From: QA Team Robot <qa@altlinux.org> To: sisyphus-cybertalk@lists.altlinux.org Subject: [cyber] I: p9/branch packages: -3 +39 (18084) Date: Sun, 4 Oct 2020 04:58:24 +0000 Message-ID: <20201004045824.GA8225@gyle.altlinux.org> (raw) 3 REMOVED packages apache2-mod_revocator 1.0.3-alt4 firefox-esr-l10n 68.0.1-alt1 thunderbird-ru 68.0-alt1 39 UPDATED packages firefox-esr - The Mozilla Firefox project is a redesign of Mozilla's browser [345M] * Thu Sep 24 2020 Andrey Cherepanov <cas@altlinux> 78.3.0-alt0.1.p9 - Backport new version to p9 branch. * Wed Sep 23 2020 Andrey Cherepanov <cas@altlinux> 78.3.0-alt1 - New release (78.3.0). - Fixes: + CVE-2020-15677 Download origin spoofing via redirect + CVE-2020-15676 XSS when pasting attacker-controlled data into a contenteditable element + CVE-2020-15678 When recursing through layers while scrolling, an iterator may have become invalid, resulting in a potential use-after-free + CVE-2020-15673 Memory safety bugs fixed in Firefox 81 and Firefox ESR 78.3 * Mon Sep 14 2020 Andrey Cherepanov <cas@altlinux> 78.2.0-alt1.1.p9 - Backport new version to p9 branch. * Mon Sep 14 2020 Andrey Cherepanov <cas@altlinux> 78.2.0-alt2 - Allow sideloading app and system unsigned addons. * Tue Aug 25 2020 Andrey Cherepanov <cas@altlinux> 78.2.0-alt1 - New release (78.2.0). - Fixes: + CVE-2020-15663 Downgrade attack on the Mozilla Maintenance Service could have resulted in escalation of privilege + CVE-2020-15664 Attacker-induced prompt for extension installation + CVE-2020-15670 Memory safety bugs fixed in Firefox 80 and Firefox ESR 78.2 * Fri Aug 14 2020 Andrey Cherepanov <cas@altlinux> 78.1.0-alt2 - Remove python2-base from build requirements. * Tue Jul 28 2020 Andrey Cherepanov <cas@altlinux> 78.1.0-alt1 - New release (78.1.0). - Fixes: + CVE-2020-15652 Potential leak of redirect targets when loading scripts in a worker + CVE-2020-6514 WebRTC data channel leaks internal address to peer + CVE-2020-15655 Extension APIs could be used to bypass Same-Origin Policy + CVE-2020-15653 Bypassing iframe sandbox when allowing popups + CVE-2020-6463 Use-after-free in ANGLE gl::Texture::onUnbindAsSamplerTexture + CVE-2020-15656 Type confusion for special arguments in IonMonkey + CVE-2020-15658 Overriding file type when saving to disk + CVE-2020-15657 DLL hijacking due to incorrect loading path + CVE-2020-15654 Custom cursor can overlay user interface + CVE-2020-15659 Memory safety bugs fixed in Firefox 79 and Firefox ESR 78.1 * Sat Jul 18 2020 Andrey Cherepanov <cas@altlinux> 78.0.2-alt1 - New ESR version (78.0.2) (based on legion@ spec and patches). - Package localization files bundled (only kk,ru,uk locales are suppored). * Mon Jul 13 2020 Alexey Gladkov <legion@altlinux> 78.0.2-alt1 - New release (78.0.2). - Fixes: + MFSA-2020-0003: X-Frame-Options bypass using object or embed tags * Sat Jul 04 2020 Alexey Gladkov <legion@altlinux> 78.0.1-alt1 - New release (78.0.1). - Fixes: + CVE-2020-12415: AppCache manifest poisoning due to url encoded character processing + CVE-2020-12416: Use-after-free in WebRTC VideoBroadcaster + CVE-2020-12417: Memory corruption due to missing sign-extension for ValueTags on ARM64 + CVE-2020-12418: Information disclosure due to manipulated URL object + CVE-2020-12419: Use-after-free in nsGlobalWindowInner + CVE-2020-12420: Use-After-Free when trying to connect to a STUN server + CVE-2020-12402: RSA Key Generation vulnerable to side-channel attack + CVE-2020-12421: Add-On updates did not respect the same certificate trust rules as software updates + CVE-2020-12422: Integer overflow in nsJPEGEncoder::emptyOutputBuffer + CVE-2020-12423: DLL Hijacking due to searching %PATH% for a library + CVE-2020-12424: WebRTC permission prompt could have been bypassed by a compromised content process + CVE-2020-12425: Out of bound read in Date.parse() + CVE-2020-12426: Memory safety bugs fixed in Firefox 78 * Wed Jun 03 2020 Andrey Cherepanov <cas@altlinux> 68.9.0-alt1 jss - Java Security Services (JSS) * Sat Sep 19 2020 Andrey Cherepanov <cas@altlinux> 4.6.2-alt2.1 - NMU: Fix build with nss-3.52. - NMU: Fix bigus timestamp in changelog. * Thu Nov 07 2019 Stanislav Levin <slev@altlinux> 4.6.2-alt2 kernel-image-std-def - The Linux kernel (the core of the Linux operating system) * Wed Sep 30 2020 Kernel Bot <kernelbot@altlinux> 1:5.4.68-alt1.1 - SD card usage on Raspberry Pi 3 fixed * Mon Sep 28 2020 Kernel Bot <kernelbot@altlinux> 1:5.4.68-alt1 - v5.4.68 * Thu Sep 24 2020 Kernel Bot <kernelbot@altlinux> 1:5.4.67-alt3 - memory sanitize patch added * Thu Sep 24 2020 Kernel Bot <kernelbot@altlinux> 1:5.4.67-alt2 - lost baikal-m patches added * Wed Sep 23 2020 Kernel Bot <kernelbot@altlinux> 1:5.4.67-alt1 - v5.4.67 * Tue Sep 22 2020 Kernel Bot <kernelbot@altlinux> 1:5.4.66-alt1 - v5.4.66 * Fri Sep 18 2020 Kernel Bot <kernelbot@altlinux> 1:5.4.65-alt2 - baikal-m drivers and configuration from asheplyakov@ merged * Wed Sep 16 2020 Kernel Bot <kernelbot@altlinux> 1:5.4.65-alt1 - v5.4.65 * Thu Sep 10 2020 Kernel Bot <kernelbot@altlinux> 1:5.4.64-alt1 - v5.4.64 (Fixes: CVE-2020-12888, CVE-2020-14386) * Thu Sep 03 2020 Kernel Bot <kernelbot@altlinux> 1:5.4.62-alt1 kernel-modules-LiME-std-def - LiME module for Linux kernel * Sat Oct 03 2020 Anton V. Boyarshinov <boyarsh@altlinux> 1.8.1-alt2.328772.1.1 - Build for kernel-image-std-def-5.4.68-alt1.1. Note: changelog entry for 1.8.1-alt1.328766.1 not found. kernel-modules-accel-ppp-std-def - Linux Kernel drivers support IPoE for accel-ppp * Sat Oct 03 2020 Alexei Takaseev <taf@altlinux> 1.12.0-alt1.328772.1.1 - Build for kernel-image-std-def-5.4.68-alt1.1. * Tue Aug 06 2019 Alexei Takaseev <taf@altlinux> 1.12.0-alt1 Note: changelog entry for 1.12.0-alt1.328766.1 not found. kernel-modules-acpi_call-std-def - acpi_call module * Sat Oct 03 2020 Anton V. Boyarshinov <boyarsh@altlinux> 0.1-alt5.k.328772.1.1 - Build for kernel-image-std-def-5.4.68-alt1.1. * Mon Dec 17 2012 Gleb F-Malinovskiy <glebfm@altlinux> 0.1-alt3 Note: changelog entry for 0.1-alt5.k.328766.1 not found. kernel-modules-bbswitch-std-def - bbswitch module * Sat Oct 03 2020 Anton V. Boyarshinov <boyarsh@altlinux> 0.8-alt1.k.328772.1.1 - Build for kernel-image-std-def-5.4.68-alt1.1. * Mon Dec 23 2013 Anton V. Boyarshinov <boyarsh@altlinux> 0.7-alt1 Note: changelog entry for 0.8-alt1.k.328766.1 not found. kernel-modules-bcmwl-std-def - Modules for Broadcom-based WiFi .11a/b/g adapters * Sat Oct 03 2020 Nikolai Kostrigin <nickel@altlinux> 6.30.223.248-alt17.328772.1.1 - Build for kernel-image-std-def-5.4.68-alt1.1. * Fri Sep 06 2019 Nikolai Kostrigin <nickel@altlinux> 6.30.223.248-alt17 Note: changelog entry for 6.30.223.248-alt17.328766.1 not found. kernel-modules-ch34x-std-def - Linux ch34x modules for CH340 serial to usb chip. * Sat Oct 03 2020 Anton V. Boyarshinov <boyarsh@altlinux> 20180821-alt1.328772.1.1 - Build for kernel-image-std-def-5.4.68-alt1.1. Note: changelog entry for 20180821-alt1.328766.1 not found. kernel-modules-dm-secdel-std-def - dm-linear with secure deletion on discard * Sat Oct 03 2020 Vitaly Chikunov <vt@altlinux> 1:1.0.7-alt2.328772.1.1 - Build for kernel-image-std-def-5.4.68-alt1.1. Note: changelog entry for 1:1.0.7-alt2.328766.1 not found. kernel-modules-drbd9-std-def - Kernel driver for DRBD * Sat Oct 03 2020 Andrew A. Vasilyev (Andrew A. Vasilyev) <andy@altlinux> 1:9.0.23-alt1.328772.1.1 - Build for kernel-image-std-def-5.4.68-alt1.1. Note: changelog entry for 1:9.0.23-alt1.328766.1 not found. kernel-modules-e1000e-std-def - E1000E Driver for e1000 Intel(R) Ethernet adapter * Sat Oct 03 2020 Anton V. Boyarshinov <boyarsh@altlinux> 3.4.2.1-alt2.328772.1.1 - Build for kernel-image-std-def-5.4.68-alt1.1. Note: changelog entry for 3.4.2.1-alt2.328766.1 not found. kernel-modules-ipset-std-def - ipset kernel modules * Sat Oct 03 2020 Anton Farygin <rider@altlinux> 7.5-alt1.328772.1.1 - Build for kernel-image-std-def-5.4.68-alt1.1. * Wed Jan 15 2020 Anton Farygin <rider@altlinux> 7.5-alt1 Note: changelog entry for 7.5-alt1.328766.1 not found. kernel-modules-ipt-ratelimit-std-def - Linux kernel module for ipt-ratelimit * Sat Oct 03 2020 Alexei Takaseev <taf@altlinux> 0.3.2-alt1.328772.1.1 - Build for kernel-image-std-def-5.4.68-alt1.1. * Wed Aug 19 2020 Alexei Takaseev <taf@altlinux> 0.3.2-alt1 Note: changelog entry for 0.3.2-alt1.328766.1 not found. kernel-modules-ipt-so-std-def - Iptables match for Security Options (IPSO) Labels (kernel module) * Sat Oct 03 2020 Vitaly Chikunov <vt@altlinux> 1.0-alt6.328772.1.1 - Build for kernel-image-std-def-5.4.68-alt1.1. Note: changelog entry for 1.0-alt6.328766.1 not found. kernel-modules-ipt_netflow-std-def - Netflow iptables module for Linux kernel * Sat Oct 03 2020 Anton V. Boyarshinov <boyarsh@altlinux> 2.5-alt1.k.328772.1.1 - Build for kernel-image-std-def-5.4.68-alt1.1. * Tue Feb 10 2015 Anton V. Boyarshinov <boyarsh@altlinux> 2.1-alt1 Note: changelog entry for 2.5-alt1.k.328766.1 not found. kernel-modules-ixgbe-std-def - Intel(R) 10GbE PCI Express Linux Network Driver * Sat Oct 03 2020 Alexei Takaseev <taf@altlinux> 5.8.1-alt1.328772.1.1 - Build for kernel-image-std-def-5.4.68-alt1.1. * Wed Aug 19 2020 Alexei Takaseev <taf@altlinux> 5.8.1-alt1 Note: changelog entry for 5.8.1-alt1.328766.1 not found. kernel-modules-kvdo-std-def - Kernel modules which provide pools of deduplicated and compressed block storage * Sat Oct 03 2020 Vitaly Chikunov <vt@altlinux> 6.2.2.117-alt1.328772.1.1 - Build for kernel-image-std-def-5.4.68-alt1.1. Note: changelog entry for 6.2.2.117-alt1.328766.1 not found. kernel-modules-linux-gpib-std-def - linux-gpib kernel modules * Sat Oct 03 2020 Vladislav Zavjalov <slazav@altlinux> 4.3.0-alt3.328772.1.1 - Build for kernel-image-std-def-5.4.68-alt1.1. Note: changelog entry for 4.3.0-alt3.328766.1 not found. kernel-modules-lsadrv-std-def - Linux Kernel drivers supporting Hitachi StarBoard interactive whiteboard * Sat Oct 03 2020 Vitaly Chikunov <vt@altlinux> 1:1.2.3-alt4.328772.1.1 - Build for kernel-image-std-def-5.4.68-alt1.1. * Thu Oct 27 2016 Anton V. Boyarshinov <boyarsh@altlinux> 1:1.2.3-alt2 Note: changelog entry for 1:1.2.3-alt4.328766.1 not found. kernel-modules-ndpi-std-def - Deep packet inspection module for Linux kernel * Sat Oct 03 2020 Anton V. Boyarshinov <boyarsh@altlinux> 2.6-alt2.328772.1.1 - Build for kernel-image-std-def-5.4.68-alt1.1. Note: changelog entry for 2.6-alt2.328766.1 not found. kernel-modules-nvidia-std-def - nVidia video card drivers * Sat Oct 03 2020 Sergey V Turchin <zerg@altlinux> 450.57-alt2.328772.1.1 - Build for kernel-image-std-def-5.4.68-alt1.1. * Wed Sep 16 2020 Sergey V Turchin <zerg@altlinux> 450.57-alt2 Note: changelog entry for 450.57-alt2.328766.1 not found. kernel-modules-nxp-pn71xx-getmobit-std-def - NXP's NFC Open Source kernel module optimized for GM-box * Sat Oct 03 2020 Nikolai Kostrigin <nickel@altlinux> 1.4-alt1.328772.1.1 - Build for kernel-image-std-def-5.4.68-alt1.1. * Wed Aug 14 2019 Nikolai Kostrigin <nickel@altlinux> 1.4-alt1 Note: changelog entry for 1.4-alt1.328766.1 not found. kernel-modules-r8168-std-def - Linux driver for RealTek Ethernet controllers * Sat Oct 03 2020 Nazarov Denis (nenderus) <nenderus@altlinux> 8.048.02-alt1.k.328772.1.1 - Build for kernel-image-std-def-5.4.68-alt1.1. * Thu Apr 16 2020 Nazarov Denis <nenderus@altlinux> 8.048.02-alt1 Note: changelog entry for 8.048.02-alt1.k.328766.1 not found. kernel-modules-rtl8723de-std-def - Module for Realtek RTL8723DE * Sat Oct 03 2020 Sergey V Turchin <zerg@altlinux> 5.1.1.8-alt15.328772.1.1 - Build for kernel-image-std-def-5.4.68-alt1.1. * Tue Mar 10 2020 Sergey V Turchin <zerg@altlinux> 5.1.1.8-alt15 Note: changelog entry for 5.1.1.8-alt15.328766.1 not found. kernel-modules-rtl8821ce-std-def - Module for Realtek RTL8821CE * Sat Oct 03 2020 shrek@altlinux.ru (Valery Inozemtsev) <shrek@altlinux> 5.5.2-alt1.328772.1.1 - Build for kernel-image-std-def-5.4.68-alt1.1. Note: changelog entry for 5.5.2-alt1.328766.1 not found. kernel-modules-tripso-std-def - Translate between CISPO and AstraLinux labels * Sat Oct 03 2020 Vitaly Chikunov <vt@altlinux> 1.1-alt1.328772.1.1 - Build for kernel-image-std-def-5.4.68-alt1.1. Note: changelog entry for 1.1-alt1.328766.1 not found. kernel-modules-vhba-std-def - VHBA virtual host bus adapter module * Sat Oct 03 2020 Nazarov Denis (nenderus) <nenderus@altlinux> 20190410-alt1.k.328772.1.1 - Build for kernel-image-std-def-5.4.68-alt1.1. * Mon Jun 17 2019 Nazarov Denis <nenderus@altlinux> 20190410-alt1 Note: changelog entry for 20190410-alt1.k.328766.1 not found. kernel-modules-virtualbox-addition-std-def - VirtualBox modules * Sat Oct 03 2020 Valery Sinelnikov (ALT) <greh@altlinux> 6.1.8-alt1.328772.1.1 - Build for kernel-image-std-def-5.4.68-alt1.1. * Thu May 21 2020 Valery Sinelnikov <greh@altlinux> 6.1.8-alt1 Note: changelog entry for 6.1.8-alt1.328766.1 not found. kernel-modules-virtualbox-std-def - VirtualBox modules * Sat Oct 03 2020 Valery Sinelnikov (ALT) <greh@altlinux> 6.1.8-alt1.328772.1.1 - Build for kernel-image-std-def-5.4.68-alt1.1. * Thu May 21 2020 Valery Sinelnikov <greh@altlinux> 6.1.8-alt1 Note: changelog entry for 6.1.8-alt1.328766.1 not found. kernel-modules-wireguard-std-def - Wireguard is a fast, modern, secure VPN tunnel module for Linux kernel * Sat Oct 03 2020 Nikolai Kostrigin <nickel@altlinux> 1.0.20200908-alt1.328772.1.1 - Build for kernel-image-std-def-5.4.68-alt1.1. * Wed Sep 09 2020 Nikolai Kostrigin <nickel@altlinux> 1.0.20200908-alt1 Note: changelog entry for 1.0.20200908-alt1.328766.1 not found. kernel-modules-xtables-addons-std-def - xtables-addons kernel module * Sat Oct 03 2020 Anton Farygin <rider@altlinux> 3.9-alt1.328772.1.1 - Build for kernel-image-std-def-5.4.68-alt1.1. * Tue Mar 10 2020 Anton Farygin <rider@altlinux> 3.9-alt1 Note: changelog entry for 3.9-alt1.328766.1 not found. kernel-modules-zfs-std-def - ZFS Linux modules * Sat Oct 03 2020 Anton Farygin <rider@altlinux> 0.8.4-alt1.328772.1.1 - Build for kernel-image-std-def-5.4.68-alt1.1. Note: changelog entry for 0.8.4-alt1.328766.1 not found. nspr - Netscape Portable Runtime (NSPR) * Tue Sep 08 2020 Alexey Gladkov <legion@altlinux> 1:4.28-alt1 - New version (4.28). * Thu Jul 30 2020 Alexey Gladkov <legion@altlinux> 1:4.27-alt1 - New version (4.27). * Mon Jun 29 2020 Alexey Gladkov <legion@altlinux> 1:4.26-alt1 - New version (4.26). * Fri Feb 14 2020 Alexey Gladkov <legion@altlinux> 1:4.25-alt1 nss - Netscape Network Security Services(NSS) [58M] * Tue Sep 08 2020 Alexey Gladkov <legion@altlinux> 3.56.0-alt1 - New version (3.56). * Thu Jul 30 2020 Alexey Gladkov <legion@altlinux> 3.55.0-alt1 - New version (3.55). - Security fixes: + CVE-2020-6829, CVE-2020-12400: Replace P384 and P521 with new, verifiable implementations from Fiat-Crypto and ECCKiila. + CVE-2020-12401: Remove unnecessary scalar padding. + CVE-2020-12403: Explicitly disable multi-part ChaCha20 (which was not functioning correctly) and more strictly enforce tag length. * Mon Jun 29 2020 Alexey Gladkov <legion@altlinux> 3.54.0-alt1 - New version (3.54). - Merge libnss and libnss-sysinit. - Certificate Authority Changes: + Add CN = certSIGN Root CA G2 + Add CN = e-Szigno Root CA 2017 + Add CN = Microsoft ECC Root Certificate Authority 2017 + Add CN = Microsoft RSA Root Certificate Authority 2017 + Remove CN = AddTrust Class 1 CA Root + Remove CN = AddTrust External CA Root + Remove CN = LuxTrust Global Root 2 + Remove CN = Staat der Nederlanden Root CA - G2 + Remove CN = Symantec Class 2 Public Primary Certification Authority - G4 + Remove CN = Symantec Class 1 Public Primary Certification Authority - G4 + Remove CN = VeriSign Class 3 Public Primary Certification Authority - G3 * Wed Jun 24 2020 Alexey Gladkov <legion@altlinux> 3.53.0-alt4 - Enable an RFC3280 compliant certificate path validation library (ALT#38636). * Wed Jun 10 2020 Alexey Gladkov <legion@altlinux> 3.53.0-alt3 - Fix build with nss headers and -Werror=strict-prototypes (ALT#38597). * Mon Jun 08 2020 Alexey Gladkov <legion@altlinux> 3.53.0-alt2 - Enable NSS legacy DBM type (ALT#38590). * Thu Jun 04 2020 Alexey Gladkov <legion@altlinux> 3.53.0-alt1 - New version (3.53). - Security fixes: + CVE-2020-12399 - Force a fixed length for DSA exponentiation * Wed May 06 2020 Alexey Gladkov <legion@altlinux> 3.52.0-alt1 - New version (3.52). - Stop pulling in nss-pem automatically, packages that need it should depend on it. * Sat Mar 14 2020 Alexey Gladkov <legion@altlinux> 3.51.0-alt1 p11-kit - Utilities for PKCS#11 modules * Thu Jun 04 2020 Andrew Savchenko <bircoph@altlinux> 0.23.15-alt2 - Add rpm-macros-alternatives build dependency for %_altdir. * Tue Apr 02 2019 Mikhail Efremov <sem@altlinux> 0.23.15-alt1 seamonkey - Web browser and mail reader [294M] * Wed Sep 23 2020 Andrey Cherepanov <cas@altlinux> 1:2.53.4-alt1 - New version. * Sat Sep 19 2020 Andrey Cherepanov <cas@altlinux> 1:2.53.3-alt2 - Fix build with Rust 1.45 (see https://bugzilla.mozilla.org/show_bug.cgi?id=1617782). * Mon Jul 13 2020 Andrey Cherepanov <cas@altlinux> 1:2.53.3-alt1 - New version. * Mon May 18 2020 Andrey Cherepanov <cas@altlinux> 1:2.53.2-alt1 seamonkey-ru - Russian (RU) Language Pack for Seamonkey * Wed Sep 23 2020 Andrey Cherepanov <cas@altlinux> 2.53.4-alt1 - New version. * Mon Jul 13 2020 Andrey Cherepanov <cas@altlinux> 2.53.3-alt1 - New version. * Tue May 19 2020 Andrey Cherepanov <cas@altlinux> 2.53.2-alt1 thunderbird - Thunderbird is Mozilla's e-mail client [363M] * Sat Sep 26 2020 Andrey Cherepanov <cas@altlinux> 78.3.1-alt1 - New version (78.3.1). - Fix Thunderbird crash after updating to 78.3.0. * Fri Sep 25 2020 Andrey Cherepanov <cas@altlinux> 78.3.0-alt1 - New version (78.3.0). - Fixes: + CVE-2020-15677 Download origin spoofing via redirect + CVE-2020-15676 XSS when pasting attacker-controlled data into a contenteditable element + CVE-2020-15678 When recursing through layers while scrolling, an iterator may have become invalid, resulting in a potential use-after-free + CVE-2020-15673 Memory safety bugs fixed in Thunderbird 78.3 * Sat Sep 19 2020 Andrey Cherepanov <cas@altlinux> 78.2.2-alt2 - Fix show folders and messages by patches from Debian (ALT #38964). * Thu Sep 17 2020 Andrey Cherepanov <cas@altlinux> 78.2.2-alt1 - New version (78.2.2). * Wed Sep 02 2020 Andrey Cherepanov <cas@altlinux> 78.2.1-alt1 - New version (78.2.1). - Fixes: + CVE-2020-15663 Downgrade attack on the Mozilla Maintenance Service could have resulted in escalation of privilege + CVE-2020-15664 Attacker-induced prompt for extension installation + CVE-2020-15670 Memory safety bugs fixed in Thunderbird 78.2 - Build without thunderbird-enigmail because this extension is not compatible with Thunderbird 78.x. * Tue Aug 18 2020 Aleksei Nikiforov <darktemplar@altlinux> 78.1.1-alt1 - Updated to upstream version 78.1.1 (thx to cas@ and sbolshakov@). - Fixes: + CVE-2020-15652 Potential leak of redirect targets when loading scripts in a worker + CVE-2020-6514 WebRTC data channel leaks internal address to peer + CVE-2020-15655 Extension APIs could be used to bypass Same-Origin Policy + CVE-2020-15653 Bypassing iframe sandbox when allowing popups + CVE-2020-6463 Use-after-free in ANGLE gl::Texture::onUnbindAsSamplerTexture + CVE-2020-15656 Type confusion for special arguments in IonMonkey + CVE-2020-15658 Overriding file type when saving to disk + CVE-2020-15657 DLL hijacking due to incorrect loading path + CVE-2020-15654 Custom cursor can overlay user interface + CVE-2020-15659 Memory safety bugs fixed in Thunderbird 78.1 * Tue Jul 21 2020 Andrey Cherepanov <cas@altlinux> 78.0-alt1 - New version (78.0). - Fixes: + CVE-2020-12415 AppCache manifest poisoning due to url encoded character processing + CVE-2020-12416 Use-after-free in WebRTC VideoBroadcaster + CVE-2020-12417 Memory corruption due to missing sign-extension for ValueTags on ARM64 + CVE-2020-12418 Information disclosure due to manipulated URL object + CVE-2020-12419 Use-after-free in nsGlobalWindowInner + CVE-2020-12420 Use-After-Free when trying to connect to a STUN server + CVE-2020-15648 X-Frame-Options bypass using object or embed tags + CVE-2020-12402 RSA Key Generation vulnerable to side-channel attack + CVE-2020-12421 Add-On updates did not respect the same certificate trust rules as software updates + CVE-2020-12422 Integer overflow in nsJPEGEncoder::emptyOutputBuffer + CVE-2020-12423 DLL Hijacking due to searching %PATH% for a library + CVE-2020-12424 WebRTC permission prompt could have been bypassed by a compromised content process + CVE-2020-12425 Out of bound read in Date.parse() + CVE-2020-12426 Memory safety bugs fixed in Thunderbird 78 - Build with bundled languages: kk, ru, uk. * Mon Jul 13 2020 Andrey Cherepanov <cas@altlinux> 68.10.0-alt1 - New version (68.10.0). - Fixes: + CVE-2020-12417 Memory corruption due to missing sign-extension for ValueTags on ARM64 + CVE-2020-12418 Information disclosure due to manipulated URL object + CVE-2020-12419 Use-after-free in nsGlobalWindowInner + CVE-2020-12420 Use-After-Free when trying to connect to a STUN server + CVE-2020-12421 Add-On updates did not respect the same certificate trust rules as software updates + MFSA-2020-0001 Automatic account setup leaks Microsoft Exchange login credentials - Enigmail 2.1.7. * Thu Jun 04 2020 Andrey Cherepanov <cas@altlinux> 68.9.0-alt1 Total 18084 source packages.
reply other threads:[~2020-10-04 4:58 UTC|newest] Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=20201004045824.GA8225@gyle.altlinux.org \ --to=qa@altlinux.org \ --cc=devel@lists.altlinux.org \ --cc=sisyphus-cybertalk@lists.altlinux.org \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: link
ALT Linux Sisyphus cybertalk This inbox may be cloned and mirrored by anyone: git clone --mirror http://lore.altlinux.org/sisyphus-cybertalk/0 sisyphus-cybertalk/git/0.git # If you have public-inbox 1.1+ installed, you may # initialize and index your mirror using the following commands: public-inbox-init -V2 sisyphus-cybertalk sisyphus-cybertalk/ http://lore.altlinux.org/sisyphus-cybertalk \ sisyphus-cybertalk@lists.altlinux.org sisyphus-cybertalk@lists.altlinux.ru sisyphus-cybertalk@lists.altlinux.com public-inbox-index sisyphus-cybertalk Example config snippet for mirrors. Newsgroup available over NNTP: nntp://lore.altlinux.org/org.altlinux.lists.sisyphus-cybertalk AGPL code for this site: git clone https://public-inbox.org/public-inbox.git