The updated packages fix a security vulnerability: MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip4_64 via a long filename, comment, or extra field. (CVE-2023-45853)
The updated packages fix a security vulnerability: GNOME Shell's lock screen allows an unauthenticated local user to view windows of the locked desktop session by using keyboard shortcuts to unlock the restricted functionality of the screenshot tool.
Add upstream patch to fix CVE-2022-33065 References: - https://bugs.mageia.org/show_bug.cgi?id=32480 - https://lwn.net/Articles/949598/
The updated packages fix security vulnerabilities: Queued up rendering could have allowed websites to clickjack. (CVE-2023-5721)
The updated packages fix security vulnerabilities: Queued up rendering could have allowed websites to clickjack. (CVE-2023-5721)
The updated packages fix security vulnerabilities: OOB write in XIChangeDeviceProperty/RRChangeOutputProperty. (CVE-2023-5367)
The chromium-browser-stable package has been updated to the 118.0.5993.117 release, fixing bugs and 3 vulnerabilities, together with 118.0.5993.88; some of them are listed below: High CVE-2023-5472: Use after free in Profiles.
The updated packages fix security vulnerabilities: NULL Pointer Dereference in GitHub repository vim/vim prior to 20d161ace307e28690229b68584f2d84556f8960. (CVE-2023-5441)
Apache has been updated to version 2.4.58 to fix several security issues. CVE-2023-45802: Apache HTTP Server: HTTP/2 stream memory not reclaimed right away on RST (cve.mitre.org)
