d/cmake-3.25.0-i586-1.txz

kde/kconfig-5.100.1-i586-1.txz

kde/plasma-framework-5.100.1-i586-1.txz

l/mpfr-4.1.1-i586-1.txz

x/mesa-22.2.4-i586-1.txz

x/xterm-376-i586-1.txz

xap/freerdp-2.9.0-i586-1.txz
Fixed multiple client side input validation issues.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2022-39316
https://www.cve.org/CVERecord?id=CVE-2022-39317
https://www.cve.org/CVERecord?id=CVE-2022-39318
https://www.cve.org/CVERecord?id=CVE-2022-39319
https://www.cve.org/CVERecord?id=CVE-2022-39320
https://www.cve.org/CVERecord?id=CVE-2022-41877
https://www.cve.org/CVERecord?id=CVE-2022-39347
(* Security fix *)

ap/man-db-2.11.1-i586-1.txz

ap/nano-7.0-i586-1.txz

ap/sqlite-3.40.0-i586-1.txz

l/netpbm-11.00.02-i586-1.txz

n/bind-9.18.9-i586-1.txz

n/krb5-1.20.1-i586-1.txz
Fixed integer overflows in PAC parsing.
Fixed null deref in KDC when decoding invalid NDR.
Fixed memory leak in OTP kdcpreauth module.
Fixed PKCS11 module path search.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2022-42898
(* Security fix *)

n/samba-4.17.3-i586-1.txz
Fixed a security issue where Samba's Kerberos libraries and AD DC failed
to guard against integer overflows when parsing a PAC on a 32-bit system,
which allowed an attacker with a forged PAC to corrupt the heap.
For more information, see:
https://www.samba.org/samba/security/CVE-2022-42898.html
https://www.cve.org/CVERecord?id=CVE-2022-42898
(* Security fix *)

x/libXft-2.3.7-i586-1.txz

x/wayland-protocols-1.29-noarch-1.txz

xap/mozilla-firefox-107.0-i686-1.txz
This update contains security fixes and improvements.
For more information, see:
https://www.mozilla.org/en-US/firefox/107.0/releasenotes/
https://www.mozilla.org/security/advisories/mfsa2022-47/
https://www.cve.org/CVERecord?id=CVE-2022-45403
https://www.cve.org/CVERecord?id=CVE-2022-45404
https://www.cve.org/CVERecord?id=CVE-2022-45405
https://www.cve.org/CVERecord?id=CVE-2022-45406
https://www.cve.org/CVERecord?id=CVE-2022-45407
https://www.cve.org/CVERecord?id=CVE-2022-45408
https://www.cve.org/CVERecord?id=CVE-2022-45409
https://www.cve.org/CVERecord?id=CVE-2022-45410
https://www.cve.org/CVERecord?id=CVE-2022-45411
https://www.cve.org/CVERecord?id=CVE-2022-45412
https://www.cve.org/CVERecord?id=CVE-2022-45413
https://www.cve.org/CVERecord?id=CVE-2022-40674
https://www.cve.org/CVERecord?id=CVE-2022-45415
https://www.cve.org/CVERecord?id=CVE-2022-45416
https://www.cve.org/CVERecord?id=CVE-2022-45417
https://www.cve.org/CVERecord?id=CVE-2022-45418
https://www.cve.org/CVERecord?id=CVE-2022-45419
https://www.cve.org/CVERecord?id=CVE-2022-45420
https://www.cve.org/CVERecord?id=CVE-2022-45421
(* Security fix *)

xap/mozilla-thunderbird-102.5.0-i686-1.txz
This release contains security fixes and improvements.
For more information, see:
https://www.mozilla.org/en-US/thunderbird/102.5.0/releasenotes/
https://www.mozilla.org/en-US/security/advisories/mfsa2022-49/
https://www.cve.org/CVERecord?id=CVE-2022-45403
https://www.cve.org/CVERecord?id=CVE-2022-45404
https://www.cve.org/CVERecord?id=CVE-2022-45405
https://www.cve.org/CVERecord?id=CVE-2022-45406
https://www.cve.org/CVERecord?id=CVE-2022-45408
https://www.cve.org/CVERecord?id=CVE-2022-45409
https://www.cve.org/CVERecord?id=CVE-2022-45410
https://www.cve.org/CVERecord?id=CVE-2022-45411
https://www.cve.org/CVERecord?id=CVE-2022-45412
https://www.cve.org/CVERecord?id=CVE-2022-45416
https://www.cve.org/CVERecord?id=CVE-2022-45418
https://www.cve.org/CVERecord?id=CVE-2022-45420
https://www.cve.org/CVERecord?id=CVE-2022-45421
(* Security fix *)

xfce/xfce4-settings-4.16.5-i586-1.txz
This update fixes regressions in the previous security fix:
mime-settings: Properly quote command parameters.
Revert “Escape characters which do not belong into an URI/URL (Issue #390).”

kde/plasma-framework-5.100.0-i586-2.txz
[PATCH] svgitem: do not upscale svg when using fractional scaling.