ANNOUNCE: ristretto 0.12.1 released

ristretto 0.12.1 is now available for download from
archive.xfce.org/src/apps/ristretto/0.12/ristretto-0.12.1.tar.bz2 archive.xfce.org/src/apps/ristretto/0.12/ristretto-0.12.1.tar.bz2?sha1 archive.xfce.org/src/apps/ristretto/0.12/ristretto-0.12.1.tar.bz2?sha256
What is ristretto? ==================
Ristretto is an image-viewer for the Xfce desktop environment.
Website: docs.xfce.org/apps/ristretto/start
Release notes for 0.12.1 ======================== – Dependency Changes: – GLib >= 2.44.0
– Performance Improvement: – Optimize sorting by content type – Load images asynchronously (#16, #29, #32, !34) – Increase image loading buffer size (!34)
– Appearance Changes: – Allow to display all files in the open dialog (!33)
– Code Refactoring: – Rework the file opening procedure (!33)
– Bug Fixes: – Fix a memory leak when closing the window directly – Refactoring: Clarify thumbnailer queue management – Thumbnailer: Do not empty an unprocessed file list – Update window title on image deletion or insertion – Perform content-based filtering wherever necessary – Set device scale for animated images – Properly recognize SVG compressed image files – Use the generic pixbuf loader for RAW image files – Fix pointer behavior in fullscreen mode – Icon bar: Properly highlight item under the cursor – Icon bar: Center on the active item for any size change – Fix regression: Exif orientation is not respected (#69) – Do not try to load images whose pixbuf is not available (!34) – Fix memory management of image loading objects (!34) – Use URIs instead of filenames in the `.desktop` file (#49) – Directory loading: Allow to load a directory via the cli – Flatpak: Access remote locations with GVfs – Directory loading: Fix improper use of GFileEnumerator APIs (#68)
– Translation Updates: Albanian, Arabic, Armenian (Armenia), Basque, Belarusian, Bulgarian, Catalan, Chinese (China), Chinese (Taiwan), Croatian, Czech, Danish, Dutch, Eastern Armenian, English (Australia), English (United Kingdom), Estonian, Finnish, French, Galician, German, Greek, Hebrew, Hungarian, Icelandic, Indonesian, Interlingue, Italian, Japanese, Kazakh, Korean, Lithuanian, Malay, Norwegian Bokmål, Occitan (post 1500), Polish, Portuguese, Portuguese (Brazil), Romanian, Russian, Serbian, Slovak, Slovenian, Spanish, Swedish, Thai, Turkish, Ukrainian, Uyghur _______________________________________________ Xfce-announce mailing list Xfce-announce@xfce.org mail.xfce.org/mailman/listinfo/xfce-announce

ANNOUNCE: mousepad 0.5.8 released

mousepad 0.5.8 is now available for download from
archive.xfce.org/src/apps/mousepad/0.5/mousepad-0.5.8.tar.bz2 archive.xfce.org/src/apps/mousepad/0.5/mousepad-0.5.8.tar.bz2?sha1 archive.xfce.org/src/apps/mousepad/0.5/mousepad-0.5.8.tar.bz2?sha256
What is mousepad? =================
A simple text editor for Xfce.
Website: docs.xfce.org/apps/mousepad/
Release notes for 0.5.8 ======================= – Bug Fixes: – Revert “Chain-up to parent in `mousepad_window_scroll_event()`” (#150) – Search: Fix a memory leak – Search: Remove obsolete workaround for the document finalization – Drop restrictions on URI scheme – Update `POTFILES.in` – Printing: Remove the “Page Setup” dialog (#148) – Flatpak: Complete scripts – Flatpak: Access remote locations with GVfs – Search: Fix the history cleanup – Search: Prevent GTask warnings when replacing text – Search: Ensure settings synchronization before searching – Fix translation domain in Appdata file – flatpak: Update README – flatpak: Add generic manifest and basic scripts
– Translation Updates: Albanian, Arabic, Armenian (Armenia), Basque, Belarusian, Bulgarian, Catalan, Chinese (China), Chinese (Taiwan), Croatian, Czech, Danish, Dutch, Eastern Armenian, English (Australia), English (United Kingdom), Estonian, Finnish, French, Galician, German, Greek, Hebrew, Hungarian, Icelandic, Indonesian, Interlingue, Italian, Japanese, Kazakh, Korean, Lithuanian, Malay, Norwegian Bokmål, Occitan (post 1500), Persian (Iran), Polish, Portuguese, Portuguese (Brazil), Romanian, Russian, Serbian, Slovak, Slovenian, Spanish, Swedish, Thai, Turkish, Ukrainian, Uyghur _______________________________________________ Xfce-announce mailing list Xfce-announce@xfce.org mail.xfce.org/mailman/listinfo/xfce-announce

WebKitGTK 2.35.1 released!

WebKitGTK 2.35.1 is available for download at:
webkitgtk.org/releases/webkitgtk-2.35.1.tar.xz (24.2MB) md5sum: a3b7a06df4f3d44f219bc7eefcd4a28e sha1sum: 3ac217718b941f3a293233f2d08ff0d2b52f4ea2 sha256sum: 468539be0ea42a6f3464ea5f7e87e4bddf173d558e8a0a1a02873c8bbd49fa89
This is the first development release leading toward 2.36 series.
What’s new in the WebKitGTK 2.35.1 release? ===========================================
– Make user interactive threads (event handler, scrolling, …) real time in linux. – Add new API to set HTTP response information to custom uri schemes. – Add support for media session. – Change hardware-acceleration-policy setting default value to always. – Fix jsc_value_object_define_property_accessor() to work with objects not having a wrapped instance. – Fix several crashes and rendering issues.
What is WebKitGTK? ==================
WebKitGTK is the GNOME platform port of the WebKit rendering engine. Offering WebKit’s full functionality through a set of GObject-based APIs, it is suitable for projects requiring any kind of web integration, from hybrid HTML/CSS applications to full-fledged web browsers.
More information ================
If you want to know more about the project or get in touch with us you may:
– Visit our website at www.webkitgtk.org or the upstream site at www.webkit.org – people interested in contributing should read: www.webkit.org/coding/contributing.html.
– Browse the bug list at bugs.webkit.org WebKitGTK bugs are typically prefixed by “[GTK].” A bug report with a minimal, reproducible test case is often just as valuable as a patch.
– Join the #webkitgtk IRC channel at irc.gnome.org or on Matrix at #webkitgtk:matrix.org.
– Subscribe to the WebKitGTK mailing list, lists.webkit.org/mailman/listinfo/webkit-gtk or the WebKit development mailing list, lists.webkit.org/mailman/listinfo/webkit-dev
Thanks ======
Thanks to all the contributors who made possible this release, they are far too many to list!
The WebKitGTK team, November 25, 2021

[USN-5156-1] ICU vulnerability

========================================================================== Ubuntu Security Notice USN-5156-1 November 24, 2021
A security issue was fixed in ICU ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 21.04 – Ubuntu 20.04 LTS
Summary:
ICU could be made to crash if it received specially crafted input.
Software Description: – icu: International Components for Unicode library
Details:
It was discovered that ICU contains a double free issue. An attacker could use this issue to cause a denial of service or possibly execute arbitrary code.
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 21.04: icu-devtools 67.1-6ubuntu2.1 libicu-dev 67.1-6ubuntu2.1 libicu67 67.1-6ubuntu2.1
Ubuntu 20.04 LTS: icu-devtools 66.1-2ubuntu2.1 libicu-dev 66.1-2ubuntu2.1 libicu66 66.1-2ubuntu2.1
In general, a standard system update will make all the necessary changes.
References: ubuntu.com/security/notices/USN-5156-1 CVE-2021-30535
Package Information: launchpad.net/ubuntu/+source/icu/67.1-6ubuntu2.1 launchpad.net/ubuntu/+source/icu/66.1-2ubuntu2.1

[Checkmk Announce] New Checkmk stable release 2.0.0p16

Dear friends of Checkmk,
the new stable release 2.0.0p16 of Checkmk is ready for download.
This maintenance release ships with 29 changes affecting all editions of Checkmk, 7 Enterprise Edition specific changes and 0 Managed Services Edition specific changes.

Changes in all Checkmk Editions:
BI: * 13282 FIX: BI datasource program: Fixed non-working aggregation filters with older configurations
Checks & agents: * 12240 mk_cups_queues: Accept printer names with hyphens (“-“) * 13490 Eaton Power Xpert: Discover UPS services * 13468 mrpe: Do not crash upon invalid metrics * 13470 FIX: “Item not found” for cached local checks on clusters * 13450 FIX: apt: Fix APT Ubuntu security updates classification * 13354 FIX: check_sftp: Fix password store usage * 13487 FIX: datapower_fan: Fix KeyError (...) * 13517 FIX: gude_pdu: Fix errors during discovery and checking * 13489 FIX: mem_win: Fix missing levels in service graphs * 13494 FIX: mongodb_counters: Fix “ValueError: too many values to unpack (expected 3)” * 13516 FIX: mongodb_replica: Show both active and passive secondaries * 12335 FIX: Fix calculation of issued rds_licenses * 13188 FIX: cisco_qos: 0 bandwidth leads to permanently critical services * 13469 FIX: cisco_ucs_hdd: hot spares are OK to be inoperable * 13526 FIX: cisco_wlc{,_clients}: Support model Cisco WLC 3504 * 13527 FIX: enviromux_sems_digital: Fix discovery * 13472 FIX: fjdarye500_disks_summary: “Transform failed” during cmk-update-config * 13253 FIX: if_brocade_lancom: move mapping information away from interface description * 13449 FIX: mk_mysql: Fix missing includes warning * 11902 FIX: Fix crash in Rittal CMC III temperature check NOTE: Please refer to the migration notes!
Core & setup: * 13079 FIX: REST API crash when setting SNMP credential * 13080 FIX: REST API: allow setting of downtime from read-only site
Notifications: * 13492 FIX: Notification plugins: Fix proxy setting “Connect without proxy”
Other components: * 13316 FIX: Checkmk now requires Appliance firmware 1.4.17 or newer
Setup: * 13314 SEC: Distributed monitoring: Do not log site secret on remote site * 13496 FIX: Fix “Request URI too long” error on upload of iCalendar files * 13384 FIX: Fix ‘Request-URI Too Long’ error on rule search * 13385 FIX: Fix error on uploading iCalendar with recurrence rules
Changes in the Checkmk Enterprise Edition:
Core & setup: * 12700 FIX: Fix false positives and high CPU for smart ping
Livestatus proxy: * 13518 FIX: Liveproxy Daemon: React to changes in CAs without manual restart * 13281 FIX: Liveproxyd: Fixed unresponsive communication with remote sites
NagVis: * 13493 FIX: MTR agent plugin: Run also under systemd
Reporting & availability: * 12998 Title alignment in report graphs * 13497 FIX: Fix BI name and group filter in report elements
Setup: * 13471 FIX: mk_logwatch: validate regular expressions upon rule creation
Changes in the Checkmk Managed Services Edition:

You can download Checkmk from our download page: * checkmk.com/download.php
Please mail bug reports and qualified feedback to feedback@checkmk.com. We greatly thank you for using Checkmk and wish you a successful monitoring,
Your Checkmk Team

WebKitGTK 2.34.2 released!

WebKitGTK 2.34.2 is available for download at:
webkitgtk.org/releases/webkitgtk-2.34.2.tar.xz (23.8MB) md5sum: 739f2d32251620ae3a77cd21a5c474db sha1sum: 18b3bb61524d543c59d5018062f3139568332a1e sha256sum: 584677d6e7cae12e27cdcc8e05b4cf73b54849a24afc3d7a40cec91016deff00
This is a bug fix release in the stable 2.34 series.
What’s new in the WebKitGTK 2.34.2 release? ===========================================
– Fix scrolling issues when pressing Home and PgDown keys. – Update effective appearance after web process switch on navigation. – Fix the build with video disabled.
What is WebKitGTK? ==================
WebKitGTK is the GNOME platform port of the WebKit rendering engine. Offering WebKit’s full functionality through a set of GObject-based APIs, it is suitable for projects requiring any kind of web integration, from hybrid HTML/CSS applications to full-fledged web browsers.
More information ================
If you want to know more about the project or get in touch with us you may:
– Visit our website at www.webkitgtk.org or the upstream site at www.webkit.org – people interested in contributing should read: www.webkit.org/coding/contributing.html.
– Browse the bug list at bugs.webkit.org WebKitGTK bugs are typically prefixed by “[GTK].” A bug report with a minimal, reproducible test case is often just as valuable as a patch.
– Join the #webkitgtk IRC channel at irc.gnome.org or on Matrix at #webkitgtk:matrix.org.
– Subscribe to the WebKitGTK mailing list, lists.webkit.org/mailman/listinfo/webkit-gtk or the WebKit development mailing list, lists.webkit.org/mailman/listinfo/webkit-dev
Thanks ======
Thanks to all the contributors who made possible this release, they are far too many to list!
The WebKitGTK team, November 24, 2021

[USN-5155-1] BlueZ vulnerabilities

========================================================================== Ubuntu Security Notice USN-5155-1 November 23, 2021
bluez vulnerabilities ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 21.10 – Ubuntu 21.04 – Ubuntu 20.04 LTS – Ubuntu 18.04 LTS
Summary:
Several security issues were fixed in BlueZ.
Software Description: – bluez: Bluetooth tools and daemons
Details:
It was discovered that BlueZ incorrectly handled the Discoverable status when a device is powered down. This could result in devices being powered up discoverable, contrary to expectations. This issue only affected Ubuntu 20.04 LTS, Ubuntu 21.04, and Ubuntu 21.10. (CVE-2021-3658)
It was discovered that BlueZ incorrectly handled certain memory operations. A remote attacker could possibly use this issue to cause BlueZ to consume resources, leading to a denial of service. (CVE-2021-41229)
It was discovered that the BlueZ gatt server incorrectly handled disconnects. A remote attacker could possibly use this issue to cause BlueZ to crash, leading to a denial of service. (CVE-2021-43400)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 21.10: bluez 5.60-0ubuntu2.1 libbluetooth3 5.60-0ubuntu2.1
Ubuntu 21.04: bluez 5.56-0ubuntu4.3 libbluetooth3 5.56-0ubuntu4.3
Ubuntu 20.04 LTS: bluez 5.53-0ubuntu3.4 libbluetooth3 5.53-0ubuntu3.4
Ubuntu 18.04 LTS: bluez 5.48-0ubuntu3.6 libbluetooth3 5.48-0ubuntu3.6
In general, a standard system update will make all the necessary changes.
References: ubuntu.com/security/notices/USN-5155-1 CVE-2021-3658, CVE-2021-41229, CVE-2021-43400
Package Information: launchpad.net/ubuntu/+source/bluez/5.60-0ubuntu2.1 launchpad.net/ubuntu/+source/bluez/5.56-0ubuntu4.3 launchpad.net/ubuntu/+source/bluez/5.53-0ubuntu3.4 launchpad.net/ubuntu/+source/bluez/5.48-0ubuntu3.6

[USN-5154-1] FreeRDP vulnerabilities

========================================================================== Ubuntu Security Notice USN-5154-1 November 23, 2021
freerdp2 vulnerabilities ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 21.10 – Ubuntu 21.04 – Ubuntu 20.04 LTS – Ubuntu 18.04 LTS
Summary:
Several security issues were fixed in FreeRDP.
Software Description: – freerdp2: RDP client for Windows Terminal Services
Details:
It was discovered that FreeRDP incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code or cause a crash. (CVE-2021-41159)
It was discovered that FreeRDP incorrectly handled certain connections. An attacker could possibly use this issue to execute arbitrary code or cause a crash. (CVE-2021-41160)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 21.10: libfreerdp-client2-2 2.3.0+dfsg1-2ubuntu0.1
Ubuntu 21.04: libfreerdp-client2-2 2.3.0+dfsg1-1ubuntu0.1
Ubuntu 20.04 LTS: libfreerdp-client2-2 2.2.0+dfsg1-0ubuntu0.20.04.2
Ubuntu 18.04 LTS: libfreerdp-client2-2 2.2.0+dfsg1-0ubuntu0.18.04.2
In general, a standard system update will make all the necessary changes.
References: ubuntu.com/security/notices/USN-5154-1 CVE-2021-41159, CVE-2021-41160
Package Information: launchpad.net/ubuntu/+source/freerdp2/2.3.0+dfsg1-2ubuntu0.1 launchpad.net/ubuntu/+source/freerdp2/2.3.0+dfsg1-1ubuntu0.1 launchpad.net/ubuntu/+source/freerdp2/2.2.0+dfsg1-0ubuntu0.20.04.2 launchpad.net/ubuntu/+source/freerdp2/2.2.0+dfsg1-0ubuntu0.18.04.2

[Security-announce] Important Severity – VMSA-2021-0027 – VMware vCenter Server updates address arbitrary file read and SSRF vulnerabilities (CVE-2021-21980, CVE-2021-22049)

—–BEGIN PGP SIGNED MESSAGE—– Hash: SHA1
VMSA-2021-0027 – VMware vCenter Server updates address arbitrary file read and SSRF vulnerabilities (CVE-2021-21980, CVE-2021-22049)
Please see the advisory here: www.vmware.com/security/advisories/VMSA-2021-0027.html
Impacted Products: VMware vCenter Server (vCenter Server) VMware Cloud Foundation (Cloud Foundation)
You are receiving this alert because you are subscribed to the VMware Security Announcements mailing list. To modify your subscription or unsubscribe please visit lists.vmware.com/mailman/listinfo/security-announce.
—–BEGIN PGP SIGNATURE—– Version: Encryption Desktop 10.4.2 (Build 1298) Charset: utf-8
wj8DBQFhnRLyP8UzeRn3B/ERAhGRAJ97++guNwgeOiIlhPYTs4SKNHrc2ACg2UyN ksttFpcJeu5/8Pjmf2+VUU4= =gUk5 —–END PGP SIGNATURE—–

Varnish Cache 7.0.1 released

Hello everybody,
Varnish Cache version 7.0.1 has been released, and can be found here:
varnish-cache.org/releases/rel7.0.1.html
This is a maintenance release to address some bugs that got into the 7.0.0 release. All users of Varnish Cache 7.0 are encouraged to upgrade. Updated packages are in the package cloud repository.
Changelog for this release can be found here:
github.com/varnishcache/varnish-cache/blob/7.0/doc/changes.rst#varnish-cache-701-2021-11-23
Regards, Martin Blix Grydeland

ANNOUNCE: thunar 4.17.7 released

thunar 4.17.7 is now available for download from
archive.xfce.org/src/xfce/thunar/4.17/thunar-4.17.7.tar.bz2 archive.xfce.org/src/xfce/thunar/4.17/thunar-4.17.7.tar.bz2?sha1 archive.xfce.org/src/xfce/thunar/4.17/thunar-4.17.7.tar.bz2?sha256
What is thunar? ===============
Thunar is a modern file manager for the Xfce Desktop Environment. It has been designed from the ground up to be fast and easy-to-use. Its user interface is clean and intuitive, and does not include any confusing or useless options. Thunar is fast and responsive with a good start up time and directory load time. Thunar is accessible using Assistive Technologies and is fully standards compliant.
Website: docs.xfce.org/xfce/thunar/start
Release notes for 4.17.7 ======================== [Please note that this is a development release.]
Development release on the master branch. Released now to fix some rather inconvenient regressions/crashes, so that early testers dont have to suffer from them.
Here the complete changelog:
– Use GList over gchar** for getting an uri list (Issue #684) – Prevent crash when restoring non-existing URI (Issue #684) – Regression: Can’t copy and replace a directory any more (Issue #682) – ‘New file’ dialog: Dont highlight template extension (Issue #676) – Use g_strcmp0 over strcmp to prevent crash (Issue #679) – Inherit sort column/order of new tabs from current tab (Issue #678) – Feature: Statusbar customization (Issue #666) – Add link to thunar doc. to uca chooser dialog (Issue #245) – Dont replace ACSII characters < 0 for FAT filesystems (Issue #655) - Fix: Side pane tree view loading time increased (Issue #659) - Remove the `file://` prefix in the location column - Support '.' in themed desktop-file names - Translation Updates: Albanian, Arabic, Armenian, Armenian (Armenia), Asturian, Basque, Bengali, Catalan, Chinese (China), Chinese (Hong Kong), Chinese (Taiwan), Czech, Danish, Dutch, Eastern Armenian, English (Australia), English (United Kingdom), Esperanto, Estonian, Finnish, French, Galician, German, Greek, Hebrew, Hungarian, Icelandic, Indonesian, Interlingue, Japanese, Kazakh, Korean, Latvian, Malay, Norwegian Bokmål, Norwegian Nynorsk, Occitan (post 1500), Panjabi (Punjabi), Persian (Iran), Polish, Portuguese, Portuguese (Brazil), Romanian, Serbian, Slovak, Spanish, Swedish, Telugu, Thai, Turkish, Urdu, Urdu (Pakistan), Uyghur, Vietnamese _______________________________________________ Xfce-announce mailing list Xfce-announce@xfce.org mail.xfce.org/mailman/listinfo/xfce-announce

[USN-5153-1] LibreOffice vulnerabilities

========================================================================== Ubuntu Security Notice USN-5153-1 November 22, 2021
libreoffice vulnerabilities ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 20.04 LTS
Summary:
LibreOffice could incorrectly validate document signatures.
Software Description: – libreoffice: Office productivity suite
Details:
It was discovered that LibreOffice incorrectly handled digital signatures. An attacker could possibly use this issue to create a specially crafted document that would display a validly signed indicator, contrary to expectations.
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 20.04 LTS: libreoffice-core 1:6.4.7-0ubuntu0.20.04.2
In general, a standard system update will make all the necessary changes.
References: ubuntu.com/security/notices/USN-5153-1 CVE-2021-25633, CVE-2021-25634
Package Information: launchpad.net/ubuntu/+source/libreoffice/1:6.4.7-0ubuntu0.20.04.2

Gnome Commander 1.12.3.1 released

What is GNOME Commander? ————————
GNOME Commander is a “two-pane” graphical file manager for the GNOME desktop environment. GNOME Commander aims to fulfill the demands of more advanced users who like to focus on file management, their work through special applications and running smart commands.
Version 1.12.3.1 ################
Bug fixes: * Fixed issue #110 (Make check fails on s390x, Thanks to Mamoru Tasaka)
New or updated translations: * pl (Piotr Drąg) * sv (Anders Jonsson) * uk (Yuri Chornoivan)
New or updated docs: * sv (Anders Jonsson)
The new release can be downloaded from:
download.gnome.org/sources/gnome-commander/1.12/gnome-commander-1.12.3.1.tar.xz
A signature file for this archive can be found at gcmd.github.io/download.html
_______________________________________________ gnome-announce-list mailing list gnome-announce-list@gnome.org mail.gnome.org/mailman/listinfo/gnome-announce-list

gscan2pdf v2.12.4 released

gscan2pdf – A GUI to produce a multipage PDF or DjVu from a scan.
gscan2pdf.sourceforge.net/
Five clicks are required to scan several pages and then save all or a selection as a PDF or DjVu file, including metadata if required.
gscan2pdf can control regular or sheet-fed (ADF) scanners with SANE via libimage-sane-perl, scanimage or scanadf, and can scan multiple pages at once. It presents a thumbnail view of scanned pages, and permits simple operations such as cropping, rotating and deleting pages.
OCR can be used to recognise text in the scans, and the output embedded in the PDF or DjVu.
PDF conversion is done by PDF::Builder.
The resulting document may be saved as a PDF, DjVu, multipage TIFF file, or single page image file.
Changelog for 2.12.4: * Fixed writing text layer to DjVu where tesseract used text type “header”. * Dropped support for ocropus. * Update to French translation (thanks to Alexandre NICOLADIE)
_______________________________________________ gnome-announce-list mailing list gnome-announce-list@gnome.org mail.gnome.org/mailman/listinfo/gnome-announce-list

Gnome Commander 1.12.3 released

What is GNOME Commander? ————————
GNOME Commander is a “two-pane” graphical file manager for the GNOME desktop environment. GNOME Commander aims to fulfill the demands of more advanced users who like to focus on file management, their work through special applications and running smart commands.
Version 1.12.3 ##############
Bug fixes: * Fixed issue #108 (Crash after right click on file) * File-roller plugin: Add run error handling (Thanks to Andrey Sokolov)
New or updated translations: * cs (Marek Černocký) * de (Wolfgang Stöggl) * hu (Balázs Úr) * ru (Andrey Sokolov)
New or updated docs: * sv (Anders Jonsson)
The new release can be downloaded from: download.gnome.org/sources/gnome-commander/1.12/gnome-commander-1.12.3.tar.xz
A signature file for this archive can be found at gcmd.github.io/download.html
_______________________________________________ gnome-announce-list mailing list gnome-announce-list@gnome.org mail.gnome.org/mailman/listinfo/gnome-announce-list

ANNOUNCE: xfce4-whiskermenu-plugin 2.7.0 released

xfce4-whiskermenu-plugin 2.7.0 is now available for download from
archive.xfce.org/src/panel-plugins/xfce4-whiskermenu-plugin/2.7/xfce4-whiskermenu-plugin-2.7.0.tar.bz2 archive.xfce.org/src/panel-plugins/xfce4-whiskermenu-plugin/2.7/xfce4-whiskermenu-plugin-2.7.0.tar.bz2?sha1 archive.xfce.org/src/panel-plugins/xfce4-whiskermenu-plugin/2.7/xfce4-whiskermenu-plugin-2.7.0.tar.bz2?sha256
What is xfce4-whiskermenu-plugin? =================================
An alternate menu for the Xfce desktop environment
Website: docs.xfce.org/panel-plugins/xfce4-whiskermenu-plugin
Release notes for 2.7.0 ======================= – Add showing categories as icons on top or bottom. (Issue #62) – Add hiding username. (Issue #36) – Add rounded profile picture. – Add optional AccountsService support. – Add catfish search action. – Add CSS classes for theming. – Improve search result relevance. – Make stripping release builds optional. – Rearrange settings dialog. – Remove sliding out search results. – Remove useless grab check. – Rename icon to follow reverse DNS scheme. – Replace size grip with resizing from edges. – Replace slots with lambdas. – Use original menu layout. – Use dm-tool for switching users. – Translation updates: Basque, Bulgarian, Chinese (Taiwan), Danish, Dutch, French, Greek, Lithuanian, Portuguese, Portuguese (Brazil), Slovak, Spanish, Swedish, Turkish, Ukrainian. _______________________________________________ Xfce-announce mailing list Xfce-announce@xfce.org mail.xfce.org/mailman/listinfo/xfce-announce

[USN-5152-1] Thunderbird vulnerabilities

========================================================================== Ubuntu Security Notice USN-5152-1 November 18, 2021
thunderbird vulnerabilities ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 21.10
Summary:
Several security issues were fixed in Thunderbird.
Software Description: – thunderbird: Mozilla Open Source mail and newsgroup client
Details:
Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, bypass security restrictions, spoof the UI, confuse the user, conduct phishing attacks, or execute arbitrary code.
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 21.10: thunderbird 1:91.3.1+build1-0ubuntu0.21.10.1
After a standard system update you need to restart Thunderbird to make all the necessary changes.
References: ubuntu.com/security/notices/USN-5152-1 CVE-2021-38503, CVE-2021-38504, CVE-2021-38506, CVE-2021-38507, CVE-2021-38509
Package Information:
launchpad.net/ubuntu/+source/thunderbird/1:91.3.1+build1-0ubuntu0.21.10.1

[USN-5151-1] Mailman vulnerabilities

========================================================================== Ubuntu Security Notice USN-5151-1 November 18, 2021
mailman vulnerabilities ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 18.04 LTS – Ubuntu 16.04 ESM
Summary:
Several security issues were fixed in Mailman.
Software Description: – mailman: Web-based mailing list manager
Details:
It was discovered that Mailman incorrectly handled certain URL. An attacker could possibly use this issue to execute arbitrary code. (CVE-2021-43331)
It was discovered that Mailman incorrectly handled certain inputs. An attacker could possibly use this issue to expose sensitive information. (CVE-2021-43332)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 18.04 LTS: mailman 1:2.1.26-1ubuntu0.5
Ubuntu 16.04 ESM: mailman 1:2.1.20-1ubuntu0.6+esm2
In general, a standard system update will make all the necessary changes.
References: ubuntu.com/security/notices/USN-5151-1 CVE-2021-43331, CVE-2021-43332, launchpad.net/bugs/1949401, launchpad.net/mailman/+bug/1949403
Package Information: launchpad.net/ubuntu/+source/mailman/1:2.1.26-1ubuntu0.5

[CentOS-announce] CESA-2021:4134 Important CentOS 7 thunderbird Security Update

CentOS Errata and Security Advisory 2021:4134 Important
Upstream details at : access.redhat.com/errata/RHSA-2021:4134
The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename )
x86_64: 36259b436231dc4bfc0fb0c9db4b4bcb6693260e26b5c858fed3e11c71a5be0a thunderbird-91.3.0-2.el7.centos.x86_64.rpm
Source: 38c680ecadd599b7195652d34ac032c350a2b98be21334d5891f248862e840fc thunderbird-91.3.0-2.el7.centos.src.rpm