From: QA Team Robot <qa@altlinux.org> To: sisyphus-cybertalk@lists.altlinux.org Subject: [cyber] I: p10/branch packages: +6 (18056) Date: Sat, 11 Mar 2023 00:16:23 +0000 Message-ID: <ZAvIVzW82I8Ldway@beehive.mskdc.altlinux.org> (raw) 6 UPDATED packages chromium - An open source web browser developed by Google [2030M] * Mon Mar 06 2023 Andrey Cherepanov <cas@altlinux> 110.0.5481.177-alt1.p10.1 - Backported new version to p10 branch. * Wed Mar 01 2023 Alexey Gladkov <legion@altlinux> 110.0.5481.177-alt2 - Bring back compiler optimizations (ALT#45454). * Thu Feb 23 2023 Alexey Gladkov <legion@altlinux> 110.0.5481.177-alt1 - New version (110.0.5481.177). - Fix crach in autofill (ALT#45269). - Security fixes: - CVE-2023-0927: Use after free in Web Payments API. - CVE-2023-0928: Use after free in SwiftShader. - CVE-2023-0929: Use after free in Vulkan. - CVE-2023-0930: Heap buffer overflow in Video. - CVE-2023-0931: Use after free in Video. - CVE-2023-0932: Use after free in WebRTC. - CVE-2023-0933: Integer overflow in PDF. - CVE-2023-0941: Use after free in Prompts. * Thu Feb 09 2023 Alexey Gladkov <legion@altlinux> 110.0.5481.77-alt1 - New version (110.0.5481.77). - Upstream disallow to chromium build with system libwayland (crbug.com/1385736). - Add more parameters to Yandex search url (ALT#45192). - Security fixes: - CVE-2023-0696: Type Confusion in V8. - CVE-2023-0697: Inappropriate implementation in Full screen mode. - CVE-2023-0698: Out of bounds read in WebRTC. - CVE-2023-0699: Use after free in GPU. - CVE-2023-0700: Inappropriate implementation in Download. - CVE-2023-0701: Heap buffer overflow in WebUI. - CVE-2023-0702: Type Confusion in Data Transfer. - CVE-2023-0703: Type Confusion in DevTools. - CVE-2023-0704: Insufficient policy enforcement in DevTools. - CVE-2023-0705: Integer overflow in Core. * Mon Jan 30 2023 Alexey Gladkov <legion@altlinux> 109.0.5414.119-alt1 - New version (109.0.5414.119). - Add a workaround to make the https_proxy environment variable work (ALT#44986). - Security fixes: - CVE-2023-0471: Use after free in WebTransport. - CVE-2023-0472: Use after free in WebRTC. - CVE-2023-0473: Type Confusion in ServiceWorker API. - CVE-2023-0474: Use after free in GuestView. * Mon Jan 23 2023 Andrey Cherepanov <cas@altlinux> 109.0.5414.74-alt0.p10.1 - Backported new version to p10 branch. - Built with system ffmpeg. * Thu Jan 12 2023 Alexey Gladkov <legion@altlinux> 109.0.5414.74-alt1 - New version (109.0.5414.74). - Security fixes: - CVE-2023-0128: Use after free in Overview Mode. - CVE-2023-0129: Heap buffer overflow in Network Service. - CVE-2023-0130: Inappropriate implementation in Fullscreen API. - CVE-2023-0131: Inappropriate implementation in iframe Sandbox. - CVE-2023-0132: Inappropriate implementation in Permission prompts. - CVE-2023-0133: Inappropriate implementation in Permission prompts. - CVE-2023-0134: Use after free in Cart. - CVE-2023-0135: Use after free in Cart. - CVE-2023-0136: Inappropriate implementation in Fullscreen API. - CVE-2023-0137: Heap buffer overflow in Platform Apps. - CVE-2023-0138: Heap buffer overflow in libphonenumber. - CVE-2023-0139: Insufficient validation of untrusted input in Downloads. - CVE-2023-0140: Inappropriate implementation in File System API. - CVE-2023-0141: Insufficient policy enforcement in CORS. * Sat Dec 10 2022 Andrey Cherepanov <cas@altlinux> 108.0.5359.71-alt0.p10.1 - Backported new version to p10 branch. * Fri Dec 02 2022 Alexey Gladkov <legion@altlinux> 108.0.5359.71-alt1 - New version (108.0.5359.71). - Use LLVM 15. - Security fixes: - CVE-2022-4174: Type Confusion in V8. - CVE-2022-4175: Use after free in Camera Capture. - CVE-2022-4176: Out of bounds write in Lacros Graphics. - CVE-2022-4177: Use after free in Extensions. - CVE-2022-4178: Use after free in Mojo. - CVE-2022-4179: Use after free in Audio. - CVE-2022-4180: Use after free in Mojo. - CVE-2022-4181: Use after free in Forms. - CVE-2022-4182: Inappropriate implementation in Fenced Frames. - CVE-2022-4183: Insufficient policy enforcement in Popup Blocker. - CVE-2022-4184: Insufficient policy enforcement in Autofill. - CVE-2022-4185: Inappropriate implementation in Navigation. - CVE-2022-4186: Insufficient validation of untrusted input in Downloads. - CVE-2022-4187: Insufficient policy enforcement in DevTools. - CVE-2022-4188: Insufficient validation of untrusted input in CORS. - CVE-2022-4189: Insufficient policy enforcement in DevTools. - CVE-2022-4190: Insufficient data validation in Directory. - CVE-2022-4191: Use after free in Sign-In. - CVE-2022-4192: Use after free in Live Caption. - CVE-2022-4193: Insufficient policy enforcement in File System API. - CVE-2022-4194: Use after free in Accessibility. - CVE-2022-4195: Insufficient policy enforcement in Safe Browsing. * Fri Nov 18 2022 Alexey Gladkov <legion@altlinux> 107.0.5304.110-alt1 - New version (107.0.5304.110). - Security fixes: - CVE-2022-3885: Use after free in V8. - CVE-2022-3886: Use after free in Speech Recognition. - CVE-2022-3887: Use after free in Web Workers. - CVE-2022-3888: Use after free in WebCodecs. - CVE-2022-3889: Type Confusion in V8. - CVE-2022-3890: Heap buffer overflow in Crashpad. * Wed Nov 16 2022 Andrey Cherepanov <cas@altlinux> 107.0.5304.87-alt0.p10.1 crda - Regulatory compliance agent for 802.11 wireless networking * Fri Feb 24 2023 L.A. Kostis <lakostis@altlinux> 4.15-alt2.2023.02.13 - regdb: updated to 20230213. * Mon Jan 23 2023 L.A. Kostis <lakostis@altlinux> 4.15-alt1 - regdb: updated to 20220812. - crda: updated to 4.15. - added crda deprecation notice. * Thu Aug 05 2021 Grigory Ustinov <grenka@altlinux> 4.14-alt6 - Transfer on python3. * Tue Jul 06 2021 Andrey Cherepanov <cas@altlinux> 4.14-alt5.1 golang - The Go Programming Language [18M] * Tue Mar 07 2023 Alexey Shabalin <shaba@altlinux> 1.19.7-alt1 - New version (1.19.7) (Fixes: CVE-2023-24532). * Thu Feb 16 2023 Alexey Shabalin <shaba@altlinux> 1.19.6-alt1 jitsi-videobridge - Jitsi Videobridge - WebRTC compatible Selective Forwarding Unit [198M] * Sat Feb 25 2023 Igor Vlasenko <viy@altlinux> 2.1-alt0.8 - java17 support (closes: #45385) * Mon Jan 24 2022 Igor Vlasenko <viy@altlinux> 2.1-alt0.7 libharfbuzz - HarfBuzz is an OpenType text shaping engine [21M] * Sun Oct 23 2022 Yuri N. Sedunov <aris@altlinux> 5.3.1-alt1 - updated to 5.3.1-8-g83769b9cb * Mon Sep 26 2022 Yuri N. Sedunov <aris@altlinux> 5.2.0-alt1 - 5.2.0 * Sun Jul 24 2022 Yuri N. Sedunov <aris@altlinux> 5.0.1-alt1 - 5.0.1 * Wed Jun 29 2022 Yuri N. Sedunov <aris@altlinux> 4.4.1-alt1 - updated to 4.4.1-2-g22835dea2 - introduced experimental API knob (disabled by default) * Thu Jun 23 2022 Yuri N. Sedunov <aris@altlinux> 4.3.0-alt1 - 4.3.0 * Wed Apr 27 2022 Yuri N. Sedunov <aris@altlinux> 4.2.1-alt1 - 4.2.1 * Fri Apr 08 2022 Yuri N. Sedunov <aris@altlinux> 4.2.0-alt1 - 4.2.0 * Sat Mar 12 2022 Yuri N. Sedunov <aris@altlinux> 4.0.1-alt1 - 4.0.1 * Thu Mar 03 2022 Yuri N. Sedunov <aris@altlinux> 4.0.0-alt1 - 4.0.0 * Sun Dec 12 2021 Yuri N. Sedunov <aris@altlinux> 3.2.0-alt1 thunderbird - Thunderbird is Mozilla's e-mail client [508M] * Tue Feb 28 2023 Pavel Vasenkov <pav@altlinux> 102.8.0-alt1 - New version. - Security fixes: + CVE-2023-0616 User Interface lockup with messages combining S/MIME and OpenPGP + CVE-2023-25728 Content security policy leak in violation reports using iframes + CVE-2023-25730 Screen hijack via browser fullscreen mode + CVE-2023-0767 Arbitrary memory write via PKCS 12 in NSS + CVE-2023-25735 Potential use-after-free from compartment mismatch in SpiderMonkey + CVE-2023-25737 Invalid downcast in SVGUtils::SetupStrokeGeometry + CVE-2023-25738 Printing on Windows could potentially crash Thunderbird with some device drivers + CVE-2023-25739 Use-after-free in mozilla::dom::ScriptLoadContext::~ScriptLoadContext + CVE-2023-25729 Extensions could have opened external schemes without user knowledge + CVE-2023-25732 Out of bounds memory write from EncodeInputStream + CVE-2023-25734 Opening local .url files could cause unexpected network loads + CVE-2023-25742 Web Crypto ImportKey crashes tab + CVE-2023-25746 Memory safety bugs fixed in Thunderbird 102.8 * Fri Feb 03 2023 Pavel Vasenkov <pav@altlinux> 102.7.1-alt1 Total 18056 source packages.
reply other threads:[~2023-03-11 0:16 UTC|newest] Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=ZAvIVzW82I8Ldway@beehive.mskdc.altlinux.org \ --to=qa@altlinux.org \ --cc=devel@lists.altlinux.org \ --cc=sisyphus-cybertalk@lists.altlinux.org \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: link
ALT Linux Sisyphus cybertalk This inbox may be cloned and mirrored by anyone: git clone --mirror http://lore.altlinux.org/sisyphus-cybertalk/0 sisyphus-cybertalk/git/0.git # If you have public-inbox 1.1+ installed, you may # initialize and index your mirror using the following commands: public-inbox-init -V2 sisyphus-cybertalk sisyphus-cybertalk/ http://lore.altlinux.org/sisyphus-cybertalk \ sisyphus-cybertalk@lists.altlinux.org sisyphus-cybertalk@lists.altlinux.ru sisyphus-cybertalk@lists.altlinux.com public-inbox-index sisyphus-cybertalk Example config snippet for mirrors. Newsgroup available over NNTP: nntp://lore.altlinux.org/org.altlinux.lists.sisyphus-cybertalk AGPL code for this site: git clone https://public-inbox.org/public-inbox.git