ALT-BU-2024-6746-1
Branch sisyphus_loongarch64 update bulletin.
Package python3-module-Pillow updated to version 10.3.0-alt1 for branch sisyphus_loongarch64.
Closed vulnerabilities
Modified: 2024-11-21
CVE-2024-28219
In _imagingcms.c in Pillow before 10.3.0, a buffer overflow exists because strcpy is used instead of strncpy.
- [debian-lts-announce] 20240410 [SECURITY] [DLA 3786-1] pillow security update
- [debian-lts-announce] 20240410 [SECURITY] [DLA 3786-1] pillow security update
- FEDORA-2024-e4b1b4eab1
- FEDORA-2024-e4b1b4eab1
- https://pillow.readthedocs.io/en/stable/releasenotes/10.3.0.html#security
- https://pillow.readthedocs.io/en/stable/releasenotes/10.3.0.html#security
Package lightdm-kde-greeter updated to version 0.4.19-alt1 for branch sisyphus_loongarch64.
Closed bugs
Нет навигации стрелками
Package qemu updated to version 8.2.2-alt1 for branch sisyphus_loongarch64.
Closed vulnerabilities
BDU:2024-01711
Уязвимость функция register_vfs() (hw/pci/pcie_sriov.c) эмулятора аппаратного обеспечения QEMU, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2024-01712
Уязвимость функция register_vfs() (hw/pci/pcie_sriov.c) эмулятора аппаратного обеспечения QEMU, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2024-11-21
CVE-2024-26327
An issue was discovered in QEMU 7.1.0 through 8.2.1. register_vfs in hw/pci/pcie_sriov.c mishandles the situation where a guest writes NumVFs greater than TotalVFs, leading to a buffer overflow in VF implementations.
Modified: 2024-11-21
CVE-2024-26328
An issue was discovered in QEMU 7.1.0 through 8.2.1. register_vfs in hw/pci/pcie_sriov.c does not set NumVFs to PCI_SRIOV_TOTAL_VF, and thus interaction with hw/nvme/ctrl.c is mishandled.
Package plasma5-addons updated to version 5.27.11-alt2 for branch sisyphus_loongarch64.
Closed bugs
Некорректное масштабирование виджета "Выбор цвета" в "Группирующий виджет"