ALT-BU-2024-3967-1
Branch sisyphus_loongarch64 update bulletin.
Package zlib updated to version 1.3.1-alt1 for branch sisyphus_loongarch64.
Closed vulnerabilities
BDU:2023-07116
Уязвимость функции zipOpenNewFileInZip4_64() пакета MiniZip библиотеки zlib, позволяющая нарушителю оказать воздействие на целостность, доступность и конфиденциальность защищаемой информации
Modified: 2024-12-20
CVE-2023-45853
MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip4_64 via a long filename, comment, or extra field. NOTE: MiniZip is not a supported part of the zlib product. NOTE: pyminizip through 0.2.6 is also vulnerable because it bundles an affected zlib version, and exposes the applicable MiniZip code through its compress API.
- [oss-security] 20231020 CVE-2023-45853: overflows in MiniZip in zlib through 1.3
- [oss-security] 20231020 CVE-2023-45853: overflows in MiniZip in zlib through 1.3
- [oss-security] 20240124 Re: CVE-2023-45853: overflows in MiniZip in zlib through 1.3
- [oss-security] 20240124 Re: CVE-2023-45853: overflows in MiniZip in zlib through 1.3
- https://chromium.googlesource.com/chromium/src/+/d709fb23806858847131027da95ef4c548813356
- https://chromium.googlesource.com/chromium/src/+/d709fb23806858847131027da95ef4c548813356
- https://chromium.googlesource.com/chromium/src/+/de29dd6c7151d3cd37cb4cf0036800ddfb1d8b61
- https://chromium.googlesource.com/chromium/src/+/de29dd6c7151d3cd37cb4cf0036800ddfb1d8b61
- https://github.com/madler/zlib/blob/ac8f12c97d1afd9bafa9c710f827d40a407d3266/contrib/README.contrib#L1-L4
- https://github.com/madler/zlib/blob/ac8f12c97d1afd9bafa9c710f827d40a407d3266/contrib/README.contrib#L1-L4
- https://github.com/madler/zlib/pull/843
- https://github.com/madler/zlib/pull/843
- [debian-lts-announce] 20231127 [SECURITY] [DLA 3670-1] minizip security update
- [debian-lts-announce] 20231127 [SECURITY] [DLA 3670-1] minizip security update
- https://pypi.org/project/pyminizip/#history
- https://pypi.org/project/pyminizip/#history
- GLSA-202401-18
- GLSA-202401-18
- https://security.netapp.com/advisory/ntap-20231130-0009/
- https://security.netapp.com/advisory/ntap-20231130-0009/
- https://www.winimage.com/zLibDll/minizip.html
- https://www.winimage.com/zLibDll/minizip.html
Package thunderbird updated to version 115.8.1-alt1 for branch sisyphus_loongarch64.
Closed vulnerabilities
Modified: 2024-11-26
CVE-2024-1936
The encrypted subject of an email message could be incorrectly and permanently assigned to an arbitrary other email message in Thunderbird's local cache. Consequently, when replying to the contaminated email message, the user might accidentally leak the confidential subject to a third-party. While this update fixes the bug and avoids future message contamination, it does not automatically repair existing contaminations. Users are advised to use the repair folder functionality, which is available from the context menu of email folders, which will erase incorrect subject assignments. This vulnerability affects Thunderbird < 115.8.1.
- https://bugzilla.mozilla.org/show_bug.cgi?id=1860977
- https://bugzilla.mozilla.org/show_bug.cgi?id=1860977
- https://lists.debian.org/debian-lts-announce/2024/03/msg00022.html
- https://lists.debian.org/debian-lts-announce/2024/03/msg00022.html
- https://www.mozilla.org/security/advisories/mfsa2024-11/
- https://www.mozilla.org/security/advisories/mfsa2024-11/
Package plasma5-desktop updated to version 5.27.11-alt2 for branch sisyphus_loongarch64.
Closed bugs
Виджет "Комнаты" некорректно отображается
Package installer-feature-swapfile updated to version 0.1-alt2 for branch sisyphus_loongarch64.
Closed bugs
description и summary
Package mystiq updated to version 23.05.15-alt1 for branch sisyphus_loongarch64.
Closed bugs
Обновить версию до 23.05.15