From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <qa@altlinux.org>
X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on
 sa.local.altlinux.org
X-Spam-Level: 
X-Spam-Status: No, score=-3.3 required=5.0 tests=BAYES_00,RP_MATCHES_RCVD
 autolearn=ham autolearn_force=no version=3.4.1
Date: Sat, 11 Mar 2023 00:16:23 +0000
From: QA Team Robot <qa@altlinux.org>
To: sisyphus-cybertalk@lists.altlinux.org
Message-ID: <ZAvIVzW82I8Ldway@beehive.mskdc.altlinux.org>
Mail-Followup-To: sisyphus-cybertalk@lists.altlinux.org
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Subject: [cyber] I: p10/branch packages: +6 (18056)
X-BeenThere: sisyphus-cybertalk@lists.altlinux.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: devel@lists.altlinux.org
List-Id: ALT Linux Sisyphus cybertalk <sisyphus-cybertalk.lists.altlinux.org>
List-Unsubscribe: <https://lists.altlinux.org/mailman/options/sisyphus-cybertalk>, 
 <mailto:sisyphus-cybertalk-request@lists.altlinux.org?subject=unsubscribe>
List-Archive: <http://lists.altlinux.org/pipermail/sisyphus-cybertalk>
List-Post: <mailto:sisyphus-cybertalk@lists.altlinux.org>
List-Help: <mailto:sisyphus-cybertalk-request@lists.altlinux.org?subject=help>
List-Subscribe: <https://lists.altlinux.org/mailman/listinfo/sisyphus-cybertalk>, 
 <mailto:sisyphus-cybertalk-request@lists.altlinux.org?subject=subscribe>
X-List-Received-Date: Sat, 11 Mar 2023 00:16:26 -0000
Archived-At: <http://lore.altlinux.org/sisyphus-cybertalk/ZAvIVzW82I8Ldway@beehive.mskdc.altlinux.org/>
List-Archive: <http://lore.altlinux.org/sisyphus-cybertalk/>

	6 UPDATED packages

chromium - An open source web browser developed by Google       	[2030M]
* Mon Mar 06 2023 Andrey Cherepanov <cas@altlinux> 110.0.5481.177-alt1.p10.1
- Backported new version to p10 branch.
* Wed Mar 01 2023 Alexey Gladkov <legion@altlinux> 110.0.5481.177-alt2
- Bring back compiler optimizations (ALT#45454).
* Thu Feb 23 2023 Alexey Gladkov <legion@altlinux> 110.0.5481.177-alt1
- New version (110.0.5481.177).
- Fix crach in autofill (ALT#45269).
- Security fixes:
  - CVE-2023-0927: Use after free in Web Payments API.
  - CVE-2023-0928: Use after free in SwiftShader.
  - CVE-2023-0929: Use after free in Vulkan.
  - CVE-2023-0930: Heap buffer overflow in Video.
  - CVE-2023-0931: Use after free in Video.
  - CVE-2023-0932: Use after free in WebRTC.
  - CVE-2023-0933: Integer overflow in PDF.
  - CVE-2023-0941: Use after free in Prompts.
* Thu Feb 09 2023 Alexey Gladkov <legion@altlinux> 110.0.5481.77-alt1
- New version (110.0.5481.77).
- Upstream disallow to chromium build with system libwayland (crbug.com/1385736).
- Add more parameters to Yandex search url (ALT#45192).
- Security fixes:
  - CVE-2023-0696: Type Confusion in V8.
  - CVE-2023-0697: Inappropriate implementation in Full screen mode.
  - CVE-2023-0698: Out of bounds read in WebRTC.
  - CVE-2023-0699: Use after free in GPU.
  - CVE-2023-0700: Inappropriate implementation in Download.
  - CVE-2023-0701: Heap buffer overflow in WebUI.
  - CVE-2023-0702: Type Confusion in Data Transfer.
  - CVE-2023-0703: Type Confusion in DevTools.
  - CVE-2023-0704: Insufficient policy enforcement in DevTools.
  - CVE-2023-0705: Integer overflow in Core.
* Mon Jan 30 2023 Alexey Gladkov <legion@altlinux> 109.0.5414.119-alt1
- New version (109.0.5414.119).
- Add a workaround to make the https_proxy environment variable work (ALT#44986).
- Security fixes:
  - CVE-2023-0471: Use after free in WebTransport.
  - CVE-2023-0472: Use after free in WebRTC.
  - CVE-2023-0473: Type Confusion in ServiceWorker API.
  - CVE-2023-0474: Use after free in GuestView.
* Mon Jan 23 2023 Andrey Cherepanov <cas@altlinux> 109.0.5414.74-alt0.p10.1
- Backported new version to p10 branch.
- Built with system ffmpeg.
* Thu Jan 12 2023 Alexey Gladkov <legion@altlinux> 109.0.5414.74-alt1
- New version (109.0.5414.74).
- Security fixes:
  - CVE-2023-0128: Use after free in Overview Mode.
  - CVE-2023-0129: Heap buffer overflow in Network Service.
  - CVE-2023-0130: Inappropriate implementation in Fullscreen API.
  - CVE-2023-0131: Inappropriate implementation in iframe Sandbox.
  - CVE-2023-0132: Inappropriate implementation in Permission prompts.
  - CVE-2023-0133: Inappropriate implementation in Permission prompts.
  - CVE-2023-0134: Use after free in Cart.
  - CVE-2023-0135: Use after free in Cart.
  - CVE-2023-0136: Inappropriate implementation in Fullscreen API.
  - CVE-2023-0137: Heap buffer overflow in Platform Apps.
  - CVE-2023-0138: Heap buffer overflow in libphonenumber.
  - CVE-2023-0139: Insufficient validation of untrusted input in Downloads.
  - CVE-2023-0140: Inappropriate implementation in File System API.
  - CVE-2023-0141: Insufficient policy enforcement in CORS.
* Sat Dec 10 2022 Andrey Cherepanov <cas@altlinux> 108.0.5359.71-alt0.p10.1
- Backported new version to p10 branch.
* Fri Dec 02 2022 Alexey Gladkov <legion@altlinux> 108.0.5359.71-alt1
- New version (108.0.5359.71).
- Use LLVM 15.
- Security fixes:
  - CVE-2022-4174: Type Confusion in V8.
  - CVE-2022-4175: Use after free in Camera Capture.
  - CVE-2022-4176: Out of bounds write in Lacros Graphics.
  - CVE-2022-4177: Use after free in Extensions.
  - CVE-2022-4178: Use after free in Mojo.
  - CVE-2022-4179: Use after free in Audio.
  - CVE-2022-4180: Use after free in Mojo.
  - CVE-2022-4181: Use after free in Forms.
  - CVE-2022-4182: Inappropriate implementation in Fenced Frames.
  - CVE-2022-4183: Insufficient policy enforcement in Popup Blocker.
  - CVE-2022-4184: Insufficient policy enforcement in Autofill.
  - CVE-2022-4185: Inappropriate implementation in Navigation.
  - CVE-2022-4186: Insufficient validation of untrusted input in Downloads.
  - CVE-2022-4187: Insufficient policy enforcement in DevTools.
  - CVE-2022-4188: Insufficient validation of untrusted input in CORS.
  - CVE-2022-4189: Insufficient policy enforcement in DevTools.
  - CVE-2022-4190: Insufficient data validation in Directory.
  - CVE-2022-4191: Use after free in Sign-In.
  - CVE-2022-4192: Use after free in Live Caption.
  - CVE-2022-4193: Insufficient policy enforcement in File System API.
  - CVE-2022-4194: Use after free in Accessibility.
  - CVE-2022-4195: Insufficient policy enforcement in Safe Browsing.
* Fri Nov 18 2022 Alexey Gladkov <legion@altlinux> 107.0.5304.110-alt1
- New version (107.0.5304.110).
- Security fixes:
  - CVE-2022-3885: Use after free in V8.
  - CVE-2022-3886: Use after free in Speech Recognition.
  - CVE-2022-3887: Use after free in Web Workers.
  - CVE-2022-3888: Use after free in WebCodecs.
  - CVE-2022-3889: Type Confusion in V8.
  - CVE-2022-3890: Heap buffer overflow in Crashpad.
* Wed Nov 16 2022 Andrey Cherepanov <cas@altlinux> 107.0.5304.87-alt0.p10.1

crda - Regulatory compliance agent for 802.11 wireless networking
* Fri Feb 24 2023 L.A. Kostis <lakostis@altlinux> 4.15-alt2.2023.02.13
- regdb: updated to 20230213.
* Mon Jan 23 2023 L.A. Kostis <lakostis@altlinux> 4.15-alt1
- regdb: updated to 20220812.
- crda: updated to 4.15.
- added crda deprecation notice.
* Thu Aug 05 2021 Grigory Ustinov <grenka@altlinux> 4.14-alt6
- Transfer on python3.
* Tue Jul 06 2021 Andrey Cherepanov <cas@altlinux> 4.14-alt5.1

golang - The Go Programming Language                            	[18M]
* Tue Mar 07 2023 Alexey Shabalin <shaba@altlinux> 1.19.7-alt1
- New version (1.19.7) (Fixes: CVE-2023-24532).
* Thu Feb 16 2023 Alexey Shabalin <shaba@altlinux> 1.19.6-alt1

jitsi-videobridge - Jitsi Videobridge - WebRTC compatible Selective Forwarding Unit	[198M]
* Sat Feb 25 2023 Igor Vlasenko <viy@altlinux> 2.1-alt0.8
- java17 support (closes: #45385)
* Mon Jan 24 2022 Igor Vlasenko <viy@altlinux> 2.1-alt0.7

libharfbuzz - HarfBuzz is an OpenType text shaping engine       	[21M]
* Sun Oct 23 2022 Yuri N. Sedunov <aris@altlinux> 5.3.1-alt1
- updated to 5.3.1-8-g83769b9cb
* Mon Sep 26 2022 Yuri N. Sedunov <aris@altlinux> 5.2.0-alt1
- 5.2.0
* Sun Jul 24 2022 Yuri N. Sedunov <aris@altlinux> 5.0.1-alt1
- 5.0.1
* Wed Jun 29 2022 Yuri N. Sedunov <aris@altlinux> 4.4.1-alt1
- updated to 4.4.1-2-g22835dea2
- introduced experimental API knob (disabled by default)
* Thu Jun 23 2022 Yuri N. Sedunov <aris@altlinux> 4.3.0-alt1
- 4.3.0
* Wed Apr 27 2022 Yuri N. Sedunov <aris@altlinux> 4.2.1-alt1
- 4.2.1
* Fri Apr 08 2022 Yuri N. Sedunov <aris@altlinux> 4.2.0-alt1
- 4.2.0
* Sat Mar 12 2022 Yuri N. Sedunov <aris@altlinux> 4.0.1-alt1
- 4.0.1
* Thu Mar 03 2022 Yuri N. Sedunov <aris@altlinux> 4.0.0-alt1
- 4.0.0
* Sun Dec 12 2021 Yuri N. Sedunov <aris@altlinux> 3.2.0-alt1

thunderbird - Thunderbird is Mozilla's e-mail client            	[508M]
* Tue Feb 28 2023 Pavel Vasenkov <pav@altlinux> 102.8.0-alt1
- New version.
- Security fixes:
  + CVE-2023-0616 User Interface lockup with messages combining S/MIME and OpenPGP
  + CVE-2023-25728 Content security policy leak in violation reports using iframes
  + CVE-2023-25730 Screen hijack via browser fullscreen mode
  + CVE-2023-0767 Arbitrary memory write via PKCS 12 in NSS
  + CVE-2023-25735 Potential use-after-free from compartment mismatch in SpiderMonkey
  + CVE-2023-25737 Invalid downcast in SVGUtils::SetupStrokeGeometry
  + CVE-2023-25738 Printing on Windows could potentially crash Thunderbird with some device drivers
  + CVE-2023-25739 Use-after-free in mozilla::dom::ScriptLoadContext::~ScriptLoadContext
  + CVE-2023-25729 Extensions could have opened external schemes without user knowledge
  + CVE-2023-25732 Out of bounds memory write from EncodeInputStream
  + CVE-2023-25734 Opening local .url files could cause unexpected network loads
  + CVE-2023-25742 Web Crypto ImportKey crashes tab
  + CVE-2023-25746 Memory safety bugs fixed in Thunderbird 102.8
* Fri Feb 03 2023 Pavel Vasenkov <pav@altlinux> 102.7.1-alt1

Total 18056 source packages.