Branch sisyphus_riscv64 update bulletin.

Package candle updated to version 10.11.1-alt2 for branch sisyphus_riscv64.

Ошибка работы окон открытия файла и выбора цвета визуализатора

Зависание после попытки открыть существующий файл или при попытке изменить цвет визуализатора

Package libmatio updated to version 1.5.29-alt1 for branch sisyphus_riscv64.

Published: 2022-04-06

BDU:2022-01836

Уязвимость функции ReadInt32DataDouble библиотеки для чтения и записи файлов MATLAB MATIO, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании

Severity: HIGH (8.8) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Severity: CRITICAL (9.3) Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

References:

CVE-2020-36428

Published: 2019-06-30
Modified: 2024-11-21

CVE-2019-13107

Multiple integer overflows exist in MATIO before 1.5.16, related to mat.c, mat4.c, mat5.c, mat73.c, and matvar_struct.c

Severity: HIGH (7.5) Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Published: 2021-07-20
Modified: 2024-11-21

CVE-2020-36428

matio (aka MAT File I/O Library) 1.5.18 through 1.5.21 has a heap-based buffer overflow in ReadInt32DataDouble (called from ReadInt32Data and Mat_VarRead4).

Severity: MEDIUM (6.8) Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Published: 2022-05-02
Modified: 2024-11-21

CVE-2022-1515

A memory leak was discovered in matio 1.5.21 and earlier in Mat_VarReadNextInfo5() in mat5.c via a crafted file. This issue can potentially result in DoS.

Severity: MEDIUM (4.3) Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

Severity: MEDIUM (5.5) Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

References:

Published: 2025-03-16
Modified: 2025-08-26

CVE-2025-2337

A vulnerability, which was classified as critical, has been found in tbeu matio 1.5.28. This issue affects the function Mat_VarPrint of the file src/mat.c. The manipulation leads to heap-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Severity: HIGH (7.5) Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: HIGH (8.1) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

Severity: MEDIUM (5.3) Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

References:

Published: 2025-03-16
Modified: 2025-08-27

CVE-2025-2338

A vulnerability, which was classified as critical, was found in tbeu matio 1.5.28. Affected is the function strdup_vprintf of the file src/io.c. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Severity: HIGH (7.5) Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: HIGH (8.1) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

References:

Package java-17-openjdk updated to version 17.0.17.0.10-alt1 for branch sisyphus_riscv64.

Published: 2025-11-07
Modified: 2025-12-03

BDU:2025-13795

Уязвимость компонента JAXP программных платформ Java SE, GraalVM for JDK, GraalVM Enterprise Edition, позволяющая нарушителю получить несанкционированный доступ к данным платформы

Severity: HIGH (7.5) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Severity: HIGH (7.8) Vector: AV:N/AC:L/Au:N/C:C/I:N/A:N

References:

CVE-2025-53066

Published: 2025-11-12
Modified: 2025-12-03

BDU:2025-14035

Уязвимость компонента Security виртуальных машин Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK и программной платформы Oracle Java SE, связанная с недостатками контроля доступа, позволяющая нарушителю получить доступ на чтение, изменение и удаление данных

Severity: MEDIUM (5.9) Vector: AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

Severity: MEDIUM (5.4) Vector: AV:N/AC:H/Au:N/C:N/I:C/A:N

References:

CVE-2025-53057

Published: 2025-10-21
Modified: 2025-11-03

CVE-2025-53057

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u461, 8u461-perf, 11.0.28, 17.0.16, 21.0.8, 25; Oracle GraalVM for JDK: 17.0.16 and 21.0.8; Oracle GraalVM Enterprise Edition: 21.3.15. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N).

Severity: MEDIUM (5.9) Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

References:

Published: 2025-10-21
Modified: 2025-11-03

CVE-2025-53066

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 8u461, 8u461-perf, 11.0.28, 17.0.16, 21.0.8, 25; Oracle GraalVM for JDK: 17.0.16 and 21.0.8; Oracle GraalVM Enterprise Edition: 21.3.15. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).

Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

References:

Package dqt6-tools updated to version 6.9.3-alt0.dde.1 for branch sisyphus_riscv64.

Верните qdoc для Qt6

Package mkimage-profiles updated to version 1.8.8-alt1 for branch sisyphus_riscv64.

Добавить firmware-nouveau

Package apt-gpgkeys-pki updated to version 0.2-alt1 for branch sisyphus_riscv64.

Команда list показывает доступные, а не импортированные ключи

Filetrigger не является исполняемым файлом и поэтому не запускается

Package empty updated to version 0.6.23d-alt2 for branch sisyphus_riscv64.

"empty" should require /dev/pts to work in hasher; like dejagnu does

Version: 2.1.2

Branch sisyphus_riscv64 update on 2025-11-26

ALT-BU-2025-15090-1

ALT-PU-2025-15082-1

Closed bugs

Bug #56912

Bug #56913

ALT-PU-2025-15084-1

Closed vulnerabilities

BDU:2022-01836

CVE-2019-13107

CVE-2020-36428

CVE-2022-1515

CVE-2025-2337

CVE-2025-2338

ALT-PU-2025-15085-1

Closed vulnerabilities

BDU:2025-13795

BDU:2025-14035

CVE-2025-53057

CVE-2025-53066

ALT-PU-2025-15086-1

Closed bugs

Bug #55857

ALT-PU-2025-15087-1

Closed bugs

Bug #56994

ALT-PU-2025-15088-1

Closed bugs

Bug #57005

Bug #57006

ALT-PU-2025-15089-1

Closed bugs

Bug #41887