Fedora 40 Update: digikam-8.6.0-4.fc40
Fedora 40 Update: icecat-115.22.0-2.rh1.fc40
Fedora 40 Update: mingw-LibRaw-0.21.4-1.fc40
Fedora 40 Update: perl-5.38.4-508.fc40
Fedora 40 Update: perl-Devel-Cover-1.40-9.fc40
Fedora 40 Update: perl-PAR-Packer-1.063-3.fc40
Fedora 41 Update: digikam-8.6.0-4.fc41
Fedora 41 Update: icecat-115.22.0-2.rh1.fc41
Fedora 41 Update: mingw-LibRaw-0.21.4-1.fc41
Fedora 42 Update: digikam-8.6.0-4.fc42
Fedora 42 Update: icecat-115.22.0-2.rh1.fc42
Fedora 42 Update: mingw-LibRaw-0.21.4-1.fc42
[SECURITY] Fedora 40 Update: digikam-8.6.0-4.fc40
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-97687e7f68
2025-04-30 01:59:13.913566+00:00
--------------------------------------------------------------------------------
Name : digikam
Product : Fedora 40
Version : 8.6.0
Release : 4.fc40
URL : http://www.digikam.org/
Summary : A digital camera accessing & photo management application
Description :
digiKam is an easy to use and powerful digital photo management application,
which makes importing, organizing and manipulating digital photos a "snap".
An easy to use interface is provided to connect to your digital camera,
preview the images and download and/or delete them.
digiKam built-in image editor makes the common photo correction a simple task.
--------------------------------------------------------------------------------
Update Information:
update internal Libraw to 2025/03/17 snapshot
--------------------------------------------------------------------------------
ChangeLog:
* Mon Apr 21 2025 Alexey Kurov [nucleo@fedoraproject.org] - 8.6.0-4
- update internal Libraw to 2025/03/17 snapshot
* Tue Mar 25 2025 Jan Grulich [jgrulich@redhat.com] - 8.6.0-3
- Rebuild (qt6)
* Sun Mar 16 2025 Alexey Kurov [nucleo@fedoraproject.org] - 8.6.0-2
- new digiKam-8.6.0 tarball
* Sat Mar 15 2025 Alexey Kurov [nucleo@fedoraproject.org] - 8.6.0-1
- digiKam-8.6.0
- use cmake() for Qt6/KF6 BR
* Tue Feb 4 2025 S??rgio Basto [sergio@serjux.com] - 8.5.0-4
- Rebuild for opencv-4.11.0
* Sun Feb 2 2025 S??rgio Basto [sergio@serjux.com] - 8.5.0-3
- Rebuild for jpegxl (libjxl) 0.11.1
* Thu Jan 16 2025 Fedora Release Engineering [releng@fedoraproject.org] - 8.5.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2352588 - digikam-8.6.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2352588
[ 2 ] Bug #2361336 - CVE-2025-43963 digikam: out-of-buffer access [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2361336
[ 3 ] Bug #2361354 - CVE-2025-43964 digikam: Improper Validation of Specified Quantity in Input in LibRaw [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2361354
[ 4 ] Bug #2361372 - CVE-2025-43962 digikam: Out-of-Bounds Read in LibRaw's phase_one_correct Function [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2361372
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-97687e7f68' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
[SECURITY] Fedora 40 Update: icecat-115.22.0-2.rh1.fc40
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-bca38111fc
2025-04-30 01:59:13.913534+00:00
--------------------------------------------------------------------------------
Name : icecat
Product : Fedora 40
Version : 115.22.0
Release : 2.rh1.fc40
URL : http://www.gnu.org/software/gnuzilla/
Summary : GNU version of Firefox browser
Description :
GNU IceCat is the GNU version of the Firefox ESR browser.
Extensions included to this version of IceCat:
* LibreJS
GNU LibreJS aims to address the JavaScript problem described in the article
"The JavaScript Trap" of Richard Stallman.
* JShelter: Mitigates potential threats from JavaScript, including fingerprinting,
tracking, and data collection. Slightly modifies the results of API calls,
differently on different domains, so that the cross-site fingerprint is not
stable. Applies security counter-measures that are likely not to break web pages.
Allows fine-grained control over the restrictions and counter-measures applied
to each domain.
* A set of companion extensions for LibreJS by Nathan Nichols
are pre-installed, and provide workarounds to use some services at USPS,
RSF.org, SumOfUs.org, pay.gov, McDonalds, goteo.org and Google Docs
without using nonfree JavaScript.
* A series of configuration changes and tweaks were applied to ensure that
IceCat does not initiate network connections that the user has not explicitly
requested. This implies not downloading feeds, updates, blacklists or any
other similar data needed during startup.
--------------------------------------------------------------------------------
Update Information:
Rebuild with pregenerated cbindgen
--------------------------------------------------------------------------------
ChangeLog:
* Sun Apr 20 2025 Antonio Trande [sagitter@fedoraproject.org] - 2:115.22.0-2.rh1
- Upload regenerated built-in cbindgen
* Fri Apr 4 2025 Antonio Trande [sagitter@fedoraproject.org] - 2:115.22.0-1.rh1
- Release 115.22.0
* Tue Mar 4 2025 Antonio Trande [sagitter@fedoraproject.org] - 2:115.21.0-1.rh1
- Release 115.21.0
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2357926 - CVE-2025-3416 icecat: rust-openssl Use-After-Free in `Md::fetch` and `Cipher::fetch` [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2357926
[ 2 ] Bug #2357938 - CVE-2025-3416 icecat: rust-openssl Use-After-Free in `Md::fetch` and `Cipher::fetch` [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2357938
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-bca38111fc' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 40 Update: mingw-LibRaw-0.21.4-1.fc40
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-32a9eb17af
2025-04-30 01:59:13.913508+00:00
--------------------------------------------------------------------------------
Name : mingw-LibRaw
Product : Fedora 40
Version : 0.21.4
Release : 1.fc40
URL : http://www.libraw.org
Summary : Library for reading RAW files obtained from digital photo cameras
Description :
MinGW Windows LibRaw library.
--------------------------------------------------------------------------------
Update Information:
Update to LibRaw 0.21.4.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Apr 16 2025 Sandro Mani [manisandro@gmail.com] - 0.21.4-1
- Update to 0.21.4
* Fri Jan 17 2025 Fedora Release Engineering [releng@fedoraproject.org] - 0.21.3-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
* Mon Sep 23 2024 Sandro Mani [manisandro@gmail.com] - 0.21.3-1
- Update to 0.21.3
* Thu Jul 18 2024 Fedora Release Engineering [releng@fedoraproject.org] - 0.21.2-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2361338 - CVE-2025-43963 mingw-LibRaw: out-of-buffer access [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2361338
[ 2 ] Bug #2361343 - CVE-2025-43963 mingw-LibRaw: out-of-buffer access [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2361343
[ 3 ] Bug #2361348 - CVE-2025-43963 mingw-LibRaw: out-of-buffer access [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2361348
[ 4 ] Bug #2361356 - CVE-2025-43964 mingw-LibRaw: Improper Validation of Specified Quantity in Input in LibRaw [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2361356
[ 5 ] Bug #2361361 - CVE-2025-43964 mingw-LibRaw: Improper Validation of Specified Quantity in Input in LibRaw [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2361361
[ 6 ] Bug #2361366 - CVE-2025-43964 mingw-LibRaw: Improper Validation of Specified Quantity in Input in LibRaw [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2361366
[ 7 ] Bug #2361374 - CVE-2025-43962 mingw-LibRaw: Out-of-Bounds Read in LibRaw's phase_one_correct Function [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2361374
[ 8 ] Bug #2361379 - CVE-2025-43962 mingw-LibRaw: Out-of-Bounds Read in LibRaw's phase_one_correct Function [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2361379
[ 9 ] Bug #2361384 - CVE-2025-43962 mingw-LibRaw: Out-of-Bounds Read in LibRaw's phase_one_correct Function [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2361384
[ 10 ] Bug #2361401 - CVE-2025-43961 mingw-LibRaw: Out-of-Bounds Read in Fujifilm 0xf00c Tag Parser in LibRaw [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2361401
[ 11 ] Bug #2361406 - CVE-2025-43961 mingw-LibRaw: Out-of-Bounds Read in Fujifilm 0xf00c Tag Parser in LibRaw [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2361406
[ 12 ] Bug #2361411 - CVE-2025-43961 mingw-LibRaw: Out-of-Bounds Read in Fujifilm 0xf00c Tag Parser in LibRaw [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2361411
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-32a9eb17af' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 40 Update: perl-5.38.4-508.fc40
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-8445f115f6
2025-04-30 01:59:13.913476+00:00
--------------------------------------------------------------------------------
Name : perl
Product : Fedora 40
Version : 5.38.4
Release : 508.fc40
URL : https://www.perl.org/
Summary : Practical Extraction and Report Language
Description :
Perl is a high-level programming language with roots in C, sed, awk and shell
scripting. Perl is good at handling processes and files, and is especially
good at handling text. Perl's hallmarks are practicality and efficiency.
While it is used to do a lot of different things, Perl's most common
applications are system administration utilities and web programming.
This is a metapackage with all the Perl bits and core modules that can be
found in the upstream tarball from perl.org.
If you need only a specific feature, you can install a specific package
instead. E.g. to handle Perl scripts with /usr/bin/perl interpreter,
install perl-interpreter package. See perl-interpreter description for more
details on the Perl decomposition into packages.
--------------------------------------------------------------------------------
Update Information:
Fix CVE-2024-56406
--------------------------------------------------------------------------------
ChangeLog:
* Mon Apr 14 2025 Jitka Plesnikova [jplesnik@redhat.com] - 4:5.38.4-508
- 5.38.4 bump (see ( https://metacpan.org/release/SHAY/perl-5.38.4/view/pod/perldelta.pod) )
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2359474 - CVE-2024-56406 perl: Perl 5.34, 5.36, 5.38 and 5.40 are vulnerable to a heap buffer overflow when transliterating non-ASCII bytes [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2359474
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-8445f115f6' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 40 Update: perl-Devel-Cover-1.40-9.fc40
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-8445f115f6
2025-04-30 01:59:13.913476+00:00
--------------------------------------------------------------------------------
Name : perl-Devel-Cover
Product : Fedora 40
Version : 1.40
Release : 9.fc40
URL : https://metacpan.org/release/Devel-Cover
Summary : Code coverage metrics for Perl
Description :
This module provides code coverage metrics for Perl. Code coverage metrics
describe how thoroughly tests exercise code. By using Devel::Cover you can
discover areas of code not exercised by your tests and determine which
tests to create to increase coverage. Code coverage can be considered as an
indirect measure of quality.
--------------------------------------------------------------------------------
Update Information:
Fix CVE-2024-56406
--------------------------------------------------------------------------------
ChangeLog:
* Tue Apr 15 2025 Jitka Plesnikova [jplesnik@redhat.com] - 1.40-9
- Rebuild for Perl 5.38.4
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2359474 - CVE-2024-56406 perl: Perl 5.34, 5.36, 5.38 and 5.40 are vulnerable to a heap buffer overflow when transliterating non-ASCII bytes [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2359474
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-8445f115f6' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 40 Update: perl-PAR-Packer-1.063-3.fc40
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-8445f115f6
2025-04-30 01:59:13.913476+00:00
--------------------------------------------------------------------------------
Name : perl-PAR-Packer
Product : Fedora 40
Version : 1.063
Release : 3.fc40
URL : https://metacpan.org/release/PAR-Packer
Summary : PAR Packager
Description :
This module implements the App::Packer::Backend interface, for generating
stand-alone executables, perl scripts and PAR files.
--------------------------------------------------------------------------------
Update Information:
Fix CVE-2024-56406
--------------------------------------------------------------------------------
ChangeLog:
* Tue Apr 15 2025 Jitka Plesnikova [jplesnik@redhat.com] - 1.063-3
- Rebuild for Perl 5.38.4
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2359474 - CVE-2024-56406 perl: Perl 5.34, 5.36, 5.38 and 5.40 are vulnerable to a heap buffer overflow when transliterating non-ASCII bytes [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2359474
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-8445f115f6' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 41 Update: digikam-8.6.0-4.fc41
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-5bbbb2df79
2025-04-30 01:36:38.945513+00:00
--------------------------------------------------------------------------------
Name : digikam
Product : Fedora 41
Version : 8.6.0
Release : 4.fc41
URL : http://www.digikam.org/
Summary : A digital camera accessing & photo management application
Description :
digiKam is an easy to use and powerful digital photo management application,
which makes importing, organizing and manipulating digital photos a "snap".
An easy to use interface is provided to connect to your digital camera,
preview the images and download and/or delete them.
digiKam built-in image editor makes the common photo correction a simple task.
--------------------------------------------------------------------------------
Update Information:
update internal Libraw to 2025/03/17 snapshot
--------------------------------------------------------------------------------
ChangeLog:
* Mon Apr 21 2025 Alexey Kurov [nucleo@fedoraproject.org] - 8.6.0-4
- update internal Libraw to 2025/03/17 snapshot
* Tue Mar 25 2025 Jan Grulich [jgrulich@redhat.com] - 8.6.0-3
- Rebuild (qt6)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2361341 - CVE-2025-43963 digikam: out-of-buffer access [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2361341
[ 2 ] Bug #2361359 - CVE-2025-43964 digikam: Improper Validation of Specified Quantity in Input in LibRaw [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2361359
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-5bbbb2df79' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 41 Update: icecat-115.22.0-2.rh1.fc41
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-883816b756
2025-04-30 01:36:38.945450+00:00
--------------------------------------------------------------------------------
Name : icecat
Product : Fedora 41
Version : 115.22.0
Release : 2.rh1.fc41
URL : http://www.gnu.org/software/gnuzilla/
Summary : GNU version of Firefox browser
Description :
GNU IceCat is the GNU version of the Firefox ESR browser.
Extensions included to this version of IceCat:
* LibreJS
GNU LibreJS aims to address the JavaScript problem described in the article
"The JavaScript Trap" of Richard Stallman.
* JShelter: Mitigates potential threats from JavaScript, including fingerprinting,
tracking, and data collection. Slightly modifies the results of API calls,
differently on different domains, so that the cross-site fingerprint is not
stable. Applies security counter-measures that are likely not to break web pages.
Allows fine-grained control over the restrictions and counter-measures applied
to each domain.
* A set of companion extensions for LibreJS by Nathan Nichols
are pre-installed, and provide workarounds to use some services at USPS,
RSF.org, SumOfUs.org, pay.gov, McDonalds, goteo.org and Google Docs
without using nonfree JavaScript.
* A series of configuration changes and tweaks were applied to ensure that
IceCat does not initiate network connections that the user has not explicitly
requested. This implies not downloading feeds, updates, blacklists or any
other similar data needed during startup.
--------------------------------------------------------------------------------
Update Information:
Rebuild with pregenerated cbindgen
--------------------------------------------------------------------------------
ChangeLog:
* Sun Apr 20 2025 Antonio Trande [sagitter@fedoraproject.org] - 2:115.22.0-2.rh1
- Upload regenerated built-in cbindgen
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2357926 - CVE-2025-3416 icecat: rust-openssl Use-After-Free in `Md::fetch` and `Cipher::fetch` [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2357926
[ 2 ] Bug #2357938 - CVE-2025-3416 icecat: rust-openssl Use-After-Free in `Md::fetch` and `Cipher::fetch` [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2357938
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-883816b756' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 41 Update: mingw-LibRaw-0.21.4-1.fc41
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-e7dea91428
2025-04-30 01:36:38.945390+00:00
--------------------------------------------------------------------------------
Name : mingw-LibRaw
Product : Fedora 41
Version : 0.21.4
Release : 1.fc41
URL : http://www.libraw.org
Summary : Library for reading RAW files obtained from digital photo cameras
Description :
MinGW Windows LibRaw library.
--------------------------------------------------------------------------------
Update Information:
Update to LibRaw 0.21.4.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Apr 16 2025 Sandro Mani [manisandro@gmail.com] - 0.21.4-1
- Update to 0.21.4
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2361338 - CVE-2025-43963 mingw-LibRaw: out-of-buffer access [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2361338
[ 2 ] Bug #2361343 - CVE-2025-43963 mingw-LibRaw: out-of-buffer access [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2361343
[ 3 ] Bug #2361348 - CVE-2025-43963 mingw-LibRaw: out-of-buffer access [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2361348
[ 4 ] Bug #2361356 - CVE-2025-43964 mingw-LibRaw: Improper Validation of Specified Quantity in Input in LibRaw [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2361356
[ 5 ] Bug #2361361 - CVE-2025-43964 mingw-LibRaw: Improper Validation of Specified Quantity in Input in LibRaw [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2361361
[ 6 ] Bug #2361366 - CVE-2025-43964 mingw-LibRaw: Improper Validation of Specified Quantity in Input in LibRaw [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2361366
[ 7 ] Bug #2361374 - CVE-2025-43962 mingw-LibRaw: Out-of-Bounds Read in LibRaw's phase_one_correct Function [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2361374
[ 8 ] Bug #2361379 - CVE-2025-43962 mingw-LibRaw: Out-of-Bounds Read in LibRaw's phase_one_correct Function [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2361379
[ 9 ] Bug #2361384 - CVE-2025-43962 mingw-LibRaw: Out-of-Bounds Read in LibRaw's phase_one_correct Function [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2361384
[ 10 ] Bug #2361401 - CVE-2025-43961 mingw-LibRaw: Out-of-Bounds Read in Fujifilm 0xf00c Tag Parser in LibRaw [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2361401
[ 11 ] Bug #2361406 - CVE-2025-43961 mingw-LibRaw: Out-of-Bounds Read in Fujifilm 0xf00c Tag Parser in LibRaw [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2361406
[ 12 ] Bug #2361411 - CVE-2025-43961 mingw-LibRaw: Out-of-Bounds Read in Fujifilm 0xf00c Tag Parser in LibRaw [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2361411
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-e7dea91428' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 42 Update: digikam-8.6.0-4.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-1c1e378468
2025-04-29 20:37:25.511200+00:00
--------------------------------------------------------------------------------
Name : digikam
Product : Fedora 42
Version : 8.6.0
Release : 4.fc42
URL : http://www.digikam.org/
Summary : A digital camera accessing & photo management application
Description :
digiKam is an easy to use and powerful digital photo management application,
which makes importing, organizing and manipulating digital photos a "snap".
An easy to use interface is provided to connect to your digital camera,
preview the images and download and/or delete them.
digiKam built-in image editor makes the common photo correction a simple task.
--------------------------------------------------------------------------------
Update Information:
update internal Libraw to 2025/03/17 snapshot
--------------------------------------------------------------------------------
ChangeLog:
* Mon Apr 21 2025 Alexey Kurov [nucleo@fedoraproject.org] - 8.6.0-4
- update internal Libraw to 2025/03/17 snapshot
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2361346 - CVE-2025-43963 digikam: out-of-buffer access [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2361346
[ 2 ] Bug #2361364 - CVE-2025-43964 digikam: Improper Validation of Specified Quantity in Input in LibRaw [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2361364
[ 3 ] Bug #2361382 - CVE-2025-43962 digikam: Out-of-Bounds Read in LibRaw's phase_one_correct Function [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2361382
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-1c1e378468' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 42 Update: icecat-115.22.0-2.rh1.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-17f64d2c4d
2025-04-29 20:37:25.511152+00:00
--------------------------------------------------------------------------------
Name : icecat
Product : Fedora 42
Version : 115.22.0
Release : 2.rh1.fc42
URL : http://www.gnu.org/software/gnuzilla/
Summary : GNU version of Firefox browser
Description :
GNU IceCat is the GNU version of the Firefox ESR browser.
Extensions included to this version of IceCat:
* LibreJS
GNU LibreJS aims to address the JavaScript problem described in the article
"The JavaScript Trap" of Richard Stallman.
* JShelter: Mitigates potential threats from JavaScript, including fingerprinting,
tracking, and data collection. Slightly modifies the results of API calls,
differently on different domains, so that the cross-site fingerprint is not
stable. Applies security counter-measures that are likely not to break web pages.
Allows fine-grained control over the restrictions and counter-measures applied
to each domain.
* A set of companion extensions for LibreJS by Nathan Nichols
are pre-installed, and provide workarounds to use some services at USPS,
RSF.org, SumOfUs.org, pay.gov, McDonalds, goteo.org and Google Docs
without using nonfree JavaScript.
* A series of configuration changes and tweaks were applied to ensure that
IceCat does not initiate network connections that the user has not explicitly
requested. This implies not downloading feeds, updates, blacklists or any
other similar data needed during startup.
--------------------------------------------------------------------------------
Update Information:
Rebuild with pregenerated cbindgen
--------------------------------------------------------------------------------
ChangeLog:
* Sun Apr 20 2025 Antonio Trande [sagitter@fedoraproject.org] - 2:115.22.0-2.rh1
- Upload regenerated built-in cbindgen
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2357926 - CVE-2025-3416 icecat: rust-openssl Use-After-Free in `Md::fetch` and `Cipher::fetch` [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2357926
[ 2 ] Bug #2357938 - CVE-2025-3416 icecat: rust-openssl Use-After-Free in `Md::fetch` and `Cipher::fetch` [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2357938
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-17f64d2c4d' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 42 Update: mingw-LibRaw-0.21.4-1.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-caed275f11
2025-04-29 20:37:25.511077+00:00
--------------------------------------------------------------------------------
Name : mingw-LibRaw
Product : Fedora 42
Version : 0.21.4
Release : 1.fc42
URL : http://www.libraw.org
Summary : Library for reading RAW files obtained from digital photo cameras
Description :
MinGW Windows LibRaw library.
--------------------------------------------------------------------------------
Update Information:
Update to LibRaw 0.21.4.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Apr 16 2025 Sandro Mani [manisandro@gmail.com] - 0.21.4-1
- Update to 0.21.4
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2361338 - CVE-2025-43963 mingw-LibRaw: out-of-buffer access [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2361338
[ 2 ] Bug #2361343 - CVE-2025-43963 mingw-LibRaw: out-of-buffer access [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2361343
[ 3 ] Bug #2361348 - CVE-2025-43963 mingw-LibRaw: out-of-buffer access [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2361348
[ 4 ] Bug #2361356 - CVE-2025-43964 mingw-LibRaw: Improper Validation of Specified Quantity in Input in LibRaw [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2361356
[ 5 ] Bug #2361361 - CVE-2025-43964 mingw-LibRaw: Improper Validation of Specified Quantity in Input in LibRaw [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2361361
[ 6 ] Bug #2361366 - CVE-2025-43964 mingw-LibRaw: Improper Validation of Specified Quantity in Input in LibRaw [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2361366
[ 7 ] Bug #2361374 - CVE-2025-43962 mingw-LibRaw: Out-of-Bounds Read in LibRaw's phase_one_correct Function [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2361374
[ 8 ] Bug #2361379 - CVE-2025-43962 mingw-LibRaw: Out-of-Bounds Read in LibRaw's phase_one_correct Function [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2361379
[ 9 ] Bug #2361384 - CVE-2025-43962 mingw-LibRaw: Out-of-Bounds Read in LibRaw's phase_one_correct Function [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2361384
[ 10 ] Bug #2361401 - CVE-2025-43961 mingw-LibRaw: Out-of-Bounds Read in Fujifilm 0xf00c Tag Parser in LibRaw [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2361401
[ 11 ] Bug #2361406 - CVE-2025-43961 mingw-LibRaw: Out-of-Bounds Read in Fujifilm 0xf00c Tag Parser in LibRaw [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2361406
[ 12 ] Bug #2361411 - CVE-2025-43961 mingw-LibRaw: Out-of-Bounds Read in Fujifilm 0xf00c Tag Parser in LibRaw [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2361411
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-caed275f11' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
