syncthing-1.28.0-1.fc39
FEDORA-2024-4fc7cdc194
Packages in this update:
- syncthing-1.28.0-1.fc39
Update to version 1.28.0.
Release notes: https://github.com/syncthing/syncthing/releases/tag/v1.28.0
Fedora Security Advisories
syncthing-1.28.0-1.el8
FEDORA-EPEL-2024-01e6624836
Packages in this update:
- syncthing-1.28.0-1.el8
Update to version 1.28.0.
Release notes: https://github.com/syncthing/syncthing/releases/tag/v1.28.0
php-tcpdf-6.7.7-1.fc41
FEDORA-2024-b00678c08a
Packages in this update:
- php-tcpdf-6.7.7-1.fc41
Version 6.7.7 (2024-10-26)
- Update regular expression to avoid ReDoS (CVE-2024-22641)
- [PHP 8.4] Fix: Curl CURLOPT_BINARYTRANSFER deprecated #675
- SVG detection fix for inline data images #646
- Fix count svg #647
- Since the version 6.7.4, the "0" is considered like empty string and not displayed
- Fixed handling of transparency in PDF/A mode in addExtGState method
- Encrypt /DA string when document is encrypted
- Improve quality of generated seed, avoid potential security pitfall
- Try to use random_bytes() first if it's available
- Do not include the server parameters in the generated seed, as they might contain sensitive data
- Fix bug on _getannotsrefs when there are empty signature appearances but not other annot on a page
- Fix SVG coordinate parser that caused drawing artifacts
- Remove usage of xml_set_object() function
php-tcpdf-6.7.7-1.fc40
FEDORA-2024-afeeca72ce
Packages in this update:
- php-tcpdf-6.7.7-1.fc40
Version 6.7.7 (2024-10-26)
- Update regular expression to avoid ReDoS (CVE-2024-22641)
- [PHP 8.4] Fix: Curl CURLOPT_BINARYTRANSFER deprecated #675
- SVG detection fix for inline data images #646
- Fix count svg #647
- Since the version 6.7.4, the "0" is considered like empty string and not displayed
- Fixed handling of transparency in PDF/A mode in addExtGState method
- Encrypt /DA string when document is encrypted
- Improve quality of generated seed, avoid potential security pitfall
- Try to use random_bytes() first if it's available
- Do not include the server parameters in the generated seed, as they might contain sensitive data
- Fix bug on _getannotsrefs when there are empty signature appearances but not other annot on a page
- Fix SVG coordinate parser that caused drawing artifacts
- Remove usage of xml_set_object() function
php-tcpdf-6.7.7-1.fc39
FEDORA-2024-0b2854c95b
Packages in this update:
- php-tcpdf-6.7.7-1.fc39
Version 6.7.7 (2024-10-26)
- Update regular expression to avoid ReDoS (CVE-2024-22641)
- [PHP 8.4] Fix: Curl CURLOPT_BINARYTRANSFER deprecated #675
- SVG detection fix for inline data images #646
- Fix count svg #647
- Since the version 6.7.4, the "0" is considered like empty string and not displayed
- Fixed handling of transparency in PDF/A mode in addExtGState method
- Encrypt /DA string when document is encrypted
- Improve quality of generated seed, avoid potential security pitfall
- Try to use random_bytes() first if it's available
- Do not include the server parameters in the generated seed, as they might contain sensitive data
- Fix bug on _getannotsrefs when there are empty signature appearances but not other annot on a page
- Fix SVG coordinate parser that caused drawing artifacts
- Remove usage of xml_set_object() function
Version 6.7.6 (2024-10-06)
- Forbid access to parent folder in HTML images.
Version 6.7.5 (2024-04-20)
- Update GitHub actions
- fix: CSV-2024-22640 (#712)
Version 6.7.4 (2024-03-24)
- Upgrade tcpdf tag encryption algorithm.
- Fix regression issue #699.
- Fix security issue.
- [BREAKING CHANGE] The tcpdf HTML tag syntax has changed, see example_049.php.
- New K_ALLOWED_TCPDF_TAGS configuration constant to set the allowed methods for the tcdpf HTML tag.
- Raised minimum PHP version to PHP 5.5.0.
chromium-130.0.6723.69-1.el8
FEDORA-EPEL-2024-983c32d3fa
Packages in this update:
- chromium-130.0.6723.69-1.el8
update to 130.0.6723.69
* High CVE-2024-10229: Inappropriate implementation in Extensions * High CVE-2024-10230: Type Confusion in V8 * High CVE-2024-10231: Type Confusion in V8chromium-130.0.6723.69-1.fc39
FEDORA-2024-6a0e07c9c7
Packages in this update:
- chromium-130.0.6723.69-1.fc39
update to 130.0.6723.69
* High CVE-2024-10229: Inappropriate implementation in Extensions * High CVE-2024-10230: Type Confusion in V8 * High CVE-2024-10231: Type Confusion in V8chromium-130.0.6723.69-1.el9
FEDORA-EPEL-2024-db9e2d0206
Packages in this update:
- chromium-130.0.6723.69-1.el9
update to 130.0.6723.69
* High CVE-2024-10229: Inappropriate implementation in Extensions * High CVE-2024-10230: Type Confusion in V8 * High CVE-2024-10231: Type Confusion in V8chromium-130.0.6723.69-1.fc41
FEDORA-2024-1178c53bb1
Packages in this update:
- chromium-130.0.6723.69-1.fc41
update to 130.0.6723.69
* High CVE-2024-10229: Inappropriate implementation in Extensions * High CVE-2024-10230: Type Confusion in V8 * High CVE-2024-10231: Type Confusion in V8chromium-130.0.6723.69-1.fc40
FEDORA-2024-f1117faa03
Packages in this update:
- chromium-130.0.6723.69-1.fc40
update to 130.0.6723.69
* High CVE-2024-10229: Inappropriate implementation in Extensions * High CVE-2024-10230: Type Confusion in V8 * High CVE-2024-10231: Type Confusion in V8llama-cpp-b3561-1.fc40
FEDORA-2024-b07b0b41ec
Packages in this update:
- llama-cpp-b3561-1.fc40
Update to b3561
python-quart-0.19.8-1.fc40
FEDORA-2024-51bff89a25
Packages in this update:
- python-quart-0.19.8-1.fc40
Security fix for GHSA-q34m-jh98-gwm2.
0.19.8 2024-10-25- Bugfix: Fix missing check that caused the previous fix to raise an error.
- Security Fix: how max_form_memory_size is applied when parsing large non-file fields. https://github.com/advisories/GHSA-q34m-jh98-gwm2
python-quart-0.19.8-1.fc41
FEDORA-2024-2f78bf0769
Packages in this update:
- python-quart-0.19.8-1.fc41
Security fix for GHSA-q34m-jh98-gwm2.
0.19.8 2024-10-25- Bugfix: Fix missing check that caused the previous fix to raise an error.
- Security Fix: how max_form_memory_size is applied when parsing large non-file fields. https://github.com/advisories/GHSA-q34m-jh98-gwm2