From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on sa.local.altlinux.org X-Spam-Level: X-Spam-Status: No, score=-3.3 required=5.0 tests=BAYES_00,RP_MATCHES_RCVD autolearn=ham autolearn_force=no version=3.4.1 Date: Sat, 8 Feb 2025 00:21:22 +0000 From: QA Team Robot To: sisyphus-cybertalk@lists.altlinux.org Message-ID: Mail-Followup-To: sisyphus-cybertalk@lists.altlinux.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Subject: [cyber] I: p10/branch packages: +10 (19012) X-BeenThere: sisyphus-cybertalk@lists.altlinux.org X-Mailman-Version: 2.1.12 Precedence: list Reply-To: devel@lists.altlinux.org List-Id: ALT Linux Sisyphus cybertalk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 08 Feb 2025 00:21:25 -0000 Archived-At: List-Archive: 10 UPDATED packages alterator-usbguard - alterator module to control usb devices * Thu Jan 23 2025 Oleg Proskurin 0.2.1-alt1 - Bugfixing (Closes: #52767, #52745) + fix jump back (-10) + fix empty page at the end problem * Wed Jan 15 2025 Oleg Proskurin 0.2-alt1 - New version (Closes: #51764 ) * Fri May 17 2024 Oleg Proskurin 0.1.2-alt1 bind - ISC BIND - DNS server * Fri Jan 31 2025 Stanislav Levin 9.16.50-alt2 - Synced to upstream (fixes: CVE-2024-11187). * Tue Sep 03 2024 Stanislav Levin 9.16.50-alt1 bind-dyndb-ldap - LDAP back-end plug-in for BIND * Wed Jan 22 2025 Stanislav Levin 11.11-alt1 - 11.10 -> 11.11. * Wed Sep 04 2024 Stanislav Levin 11.10-alt8 ca-certificates - Common CA Certificates * Tue Dec 10 2024 Ajrat Makhmutov 2024.12.10-alt1 - mozilla: sync with nss-3.107. * Mon Jul 01 2024 Ajrat Makhmutov 2024.07.01-alt1 - mozilla: sync with nss-3.101.1. * Sat Jun 08 2024 Ajrat Makhmutov 2024.06.08-alt1 - mozilla: sync with nss-3.101. * Sat Feb 24 2024 Alexey Gladkov 2024.02.24-alt1 - mozilla: sync with nss-3.98. * Wed Dec 20 2023 Alexey Gladkov 2023.12.20-alt1 - mozilla: sync with nss-3.96.1. * Mon Jul 31 2023 Alexey Gladkov 2023.07.31-alt1 - mozilla: sync with nss-3.92. * Wed Dec 14 2022 Alexey Gladkov 2022.12.14-alt1 - mozilla: sync with nss-3.86. * Thu Sep 15 2022 Alexey Gladkov 2022.09.15-alt1 firefox - The Mozilla Firefox project is a redesign of Mozilla's browser [598M] * Fri Jan 31 2025 Ajrat Makhmutov 134.0.2-alt0.p10.1 - Backprort new version to p10 branch. * Fri Jan 24 2025 Ajrat Makhmutov 134.0.2-alt1 - New version (134.0.2). * Tue Jan 14 2025 Ajrat Makhmutov 134.0.1-alt1 - New version (134.0.1). * Thu Jan 09 2025 Ajrat Makhmutov 134.0-alt1 - New version (134.0). - Security fixes: + CVE-2025-0244: Address bar spoofing using an invalid protocol scheme on Firefox for Android + CVE-2025-0245: Lock screen setting bypass in Firefox Focus for Android + CVE-2025-0246: Address bar spoofing using an invalid protocol scheme on Firefox for Android + CVE-2025-0237: WebChannel APIs susceptible to confused deputy attack + CVE-2025-0238: Use-after-free when breaking lines in text + CVE-2025-0239: Alt-Svc ALPN validation failure when redirected + CVE-2025-0240: Compartment mismatch when parsing JavaScript JSON module + CVE-2025-0241: Memory corruption when using JavaScript Text Segmentation + CVE-2025-0242: Memory safety bugs fixed in Firefox 134, Thunderbird 134, Firefox ESR 115.19, Firefox ESR 128.6, Thunderbird 115.19, and Thunderbird 128.6 + CVE-2025-0243: Memory safety bugs fixed in Firefox 134, Thunderbird 134, Firefox ESR 128.6, and Thunderbird 128.6 + CVE-2025-0247: Memory safety bugs fixed in Firefox 134 and Thunderbird 134 * Fri Dec 20 2024 Ajrat Makhmutov 133.0.3-alt1 - New version (133.0.3). - Fix FTBFS with python 3.12.8. * Thu Nov 28 2024 Ajrat Makhmutov 133.0.0-alt1 - New version (133.0.0). - Security fixes: + CVE-2024-11691: Out-of-bounds write in Apple GPU drivers via WebGL + CVE-2024-11700: Potential Tapjacking Exploit for Intent Confirmation on Android + CVE-2024-11692: Select list elements could be shown over another site + CVE-2024-11701: Misleading Address Bar State During Navigation Interruption + CVE-2024-11702: Inadequate Clipboard Protection in Private Browsing Mode on Android + CVE-2024-11693: Download Protections were bypassed by .library-ms files on Windows + CVE-2024-11694: CSP Bypass and XSS Exposure via Web Compatibility Shims + CVE-2024-11695: URL Bar Spoofing via Manipulated Punycode and Whitespace Characters + CVE-2024-11703: Password access without authentication via PIN bypass on Android + CVE-2024-11696: Unhandled Exception in Add-on Signature Verification + CVE-2024-11697: Improper Keypress Handling in Executable File Confirmation Dialog + CVE-2024-11704: Potential Double-Free Vulnerability in PKCS#7 Decryption Handling + CVE-2024-11698: Fullscreen Lock-Up When Modal Dialog Interrupts Transition on macOS + CVE-2024-11705: Null Pointer Dereference in NSC_DeriveKey + CVE-2024-11706: Null Pointer Dereference in PKCS#12 Utility + CVE-2024-11708: Data race with PlaybackParams + CVE-2024-11699: Memory safety bugs fixed in Firefox 133, Firefox ESR 128.5, and Thunderbird 128.5 * Sat Nov 16 2024 Ajrat Makhmutov 132.0.2-alt1 - New version (132.0.2). * Sat Nov 16 2024 Andrey Cherepanov 132.0.1-alt0.p10.1 java-1.8.0-openjdk - OpenJDK Runtime Environment 8 [58M] * Tue Jan 28 2025 Andrey Cherepanov 0:1.8.0.442.b06-alt1_1jpp8 - New version. * Mon Dec 02 2024 Andrey Cherepanov 0:1.8.0.432.b06-alt1_1jpp8 - New version. - Security fixes: - CVE-2024-21208 - CVE-2024-21210 - CVE-2024-21217 - CVE-2024-21235 * Sun Aug 25 2024 Andrey Cherepanov 0:1.8.0.422.b05-alt1_1jpp8 libuv - Evented I/O for NodeJS * Fri Jan 24 2025 Alexander Danilov 1.49.2-alt0.p10.1 - Backported new version to p10. * Thu Jan 16 2025 Vitaly Lipatov 1.49.2-alt1 - new version 1.49.2 (with rpmrb script) * Tue Dec 10 2024 Vitaly Lipatov 1.49.1-alt1 - new version 1.49.1 (with rpmrb script) * Sun Sep 15 2024 Vitaly Lipatov 1.48.0-alt2 - add patch for export wtf8 functions properly * Mon Aug 19 2024 Alexander Danilov 1.48.0-alt0.p10.1 nss - Netscape Network Security Services(NSS) [52M] * Tue Dec 10 2024 Ajrat Makhmutov 3.107-alt1 - New version (3.107). - Certificate Authority Changes: + Remove CN=SecureSign RootCA11 + Remove CN=Security Communication RootCA3 * Fri Oct 25 2024 Ajrat Makhmutov 3.106-alt1 postgresql15-1C - PostgreSQL client programs and libraries (edition for 1C 8.3.13 and later) [15M] * Tue Jan 28 2025 Alexei Takaseev 15.10-alt0.p10.1 - 15.10 - Update 1C patch * Tue Dec 10 2024 Alexei Takaseev 15.8-alt0.p10.4 thunderbird - Thunderbird is Mozilla's e-mail client [676M] * Mon Jan 27 2025 Ajrat Makhmutov 128.6.0-alt0.p10.1 - Backport new version to p10 branch. * Thu Jan 09 2025 Ajrat Makhmutov 128.6.0-alt1 - New version. - Security fixes: + CVE-2025-0237: WebChannel APIs susceptible to confused deputy attack + CVE-2025-0238: Use-after-free when breaking lines in text + CVE-2025-0239: Alt-Svc ALPN validation failure when redirected + CVE-2025-0240: Compartment mismatch when parsing JavaScript JSON module + CVE-2025-0241: Memory corruption when using JavaScript Text Segmentation + CVE-2025-0242: Memory safety bugs fixed in Firefox 134, Thunderbird 134, Firefox ESR 115.19, Firefox ESR 128.6, Thunderbird 115.19, and Thunderbird 128.6 + CVE-2025-0243: Memory safety bugs fixed in Firefox 134, Thunderbird 134, Firefox ESR 128.6, and Thunderbird 128.6 * Fri Dec 20 2024 Ajrat Makhmutov 128.5.2-alt1 - New version. - Security fixes: + CVE-2024-50336: matrix-js-sdk has insufficient MXC URI validation which could allow client-side path traversal - Fix FTBFS with python 3.12.8. * Thu Nov 28 2024 Ajrat Makhmutov 128.5.0-alt1 - New version. - Security fixes: + CVE-2024-11691: Out-of-bounds write in Apple GPU drivers via WebGL + CVE-2024-11692: Select list elements could be shown over another site + CVE-2024-11693: Download Protections were bypassed by .library-ms files on Windows + CVE-2024-11694: CSP Bypass and XSS Exposure via Web Compatibility Shims + CVE-2024-11695: URL Bar Spoofing via Manipulated Punycode and Whitespace Characters + CVE-2024-11696: Unhandled Exception in Add-on Signature Verification + CVE-2024-11697: Improper Keypress Handling in Executable File Confirmation Dialog + CVE-2024-11698: Fullscreen Lock-Up When Modal Dialog Interrupts Transition on macOS + CVE-2024-11699: Memory safety bugs fixed in Firefox 133, Thunderbird 133, Firefox ESR 128.5, and Thunderbird 128.5 * Tue Nov 26 2024 Ajrat Makhmutov 128.4.4-alt1 - New version. - Correct the Russian translation (closes: 41249). - Add the security fix in 128.4.3 changelog. * Sat Nov 16 2024 Andrey Cherepanov 128.4.2-alt0.p10.1 Total 19012 source packages.