SUSE-CU-2023:428-1: Security update of bci/dotnet-aspnet
sle-security-updates at lists.suse.com
sle-security-updates at lists.suse.com
Wed Feb 22 08:03:55 UTC 2023
SUSE Container Update Advisory: bci/dotnet-aspnet
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2023:428-1
Container Tags : bci/dotnet-aspnet:6.0 , bci/dotnet-aspnet:6.0-29.1 , bci/dotnet-aspnet:6.0.14 , bci/dotnet-aspnet:6.0.14-29.1
Container Release : 29.1
Severity : moderate
Type : security
References : 1041090 1049382 1116658 1136234 1155141 1173404 1173409 1173410
1173471 1174465 1176547 1177955 1178807 1178943 1178944 1179025
1179203 1181122 1181644 1181872 1182790 1193951 CVE-2020-21913
-----------------------------------------------------------------
The container bci/dotnet-aspnet was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:927-1
Released: Tue Mar 23 14:07:06 2021
Summary: Recommended update for libreoffice
Type: recommended
Severity: moderate
References: 1041090,1049382,1116658,1136234,1155141,1173404,1173409,1173410,1173471,1174465,1176547,1177955,1178807,1178943,1178944,1179025,1179203,1181122,1181644,1181872,1182790
This update for libreoffice provides the upgrade from version 6.4.5.2 to 7.1.1.2 (jsc#ECO-3150, bsc#1182790)
libreoffice:
- Image shown with different aspect ratio (bsc#1176547)
- Text changes are reproducibly lost on PPTX with SmartArt (bsc#1181644)
- Adjust to new Box2D and enable KDE on SUSE Linux Enterprise 15-SP3 or newer (jsc#ECO-3375)
- Wrong bullet points in Impress (bsc#1174465)
- SmartArt: text wrongly aligned, background boxes not quite right (bsc#1177955)
- Update the SUSE color palette to reflect the new SUSE branding. (bsc#1181122, bsc#1173471)
- SUSE Mint
- SUSE Midnight Blue
- SUSE Waterhole Blue
- SUSE Persimmon
- Fix a crash opening a PPTX. (bsc#1179025)
- Fix text box from PowerPoint renders vertically instead of horizontally (bsc#1178807)
- Shadow effects for table completely missing (bsc#1178944, bsc#1178943)
- Disable firebird integration for the time being (bsc#1179203)
- Fixes hang on Writer on scrolling/saving of a document (bsc#1136234)
- Wrong rendering of bulleted lists in PPTX document (bsc#1155141)
- Sidebar: paragraph widget: numeric fields become inactive/unaccessible after saving (bsc#1173404)
- Crash of Writer opening any document having 'invalid' python file in home directory (bsc#1116658)
libixion:
Update to 0.16.1:
- fixed a build issue on 32-bit linux platforms, caused by slicing of integer string ID values.
- worked around floating point rounding errors which prevented two theoretically-equal numeric values from being
evaluated as equal in test code.
- added new function to allow printing of single formula tokens.
- added method for setting cached results on formula cells in model_context.
- changed the model_context design to ensure that all sheets are of the same size.
- added an accessor method to formula_model_access interface (and implicitly in model_context) that directly returns
a string value from cell.
- added cell_access class for querying of cell states without knowing its type ahead of time.
- added document class which provides a layer on top of model_context, to abstract away the handling of formula
calculations.
- deprecated model_context::erase_cell() in favor of empty_cell().
- added support for 3D references - references that contain multiple sheets.
- added support for the exponent (^) and concatenation (&) operators.
- fixed incorrect handling of range references containing whole columns such as A:A.
- added support for unordered range references - range references whose start row or column is greater than
their end position counterparts, such as A3:A1.
- fixed a bug that prevented nested formula functions from working properly.
- implemented Calc A1 style reference resolver.
- formula results now directly store the string values when the results are of string type.
They previously stored string ID values after interning the original strings.
- Removed build-time dependency on spdlog.
libmwaw:
Update to 0.3.17:
- add a parser for Jazz(Lotus) writer and spreasheet files. The writer parser can only be called if the file
still contains its resource fork
- add a parser for Canvas 3 and 3.5 files
- AppleWorks parser: try to retrieve more Windows presentation
- add a parser for Drawing Table files
- add a parser for Canvas 2 files
- API: add new reserved enums in MWAWDocument.hxx `MWAW_T_RESERVED10..MWAW_T_RESERVED29`
and add a new define in libmwaw.hxx `MWAW_INTERFACE_VERSION` to check if these enums are defined
- remove the QuarkXPress parser (must be in libqxp)
- retrieve the annotation in MsWord 5 document
- try to better understand RagTime 5-6 document
libnumbertext:
Update to 1.0.6
liborcus:
Update to 0.16.1
- Add upstream changes to fix build with GCC 11 (bsc#1181872)
libstaroffice:
Update to 0.0.7:
- fix `text:sender-lastname` when creating meta-data
libwps:
Update to 0.4.11:
- XYWrite: add a parser to .fil v2 and v4 files
- wks,wk1: correct some problems when retrieving cell's reference.
glfw:
New package provided on version 3.3.2:
- See also: https://www.glfw.org/changelog.html
- Sort list of input files to geany for reproducible builds (bsc#1049382, bsc#1041090)
* Require pkgconfig(gl) for the devel package to supply needed include GL/gl.h
* glfwFocusWindow could terminate on older WMs or without a WM
* Creating an undecorated window could fail with BadMatch
* Querying a disconnected monitor could segfault
* Video modes with a duplicate screen area were discarded
* The CMake files did not check for the XInput headers
* Key names were not updated when the keyboard layout changed
* Decorations could not be enabled after window creation
* Content scale fallback value could be inconsistent
* Disabled cursor mode was interrupted by indicator windows
* Monitor physical dimensions could be reported as zero mm
* Window position events were not emitted during resizing
* Added on-demand loading of Vulkan and context creation API libraries
* [X11] Bugfix: Window size limits were ignored if the minimum or maximum size was
set to `GLFW_DONT_CARE`
* [X11] Bugfix: Input focus was set before window was visible,
causing BadMatch on some non-reparenting WMs
* [X11] Bugfix: glfwGetWindowPos and glfwSetWindowPos operated on
the window frame instead of the client area
* [WGL] Added reporting of errors from `WGL_ARB_create_context` extension
* [EGL] Added lib prefix matching between EGL and OpenGL ES library binaries
* [EGL] Bugfix: Dynamically loaded entry points were not verified
- Made build of geany-tags optional.
Box2D:
New package provided on version 2.4.1:
* Extended distance joint to have a minimum and maximum limit.
* `B2_USER_SETTINGS` and `b2_user_settings.h` can control user
data, length units, and maximum polygon vertices.
* Default user data is now uintptr_t instead of void*
* b2FixtureDef::restitutionThreshold lets you set the
restitution velocity threshold per fixture.
* Collision
* Chain and edge shape must now be one-sided to eliminate ghost
collisions
* Broad-phase optimizations
* Added b2ShapeCast for linear shape casting
* Dynamics
* Joint limits are now predictive and not stateful
* Experimental 2D cloth (rope)
* b2Body::SetActive -> b2Body::SetEnabled
* Better support for running multiple worlds
* Handle zero density better
* The body behaves like a static body
* The body is drawn with a red color
* Added translation limit to wheel joint
* World dump now writes to box2d_dump.inl
* Static bodies are never awake
* All joints with spring-dampers now use stiffness and damping
* Added utility functions to convert frequency and damping
ratio to stiffness and damping
* Polygon creation now computes the convex hull.
* The convex hull code will merge vertices closer than dm_linearSlop.
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3142-1
Released: Wed Sep 7 09:54:18 2022
Summary: Security update for icu
Type: security
Severity: moderate
References: 1193951,CVE-2020-21913
This update for icu fixes the following issues:
- CVE-2020-21913: Fixed a memory safetey issue that could lead to use
after free (bsc#1193951).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:464-1
Released: Mon Feb 20 18:11:37 2023
Summary: Recommended update for systemd
Type: recommended
Severity: moderate
References:
This update for systemd fixes the following issues:
- Merge of v249.15
- Drop workaround related to systemd-timesyncd that addressed a Factory issue.
- Conditionalize the use of /lib/modprobe.d only on systems with split usr
support enabled (i.e. SLE).
- Make use of the %systemd_* rpm macros consistently. Using the upstream
variants will ease the backports of Factory changes to SLE since Factory
systemd uses the upstream variants exclusively.
- machines.target belongs to systemd-container, do its init/cleanup steps from
the scriptlets of this sub-package.
- Make sure we apply the presets on units shipped by systemd package.
- systemd-testsuite: move the integration tests in a dedicated sub directory.
- Move systemd-cryptenroll into udev package.
The following package changes have been done:
- libsystemd0-249.15-150400.8.22.1 updated
- libicu65_1-ledata-65.1-150200.4.5.1 added
- libicu-suse65_1-65.1-150200.4.5.1 added
- container:sles15-image-15.0.0-27.14.36 updated
- libicu69-69.1-7.3.2 removed
- libicu69-ledata-69.1-7.3.2 removed
More information about the sle-security-updates
mailing list