SUSE_ALP_Standard/patchinfo.20240916143055331902.269002615871826/_patchinfo

<patchinfo incident="56">
  <!-- generated from request(s) 330340, 343369, 343371, 337295, 333534, 336653, 343441, 333415 -->
  <issue tracker="bnc" id="1188902">[Build 20210728] qgis failed to build</issue>
  <issue tracker="bnc" id="1204822">VUL-0: CVE-2022-3725: wireshark: integer overflow in the OPUS dissector leads to stack buffer overflow</issue>
  <issue tracker="bnc" id="1209410">VUL-0: CVE-2023-28101: flatpak: Metadata with ANSI control codes can cause misleading terminal output</issue>
  <issue tracker="bnc" id="1209411">VUL-0: CVE-2023-28100: flatpak: TIOCLINUX can send commands outside sandbox if running on a virtual console</issue>
  <issue tracker="bnc" id="1212037">IceWM gnome-terminal delayed startup when xdg-portal-desktop-gnome and xdg-portal-desktop-gtk are installed</issue>
  <issue tracker="bnc" id="1212476">patch shebang line match the python version required in the package</issue>
  <issue tracker="bnc" id="1218219">VUL-0: CVE-2023-50980: libcryptopp: DoS via malformed DER public key file</issue>
  <issue tracker="bnc" id="1218222">VUL-0: CVE-2023-50981: libcryptopp: issue on ModularSquareRoot function leads to potential DoS</issue>
  <issue tracker="bnc" id="1220181">VUL-0: CVE-2024-24476: wireshark: Buffer Overflow via pan/addr_resolv.c and ws_manuf_lookup_str() results in Denial of Service</issue>
  <issue tracker="bnc" id="1220591">[SELinux] flatpak: "Warning: Failed to get revokefs-fuse socket from system-helper" with selinux in enforcing during install/update</issue>
  <issue tracker="bnc" id="1221662">VUL-0: flatpak: Flathub repository is enabled by default</issue>
  <issue tracker="bnc" id="1221687">GCC 14: ghostscript package fails</issue>
  <issue tracker="bnc" id="1222030">VUL-0: CVE-2024-2955: wireshark: T.38 dissector crash in Wireshark 4.2.0 to 4.0.3 and 4.0.0 to 4.0.13 allows denial of service via packet injection or crafted capture file</issue>
  <issue tracker="bnc" id="1223110">VUL-0: CVE-2024-32462: flatpak,xdg-desktop-portal:  sandbox escape via RequestBackground portal</issue>
  <issue tracker="bnc" id="1223852">VUL-0: CVE-2023-52722: ghostscript: eexec seeds other than the Type 1 standard are allowed while using SAFER mode</issue>
  <issue tracker="bnc" id="1224259">VUL-0: CVE-2024-4853: wireshark: memory handling issue in editcap could cause denial of service via crafted capture file</issue>
  <issue tracker="bnc" id="1224274">VUL-0: CVE-2024-4854: wireshark: MONGO and ZigBee TLV dissector infinite loops via packet injection or crafted capture file</issue>
  <issue tracker="bnc" id="1224276">VUL-0: CVE-2024-4855: wireshark: use-after-free issue in editcap could cause denial of service via crafted capture file</issue>
  <issue tracker="bnc" id="1225491">VUL-0: CVE-2024-33871: ghostscript,ghostscript-library: ghostscript: OPVP device arbitrary code execution via custom Driver library</issue>
  <issue tracker="bnc" id="1226020">VUL-0: CVE-2024-5171: libaom: heap buffer overflow in img_alloc_helper() caused by integer overflow</issue>
  <issue tracker="bnc" id="1226916">VUL-0: CVE-2024-6239: poppler,poppler-qt: crash when using pdfinfo with -dests parameter on malformed input files</issue>
  <issue tracker="bnc" id="1226944">VUL-0: CVE-2024-33870: ghostscript: path traversal to arbitrary files if the current directory is in the permitted paths</issue>
  <issue tracker="bnc" id="1226945">VUL-0: CVE-2024-29510: ghostscript,ghostscript-library: format string injection leads to shell command execution (SAFER bypass)</issue>
  <issue tracker="bnc" id="1226946">VUL-0: CVE-2024-33869: ghostscript: path traversal and command execution due to path reduction</issue>
  <issue tracker="bnc" id="1229157">VUL-0: CVE-2024-42472: flatpak: access to files outside sandbox for apps using persistent= (--persist)</issue>
  <issue tracker="bnc" id="1229907">VUL-0: CVE-2024-8250: wireshark: NTLMSSP dissector crash</issue>
  <issue tracker="cve" id="2022-3725"/>
  <issue tracker="cve" id="2023-28100"/>
  <issue tracker="cve" id="2023-28101"/>
  <issue tracker="cve" id="2023-50980"/>
  <issue tracker="cve" id="2023-50981"/>
  <issue tracker="cve" id="2023-52722"/>
  <issue tracker="cve" id="2024-2955"/>
  <issue tracker="cve" id="2024-4853"/>
  <issue tracker="cve" id="2024-4854"/>
  <issue tracker="cve" id="2024-4855"/>
  <issue tracker="cve" id="2024-5171"/>
  <issue tracker="cve" id="2024-6239"/>
  <issue tracker="cve" id="2024-8250"/>
  <issue tracker="cve" id="2024-24476"/>
  <issue tracker="cve" id="2024-29510"/>
  <issue tracker="cve" id="2024-32462"/>
  <issue tracker="cve" id="2024-33869"/>
  <issue tracker="cve" id="2024-33870"/>
  <issue tracker="cve" id="2024-33871"/>
  <issue tracker="cve" id="2024-42472"/>
  <issue tracker="jsc" id="PED-8517"/>
  <packager>pgajdos</packager>
  <rating>critical</rating>
  <category>security</category>
  <summary>Security update for ghostscript, bubblewrap, libaom, poppler, libcryptopp, xdg-desktop-portal, wireshark, flatpak</summary>
  <description>This update for ghostscript, bubblewrap, libaom, poppler, libcryptopp, xdg-desktop-portal, wireshark, flatpak fixes the following issues:

bubblewrap:
  - Update to version v0.10.0:

flatpak:
  - Update to version 1.15.10:

ghostscript:
  - Version upgrade to 10.03.1:

libaom:
    fix CVE-2024-5171 [bsc#1226020], heap buffer overflow in img_alloc_helper() caused by integer overflow

libcryptopp:
    fix CVE-2023-50980 [bsc#1218219], DoS via malformed DER public key file
    fix CVE-2023-50981 [bsc#1218222], issue on ModularSquareRoot function leads to potential DoS

poppler:
    fix CVE-2024-6239 [bsc#1226916], crash when using pdfinfo with -dests parameter on malformed input files

wireshark:
  - Wireshark 4.2.7:

xdg-desktop-portal:
  - update to 1.18.4:

</description>
  <package>bubblewrap</package>
  <package>flatpak</package>
  <package>ghostscript</package>
  <package>libaom</package>
  <package>libaom:doc</package>
  <package>libcryptopp</package>
  <package>poppler</package>
  <package>poppler:qt5</package>
  <package>poppler:qt6</package>
  <package>wireshark</package>
  <package>xdg-desktop-portal</package>
  <seperate_build_arch/>
</patchinfo>
Update incident numbers 2024-10-01 13:58:16 +02:00			`<patchinfo incident="56">`
Adding patchinfo patchinfo.20240916143055331902.269002615871826 2024-09-25 16:05:11 +02:00			`<!-- generated from request(s) 330340, 343369, 343371, 337295, 333534, 336653, 343441, 333415 -->`
			`<issue tracker="bnc" id="1188902">[Build 20210728] qgis failed to build</issue>`
			`<issue tracker="bnc" id="1204822">VUL-0: CVE-2022-3725: wireshark: integer overflow in the OPUS dissector leads to stack buffer overflow</issue>`
			`<issue tracker="bnc" id="1209410">VUL-0: CVE-2023-28101: flatpak: Metadata with ANSI control codes can cause misleading terminal output</issue>`
			`<issue tracker="bnc" id="1209411">VUL-0: CVE-2023-28100: flatpak: TIOCLINUX can send commands outside sandbox if running on a virtual console</issue>`
			`<issue tracker="bnc" id="1212037">IceWM gnome-terminal delayed startup when xdg-portal-desktop-gnome and xdg-portal-desktop-gtk are installed</issue>`
			`<issue tracker="bnc" id="1212476">patch shebang line match the python version required in the package</issue>`
			`<issue tracker="bnc" id="1218219">VUL-0: CVE-2023-50980: libcryptopp: DoS via malformed DER public key file</issue>`
			`<issue tracker="bnc" id="1218222">VUL-0: CVE-2023-50981: libcryptopp: issue on ModularSquareRoot function leads to potential DoS</issue>`
			`<issue tracker="bnc" id="1220181">VUL-0: CVE-2024-24476: wireshark: Buffer Overflow via pan/addr_resolv.c and ws_manuf_lookup_str() results in Denial of Service</issue>`
			`<issue tracker="bnc" id="1220591">[SELinux] flatpak: "Warning: Failed to get revokefs-fuse socket from system-helper" with selinux in enforcing during install/update</issue>`
			`<issue tracker="bnc" id="1221662">VUL-0: flatpak: Flathub repository is enabled by default</issue>`
			`<issue tracker="bnc" id="1221687">GCC 14: ghostscript package fails</issue>`
			`<issue tracker="bnc" id="1222030">VUL-0: CVE-2024-2955: wireshark: T.38 dissector crash in Wireshark 4.2.0 to 4.0.3 and 4.0.0 to 4.0.13 allows denial of service via packet injection or crafted capture file</issue>`
			`<issue tracker="bnc" id="1223110">VUL-0: CVE-2024-32462: flatpak,xdg-desktop-portal: sandbox escape via RequestBackground portal</issue>`
			`<issue tracker="bnc" id="1223852">VUL-0: CVE-2023-52722: ghostscript: eexec seeds other than the Type 1 standard are allowed while using SAFER mode</issue>`
			`<issue tracker="bnc" id="1224259">VUL-0: CVE-2024-4853: wireshark: memory handling issue in editcap could cause denial of service via crafted capture file</issue>`
			`<issue tracker="bnc" id="1224274">VUL-0: CVE-2024-4854: wireshark: MONGO and ZigBee TLV dissector infinite loops via packet injection or crafted capture file</issue>`
			`<issue tracker="bnc" id="1224276">VUL-0: CVE-2024-4855: wireshark: use-after-free issue in editcap could cause denial of service via crafted capture file</issue>`
			`<issue tracker="bnc" id="1225491">VUL-0: CVE-2024-33871: ghostscript,ghostscript-library: ghostscript: OPVP device arbitrary code execution via custom Driver library</issue>`
			`<issue tracker="bnc" id="1226020">VUL-0: CVE-2024-5171: libaom: heap buffer overflow in img_alloc_helper() caused by integer overflow</issue>`
			`<issue tracker="bnc" id="1226916">VUL-0: CVE-2024-6239: poppler,poppler-qt: crash when using pdfinfo with -dests parameter on malformed input files</issue>`
			`<issue tracker="bnc" id="1226944">VUL-0: CVE-2024-33870: ghostscript: path traversal to arbitrary files if the current directory is in the permitted paths</issue>`
			`<issue tracker="bnc" id="1226945">VUL-0: CVE-2024-29510: ghostscript,ghostscript-library: format string injection leads to shell command execution (SAFER bypass)</issue>`
			`<issue tracker="bnc" id="1226946">VUL-0: CVE-2024-33869: ghostscript: path traversal and command execution due to path reduction</issue>`
			`<issue tracker="bnc" id="1229157">VUL-0: CVE-2024-42472: flatpak: access to files outside sandbox for apps using persistent= (--persist)</issue>`
			`<issue tracker="bnc" id="1229907">VUL-0: CVE-2024-8250: wireshark: NTLMSSP dissector crash</issue>`
			`<issue tracker="cve" id="2022-3725"/>`
			`<issue tracker="cve" id="2023-28100"/>`
			`<issue tracker="cve" id="2023-28101"/>`
			`<issue tracker="cve" id="2023-50980"/>`
			`<issue tracker="cve" id="2023-50981"/>`
			`<issue tracker="cve" id="2023-52722"/>`
			`<issue tracker="cve" id="2024-2955"/>`
			`<issue tracker="cve" id="2024-4853"/>`
			`<issue tracker="cve" id="2024-4854"/>`
			`<issue tracker="cve" id="2024-4855"/>`
			`<issue tracker="cve" id="2024-5171"/>`
			`<issue tracker="cve" id="2024-6239"/>`
			`<issue tracker="cve" id="2024-8250"/>`
			`<issue tracker="cve" id="2024-24476"/>`
			`<issue tracker="cve" id="2024-29510"/>`
			`<issue tracker="cve" id="2024-32462"/>`
			`<issue tracker="cve" id="2024-33869"/>`
			`<issue tracker="cve" id="2024-33870"/>`
			`<issue tracker="cve" id="2024-33871"/>`
			`<issue tracker="cve" id="2024-42472"/>`
			`<issue tracker="jsc" id="PED-8517"/>`
			`<packager>pgajdos</packager>`
			`<rating>critical</rating>`
			`<category>security</category>`
			`<summary>Security update for ghostscript, bubblewrap, libaom, poppler, libcryptopp, xdg-desktop-portal, wireshark, flatpak</summary>`
			`<description>This update for ghostscript, bubblewrap, libaom, poppler, libcryptopp, xdg-desktop-portal, wireshark, flatpak fixes the following issues:`

			`bubblewrap:`
			`- Update to version v0.10.0:`

			`flatpak:`
			`- Update to version 1.15.10:`

			`ghostscript:`
			`- Version upgrade to 10.03.1:`

			`libaom:`
			`fix CVE-2024-5171 [bsc#1226020], heap buffer overflow in img_alloc_helper() caused by integer overflow`

			`libcryptopp:`
			`fix CVE-2023-50980 [bsc#1218219], DoS via malformed DER public key file`
			`fix CVE-2023-50981 [bsc#1218222], issue on ModularSquareRoot function leads to potential DoS`

			`poppler:`
			`fix CVE-2024-6239 [bsc#1226916], crash when using pdfinfo with -dests parameter on malformed input files`

			`wireshark:`
			`- Wireshark 4.2.7:`

			`xdg-desktop-portal:`
			`- update to 1.18.4:`

			`</description>`
			`<package>bubblewrap</package>`
			`<package>flatpak</package>`
			`<package>ghostscript</package>`
			`<package>libaom</package>`
			`<package>libaom:doc</package>`
			`<package>libcryptopp</package>`
			`<package>poppler</package>`
			`<package>poppler:qt5</package>`
			`<package>poppler:qt6</package>`
			`<package>wireshark</package>`
			`<package>xdg-desktop-portal</package>`
			`<seperate_build_arch/>`
Update incident numbers 2024-10-01 13:58:16 +02:00			`</patchinfo>`