From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <qa@altlinux.org>
X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on
 sa.local.altlinux.org
X-Spam-Level: 
X-Spam-Status: No, score=-3.3 required=5.0 tests=BAYES_00,RP_MATCHES_RCVD
 autolearn=ham autolearn_force=no version=3.4.1
Date: Thu, 16 Jun 2022 00:18:08 +0000
From: QA Team Robot <qa@altlinux.org>
To: sisyphus-cybertalk@lists.altlinux.org
Message-ID: <Yqp2wK9yO5+I+B3/@beehive.mskdc.altlinux.org>
Mail-Followup-To: sisyphus-cybertalk@lists.altlinux.org
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Subject: [cyber] I: p9/branch packages: +2 (18280)
X-BeenThere: sisyphus-cybertalk@lists.altlinux.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: devel@lists.altlinux.org
List-Id: ALT Linux Sisyphus cybertalk <sisyphus-cybertalk.lists.altlinux.org>
List-Unsubscribe: <https://lists.altlinux.org/mailman/options/sisyphus-cybertalk>, 
 <mailto:sisyphus-cybertalk-request@lists.altlinux.org?subject=unsubscribe>
List-Archive: <http://lists.altlinux.org/pipermail/sisyphus-cybertalk>
List-Post: <mailto:sisyphus-cybertalk@lists.altlinux.org>
List-Help: <mailto:sisyphus-cybertalk-request@lists.altlinux.org?subject=help>
List-Subscribe: <https://lists.altlinux.org/mailman/listinfo/sisyphus-cybertalk>, 
 <mailto:sisyphus-cybertalk-request@lists.altlinux.org?subject=subscribe>
X-List-Received-Date: Thu, 16 Jun 2022 00:18:11 -0000
Archived-At: <http://lore.altlinux.org/sisyphus-cybertalk/Yqp2wK9yO5+I+B3%2F@beehive.mskdc.altlinux.org/>
List-Archive: <http://lore.altlinux.org/sisyphus-cybertalk/>

	2 UPDATED packages

thunderbird - Thunderbird is Mozilla's e-mail client            	[409M]
* Thu Jun 09 2022 Pavel Vasenkov <pav@altlinux> 91.10.0-alt0.p9.1
- Backport new version to p9 branch.
* Fri Jun 03 2022 Pavel Vasenkov <pav@altlinux> 91.10.0-alt1
- New version.
- Security fixes:
  + CVE-2022-31736 Cross-Origin resource's length leaked
  + CVE-2022-31737 Heap buffer overflow in WebGL
  + CVE-2022-31738 Browser window spoof using fullscreen mode
  + CVE-2022-31739 Attacker-influenced path traversal when saving downloaded files
  + CVE-2022-31740 Register allocation problem in WASM on arm64
  + CVE-2022-31741 Uninitialized variable leads to invalid memory read
  + CVE-2022-1834 Braille space character caused incorrect sender email to be shown for a digitally signed email
  + CVE-2022-31742 Querying a WebAuthn token with a large number of allowCredential entries may have leaked cross-origin information
  + CVE-2022-31747 Memory safety bugs fixed in Thunderbird 91.10
* Sat May 21 2022 Pavel Vasenkov <pav@altlinux> 91.9.1-alt1
- New version.
- Security fixes:
  + CVE-2022-1802 Prototype pollution in Top-Level Await implementation
  + CVE-2022-1529 Untrusted input used in JavaScript object indexing, leading to prototype pollution
* Wed May 04 2022 Pavel Vasenkov <pav@altlinux> 91.9.0-alt1
- New version.
- Security fixes:
  + CVE-2022-1520 Incorrect security status shown after viewing an attached email
  + CVE-2022-29914 Fullscreen notification bypass using popups
  + CVE-2022-29909 Bypassing permission prompt in nested browsing contexts
  + CVE-2022-29916 Leaking browser history with CSS variables
  + CVE-2022-29911 iframe sandbox bypass
  + CVE-2022-29912 Reader mode bypassed SameSite cookies
  + CVE-2022-29913 Speech Synthesis feature not properly disabled
  + CVE-2022-29917 Memory safety bugs fixed in Thunderbird 91.9
* Mon Apr 25 2022 Pavel Vasenkov <pav@altlinux> 91.8.1-alt1
- New version.
* Wed Apr 06 2022 Pavel Vasenkov <pav@altlinux> 91.8.0-alt1
- New version.
- Security fixes:
  + CVE-2022-1097 Use-after-free in NSSToken objects
  + CVE-2022-28281 Out of bounds write due to unexpected WebAuthN Extensions
  + CVE-2022-1197 OpenPGP revocation information was ignored
  + CVE-2022-1196 Use-after-free after VR Process destruction
  + CVE-2022-28282 Use-after-free in DocumentL10n::TranslateDocument
  + CVE-2022-28285 Incorrect AliasSet used in JIT Codegen
  + CVE-2022-28286 iframe contents could be rendered outside the border
  + CVE-2022-24713 Denial of Service via complex regular expressions
  + CVE-2022-28289 Memory safety bugs fixed in Thunderbird 91.8
* Sun Mar 13 2022 Pavel Vasenkov <pav@altlinux> 91.7.0-alt1
- New version.
- Security fixes:
  + CVE-2022-26383 Browser window spoof using fullscreen mode
  + CVE-2022-26384 iframe allow-scripts sandbox bypass
  + CVE-2022-26387 Time-of-check time-of-use bug when verifying add-on signatures
  + CVE-2022-26381 Use-after-free in text reflows
  + CVE-2022-26386 Temporary files downloaded to /tmp and accessible by other local users
* Tue Mar 08 2022 Pavel Vasenkov <pav@altlinux> 91.6.2-alt1
- New version.
- Security fixes:
  + CVE-2022-26485 Use-after-free in XSLT parameter processing
  + CVE-2022-26486 Use-after-free in WebGPU IPC Framework
* Sat Feb 12 2022 Pavel Vasenkov <pav@altlinux> 91.6.0-alt1
- New version.
- Security fixes:
  + CVE-2022-22753 Privilege Escalation to SYSTEM on Windows via Maintenance Service
  + CVE-2022-22754 Extensions could have bypassed permission confirmation during update
  + CVE-2022-22756 Drag and dropping an image could have resulted in the dropped object being an executable
  + CVE-2022-22759 Sandboxed iframes could have executed script if the parent appended elements
  + CVE-2022-22760 Cross-Origin responses could be distinguished between script and non-script content-types
  + CVE-2022-22761 frame-ancestors Content Security Policy directive was not enforced for framed extension pages
  + CVE-2022-22763 Script Execution during invalid object state
  + CVE-2022-22764 Memory safety bugs fixed in Thunderbird 91.6
* Tue Jan 25 2022 Pavel Vasenkov <pav@altlinux> 91.5.1-alt1
Note: changelog entry for 91.6.0-alt0.p9.1 not found.

unbound - Validating, recursive, and caching DNS resolver
* Fri Jun 03 2022 Alexei Takaseev <taf@altlinux> 1.16.0-alt1
- 1.16.0
* Sat Feb 19 2022 Alexei Takaseev <taf@altlinux> 1.15.0-alt1

Total 18280 source packages.