kde/plasma-wayland-protocols-1.12.0-x86_64-1.txz: Upgraded.
l/libxslt-1.1.39-x86_64-1.txz: Upgraded.
l/zxing-cpp-2.2.0-x86_64-1.txz: Upgraded.
xap/seamonkey-2.53.18-x86_64-1.txz: Upgraded.
This is a bugfix release.
For more information, see:
https://www.seamonkey-project.org/releases/seamonkey2.53.18
testing/packages/libxml2-2.12.2-x86_64-1.txz: Upgraded.
Hey folks, I'm in need of a bit of assistance here. I've had libxml2 on the
back burner for quite some time now in spite of yet-another variation of
the old "billion laughs" resource exhaustion attack that's been supposedly
fixed. The issue I'm running into with newer versions of libxml2 is that
the rewrite rules for mapping external entities to files on the system no
longer work, and I'm not sure why that is. For a quick demonstration,
upgrade to this libxml2 package and then try to build glib2. You'll see
xsltproc called to generate documentation such as the man pages, but it isn't
able to find the entity locally and fails due to --nonet.
I'll be keeping an eye on LQ if anyone has any hints. Thanks!
a/dbus-1.12.22-x86_64-1.txz: Upgraded.
a/kernel-firmware-20220228_ee0667a-noarch-1.txz: Upgraded.
ap/sysstat-12.5.6-x86_64-1.txz: Upgraded.
d/ccache-4.6-x86_64-1.txz: Upgraded.
d/rcs-5.10.1-x86_64-1.txz: Upgraded.
l/libjpeg-turbo-2.1.3-x86_64-1.txz: Upgraded.
l/libxml2-2.9.13-x86_64-1.txz: Upgraded.
This update fixes bugs and the following security issues:
Use-after-free of ID and IDREF attributes
(Thanks to Shinji Sato for the report)
Use-after-free in xmlXIncludeCopyRange (David Kilzer)
Fix Null-deref-in-xmlSchemaGetComponentTargetNs (huangduirong)
Fix memory leak in xmlXPathCompNodeTest
Fix null pointer deref in xmlStringGetNodeList
Fix several memory leaks found by Coverity (David King)
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23308
(* Security fix *)
l/libxslt-1.1.35-x86_64-1.txz: Upgraded.
This update fixes bugs and the following security issues:
Fix use-after-free in xsltApplyTemplates
Fix memory leak in xsltDocumentElem (David King)
Fix memory leak in xsltCompileIdKeyPattern (David King)
Fix double-free with stylesheets containing entity nodes
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30560
(* Security fix *)
n/wget-1.21.3-x86_64-1.txz: Upgraded.
x/xterm-371-x86_64-1.txz: Upgraded.
xap/xscreensaver-6.03-x86_64-1.txz: Upgraded.