Security issues
Mageia cauldron
| Bug number | Summary | Affected releases | Assignee | Status comment | Source | Last action (days) | Quick search |
|---|
Mageia 9
| Bug number | Summary | Affected releases | Assignee | Status comment | Source | Last action (days) | Quick search |
|---|---|---|---|---|---|---|---|
| 19800 | dracut new security issue CVE-2016-4484 | 9 cauldron |
Mageia tools maintainers | Should be mitigated by the installer | 252 days | ||
| 26629 | python-beaker new security issue due to deserialization of untrusted data CVE-2013-7489 | 9 cauldron |
Philippe Makowski | No fix available as of end of 2020 | 252 days | ||
| 27750 | resteasy new security issue CVE-2020-25633 | 9 cauldron |
Java Stack Maintainers | No fix available as of end of 2020 | 252 days | ||
| 27771 | hdf5 new security issue CVE-2020-10812 | 9 cauldron |
Chris Denice | Fixed upstream in 1.14.4 | 173 days | ||
| 28478 | containernetworking-plugins new security issues CVE-2021-20206, CVE-2021-34558, CVE-2023-39326 and CVE-2023-45287 | 9 cauldron |
Joseph Wang | 264 days | |||
| 30309 | tpm2-abrmd dbus service allows regular users to clear TPM | 9 cauldron |
Thierry Vignaud | 252 days | |||
| 31123 | xmlrpc-c new security issues CVE-2022-25236 CVE-2022-2531[345] CVE-2022-40674 CVE-2022-43680 | 9 cauldron |
All Packagers | 252 days | |||
| 31458 | python-py new security issue CVE-2022-42969 | 9 cauldron |
Python Stack Maintainers | 252 days | |||
| 31677 | ffmpeg new security issues CVE-2023-092[7-9], CVE-2023-093[0-3], CVE-2023-0941, CVE-2023-121[3-9], CVE-2023-122[0-7] | 9 |
Stig-Ørjan Smelror | Fixed upstream in 7.0 | ffmpeg |
9 days |
Bugzilla (ffmpeg) |
| 31804 | golang-github-prometheus, golang-github-prometheus-exporter-toolkit new security issue CVE-2022-46146 | 9 cauldron |
Guillaume Rousse | Fixed upstream in golang-github-prometheus-exporter-toolkit 0.7.2 | golang-github-prometheus-alertmanager |
8 days |
Bugzilla (golang-github-prometheus-alertmanager) |
| 31852 | perl, perl-CPAN, perl-HTTP-Tiny new security issues CVE-2023-31484 and CVE-2023-31486 | 9 cauldron |
Perl Stack Maintainers | 252 days | |||
| 31881 | cloud-init new security issue CVE-2023-1786 | 9 |
All Packagers | Fixed upstream in 23.1.2 | cloud-init |
345 days |
Bugzilla (cloud-init) |
| 32641 | [TRACKER] CVE-2023-48795: Prefix Truncation Attacks in SSH Specification (Terrapin Attack) | 9 cauldron |
All Packagers | 400 days | |||
| 32674 | CVE-2023-48795: Prefix Truncation Attacks in SSH Specification (Terrapin Attack) - golang-x-crypto | 9 |
All Packagers | golang-x-crypto |
8 days |
Bugzilla (golang-x-crypto) |
|
| 32676 | CVE-2023-48795: Prefix Truncation Attacks in SSH Specification (Terrapin Attack) - trilead-ssh2 | 9 cauldron |
All Packagers | 337 days | |||
| 32682 | CVE-2023-48795: Prefix Truncation Attacks in SSH Specification (Terrapin Attack) - ruby-net-ssh | 9 cauldron |
All Packagers | 400 days | |||
| 33070 | ncurses new security issue CVE-2023-45918 | 9 |
Jani Välimaa | Patches available from SUSE and fixed upstream in 6.4-20230615 | ncurses |
317 days |
Bugzilla (ncurses) |
| 33080 | /boot/EFI access should be root-only, to avoid unauthorized tampering | 9 cauldron |
Thierry Vignaud | efi-rpm-macros |
288 days |
Bugzilla (efi-rpm-macros) |
|
| 33081 | freeimage new security issues CWE-121 (Stack-based Buffer Overflow), CWE-122 (Heap-based Buffer Overflow) | 9 cauldron |
All Packagers | 318 days | |||
| 33086 | edk2 new security issues CVE-2022-3676[34], CVE-2023-45229 and CVE-2023-4523[0-7] | 9 cauldron |
Thierry Vignaud | Patches available from Debian, CVE-2023-4523[67] unfixed | edk2 |
240 days |
Bugzilla (edk2) |
| 33130 | Bookworm fails to open any pdf or epub file or book. | 9 cauldron |
David GEIGER | 161 days | |||
| 33207 | podofo new security issues CVE-2023-3156[6-8] | 9 |
All Packagers | Fixed upstream in 0.10.1 | podofo |
233 days |
Bugzilla (podofo) |
| 33300 | cyrus-imapd new security issue CVE-2024-34055 | 9 cauldron |
All Packagers | Fixed upstream in 3.6.5 | cyrus-imapd |
254 days |
Bugzilla (cyrus-imapd) |
| 33301 | 389-ds-base new security issues CVE-2024-1062, CVE-2024-2199, CVE-2024-3657 and CVE-2024-5953 | 9 |
All Packagers | 389-ds-base |
9 days |
Bugzilla (389-ds-base) |
|
| 33305 | virtuoso-opensource new security issues CVE-2023-3160[7-9], CVE-2023-3161[0-9], CVE-2023-31620, CVE-2023-3162[2-9], CVE-2023-3163[01], CVE-2023-4894[5-7], CVE-2023-4895[01] | 9 |
All Packagers | Patches available from Ubuntu | virtuoso-opensource |
11 days |
Bugzilla (virtuoso-opensource) |
| 33313 | python new security issues CVE-2024-0397, CVE-2024-6923, CVE-2024-8088, CVE-2024-6232, CVE-2024-7592, CVE-2023-27043 | 9 cauldron |
Python Stack Maintainers | python |
157 days |
Bugzilla (python) |
|
| 33314 | bouncycastle new security issue CVE-2024-30171 | 9 cauldron |
Nicolas Lécureuil | Fixed upstream in 1.78.1 | bouncycastle |
247 days |
Bugzilla (bouncycastle) |
| 33328 | gnome-settings-daemon new security issue CVE-2024-38394 | 9 cauldron |
GNOME maintainers | Patch available from openSUSE and upstream | 242 days | ||
| 33365 | p7zip new security issues CVE-2023-5216[89] | 9 cauldron |
David GEIGER | Fixed in 7zip 24.01 beta | 232 days | ||
| 33368 | cockpit new security issue CVE-2024-6126 | 9 cauldron |
All Packagers | Fixed upstream in 320 | cockpit |
232 days |
Bugzilla (cockpit) |
| 33401 | xen new security issues CVE-2024-3114[34], CVE-2024-3114[56], CVE-2024-4581[7-9], CVE-2024-5324[01] | 9 cauldron |
Giuseppe Ghibò | xen |
66 days |
Bugzilla (xen) |
|
| 33508 | apache-sshd new security issue CVE-2024-41909 | 9 cauldron |
Nicolas Lécureuil | Fixed upstream in 2.12.0 | 12 days | ||
| 33510 | flatpak new security issue CVE-2024-42472 | 9 cauldron |
Nicolas Lécureuil | flatpak |
171 days |
Bugzilla (flatpak) |
|
| 33513 | webkit2 security issues fixed upstream (WSA-2024-000[4-8] and WSA-2025-0001) | 9 cauldron |
All Packagers | webkit2 |
12 days |
Bugzilla (webkit2) |
|
| 33522 | rust new security issue CVE-2024-43402 | 9 |
All Packagers | Fixed upstream in 1.81.0 | 68 days | ||
| 33566 | python-dnspython new security issue CVE-2023-29483 | 9 cauldron |
Python Stack Maintainers | Fixed upstream in 2.6.1 | python-dnspython |
156 days |
Bugzilla (python-dnspython) |
| 33587 | python-jupyterlab-server, python-jupyterlab and jupyter-notebook new security issue CVE-2024-43805 | 9 |
Python Stack Maintainers | Fixed upstream in JupyterLab v3.6.8, v4.2.5 and Jupyter Notebook v7.2.2 | android-tools android-opengl-api python-jupyterlab-server android-file-transfer jupyter-notebook andromeda andy-super-great-park python-jupyterlab android-json-org-java python-jupyterlab_pygments |
50 days |
Bugzilla (android-tools) Bugzilla (android-opengl-api) Bugzilla (python-jupyterlab-server) Bugzilla (android-file-transfer) Bugzilla (jupyter-notebook) Bugzilla (andromeda) Bugzilla (andy-super-great-park) Bugzilla (python-jupyterlab) Bugzilla (android-json-org-java) Bugzilla (python-jupyterlab_pygments) |
| 33591 | maven-archetype new security issue CVE-2024-47197 | 9 cauldron |
All Packagers | Fixed upstream in 3.3.0 | maven-archetype |
149 days |
Bugzilla (maven-archetype) |
| 33641 | wireshark new security issues CVE-2024-9781, CVE-2024-1159[56] | 9 |
All Packagers | Fixed upstream in 4.2.9 | wireshark |
81 days |
Bugzilla (wireshark) |
| 33663 | protobuf new security issue CVE-2024-7254 | 9 cauldron |
All Packagers | Patch available from upstream | protobuf |
122 days |
Bugzilla (protobuf) |
| 33664 | cargo-c new security issue CVE-2024-45405 | 9 |
Stig-Ørjan Smelror | cargo-c |
122 days |
Bugzilla (cargo-c) |
|
| 33666 | suricata new security issues fixed upstream 7.0.7 | 9 |
All Packagers | Fixed upstream in 7.0.7 | suricata |
38 days |
Bugzilla (suricata) |
| 33674 | yarnpkg new security issues CVE-2024-37890 and CVE-2024-48949 | 9 cauldron |
All Packagers | 120 days | |||
| 33675 | rust-pyo3 new security issues RUSTSEC-2024-0378 | 9 |
All Packagers | rust-pyo3-macros-backend rust-pyo3 rust-pyo3-macros rust-pyo3-ffi rust-pyo3-build-config |
9 days |
Bugzilla (rust-pyo3-macros-backend) Bugzilla (rust-pyo3) Bugzilla (rust-pyo3-macros) Bugzilla (rust-pyo3-ffi) Bugzilla (rust-pyo3-build-config) |
|
| 33676 | koji new security issue CVE-2024-9427 | 9 cauldron |
Neal Gompa | 120 days | |||
| 33764 | buildah and podman new security issues CVE-2024-9341, CVE-2024-9407, CVE-2024-9675, CVE-2024-9676 and CVE-2024-11218 | 9 cauldron |
Joseph Wang | Fixed upstream in buildah 1.38.1 and podman 5.3.2 | 25 days | ||
| 33783 | neochat new security issue CVE-2024-52868 | 9 |
All Packagers | Fixed upstream in 24.08.2 | neochat |
93 days |
Bugzilla (neochat) |
| 33808 | rclone new security issues CVE-2024-52522 and CVE-2024-4533[78] | 9 cauldron |
Stig-Ørjan Smelror | Fixed upstream in 1.69 | rclone |
38 days |
Bugzilla (rclone) |
| 33814 | neomutt new security issues CVE-2024-4939[34] | 9 |
QA Team | neomutt |
6 days |
Bugzilla (neomutt) |
|
| 33815 | python-virtualenv new security issue CVE-2024-53899 | 9 cauldron |
Python Stack Maintainers | Fixed upstream in 20.26.6 and patch available from upstream | python-virtualenv |
86 days |
Bugzilla (python-virtualenv) |
| 33848 | golang-x-crypto new security issue CVE-2024-45337 | 9 cauldron |
papoteur | Fixed upstream in 0.31.0 | golang-x-crypto |
72 days |
Bugzilla (golang-x-crypto) |
| 33869 | grpc new security issues CVE-2024-11407 and CVE-2024-7246 | 9 cauldron |
All Packagers | Fixes noted in comment 1 | grpc |
19 days |
Bugzilla (grpc) |
| 33870 | docker new security issue CVE-2024-29018 | 9 cauldron |
Bruno Cornec | docker |
42 days |
Bugzilla (docker) |
|
| 33915 | libxmp new security issues CVE-2023-4567[679] and CVE-2023-4568[0-2] | 9 |
All Packagers | Fixed upstream in 4.6.1 | libxmp |
27 days |
Bugzilla (libxmp) |
| 33917 | suricata new security issues CVE-2024-55605 and CVE-2024-5562[6-9] | 9 |
All Packagers | Fixed upstream in 7.0.8 | suricata |
27 days |
Bugzilla (suricata) |
| 33925 | rlottie new possible security issues CVE-2021-31315, CVE-2021-3131[7-9] and CVE-2021-31321 | 9 cauldron |
All Packagers | rlottie |
27 days |
Bugzilla (rlottie) |
|
| 33973 | Outstanding security issues on statically-linked binaries | 9 |
Mageia Bug Squad | 17 days | |||
| 33982 | Docker images contain security vulnerabilities | 9 |
Juan Luis Baptiste | 8 days | |||
| 33992 | curl new security issues CVE-2025-0167, CVE-2025-0665 and CVE-2025-0725 | 9 cauldron |
Dan Fandrich | Fixed upstream in 8.12.0 and patches available from upstream | 12 days | ||
| 33995 | simgear and flightgear new security issue CVE-2025-0781 | 9 cauldron |
Chris Denice | Patches available from Fedora and upstream | simgear flightgear |
12 days |
Bugzilla (simgear) Bugzilla (flightgear) |
| 34006 | abseil-cpp potential integer overflow in hash container create/resize | 9 cauldron |
All Packagers | Fixed in 20240116.3 | abseil-cpp |
10 days |
Bugzilla (abseil-cpp) |
| 34007 | python3 new security issue CVE-2025-0938 | 9 cauldron |
Python Stack Maintainers | Fixed upstream in 3.12.9 and patch available from upstream | python3 |
10 days |
Bugzilla (python3) |
| 34012 | chromium-browser-stable new security issues CVE-2025-044[45], CVE-2025-0451 and CVE-2025-099[5-8] | 9 cauldron |
Christiaan Welvaart | Fixed upstream in 133.0.6943.98 | 9 days | ||
| 34019 | golang-x-net new security issue CVE-2024-45338 | 9 |
All Packagers | Fixed upstream in 0.33.0 | golang-x-net |
8 days |
Bugzilla (golang-x-net) |
| 34023 | Update request: kernel-6.6.79-1.mga9 | 9 |
QA Team | kmod-xtables-addons kmod-virtualbox kernel |
0 days |
Bugzilla (kmod-xtables-addons) Bugzilla (kmod-virtualbox) Bugzilla (kernel) |
|
| 34024 | Update request: kernel-linus 6.6.79-1.mga9 | 9 |
QA Team | kernel-linus |
0 days |
Bugzilla (kernel-linus) |