The SMB protocol decoder in tcpdump version 4.99.3 can perform an out-of-bounds write 
when decoding a crafted network packet.

This tcpdump release fixes an out-of-bounds write vulnerability (CVE-2023-1801) present 
in the previous release (4.99.3) in the SMB printer, which is not compiled by default. 
It also makes various minor improvements. This release requires libpcap 1.10.0 or later 
to pass all test cases.

blackstar :: ~ » firefox

(firefox-default:3622): Gtk-WARNING **: 00:50:30.419: Theme parsing error: gtk.css:1649:16: '-gtk-icon-size' is not a valid property name

(firefox-default:3622): Gtk-WARNING **: 00:50:30.419: Theme parsing error: gtk.css:1652:16: '-gtk-icon-size' is not a valid property name

gtk3: remove invalid icon size property

'-gtk-icon-size' is not a valid property name

GTK3 window buttons are too big and blurry on Wayland with Breeze GTK

ncurses before 6.4 20230408, when used by a setuid application, allows local users to trigger 
security-relevant memory corruption via malformed data in a terminfo database file that is found 
in $HOME/.terminfo or reached via the TERMINFO or TERM environment variable.

A flaw was found in X.Org Server Overlay Window. A Use-After-Free may lead to local privilege escalation.
If a client explicitly destroys the compositor overlay window (aka COW), the Xserver would leave a dangling 
pointer to that window in the CompScreen structure, which will trigger a use-after-free later.

This reverts commit b554fc20.

The vendor tree (/usr) cannot contain any secrets or privileged data, as it
is normally shipped in images or packages that can be trivially downloaded and
inspected by anybody.
It thus makes no sense to impose that /usr/share/polkit-1/rules.d is installed
as 700 and owned by the polkitd user. Remove this logic from meson.

The local (admin) configuration tree is /etc, and that is left as-is.

Having non-root directories in /usr creates huge problems for image builders,
as you must ensure that the uid available at build time is exactly the same
as the uid available at runtime. Dropping this requirement will allow to remove
a lot of kludges.

socket.c in GNU Screen through 4.9.0, when installed setuid or setgid (the default on platforms 
such as Arch Linux and FreeBSD), allows local users to send a privileged SIGHUP signal to any PID, 
causing a denial of service or disruption of the target process.

> ls -al /usr/bin/screen
lrwxrwxrwx 1 root root 12 Jul 17  2022 /usr/bin/screen -> screen-4.9.0*
> ls -al /usr/bin/screen-4.9.0 
-rwxr-xr-x 1 root root 455016 Feb  2  2022 /usr/bin/screen-4.9.0*