Some SQL injections via table names and parameters were fixed. References: - https://bugs.mageia.org/show_bug.cgi?id=26372 - https://www.phpmyadmin.net/news/2020/3/21/phpmyadmin-495-and-502-are-released/
Multiple flaws were found in the way Chromium 80.0.3987.122 processes various types of web content, where loading a web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information. (CVE-2020-6420, CVE-2020-6422, CVE-2020-6424, CVE-2020-6425, CVE-2020-6426, CVE-2020-6427,
Updated sympa packages fix security vulnerability: Sympa 6.2.38 through 6.2.52 allows remote attackers to cause a denial of service (disk consumption from temporary files, and a flood of notifications to listmasters) via a series of requests with malformed
Updated okular packages fix security vulnerability: Okular can be tricked into executing local binaries via specially crafted PDF files. This binary execution can require almost no user interaction. No parameters can be passed to those local binaries (CVE-2020-9359).
Updated sleuthkit packages fix security vulnerability: In version 4.8.0 and earlier of The Sleuth Kit (TSK), there is a stack buffer overflow vulnerability in the YAFFS file timestamp parsing logic in yaffsfs_istat() in fs/yaffs.c (CVE-2020-10232).