From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on sa.local.altlinux.org X-Spam-Level: X-Spam-Status: No, score=-3.3 required=5.0 tests=BAYES_00,RP_MATCHES_RCVD autolearn=ham autolearn_force=no version=3.4.1 Date: Wed, 15 Jun 2022 00:18:30 +0000 From: QA Team Robot To: sisyphus-cybertalk@lists.altlinux.org Message-ID: Mail-Followup-To: sisyphus-cybertalk@lists.altlinux.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Subject: [cyber] I: p9/branch packages: +2 (18280) X-BeenThere: sisyphus-cybertalk@lists.altlinux.org X-Mailman-Version: 2.1.12 Precedence: list Reply-To: devel@lists.altlinux.org List-Id: ALT Linux Sisyphus cybertalk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 15 Jun 2022 00:18:34 -0000 Archived-At: List-Archive: 2 UPDATED packages firefox-esr - The Mozilla Firefox project is a redesign of Mozilla's browser (ESR version) [389M] * Thu Jun 09 2022 Pavel Vasenkov 91.10.0-alt0.p9.1 - Backport new ESR version to p9 branch. * Fri Jun 03 2022 Pavel Vasenkov 91.10.0-alt1 - New ESR version. - Security fixes: + CVE-2022-31736 Cross-Origin resource's length leaked + CVE-2022-31737 Heap buffer overflow in WebGL + CVE-2022-31738 Browser window spoof using fullscreen mode + CVE-2022-31739 Attacker-influenced path traversal when saving downloaded files + CVE-2022-31740 Register allocation problem in WASM on arm64 + CVE-2022-31741 Uninitialized variable leads to invalid memory read + CVE-2022-31742 Querying a WebAuthn token with a large number of allowCredential entries may have leaked cross-origin information + CVE-2022-31747 Memory safety bugs fixed in Firefox 101 and Firefox ESR 91.10 * Sun May 22 2022 Pavel Vasenkov 91.9.1-alt1 - New ESR version. - Security fixes: + CVE-2022-1802 Prototype pollution in Top-Level Await implementation + CVE-2022-1529 Untrusted input used in JavaScript object indexing, leading to prototype pollution * Wed May 04 2022 Pavel Vasenkov 91.9.0-alt1 - New ESR version. - Security fixes: + CVE-2022-29914 Fullscreen notification bypass using popups + CVE-2022-29909 Bypassing permission prompt in nested browsing contexts + CVE-2022-29916 Leaking browser history with CSS variables + CVE-2022-29911 iframe Sandbox bypass + CVE-2022-29912 Reader mode bypassed SameSite cookies + CVE-2022-29917 Memory safety bugs fixed in Firefox 100 and Firefox ESR 91.9 * Wed Apr 06 2022 Pavel Vasenkov 91.8.0-alt1 - New ESR version. - Security fixes: + CVE-2022-1097 Use-after-free in NSSToken objects + CVE-2022-28281 Out of bounds write due to unexpected WebAuthN Extensions + CVE-2022-1196 Use-after-free after VR Process destruction + CVE-2022-28282 Use-after-free in DocumentL10n::TranslateDocument + CVE-2022-28285 Incorrect AliasSet used in JIT Codegen + CVE-2022-28286 iframe contents could be rendered outside the border + CVE-2022-24713 Denial of Service via complex regular expressions + CVE-2022-28289 Memory safety bugs fixed in Firefox 99 and Firefox ESR 91.8 * Sun Mar 13 2022 Pavel Vasenkov 91.7.0-alt1 - New ESR version. - Security fixes: + CVE-2022-26383 Browser window spoof using fullscreen mode + CVE-2022-26384 iframe allow-scripts sandbox bypass + CVE-2022-26387 Time-of-check time-of-use bug when verifying add-on signatures + CVE-2022-26381 Use-after-free in text reflows + CVE-2022-26386 Temporary files downloaded to /tmp and accessible by other local users * Mon Mar 07 2022 Pavel Vasenkov 91.6.1-alt1 Note: changelog entry for 91.7.0-alt0.p9.1 not found. tarantool - In-memory database and Lua application server [11M] * Fri May 27 2022 Dmitry Kibirev 2.8.4-alt1 - New stable version * Tue Nov 02 2021 Dmitry Kibirev 2.8.3-alt1 Total 18280 source packages.