Adding patchinfo patchinfo.20240916143055331902.269002615871826

This commit is contained in:
Adrian Schröter 2024-09-25 16:05:11 +02:00
parent 5ea103b1b1
commit 7886d026bb

View File

@ -0,0 +1,94 @@
<patchinfo>
<!-- generated from request(s) 330340, 343369, 343371, 337295, 333534, 336653, 343441, 333415 -->
<issue tracker="bnc" id="1188902">[Build 20210728] qgis failed to build</issue>
<issue tracker="bnc" id="1204822">VUL-0: CVE-2022-3725: wireshark: integer overflow in the OPUS dissector leads to stack buffer overflow</issue>
<issue tracker="bnc" id="1209410">VUL-0: CVE-2023-28101: flatpak: Metadata with ANSI control codes can cause misleading terminal output</issue>
<issue tracker="bnc" id="1209411">VUL-0: CVE-2023-28100: flatpak: TIOCLINUX can send commands outside sandbox if running on a virtual console</issue>
<issue tracker="bnc" id="1212037">IceWM gnome-terminal delayed startup when xdg-portal-desktop-gnome and xdg-portal-desktop-gtk are installed</issue>
<issue tracker="bnc" id="1212476">patch shebang line match the python version required in the package</issue>
<issue tracker="bnc" id="1218219">VUL-0: CVE-2023-50980: libcryptopp: DoS via malformed DER public key file</issue>
<issue tracker="bnc" id="1218222">VUL-0: CVE-2023-50981: libcryptopp: issue on ModularSquareRoot function leads to potential DoS</issue>
<issue tracker="bnc" id="1220181">VUL-0: CVE-2024-24476: wireshark: Buffer Overflow via pan/addr_resolv.c and ws_manuf_lookup_str() results in Denial of Service</issue>
<issue tracker="bnc" id="1220591">[SELinux] flatpak: "Warning: Failed to get revokefs-fuse socket from system-helper" with selinux in enforcing during install/update</issue>
<issue tracker="bnc" id="1221662">VUL-0: flatpak: Flathub repository is enabled by default</issue>
<issue tracker="bnc" id="1221687">GCC 14: ghostscript package fails</issue>
<issue tracker="bnc" id="1222030">VUL-0: CVE-2024-2955: wireshark: T.38 dissector crash in Wireshark 4.2.0 to 4.0.3 and 4.0.0 to 4.0.13 allows denial of service via packet injection or crafted capture file</issue>
<issue tracker="bnc" id="1223110">VUL-0: CVE-2024-32462: flatpak,xdg-desktop-portal: sandbox escape via RequestBackground portal</issue>
<issue tracker="bnc" id="1223852">VUL-0: CVE-2023-52722: ghostscript: eexec seeds other than the Type 1 standard are allowed while using SAFER mode</issue>
<issue tracker="bnc" id="1224259">VUL-0: CVE-2024-4853: wireshark: memory handling issue in editcap could cause denial of service via crafted capture file</issue>
<issue tracker="bnc" id="1224274">VUL-0: CVE-2024-4854: wireshark: MONGO and ZigBee TLV dissector infinite loops via packet injection or crafted capture file</issue>
<issue tracker="bnc" id="1224276">VUL-0: CVE-2024-4855: wireshark: use-after-free issue in editcap could cause denial of service via crafted capture file</issue>
<issue tracker="bnc" id="1225491">VUL-0: CVE-2024-33871: ghostscript,ghostscript-library: ghostscript: OPVP device arbitrary code execution via custom Driver library</issue>
<issue tracker="bnc" id="1226020">VUL-0: CVE-2024-5171: libaom: heap buffer overflow in img_alloc_helper() caused by integer overflow</issue>
<issue tracker="bnc" id="1226916">VUL-0: CVE-2024-6239: poppler,poppler-qt: crash when using pdfinfo with -dests parameter on malformed input files</issue>
<issue tracker="bnc" id="1226944">VUL-0: CVE-2024-33870: ghostscript: path traversal to arbitrary files if the current directory is in the permitted paths</issue>
<issue tracker="bnc" id="1226945">VUL-0: CVE-2024-29510: ghostscript,ghostscript-library: format string injection leads to shell command execution (SAFER bypass)</issue>
<issue tracker="bnc" id="1226946">VUL-0: CVE-2024-33869: ghostscript: path traversal and command execution due to path reduction</issue>
<issue tracker="bnc" id="1229157">VUL-0: CVE-2024-42472: flatpak: access to files outside sandbox for apps using persistent= (--persist)</issue>
<issue tracker="bnc" id="1229907">VUL-0: CVE-2024-8250: wireshark: NTLMSSP dissector crash</issue>
<issue tracker="cve" id="2022-3725"/>
<issue tracker="cve" id="2023-28100"/>
<issue tracker="cve" id="2023-28101"/>
<issue tracker="cve" id="2023-50980"/>
<issue tracker="cve" id="2023-50981"/>
<issue tracker="cve" id="2023-52722"/>
<issue tracker="cve" id="2024-2955"/>
<issue tracker="cve" id="2024-4853"/>
<issue tracker="cve" id="2024-4854"/>
<issue tracker="cve" id="2024-4855"/>
<issue tracker="cve" id="2024-5171"/>
<issue tracker="cve" id="2024-6239"/>
<issue tracker="cve" id="2024-8250"/>
<issue tracker="cve" id="2024-24476"/>
<issue tracker="cve" id="2024-29510"/>
<issue tracker="cve" id="2024-32462"/>
<issue tracker="cve" id="2024-33869"/>
<issue tracker="cve" id="2024-33870"/>
<issue tracker="cve" id="2024-33871"/>
<issue tracker="cve" id="2024-42472"/>
<issue tracker="jsc" id="PED-8517"/>
<packager>pgajdos</packager>
<rating>critical</rating>
<category>security</category>
<summary>Security update for ghostscript, bubblewrap, libaom, poppler, libcryptopp, xdg-desktop-portal, wireshark, flatpak</summary>
<description>This update for ghostscript, bubblewrap, libaom, poppler, libcryptopp, xdg-desktop-portal, wireshark, flatpak fixes the following issues:
bubblewrap:
- Update to version v0.10.0:
flatpak:
- Update to version 1.15.10:
ghostscript:
- Version upgrade to 10.03.1:
libaom:
fix CVE-2024-5171 [bsc#1226020], heap buffer overflow in img_alloc_helper() caused by integer overflow
libcryptopp:
fix CVE-2023-50980 [bsc#1218219], DoS via malformed DER public key file
fix CVE-2023-50981 [bsc#1218222], issue on ModularSquareRoot function leads to potential DoS
poppler:
fix CVE-2024-6239 [bsc#1226916], crash when using pdfinfo with -dests parameter on malformed input files
wireshark:
- Wireshark 4.2.7:
xdg-desktop-portal:
- update to 1.18.4:
</description>
<package>bubblewrap</package>
<package>flatpak</package>
<package>ghostscript</package>
<package>libaom</package>
<package>libaom:doc</package>
<package>libcryptopp</package>
<package>poppler</package>
<package>poppler:qt5</package>
<package>poppler:qt6</package>
<package>wireshark</package>
<package>xdg-desktop-portal</package>
<seperate_build_arch/>
</patchinfo>