ALT-BU-2025-5130-1
Branch sisyphus_loongarch64 update bulletin.
Package golang updated to version 1.24.2-alt1 for branch sisyphus_loongarch64.
Closed vulnerabilities
Modified: 2025-04-09
CVE-2025-22871
The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. This can permit request smuggling if a net/http server is used in conjunction with a server that incorrectly accepts a bare LF as part of a chunk-ext.
Package docs-alt-kworkstation updated to version 11.0-alt3 for branch sisyphus_loongarch64.
Closed bugs
Документация docs-alt-kworkstation, глава 57. Установка принтера в Альт Рабочая станция K
Package python3-module-scipy updated to version 1.11.4-alt4 for branch sisyphus_loongarch64.
Closed bugs
scipy: pitivi не запускается без модуля python3-module-numpy-testing
Package thunderbird updated to version 137.0-alt1 for branch sisyphus_loongarch64.
Closed vulnerabilities
Modified: 2025-04-07
CVE-2025-3028
JavaScript code running while transforming a document with the XSLTProcessor could lead to a use-after-free. This vulnerability affects Firefox < 137, Firefox ESR < 115.22, Firefox ESR < 128.9, Thunderbird < 137, and Thunderbird < 128.9.
- https://bugzilla.mozilla.org/show_bug.cgi?id=1941002
- https://www.mozilla.org/security/advisories/mfsa2025-20/
- https://www.mozilla.org/security/advisories/mfsa2025-21/
- https://www.mozilla.org/security/advisories/mfsa2025-22/
- https://www.mozilla.org/security/advisories/mfsa2025-23/
- https://www.mozilla.org/security/advisories/mfsa2025-24/
Modified: 2025-04-07
CVE-2025-3029
A crafted URL containing specific Unicode characters could have hidden the true origin of the page, resulting in a potential spoofing attack. This vulnerability affects Firefox < 137, Firefox ESR < 128.9, Thunderbird < 137, and Thunderbird < 128.9.
Modified: 2025-04-07
CVE-2025-3030
Memory safety bugs present in Firefox 136, Thunderbird 136, Firefox ESR 128.8, and Thunderbird 128.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 137, Firefox ESR < 128.9, Thunderbird < 137, and Thunderbird < 128.9.
- Memory safety bugs fixed in Firefox 137, Thunderbird 137, Firefox ESR 128.9, and Thunderbird 128.9
- https://www.mozilla.org/security/advisories/mfsa2025-20/
- https://www.mozilla.org/security/advisories/mfsa2025-22/
- https://www.mozilla.org/security/advisories/mfsa2025-23/
- https://www.mozilla.org/security/advisories/mfsa2025-24/
Modified: 2025-04-07
CVE-2025-3031
An attacker could read 32 bits of values spilled onto the stack in a JIT compiled function. This vulnerability affects Firefox < 137 and Thunderbird < 137.
Modified: 2025-04-07
CVE-2025-3032
Leaking of file descriptors from the fork server to web content processes could allow for privilege escalation attacks. This vulnerability affects Firefox < 137 and Thunderbird < 137.
Modified: 2025-04-07
CVE-2025-3033
After selecting a malicious Windows `.url` shortcut from the local filesystem, an unexpected file could be uploaded. *This bug only affects Firefox on Windows. Other operating systems are unaffected.* This vulnerability affects Firefox < 137 and Thunderbird < 137.
Modified: 2025-04-07
CVE-2025-3034
Memory safety bugs present in Firefox 136 and Thunderbird 136. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 137 and Thunderbird < 137.
Package snapd-glib-2 updated to version 1.67-alt1.1 for branch sisyphus_loongarch64.
Closed bugs
Потерян snapdqt_global.h
Package obs-studio updated to version 31.0.3-alt1 for branch sisyphus_loongarch64.
Closed bugs
Не хватает зависимости на pipewire