security/advisories/GHSA-fwhr-88qx-h9g7
- https://security.netapp.com/advisory/ntap-20241206-0002/
Package php8.2 updated to version 8.2.22-alt1 for branch sisyphus_loongarch64.
Closed bugs
Отсутствие плагина auth_plugin_caching_sha2_password в драйвере mysqlnd для php8.1
Package php8.3 updated to version 8.3.10-alt1 for branch sisyphus_loongarch64.
Closed bugs
Отсутствие плагина auth_plugin_caching_sha2_password в драйвере mysqlnd для php8.1
Package libxml2 updated to version 2.12.9-alt1 for branch sisyphus_loongarch64.
Closed vulnerabilities
Modified: 2025-02-28
CVE-2024-40896
In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can produce events for external entities even if custom SAX handlers try to override entity content (by setting "checked"). This makes classic XXE attacks possible.
Package flexiblas updated to version 3.4.4-alt3 for branch sisyphus_loongarch64.
Closed bugs
Аварийный останов при импорте модуля cv2, так как не установлен flexiblas-netlib