A vulnerability classified as problematic has been found in ffmpeg. 
This affects an unknown part of the file libavcodec/rpzaenc.c of the 
component QuickTime RPZA Video Encoder. 
The manipulation of the argument y_size leads to out-of-bounds read. 
It is possible to initiate the attack remotely. 
The name of the patch is 92f9b28ed84a77138105475beba16c146bdaf984. 
It is recommended to apply a patch to fix this issue. 
The associated identifier of this vulnerability is VDB-213543.

A vulnerability classified as problematic was found in ffmpeg. 
This vulnerability affects the function smc_encode_stream of the file 
libavcodec/smcenc.c of the component QuickTime Graphics Video Encoder. 
The manipulation of the argument y_size leads to out-of-bounds read. 
The attack can be initiated remotely. 
The name of the patch is 13c13109759090b7f7182480d075e13b36ed8edd. 
It is recommended to apply a patch to fix this issue. 
The identifier of this vulnerability is VDB-213544.

An out-of-bounds array read in the apr_time_exp*() functions was fixed in the Apache Portable Runtime 1.6.3 
release (CVE-2017-12613). The fix for this issue was not carried forward to the APR 1.7.x branch, and hence 
version 1.7.0 regressed compared to 1.6.3 and is vulnerable to the same issue.

Pillow before 9.2.0 performs Improper Handling of Highly Compressed GIF Data (Data Amplification).

Pillow before 9.3.0 allows denial of service via SAMPLESPERPIXEL.

Also ignore trailing dots in both host name and comparison pattern.
Regression in 7.86.0 (from 1e9a538)
Extended test 1614 to verify better.
Reported-by: Henning Schild
Fixes #9821
Closes #9822

If the host name is an IP address and the noproxy string contained that
IP address with a following comma, it would erroneously not match.
Extended test 1614 to verify this combo as well.
Reported-by: Henning Schild
Fixes #9813
Closes #9814

###
Kernel: arch/x86/boot/bzImage is ready  (#17)
1149.70user 116.45system 1:33.26elapsed 1357%CPU (0avgtext+0avgdata 337928maxresident)k
199296inputs+1139240outputs (1630major+39558843minor)pagefaults 0swaps
Linux zen 5.15.63v3 #16 SMP PREEMPT Mon Nov 14 20:35:58 PST 2022 x86_64 AMD Ryzen 9 5900HX with Radeon Graphics AuthenticAMD GNU/Linux

Kernel: arch/x86/boot/bzImage is ready  (#19)
1130.75user 112.22system 1:31.10elapsed 1364%CPU (0avgtext+0avgdata 338044maxresident)k
128424inputs+1139208outputs (1560major+39560793minor)pagefaults 0swaps
Linux zen 5.15.63v3 #16 SMP PREEMPT Mon Nov 14 20:35:58 PST 2022 x86_64 AMD Ryzen 9 5900HX with Radeon Graphics AuthenticAMD GNU/Linux

Kernel: arch/x86/boot/bzImage is ready  (#20)
1129.37user 112.11system 1:31.04elapsed 1363%CPU (0avgtext+0avgdata 337964maxresident)k
0inputs+1139240outputs (1434major+39553868minor)pagefaults 0swaps
Linux zen 5.15.63v3 #16 SMP PREEMPT Mon Nov 14 20:35:58 PST 2022 x86_64 AMD Ryzen 9 5900HX with Radeon Graphics AuthenticAMD GNU/Linux

###
Kernel: arch/x86/boot/bzImage is ready  (#18)
1213.51user 118.30system 1:42.06elapsed 1304%CPU (0avgtext+0avgdata 337916maxresident)k
99216inputs+1139232outputs (1374major+39553967minor)pagefaults 0swaps
Linux zen 5.15.63v2 #15 SMP PREEMPT Mon Nov 14 11:00:16 PST 2022 x86_64 AMD Ryzen 9 5900HX with Radeon Graphics AuthenticAMD GNU/Linux

Kernel: arch/x86/boot/bzImage is ready  (#21)
1199.79user 115.20system 1:47.08elapsed 1228%CPU (0avgtext+0avgdata 337904maxresident)k
201960inputs+1139240outputs (1546major+39553843minor)pagefaults 0swaps
Linux zen 5.15.63v2 #15 SMP PREEMPT Mon Nov 14 11:00:16 PST 2022 x86_64 AMD Ryzen 9 5900HX with Radeon Graphics AuthenticAMD GNU/Linux

Kernel: arch/x86/boot/bzImage is ready  (#22)
1195.48user 115.14system 1:46.02elapsed 1236%CPU (0avgtext+0avgdata 338056maxresident)k
0inputs+1139232outputs (1342major+39553005minor)pagefaults 0swaps
Linux zen 5.15.63v2 #15 SMP PREEMPT Mon Nov 14 11:00:16 PST 2022 x86_64 AMD Ryzen 9 5900HX with Radeon Graphics AuthenticAMD GNU/Linux

COMMIT="15146788"
...
rm -rf grub
git clone https://git.savannah.gnu.org/git/grub.git
cd grub
git checkout $COMMIT || exit 1

Some plasma elements are drawn way too big after upgrade to Frameworks 5.100

svgitem: do not upscale svg when using fractional scaling

BUG: 461682
FIXED-IN: 5.101

When we try to play data but the ringbuffer is full, we need to start
the device or else we will stay in this situation forever and stay
silent.

After the ports are reconfigured, we need to perform the setup again so
that buffers and processing can happen with the right settings.

This fixes an issue when autoswitching between A2DP and HFP with
bluetooth headsets when there is also a stereo capture device available.
The input stream of the browser is quickly reconfigured between stereo
and mono with only a Pause command in between, clearing the setup state
is enough to redo the setup when going back to Playing.

Nate Graham <nate@kde.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
   Version Fixed In|                            |5.26.4

This avoids crashing Plasma when a surface gets destroyed too early
while still in use by the threaded loop. To avoid leaking things into
child processes, we clear the environment variable again after we've
created the initial views for the shell.

When xdg-mail is configured to use thunderbird for mailto URLs, improper parsing of the URL can lead 
to additional headers being passed to thunderbird that should not be included per RFC 2368. 
An attacker can use this method to create a mailto URL that looks safe to users, but will actually attach
files when clicked.

In libarchive 3.6.1, the software does not check for an error after calling calloc function 
that can return with a NULL pointer if the function fails, which leads to a resultant NULL 
pointer dereference or, in some cases, even arbitrary code execution.

An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML 
document with the XML_PARSE_HUGE parser option enabled, several integer counters can overflow. 
This results in an attempt to access an array at a negative 2GB offset, typically leading to 
a segmentation fault.

An issue was discovered in libxml2 before 2.10.3. Certain invalid XML entity 
definitions can corrupt a hash table key, potentially leading to subsequent 
logic errors. In one case, a double-free can be provoked.

sed -e '/ifdef SIGPIPE/,+2 d' \
    -e '/undef  FATAL_SIG/i FATAL_SIG (SIGPIPE);' \
    -i src/main.c

commit 0370a7a40fe9523ea334dcb8a2a60f1418595b49
Author: Dmitry Goncharov <dgoncharov@users.sf.net>
Date:   Sun Nov 6 07:36:26 2022 -0500

    [SV 63307] Spawn children with the default disposition of sigpipe.
    
    * src/main.c (main): Set sigpipe disposition to a handler, rather than
    SIG_IGN, in order for children to have the default sigpipe disposition.
    * tests/scripts/misc/sigpipe: Add sigpipe tests.

diff --git a/src/main.c b/src/main.c
index eec93656..d8857696 100644
--- a/src/main.c
+++ b/src/main.c
@@ -1152,6 +1152,15 @@ temp_stdin_unlink ()
     }
 }
 
+#ifdef SIGPIPE
+static void
+handle_sigpipe (int sig)
+{
+  /* Suppress unused variable warning.  */
+  sig = sig;
+}
+#endif
+
 #ifdef _AMIGA
 int
 main (int argc, char **argv)
@@ -1182,9 +1191,15 @@ main (int argc, char **argv, char **envp)
   /* Useful for attaching debuggers, etc.  */
   SPIN ("main-entry");
 
-  /* Don't die if our stdout sends us SIGPIPE.  */
+  /* Don't die if our stdout sends us SIGPIPE to get temporary files removed.
+   * If make has inherited SIG_IGN, keep running with SIG_IGN to let make's
+   * children inherit SIG_IGN.
+   * Othwerwise, set sigpipe disposition to a handler, in order for children to
+   * have the default sigpipe disposition.  */
+
 #ifdef SIGPIPE
-  bsd_signal (SIGPIPE, SIG_IGN);
+  if (bsd_signal (SIGPIPE, handle_sigpipe) == SIG_IGN)
+    bsd_signal (SIGPIPE, SIG_IGN);
 #endif
 
 #ifdef HAVE_ATEXIT