From: QA Team Robot <qa@altlinux.org> To: sisyphus-cybertalk@lists.altlinux.org Subject: [cyber] I: p9/branch packages: +3 (18279) Date: Fri, 21 Jul 2023 00:18:42 +0000 Message-ID: <ZLnO4jpl4xW7syqE@beehive.mskdc.altlinux.org> (raw) 3 UPDATED packages firefox-esr - The Mozilla Firefox project is a redesign of Mozilla's browser (ESR version) [487M] * Tue Jun 06 2023 Pavel Vasenkov <pav@altlinux> 102.11.0-alt0.c9.1 - Backported new version to c9 branch. * Mon May 15 2023 Pavel Vasenkov <pav@altlinux> 102.11.0-alt1 - New ESR version. - Security fixes + CVE-2023-32205 Browser prompts could have been obscured by popups + CVE-2023-32206 Crash in RLBox Expat driver + CVE-2023-32207 Potential permissions request bypass via clickjacking + CVE-2023-32211 Content process crash due to invalid wasm code + CVE-2023-32212 Potential spoof due to obscured address bar + CVE-2023-32213 Potential memory corruption in FileReader::DoReadData() + CVE-2023-32214 Potential DoS via exposed protocol handlers + CVE-2023-32215 Memory safety bugs fixed in Firefox 113 and Firefox ESR 102.11 * Wed Apr 19 2023 Pavel Vasenkov <pav@altlinux> 102.10.0-alt1 - New ESR version. - Security fixes + CVE-2023-29531 Out-of-bound memory access in WebGL on macOS + CVE-2023-29532 Mozilla Maintenance Service Write-lock bypass + CVE-2023-29533 Fullscreen notification obscured + CVE-2023-1999 Double-free in libwebp + CVE-2023-29535 Potential Memory Corruption following Garbage Collector compaction + CVE-2023-29536 Invalid free from JavaScript code + CVE-2023-29539 Content-Disposition filename truncation leads to Reflected File Download + CVE-2023-29541 Files with malicious extensions could have been downloaded unsafely on Linux + CVE-2023-29542 Bypass of file download extension restrictions + CVE-2023-29545 Windows Save As dialog resolved environment variables + CVE-2023-1945 Memory Corruption in Safe Browsing Code + CVE-2023-29548 Incorrect optimization result on ARM64 + CVE-2023-29550 Memory safety bugs fixed in Firefox 112 and Firefox ESR 102.10 * Wed Mar 22 2023 Pavel Vasenkov <pav@altlinux> 102.9.0-alt1 - New ESR version. - Security fixes + CVE-2023-25751 Incorrect code generation during JIT compilation + CVE-2023-28164 URL being dragged from a removed cross-origin iframe into the same tab triggered navigation + CVE-2023-28162 Invalid downcast in Worklets + CVE-2023-25752 Potential out-of-bounds when accessing throttled streams + CVE-2023-28163 Windows Save As dialog resolved environment variables + CVE-2023-28176 Memory safety bugs fixed in Firefox 111 and Firefox ESR 102.9 * Fri Mar 03 2023 Pavel Vasenkov <pav@altlinux> 102.8.0-alt1 - New ESR version. - Security fixes + CVE-2023-25728 Content security policy leak in violation reports using iframes + CVE-2023-25730 Screen hijack via browser fullscreen mode + CVE-2023-0767 Arbitrary memory write via PKCS 12 in NSS + CVE-2023-25735 Potential use-after-free from compartment mismatch in SpiderMonkey + CVE-2023-25737 Invalid downcast in SVGUtils::SetupStrokeGeometry + CVE-2023-25738 Printing on Windows could potentially crash Firefox with some device drivers + CVE-2023-25739 Use-after-free in mozilla::dom::ScriptLoadContext::~ScriptLoadContext + CVE-2023-25729 Extensions could have opened external schemes without user knowledge + CVE-2023-25732 Out of bounds memory write from EncodeInputStream + CVE-2023-25734 Opening local .url files could cause unexpected network loads + CVE-2023-25742 Web Crypto ImportKey crashes tab + CVE-2023-25744 Memory safety bugs fixed in Firefox 110 and Firefox ESR 102.8 + CVE-2023-25746 Memory safety bugs fixed in Firefox ESR 102.8 * Wed Jan 18 2023 Pavel Vasenkov <pav@altlinux> 102.7.0-alt1 - New ESR version. - Security fixes + CVE-2022-46871 libusrsctp library out of date + CVE-2023-23598 Arbitrary file read from GTK drag and drop on Linux + CVE-2023-23599 Malicious command could be hidden in devtools output on Windows + CVE-2023-23601 URL being dragged from cross-origin iframe into same tab triggers navigation + CVE-2023-23602 Content Security Policy wasn't being correctly applied to WebSockets in WebWorkers + CVE-2022-46877 Fullscreen notification bypass + CVE-2023-23603 Calls to <code>console.log</code> allowed bypasing Content Security Policy via format directive + CVE-2023-23605 Memory safety bugs fixed in Firefox 109 and Firefox ESR 102.7 * Tue Jan 17 2023 Andrey Cherepanov <cas@altlinux> 102.6.0-alt0.c9.1 rust - The Rust Programming Language [124M] * Sat Feb 04 2023 Andrey Cherepanov <cas@altlinux> 1:1.64.0-alt0.c9.2 - Built without bootstrapping. * Sun Nov 20 2022 Andrey Cherepanov <cas@altlinux> 1:1.64.0-alt0.c9.1 thunderbird - Thunderbird is Mozilla's e-mail client [508M] * Mon Jun 05 2023 Pavel Vasenkov <pav@altlinux> 102.11.0-alt0.c9.1 - Backport new version with security fixes to c9 branch. * Wed May 17 2023 Pavel Vasenkov <pav@altlinux> 102.11.0-alt1 - New version. - Security fixes: + CVE-2023-32205 Browser prompts could have been obscured by popups + CVE-2023-32206 Crash in RLBox Expat driver + CVE-2023-32207 Potential permissions request bypass via clickjacking + CVE-2023-32211 Content process crash due to invalid wasm code + CVE-2023-32212 Potential spoof due to obscured address bar + CVE-2023-32213 Potential memory corruption in FileReader::DoReadData() + CVE-2023-32214 Potential DoS via exposed protocol handlers + CVE-2023-32215 Memory safety bugs fixed in Thunderbird 102.11 * Wed Apr 19 2023 Pavel Vasenkov <pav@altlinux> 102.10.0-alt1 - New version. - Security fixes: + CVE-2023-29531 Out-of-bound memory access in WebGL on macOS + CVE-2023-29532 Mozilla Maintenance Service Write-lock bypass + CVE-2023-29533 Fullscreen notification obscured + CVE-2023-1999 Double-free in libwebp + CVE-2023-29535 Potential Memory Corruption following Garbage Collector compaction + CVE-2023-29536 Invalid free from JavaScript code + CVE-2023-0547 Revocation status of S/Mime recipient certificates was not checked + CVE-2023-29479 Hang when processing certain OpenPGP messages + CVE-2023-29539 Content-Disposition filename truncation leads to Reflected File Download + CVE-2023-29541 Files with malicious extensions could have been downloaded unsafely on Linux + CVE-2023-29542 Bypass of file download extension restrictions + CVE-2023-29545 Windows Save As dialog resolved environment variables + CVE-2023-1945 Memory Corruption in Safe Browsing Code + CVE-2023-29548 Incorrect optimization result on ARM64 + CVE-2023-29550 Memory safety bugs fixed in Thunderbird 102.10 * Wed Mar 22 2023 Pavel Vasenkov <pav@altlinux> 102.9.0-alt1 - New version. - Security fixes: + CVE-2023-25751 Incorrect code generation during JIT compilation + CVE-2023-28164 URL being dragged from a removed cross-origin iframe into the same tab triggered navigation + CVE-2023-28162 Invalid downcast in Worklets + CVE-2023-25752 Potential out-of-bounds when accessing throttled streams + CVE-2023-28163 Windows Save As dialog resolved environment variables + CVE-2023-28176 Memory safety bugs fixed in Thunderbird 102.9 * Tue Feb 28 2023 Pavel Vasenkov <pav@altlinux> 102.8.0-alt1 - New version. - Security fixes: + CVE-2023-0616 User Interface lockup with messages combining S/MIME and OpenPGP + CVE-2023-25728 Content security policy leak in violation reports using iframes + CVE-2023-25730 Screen hijack via browser fullscreen mode + CVE-2023-0767 Arbitrary memory write via PKCS 12 in NSS + CVE-2023-25735 Potential use-after-free from compartment mismatch in SpiderMonkey + CVE-2023-25737 Invalid downcast in SVGUtils::SetupStrokeGeometry + CVE-2023-25738 Printing on Windows could potentially crash Thunderbird with some device drivers + CVE-2023-25739 Use-after-free in mozilla::dom::ScriptLoadContext::~ScriptLoadContext + CVE-2023-25729 Extensions could have opened external schemes without user knowledge + CVE-2023-25732 Out of bounds memory write from EncodeInputStream + CVE-2023-25734 Opening local .url files could cause unexpected network loads + CVE-2023-25742 Web Crypto ImportKey crashes tab + CVE-2023-25746 Memory safety bugs fixed in Thunderbird 102.8 * Fri Feb 03 2023 Pavel Vasenkov <pav@altlinux> 102.7.1-alt1 Total 18279 source packages.
reply other threads:[~2023-07-21 0:18 UTC|newest] Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=ZLnO4jpl4xW7syqE@beehive.mskdc.altlinux.org \ --to=qa@altlinux.org \ --cc=devel@lists.altlinux.org \ --cc=sisyphus-cybertalk@lists.altlinux.org \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: link
ALT Linux Sisyphus cybertalk This inbox may be cloned and mirrored by anyone: git clone --mirror http://lore.altlinux.org/sisyphus-cybertalk/0 sisyphus-cybertalk/git/0.git # If you have public-inbox 1.1+ installed, you may # initialize and index your mirror using the following commands: public-inbox-init -V2 sisyphus-cybertalk sisyphus-cybertalk/ http://lore.altlinux.org/sisyphus-cybertalk \ sisyphus-cybertalk@lists.altlinux.org sisyphus-cybertalk@lists.altlinux.ru sisyphus-cybertalk@lists.altlinux.com public-inbox-index sisyphus-cybertalk Example config snippet for mirrors. Newsgroup available over NNTP: nntp://lore.altlinux.org/org.altlinux.lists.sisyphus-cybertalk AGPL code for this site: git clone https://public-inbox.org/public-inbox.git