Mageia 2022-0019: thunderbird security update

data:image/svg+xml,%3Csvg%20xmlns=%22https://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

It was possible to construct specific XSLT markup that would be able to bypass an iframe sandbox (CVE-2021-4140). Constructing audio sinks could have lead to a race condition when playing audio files and closing windows. This could have lead to a use-after-free

Mageia 2022-0018: perl-CPAN security update

data:image/svg+xml,%3Csvg%20xmlns=%22https://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

CPAN 2.28 allows Signature Verification Bypass. (CVE-2020-16156) References: - https://bugs.mageia.org/show_bug.cgi?id=29878 - https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./thread/SZ32AJIV4RHJMLWLU5QULGKMMIHYOMDC/

Mageia 2022-0011: python-django security update

data:image/svg+xml,%3Csvg%20xmlns=%22https://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

UserAttributeSimilarityValidator incurred significant overhead evaluating submitted password that were artificially large in relative to the comparison values. On the assumption that access to user registration was unrestricted this provided a potential vector for a denial-of-service attack. (CVE-2021-45115)