[cyber] I: p10/branch packages: +6 (18056)

ALT Linux Sisyphus cybertalk
 help / color / mirror / Atom feed

* [cyber] I: p10/branch packages: +6 (18056)
@ 2023-03-11  0:16 QA Team Robot
  0 siblings, 0 replies; only message in thread
From: QA Team Robot @ 2023-03-11  0:16 UTC (permalink / raw)
  To: sisyphus-cybertalk

	6 UPDATED packages

chromium - An open source web browser developed by Google       	[2030M]
* Mon Mar 06 2023 Andrey Cherepanov <cas@altlinux> 110.0.5481.177-alt1.p10.1
- Backported new version to p10 branch.
* Wed Mar 01 2023 Alexey Gladkov <legion@altlinux> 110.0.5481.177-alt2
- Bring back compiler optimizations (ALT#45454).
* Thu Feb 23 2023 Alexey Gladkov <legion@altlinux> 110.0.5481.177-alt1
- New version (110.0.5481.177).
- Fix crach in autofill (ALT#45269).
- Security fixes:
  - CVE-2023-0927: Use after free in Web Payments API.
  - CVE-2023-0928: Use after free in SwiftShader.
  - CVE-2023-0929: Use after free in Vulkan.
  - CVE-2023-0930: Heap buffer overflow in Video.
  - CVE-2023-0931: Use after free in Video.
  - CVE-2023-0932: Use after free in WebRTC.
  - CVE-2023-0933: Integer overflow in PDF.
  - CVE-2023-0941: Use after free in Prompts.
* Thu Feb 09 2023 Alexey Gladkov <legion@altlinux> 110.0.5481.77-alt1
- New version (110.0.5481.77).
- Upstream disallow to chromium build with system libwayland (crbug.com/1385736).
- Add more parameters to Yandex search url (ALT#45192).
- Security fixes:
  - CVE-2023-0696: Type Confusion in V8.
  - CVE-2023-0697: Inappropriate implementation in Full screen mode.
  - CVE-2023-0698: Out of bounds read in WebRTC.
  - CVE-2023-0699: Use after free in GPU.
  - CVE-2023-0700: Inappropriate implementation in Download.
  - CVE-2023-0701: Heap buffer overflow in WebUI.
  - CVE-2023-0702: Type Confusion in Data Transfer.
  - CVE-2023-0703: Type Confusion in DevTools.
  - CVE-2023-0704: Insufficient policy enforcement in DevTools.
  - CVE-2023-0705: Integer overflow in Core.
* Mon Jan 30 2023 Alexey Gladkov <legion@altlinux> 109.0.5414.119-alt1
- New version (109.0.5414.119).
- Add a workaround to make the https_proxy environment variable work (ALT#44986).
- Security fixes:
  - CVE-2023-0471: Use after free in WebTransport.
  - CVE-2023-0472: Use after free in WebRTC.
  - CVE-2023-0473: Type Confusion in ServiceWorker API.
  - CVE-2023-0474: Use after free in GuestView.
* Mon Jan 23 2023 Andrey Cherepanov <cas@altlinux> 109.0.5414.74-alt0.p10.1
- Backported new version to p10 branch.
- Built with system ffmpeg.
* Thu Jan 12 2023 Alexey Gladkov <legion@altlinux> 109.0.5414.74-alt1
- New version (109.0.5414.74).
- Security fixes:
  - CVE-2023-0128: Use after free in Overview Mode.
  - CVE-2023-0129: Heap buffer overflow in Network Service.
  - CVE-2023-0130: Inappropriate implementation in Fullscreen API.
  - CVE-2023-0131: Inappropriate implementation in iframe Sandbox.
  - CVE-2023-0132: Inappropriate implementation in Permission prompts.
  - CVE-2023-0133: Inappropriate implementation in Permission prompts.
  - CVE-2023-0134: Use after free in Cart.
  - CVE-2023-0135: Use after free in Cart.
  - CVE-2023-0136: Inappropriate implementation in Fullscreen API.
  - CVE-2023-0137: Heap buffer overflow in Platform Apps.
  - CVE-2023-0138: Heap buffer overflow in libphonenumber.
  - CVE-2023-0139: Insufficient validation of untrusted input in Downloads.
  - CVE-2023-0140: Inappropriate implementation in File System API.
  - CVE-2023-0141: Insufficient policy enforcement in CORS.
* Sat Dec 10 2022 Andrey Cherepanov <cas@altlinux> 108.0.5359.71-alt0.p10.1
- Backported new version to p10 branch.
* Fri Dec 02 2022 Alexey Gladkov <legion@altlinux> 108.0.5359.71-alt1
- New version (108.0.5359.71).
- Use LLVM 15.
- Security fixes:
  - CVE-2022-4174: Type Confusion in V8.
  - CVE-2022-4175: Use after free in Camera Capture.
  - CVE-2022-4176: Out of bounds write in Lacros Graphics.
  - CVE-2022-4177: Use after free in Extensions.
  - CVE-2022-4178: Use after free in Mojo.
  - CVE-2022-4179: Use after free in Audio.
  - CVE-2022-4180: Use after free in Mojo.
  - CVE-2022-4181: Use after free in Forms.
  - CVE-2022-4182: Inappropriate implementation in Fenced Frames.
  - CVE-2022-4183: Insufficient policy enforcement in Popup Blocker.
  - CVE-2022-4184: Insufficient policy enforcement in Autofill.
  - CVE-2022-4185: Inappropriate implementation in Navigation.
  - CVE-2022-4186: Insufficient validation of untrusted input in Downloads.
  - CVE-2022-4187: Insufficient policy enforcement in DevTools.
  - CVE-2022-4188: Insufficient validation of untrusted input in CORS.
  - CVE-2022-4189: Insufficient policy enforcement in DevTools.
  - CVE-2022-4190: Insufficient data validation in Directory.
  - CVE-2022-4191: Use after free in Sign-In.
  - CVE-2022-4192: Use after free in Live Caption.
  - CVE-2022-4193: Insufficient policy enforcement in File System API.
  - CVE-2022-4194: Use after free in Accessibility.
  - CVE-2022-4195: Insufficient policy enforcement in Safe Browsing.
* Fri Nov 18 2022 Alexey Gladkov <legion@altlinux> 107.0.5304.110-alt1
- New version (107.0.5304.110).
- Security fixes:
  - CVE-2022-3885: Use after free in V8.
  - CVE-2022-3886: Use after free in Speech Recognition.
  - CVE-2022-3887: Use after free in Web Workers.
  - CVE-2022-3888: Use after free in WebCodecs.
  - CVE-2022-3889: Type Confusion in V8.
  - CVE-2022-3890: Heap buffer overflow in Crashpad.
* Wed Nov 16 2022 Andrey Cherepanov <cas@altlinux> 107.0.5304.87-alt0.p10.1

crda - Regulatory compliance agent for 802.11 wireless networking
* Fri Feb 24 2023 L.A. Kostis <lakostis@altlinux> 4.15-alt2.2023.02.13
- regdb: updated to 20230213.
* Mon Jan 23 2023 L.A. Kostis <lakostis@altlinux> 4.15-alt1
- regdb: updated to 20220812.
- crda: updated to 4.15.
- added crda deprecation notice.
* Thu Aug 05 2021 Grigory Ustinov <grenka@altlinux> 4.14-alt6
- Transfer on python3.
* Tue Jul 06 2021 Andrey Cherepanov <cas@altlinux> 4.14-alt5.1

golang - The Go Programming Language                            	[18M]
* Tue Mar 07 2023 Alexey Shabalin <shaba@altlinux> 1.19.7-alt1
- New version (1.19.7) (Fixes: CVE-2023-24532).
* Thu Feb 16 2023 Alexey Shabalin <shaba@altlinux> 1.19.6-alt1

jitsi-videobridge - Jitsi Videobridge - WebRTC compatible Selective Forwarding Unit	[198M]
* Sat Feb 25 2023 Igor Vlasenko <viy@altlinux> 2.1-alt0.8
- java17 support (closes: #45385)
* Mon Jan 24 2022 Igor Vlasenko <viy@altlinux> 2.1-alt0.7

libharfbuzz - HarfBuzz is an OpenType text shaping engine       	[21M]
* Sun Oct 23 2022 Yuri N. Sedunov <aris@altlinux> 5.3.1-alt1
- updated to 5.3.1-8-g83769b9cb
* Mon Sep 26 2022 Yuri N. Sedunov <aris@altlinux> 5.2.0-alt1
- 5.2.0
* Sun Jul 24 2022 Yuri N. Sedunov <aris@altlinux> 5.0.1-alt1
- 5.0.1
* Wed Jun 29 2022 Yuri N. Sedunov <aris@altlinux> 4.4.1-alt1
- updated to 4.4.1-2-g22835dea2
- introduced experimental API knob (disabled by default)
* Thu Jun 23 2022 Yuri N. Sedunov <aris@altlinux> 4.3.0-alt1
- 4.3.0
* Wed Apr 27 2022 Yuri N. Sedunov <aris@altlinux> 4.2.1-alt1
- 4.2.1
* Fri Apr 08 2022 Yuri N. Sedunov <aris@altlinux> 4.2.0-alt1
- 4.2.0
* Sat Mar 12 2022 Yuri N. Sedunov <aris@altlinux> 4.0.1-alt1
- 4.0.1
* Thu Mar 03 2022 Yuri N. Sedunov <aris@altlinux> 4.0.0-alt1
- 4.0.0
* Sun Dec 12 2021 Yuri N. Sedunov <aris@altlinux> 3.2.0-alt1

thunderbird - Thunderbird is Mozilla's e-mail client            	[508M]
* Tue Feb 28 2023 Pavel Vasenkov <pav@altlinux> 102.8.0-alt1
- New version.
- Security fixes:
  + CVE-2023-0616 User Interface lockup with messages combining S/MIME and OpenPGP
  + CVE-2023-25728 Content security policy leak in violation reports using iframes
  + CVE-2023-25730 Screen hijack via browser fullscreen mode
  + CVE-2023-0767 Arbitrary memory write via PKCS 12 in NSS
  + CVE-2023-25735 Potential use-after-free from compartment mismatch in SpiderMonkey
  + CVE-2023-25737 Invalid downcast in SVGUtils::SetupStrokeGeometry
  + CVE-2023-25738 Printing on Windows could potentially crash Thunderbird with some device drivers
  + CVE-2023-25739 Use-after-free in mozilla::dom::ScriptLoadContext::~ScriptLoadContext
  + CVE-2023-25729 Extensions could have opened external schemes without user knowledge
  + CVE-2023-25732 Out of bounds memory write from EncodeInputStream
  + CVE-2023-25734 Opening local .url files could cause unexpected network loads
  + CVE-2023-25742 Web Crypto ImportKey crashes tab
  + CVE-2023-25746 Memory safety bugs fixed in Thunderbird 102.8
* Fri Feb 03 2023 Pavel Vasenkov <pav@altlinux> 102.7.1-alt1

Total 18056 source packages.


^ permalink raw reply	[flat|nested] only message in thread

only message in thread, other threads:[~2023-03-11  0:16 UTC | newest]

Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-03-11  0:16 [cyber] I: p10/branch packages: +6 (18056) QA Team Robot

ALT Linux Sisyphus cybertalk

This inbox may be cloned and mirrored by anyone:

	git clone --mirror http://lore.altlinux.org/sisyphus-cybertalk/0 sisyphus-cybertalk/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 sisyphus-cybertalk sisyphus-cybertalk/ http://lore.altlinux.org/sisyphus-cybertalk \
		sisyphus-cybertalk@lists.altlinux.org sisyphus-cybertalk@lists.altlinux.ru sisyphus-cybertalk@lists.altlinux.com
	public-inbox-index sisyphus-cybertalk

Example config snippet for mirrors.
Newsgroup available over NNTP:
	nntp://lore.altlinux.org/org.altlinux.lists.sisyphus-cybertalk


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git