Fedora 40 Update: webkit2gtk4.0-2.46.5-1.fc40
Fedora 40 Update: SDL2_sound-2.0.4-1.fc40
Fedora 41 Update: webkit2gtk4.0-2.46.5-1.fc41
Fedora 41 Update: SDL2_sound-2.0.4-1.fc41
[SECURITY] Fedora 40 Update: webkit2gtk4.0-2.46.5-1.fc40
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-e45eecf53a
2025-01-23 01:48:21.863998+00:00
--------------------------------------------------------------------------------
Name : webkit2gtk4.0
Product : Fedora 40
Version : 2.46.5
Release : 1.fc40
URL : https://www.webkitgtk.org/
Summary : WebKitGTK for GTK 3 and libsoup 2
Description :
WebKitGTK is the port of the WebKit web rendering engine to the
GTK platform. This package contains WebKitGTK for GTK 3 and libsoup 2.
--------------------------------------------------------------------------------
Update Information:
Update to 2.46.5
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jan 14 2025 Pete Walter [pwalter@fedoraproject.org] - 2.46.5-1
- Update to 2.46.5
* Sun Dec 1 2024 Mamoru TASAKA [mtasaka@fedoraproject.org] - 2.46.3-2
- Add BR: rubygem(getoptlong) explicitly for ruby3.4
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2333929 - CVE-2024-54479 webkit2gtk4.0: Processing maliciously crafted web content may lead to an unexpected process crash [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2333929
[ 2 ] Bug #2333930 - CVE-2024-54479 webkit2gtk4.0: Processing maliciously crafted web content may lead to an unexpected process crash [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2333930
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-e45eecf53a' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 40 Update: SDL2_sound-2.0.4-1.fc40
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-5ef10f8485
2025-01-23 01:48:21.863963+00:00
--------------------------------------------------------------------------------
Name : SDL2_sound
Product : Fedora 40
Version : 2.0.4
Release : 1.fc40
URL : http://www.icculus.org/SDL_sound
Summary : An abstract soundfile decoder library
Description :
SDL_sound is a library that handles the decoding of several popular sound
file formats, such as .WAV and .OGG. It is meant to make the programmer's
sound playback tasks simpler. The programmer gives SDL_sound a filename,
or feeds it data directly from one of many sources, and then reads the
decoded waveform data back at her leisure. If resource constraints are a
concern, SDL_sound can process sound data in programmer-specified blocks.
Alternately, SDL_sound can decode a whole sound file and hand back a
single pointer to the whole waveform. SDL_sound can also handle sample
rate, audio format, and channel conversion on-the-fly and
behind-the-scenes, if the programmer desires.
--------------------------------------------------------------------------------
Update Information:
Latest stable release from upstream. Changelog:
https://github.com/icculus/SDL_sound/releases/tag/v2.0.4 . NOTE: dr_libs are
unbundled.
Fixes:
CVE-2023-45676: Multi-byte write heap buffer overflow in start_decoder()
CVE-2023-45677: Heap buffer out of bounds write in start_decoder()
CVE-2023-45679: Attempt to free an uninitialized memory pointer in
vorbis_deinit()
CVE-2023-45680: Null pointer dereference in vorbis_deinit()
CVE-2023-45679: Attempt to free an uninitialized memory pointer in
vorbis_deinit()
CVE-2023-45680: Null pointer dereference in vorbis_deinit()
CVE-2023-45682: Wild address read in vorbis_decode_packet_rest()
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jan 14 2025 Dominik Mierzejewski [dominik@greysector.net] - 2.0.4-1
- update to 2.0.4 (resolves rhbz#2337428)
- correct License tag after review
* Tue Dec 17 2024 Benjamin A. Beasley [code@musicinmybrain.net] - 2.0.2-6
- Unbundle dr_flac and dr_mp3
* Wed Sep 4 2024 Miroslav Suchý [msuchy@redhat.com] - 2.0.2-5
- convert license to SPDX
* Wed Jul 17 2024 Fedora Release Engineering [releng@fedoraproject.org] - 2.0.2-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2337428 - SDL2_sound-2.0.4 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2337428
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-5ef10f8485' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
[SECURITY] Fedora 41 Update: webkit2gtk4.0-2.46.5-1.fc41
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-0cb4a35438
2025-01-23 01:42:51.098983+00:00
--------------------------------------------------------------------------------
Name : webkit2gtk4.0
Product : Fedora 41
Version : 2.46.5
Release : 1.fc41
URL : https://www.webkitgtk.org/
Summary : WebKitGTK for GTK 3 and libsoup 2
Description :
WebKitGTK is the port of the WebKit web rendering engine to the
GTK platform. This package contains WebKitGTK for GTK 3 and libsoup 2.
--------------------------------------------------------------------------------
Update Information:
Update to 2.46.5
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jan 14 2025 Pete Walter [pwalter@fedoraproject.org] - 2.46.5-1
- Update to 2.46.5
* Sun Dec 1 2024 Mamoru TASAKA [mtasaka@fedoraproject.org] - 2.46.3-2
- Add BR: rubygem(getoptlong) explicitly for ruby3.4
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2333929 - CVE-2024-54479 webkit2gtk4.0: Processing maliciously crafted web content may lead to an unexpected process crash [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2333929
[ 2 ] Bug #2333930 - CVE-2024-54479 webkit2gtk4.0: Processing maliciously crafted web content may lead to an unexpected process crash [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2333930
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-0cb4a35438' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 41 Update: SDL2_sound-2.0.4-1.fc41
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-82714dbb22
2025-01-23 01:42:51.098935+00:00
--------------------------------------------------------------------------------
Name : SDL2_sound
Product : Fedora 41
Version : 2.0.4
Release : 1.fc41
URL : http://www.icculus.org/SDL_sound
Summary : An abstract soundfile decoder library
Description :
SDL_sound is a library that handles the decoding of several popular sound
file formats, such as .WAV and .OGG. It is meant to make the programmer's
sound playback tasks simpler. The programmer gives SDL_sound a filename,
or feeds it data directly from one of many sources, and then reads the
decoded waveform data back at her leisure. If resource constraints are a
concern, SDL_sound can process sound data in programmer-specified blocks.
Alternately, SDL_sound can decode a whole sound file and hand back a
single pointer to the whole waveform. SDL_sound can also handle sample
rate, audio format, and channel conversion on-the-fly and
behind-the-scenes, if the programmer desires.
--------------------------------------------------------------------------------
Update Information:
Latest stable release from upstream. Changelog:
https://github.com/icculus/SDL_sound/releases/tag/v2.0.4 . NOTE: dr_libs are
unbundled.
Fixes:
CVE-2023-45676: Multi-byte write heap buffer overflow in start_decoder()
CVE-2023-45677: Heap buffer out of bounds write in start_decoder()
CVE-2023-45679: Attempt to free an uninitialized memory pointer in
vorbis_deinit()
CVE-2023-45680: Null pointer dereference in vorbis_deinit()
CVE-2023-45679: Attempt to free an uninitialized memory pointer in
vorbis_deinit()
CVE-2023-45680: Null pointer dereference in vorbis_deinit()
CVE-2023-45682: Wild address read in vorbis_decode_packet_rest()
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jan 14 2025 Dominik Mierzejewski [dominik@greysector.net] - 2.0.4-1
- update to 2.0.4 (resolves rhbz#2337428)
- correct License tag after review
* Tue Dec 17 2024 Benjamin A. Beasley [code@musicinmybrain.net] - 2.0.2-6
- Unbundle dr_flac and dr_mp3
* Wed Sep 4 2024 Miroslav Suchý [msuchy@redhat.com] - 2.0.2-5
- convert license to SPDX
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2337428 - SDL2_sound-2.0.4 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2337428
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-82714dbb22' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------