ALT-BU-2024-7873-1
Branch p10 update bulletin.
Package virtualbox updated to version 7.0.18-alt2 for branch p10 in task 347393.
Closed bugs
VirtualBox: Отсутсвуют файлы справки
Не указано требование к версии yasm
FTBFS
Closed vulnerabilities
Modified: 2025-04-01
CVE-2024-3302
There was no limit to the number of HTTP/2 CONTINUATION frames that would be processed. A server could abuse this to create an Out of Memory condition in the browser. This vulnerability affects Firefox < 125, Firefox ESR < 115.10, and Thunderbird < 115.10.
- https://bugzilla.mozilla.org/show_bug.cgi?id=1881183
- https://bugzilla.mozilla.org/show_bug.cgi?id=1881183
- VU#421644 - HTTP/2 CONTINUATION frames can be utilized for DoS attacks
- VU#421644 - HTTP/2 CONTINUATION frames can be utilized for DoS attacks
- https://lists.debian.org/debian-lts-announce/2024/04/msg00012.html
- https://lists.debian.org/debian-lts-announce/2024/04/msg00012.html
- https://lists.debian.org/debian-lts-announce/2024/04/msg00013.html
- https://lists.debian.org/debian-lts-announce/2024/04/msg00013.html
- https://www.mozilla.org/security/advisories/mfsa2024-18/
- https://www.mozilla.org/security/advisories/mfsa2024-18/
- https://www.mozilla.org/security/advisories/mfsa2024-19/
- https://www.mozilla.org/security/advisories/mfsa2024-19/
- https://www.mozilla.org/security/advisories/mfsa2024-20/
- https://www.mozilla.org/security/advisories/mfsa2024-20/
Modified: 2025-04-01
CVE-2024-3857
The JIT created incorrect code for arguments in certain cases. This led to potential use-after-free crashes during garbage collection. This vulnerability affects Firefox < 125, Firefox ESR < 115.10, and Thunderbird < 115.10.
- https://bugzilla.mozilla.org/show_bug.cgi?id=1886683
- https://bugzilla.mozilla.org/show_bug.cgi?id=1886683
- https://lists.debian.org/debian-lts-announce/2024/04/msg00012.html
- https://lists.debian.org/debian-lts-announce/2024/04/msg00012.html
- https://lists.debian.org/debian-lts-announce/2024/04/msg00013.html
- https://lists.debian.org/debian-lts-announce/2024/04/msg00013.html
- https://www.mozilla.org/security/advisories/mfsa2024-18/
- https://www.mozilla.org/security/advisories/mfsa2024-18/
- https://www.mozilla.org/security/advisories/mfsa2024-19/
- https://www.mozilla.org/security/advisories/mfsa2024-19/
- https://www.mozilla.org/security/advisories/mfsa2024-20/
- https://www.mozilla.org/security/advisories/mfsa2024-20/
Modified: 2025-04-01
CVE-2024-3859
On 32-bit versions there were integer-overflows that led to an out-of-bounds-read that potentially could be triggered by a malformed OpenType font. This vulnerability affects Firefox < 125, Firefox ESR < 115.10, and Thunderbird < 115.10.
- https://bugzilla.mozilla.org/show_bug.cgi?id=1874489
- https://bugzilla.mozilla.org/show_bug.cgi?id=1874489
- https://lists.debian.org/debian-lts-announce/2024/04/msg00012.html
- https://lists.debian.org/debian-lts-announce/2024/04/msg00012.html
- https://lists.debian.org/debian-lts-announce/2024/04/msg00013.html
- https://lists.debian.org/debian-lts-announce/2024/04/msg00013.html
- https://www.mozilla.org/security/advisories/mfsa2024-18/
- https://www.mozilla.org/security/advisories/mfsa2024-18/
- https://www.mozilla.org/security/advisories/mfsa2024-19/
- https://www.mozilla.org/security/advisories/mfsa2024-19/
- https://www.mozilla.org/security/advisories/mfsa2024-20/
- https://www.mozilla.org/security/advisories/mfsa2024-20/
Modified: 2025-04-01
CVE-2024-3861
If an AlignedBuffer were assigned to itself, the subsequent self-move could result in an incorrect reference count and later use-after-free. This vulnerability affects Firefox < 125, Firefox ESR < 115.10, and Thunderbird < 115.10.
- https://bugzilla.mozilla.org/show_bug.cgi?id=1883158
- https://bugzilla.mozilla.org/show_bug.cgi?id=1883158
- https://lists.debian.org/debian-lts-announce/2024/04/msg00012.html
- https://lists.debian.org/debian-lts-announce/2024/04/msg00012.html
- https://lists.debian.org/debian-lts-announce/2024/04/msg00013.html
- https://lists.debian.org/debian-lts-announce/2024/04/msg00013.html
- https://www.mozilla.org/security/advisories/mfsa2024-18/
- https://www.mozilla.org/security/advisories/mfsa2024-18/
- https://www.mozilla.org/security/advisories/mfsa2024-19/
- https://www.mozilla.org/security/advisories/mfsa2024-19/
- https://www.mozilla.org/security/advisories/mfsa2024-20/
- https://www.mozilla.org/security/advisories/mfsa2024-20/
Modified: 2025-03-28
CVE-2024-3863
The executable file warning was not presented when downloading .xrm-ms files. *Note: This issue only affected Windows operating systems. Other operating systems are unaffected.* This vulnerability affects Firefox < 125, Firefox ESR < 115.10, and Thunderbird < 115.10.
- https://bugzilla.mozilla.org/show_bug.cgi?id=1885855
- https://bugzilla.mozilla.org/show_bug.cgi?id=1885855
- https://www.mozilla.org/security/advisories/mfsa2024-18/
- https://www.mozilla.org/security/advisories/mfsa2024-18/
- https://www.mozilla.org/security/advisories/mfsa2024-19/
- https://www.mozilla.org/security/advisories/mfsa2024-19/
- https://www.mozilla.org/security/advisories/mfsa2024-20/
- https://www.mozilla.org/security/advisories/mfsa2024-20/
Closed bugs
2.15.1-alt1, sysvinit: unrecognized option: --expect-group
Package kde5-grantlee-editor updated to version 23.08.5-alt2 for branch p10 in task 348048.
Closed bugs
Не работает кнопка Сохранить оформление в contactprintthemeeditor из kde5-grantlee-editor
Открывается пустой текстовый редактор для сохраненной темы в contactprintthemeeditor из kde5-grantlee-editor
Closed bugs
Изменить таймер запуска задания
Программа не завершается и находится в бесконечном цикле
Package kde5-kwalletmanager updated to version 23.08.5-alt4 for branch p10 in task 345626.
Closed bugs
Отсутствуют основные функции во вкладке "Файл" для kwalletmanager5