From: QA Team Robot <qa@altlinux.org> To: sisyphus-cybertalk@lists.altlinux.org Subject: [cyber] I: p9/branch packages: +2 (18280) Date: Thu, 16 Jun 2022 00:18:08 +0000 Message-ID: <Yqp2wK9yO5+I+B3/@beehive.mskdc.altlinux.org> (raw) 2 UPDATED packages thunderbird - Thunderbird is Mozilla's e-mail client [409M] * Thu Jun 09 2022 Pavel Vasenkov <pav@altlinux> 91.10.0-alt0.p9.1 - Backport new version to p9 branch. * Fri Jun 03 2022 Pavel Vasenkov <pav@altlinux> 91.10.0-alt1 - New version. - Security fixes: + CVE-2022-31736 Cross-Origin resource's length leaked + CVE-2022-31737 Heap buffer overflow in WebGL + CVE-2022-31738 Browser window spoof using fullscreen mode + CVE-2022-31739 Attacker-influenced path traversal when saving downloaded files + CVE-2022-31740 Register allocation problem in WASM on arm64 + CVE-2022-31741 Uninitialized variable leads to invalid memory read + CVE-2022-1834 Braille space character caused incorrect sender email to be shown for a digitally signed email + CVE-2022-31742 Querying a WebAuthn token with a large number of allowCredential entries may have leaked cross-origin information + CVE-2022-31747 Memory safety bugs fixed in Thunderbird 91.10 * Sat May 21 2022 Pavel Vasenkov <pav@altlinux> 91.9.1-alt1 - New version. - Security fixes: + CVE-2022-1802 Prototype pollution in Top-Level Await implementation + CVE-2022-1529 Untrusted input used in JavaScript object indexing, leading to prototype pollution * Wed May 04 2022 Pavel Vasenkov <pav@altlinux> 91.9.0-alt1 - New version. - Security fixes: + CVE-2022-1520 Incorrect security status shown after viewing an attached email + CVE-2022-29914 Fullscreen notification bypass using popups + CVE-2022-29909 Bypassing permission prompt in nested browsing contexts + CVE-2022-29916 Leaking browser history with CSS variables + CVE-2022-29911 iframe sandbox bypass + CVE-2022-29912 Reader mode bypassed SameSite cookies + CVE-2022-29913 Speech Synthesis feature not properly disabled + CVE-2022-29917 Memory safety bugs fixed in Thunderbird 91.9 * Mon Apr 25 2022 Pavel Vasenkov <pav@altlinux> 91.8.1-alt1 - New version. * Wed Apr 06 2022 Pavel Vasenkov <pav@altlinux> 91.8.0-alt1 - New version. - Security fixes: + CVE-2022-1097 Use-after-free in NSSToken objects + CVE-2022-28281 Out of bounds write due to unexpected WebAuthN Extensions + CVE-2022-1197 OpenPGP revocation information was ignored + CVE-2022-1196 Use-after-free after VR Process destruction + CVE-2022-28282 Use-after-free in DocumentL10n::TranslateDocument + CVE-2022-28285 Incorrect AliasSet used in JIT Codegen + CVE-2022-28286 iframe contents could be rendered outside the border + CVE-2022-24713 Denial of Service via complex regular expressions + CVE-2022-28289 Memory safety bugs fixed in Thunderbird 91.8 * Sun Mar 13 2022 Pavel Vasenkov <pav@altlinux> 91.7.0-alt1 - New version. - Security fixes: + CVE-2022-26383 Browser window spoof using fullscreen mode + CVE-2022-26384 iframe allow-scripts sandbox bypass + CVE-2022-26387 Time-of-check time-of-use bug when verifying add-on signatures + CVE-2022-26381 Use-after-free in text reflows + CVE-2022-26386 Temporary files downloaded to /tmp and accessible by other local users * Tue Mar 08 2022 Pavel Vasenkov <pav@altlinux> 91.6.2-alt1 - New version. - Security fixes: + CVE-2022-26485 Use-after-free in XSLT parameter processing + CVE-2022-26486 Use-after-free in WebGPU IPC Framework * Sat Feb 12 2022 Pavel Vasenkov <pav@altlinux> 91.6.0-alt1 - New version. - Security fixes: + CVE-2022-22753 Privilege Escalation to SYSTEM on Windows via Maintenance Service + CVE-2022-22754 Extensions could have bypassed permission confirmation during update + CVE-2022-22756 Drag and dropping an image could have resulted in the dropped object being an executable + CVE-2022-22759 Sandboxed iframes could have executed script if the parent appended elements + CVE-2022-22760 Cross-Origin responses could be distinguished between script and non-script content-types + CVE-2022-22761 frame-ancestors Content Security Policy directive was not enforced for framed extension pages + CVE-2022-22763 Script Execution during invalid object state + CVE-2022-22764 Memory safety bugs fixed in Thunderbird 91.6 * Tue Jan 25 2022 Pavel Vasenkov <pav@altlinux> 91.5.1-alt1 Note: changelog entry for 91.6.0-alt0.p9.1 not found. unbound - Validating, recursive, and caching DNS resolver * Fri Jun 03 2022 Alexei Takaseev <taf@altlinux> 1.16.0-alt1 - 1.16.0 * Sat Feb 19 2022 Alexei Takaseev <taf@altlinux> 1.15.0-alt1 Total 18280 source packages.
reply other threads:[~2022-06-16 0:18 UTC|newest] Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=Yqp2wK9yO5+I+B3/@beehive.mskdc.altlinux.org \ --to=qa@altlinux.org \ --cc=devel@lists.altlinux.org \ --cc=sisyphus-cybertalk@lists.altlinux.org \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: link
ALT Linux Sisyphus cybertalk This inbox may be cloned and mirrored by anyone: git clone --mirror http://lore.altlinux.org/sisyphus-cybertalk/0 sisyphus-cybertalk/git/0.git # If you have public-inbox 1.1+ installed, you may # initialize and index your mirror using the following commands: public-inbox-init -V2 sisyphus-cybertalk sisyphus-cybertalk/ http://lore.altlinux.org/sisyphus-cybertalk \ sisyphus-cybertalk@lists.altlinux.org sisyphus-cybertalk@lists.altlinux.ru sisyphus-cybertalk@lists.altlinux.com public-inbox-index sisyphus-cybertalk Example config snippet for mirrors. Newsgroup available over NNTP: nntp://lore.altlinux.org/org.altlinux.lists.sisyphus-cybertalk AGPL code for this site: git clone https://public-inbox.org/public-inbox.git