net/bind918: update to 9.18.47
This is security release and from release announce:
Our March 2026 maintenance releases of BIND 9 are available and can be downloaded from the links below. Packages and container images provided by ISC will be updated later today.
In addition to bug fixes and feature improvements, these releases also contain fixes for security vulnerabilities. More information can be found in the following Security Advisories:
https://kb.isc.org/docs/cve-2026-1519https://kb.isc.org/docs/cve-2026-3104https://kb.isc.org/docs/cve-2026-3119https://kb.isc.org/docs/cve-2026-3591
A link to each newly-released version follows. Each release directory includes a complete source tarball, cryptographic signature, and release notes. The release notes provide a summary of significant changes, and should be reviewed before upgrading.
- Current supported stable branches:
- 9.18.47 - https://downloads.isc.org/isc/bind9/9.18.47/
[5 lines not shown]
squid6: security fixes
Backport fixes for:
SQUID-2026:1 Denial of Service in ICP Request handling (CVE-2026-33526)
SQUID-2026:2 Denial of Service in ICP Request handling (CVE-2026-32748)
SQUID-2026:3 Out of Bounds Read in ICP message handling (CVE-2026-33515)
www/chromium: update to 146.0.7680.164
* 146.0.7680.164
This update includes 8 security fixes. Please see the
Chrome Security Page for more information.
[$7000][485397284] High CVE-2026-4673: Heap buffer overflow in WebAudio.
Reported by c6eed09fc8b174b0f3eebedcceb1e792 on 2026-02-18
[TBD][488188166] High CVE-2026-4674: Out of bounds read in CSS.
Reported by Syn4pse on 2026-02-27
[TBD][488270257] High CVE-2026-4675: Heap buffer overflow in WebGL.
Reported by 86ac1f1587b71893ed2ad792cd7dde32 on 2026-02-27
[TBD][488613135] High CVE-2026-4676: Use after free in Dawn.
Reported by 86ac1f1587b71893ed2ad792cd7dde32 on 2026-03-01
[TBD][490533968] High CVE-2026-4677: Out of bounds read in WebAudio.
Reported by c6eed09fc8b174b0f3eebedcceb1e792 on 2026-03-07
[TBD][491164019] High CVE-2026-4678: Use after free in WebGPU.
Reported by Google on 2026-03-10
[TBD][491516670] High CVE-2026-4679: Integer overflow in Fonts.
Reported by GF, Un3xploitable Of DeadSec on 2026-03-11
[2 lines not shown]
R: fix install-time error on Darwin builds by restoring patch lost in update
There seem to be more missing hunks plus some weird lines ending with a
vertical bar in patch-configure.ac, but I'm doing minimal changes to fix
an issue at the moment.
libfyaml: disable optimizations on i386, fixes build for NetBSD.
This includes code that seems to be written for x86-64.
Switching to the "portable" version is a quick working way to avoid that
code.
Note that the meaning of "portable" here means "compiling with some Windows
compiler that doesn't like the syntax". This package does appear to do
run-time detection of features before it is used, and most users wouldn't
want to use the portable flag.
pkgtools/depgraph: update to 20260320 - fail gracefully when the package name is
not recognised
fix some pkglint in the Makefile - thanks to rillig for the advice
py-ruff: update to 0.15.7.
Leaf package.
Preview features
Display output severity in preview (#23845)
Don't show noqa hover for non-Python documents (#24040)
Rule changes
[pycodestyle] Recognize pyrefly: as a pragma comment (E501) (#24019)
Server
Don't return code actions for non-Python documents (#23905)
Documentation
[7 lines not shown]
firefox140: update to 140.9
Mozilla Foundation Security Advisory 2026-22
Security Vulnerabilities fixed in Firefox ESR 140.9
Announced
March 24, 2026
Impact
high
Products
Firefox ESR
Fixed in
Firefox ESR 140.9
#CVE-2026-4684: Race condition, use-after-free in the Graphics: WebRender component
Reporter
Oskar L
[419 lines not shown]
vms-empire: update to 1.19.
Code hardening with ChatGPT 5.2
Close off a whole bunch of potential buffer overruns.
Bail out gracefully on failed memory allocations.
New versioned, field-wise save format with map dimensions recorded.
Default save file name is now empire.sav.
Documentation is fully spellchecked.
gam: update to 7.38.00
Changes since 7.36.01:
Added variable gcp_org_id to gam.cfg that is used by the following commands; by setting the value, additional API calls are eliminated.
gam create project
gam create gcpfolder
gam create|update|delete caalevel
gam print|show caalevels
gam print|show tokens gcpdetails
You can get and set the gam.cfg/gcp_org_id value with these commands:
$ gam info gcporgid
organizations/906207637890
$ gam config gcp_org_id organizations/906207637890 save
You can get and set the gam.cfg/customer_id value with these commands:
[43 lines not shown]
lynis: Update to 3.1.6
Lynis 3.1.6 (2025-10-22)
Added
* Add notice to screen output if end-of-life state is unclear
* Support for CachyOS, macOS Tahoe, and OpenMandriva Lx
Changed
* Releases are now considered to be old if they are 6 months or older
* Removed generic suggestion for outdated/old Lynis release, instead
show to screen output
* Generic clarifications on variable usage for operating system and
its version
* Updated end-of-life database
* Updated Japanese translation
* For Debian and similar systems ignore kernel packages with 'rc'
[598 lines not shown]
slumber: update to 5.2.0.
Added
Support all YAML values in profile fields #647
This required some major refactoring of the TUI code, particularly around template previews. If you notice any bugs, please report them.
Changed
Remove underline from table selected row style
Rename Copy as ... actions to Export as ...
Move component-specific recipe actions (URL, query params, etc.) into their own submenus
Fixed
Fix crash in TUI when previewing a JSON body containing a streamable function call (e.g. command() or file())
