Security updates for Wednesday

Security updates have been issued by Debian (firefox-esr, flatpak, ngtcp2, ntfs-3g, packagekit, python-geopandas, simpleeval, strongswan, and xdg-dbus-proxy), Fedora (chromium, cups, curl, jq, opkssh, perl-Net-CIDR-Lite, python-cbor2, python-pillow, tinyproxy, xdg-dbus-proxy, and xorg-x11-server-Xwayland), Slackware (libXpm and mozilla), SUSE (botan, chromium, clamav, cockpit, cockpit-machines, cockpit-packages, cockpit-podman, cockpit-subscriptions, dovecot24, firefox, flatpak, freeipmi, gdk-pixbuf, glibc, gnome-remote-desktop, go1.25, go1.26, go1.26-openssl, google-cloud-sap-agent, gosec, graphicsmagick, haproxy, kernel, libpng16, libraw, libtasn1, libvncserver, ncurses, nebula, nodejs24, openssl-3, ovmf, pam, pcre2, perl-Authen-SASL, pgvector, plexus-utils, podman, python-cbor2, python-cryptography, python-django, python-gi-docgen, python-pypdf2, python-python-multipart, python311, python311-PyPDF2, python313, qemu, roundcubemail, rust1.94, sqlite3, strongswan, systemd, tar, tigervnc, util-linux, vim, webkit2gtk3, xorg-x11-server, xwayland, and zlib), and Ubuntu (commons-io, libcap2, ntfs-3g, and rapidjson).