[cyber] I: p10/branch packages: +1 (18941)

ALT Linux Sisyphus cybertalk
 help / color / mirror / Atom feed

From: QA Team Robot <qa@altlinux.org>
To: sisyphus-cybertalk@lists.altlinux.org
Subject: [cyber] I: p10/branch packages: +1 (18941)
Date: Fri, 6 Sep 2024 00:19:05 +0000
Message-ID: <ZtpKeR9IGNWYA6Qc@beehive.mskdc.altlinux.org> (raw)

	1 UPDATED package

chromium - An open source web browser developed by Google       	[2893M]
* Sat Jul 20 2024 Andrey Cherepanov <cas@altlinux> 126.0.6478.182-alt0.p10.1
- Backport new version to p10 branch.
- Use LLVM 17.0 and libstdc++ from gcc13.
* Wed Jul 17 2024 Andrey Cherepanov <cas@altlinux> 126.0.6478.182-alt1
- New version (126.0.6478.182).
- Security fixes:
  + CVE-2024-6772: Inappropriate implementation in V8.
  + CVE-2024-6773: Type Confusion in V8.
  + CVE-2024-6774: Use after free in Screen Capture.
  + CVE-2024-6775: Use after free in Media Stream.
  + CVE-2024-6776: Use after free in Audio.
  + CVE-2024-6777: Use after free in Navigation.
  + CVE-2024-6778: Race in DevTools.
  + CVE-2024-6779: Out of bounds memory access in V8.
* Thu Jun 27 2024 Andrey Cherepanov <cas@altlinux> 126.0.6478.126-alt1
- New version (126.0.6478.126).
- Security fixes:
  + CVE-2024-6290: Use after free in Dawn.
  + CVE-2024-6291: Use after free in Swiftshader.
  + CVE-2024-6292: Use after free in Dawn.
  + CVE-2024-6293: Use after free in Dawn.
* Sat Jun 22 2024 Andrey Cherepanov <cas@altlinux> 126.0.6478.114-alt1
- New version (126.0.6478.114).
- Security fixes:
  + CVE-2024-6100: Type Confusion in V8.
  + CVE-2024-6101: Inappropriate implementation in WebAssembly.
  + CVE-2024-6102: Out of bounds memory access in Dawn.
  + CVE-2024-6103: Use after free in Dawn.
* Sat Jun 15 2024 Andrey Cherepanov <cas@altlinux> 126.0.6478.61-alt1
- New version (126.0.6478.61).
* Thu Jun 13 2024 Andrey Cherepanov <cas@altlinux> 126.0.6478.55-alt1
- New version (126.0.6478.55) (ALT #50621).
- Security fixes:
  + CVE-2024-5830: Type Confusion in V8.
  + CVE-2024-5831: Use after free in Dawn.
  + CVE-2024-5832: Use after free in Dawn.
  + CVE-2024-5833: Type Confusion in V8.
  + CVE-2024-5834: Inappropriate implementation in Dawn.
  + CVE-2024-5835: Heap buffer overflow in Tab Groups.
  + CVE-2024-5836: Inappropriate Implementation in DevTools.
  + CVE-2024-5837: Type Confusion in V8.
  + CVE-2024-5838: Type Confusion in V8.
  + CVE-2024-5839: Inappropriate Implementation in Memory Allocator.
  + CVE-2024-5840: Policy Bypass in CORS.
  + CVE-2024-5841: Use after free in V8.
  + CVE-2024-5842: Use after free in Browser UI.
  + CVE-2024-5843: Inappropriate implementation in Downloads.
  + CVE-2024-5844: Heap buffer overflow in Tab Strip.
  + CVE-2024-5845: Use after free in Audio.
  + CVE-2024-5846: Use after free in PDFium.
  + CVE-2024-5847: Use after free in PDFium.
* Fri May 31 2024 Andrey Cherepanov <cas@altlinux> 125.0.6422.141-alt1
- New version (125.0.6422.141).
- Security fixes:
  + CVE-2024-5493: Heap buffer overflow in WebRTC.
  + CVE-2024-5494: Use after free in Dawn.
  + CVE-2024-5495: Use after free in Dawn.
  + CVE-2024-5496: Use after free in Media Session.
  + CVE-2024-5497: Out of bounds memory access in Keyboard Inputs.
  + CVE-2024-5498: Use after free in Presentation API.
  + CVE-2024-5499: Out of bounds write in Streams API.
* Sat May 25 2024 Andrey Cherepanov <cas@altlinux> 125.0.6422.112-alt1
- New version (125.0.6422.112).
- Security fixes:
  + CVE-2024-5274: Type Confusion in V8.
* Wed May 22 2024 Andrey Cherepanov <cas@altlinux> 125.0.6422.76-alt1
- New version (125.0.6422.76).
- Security fixes:
  + CVE-2024-5157: Use after free in Scheduling.
  + CVE-2024-5158: Type Confusion in V8.
  + CVE-2024-5159: Heap buffer overflow in ANGLE.
  + CVE-2024-5160: Heap buffer overflow in Dawn.
* Sat May 18 2024 Andrey Cherepanov <cas@altlinux> 125.0.6422.60-alt1
- New version (125.0.6422.60).
- Security fixes:
  + CVE-2024-4947: Type Confusion in V8.
  + CVE-2024-4948: Use after free in Dawn.
  + CVE-2024-4949: Use after free in V8.
  + CVE-2024-4950: Inappropriate implementation in Downloads.
- Apply patches from Debian to fix webpage hangs.
* Tue May 14 2024 Andrey Cherepanov <cas@altlinux> 124.0.6367.207-alt1
- New version (124.0.6367.207).
- Security fixes:
  + CVE-2024-4761: Out of bounds write in V8.
* Sun May 12 2024 Andrey Cherepanov <cas@altlinux> 124.0.6367.201-alt1
- New version (124.0.6367.201).
- Security fixes:
  + CVE-2024-4671: Use after free in Visuals.
* Thu May 09 2024 Andrey Cherepanov <cas@altlinux> 124.0.6367.155-alt1
- New version (124.0.6367.155).
- Security fixes:
  + CVE-2024-4558: Use after free in ANGLE.
  + CVE-2024-4559: Heap buffer overflow in WebAudio.
- Built using LLVM 18.1.
* Wed May 01 2024 Andrey Cherepanov <cas@altlinux> 124.0.6367.118-alt1
- New version (124.0.6367.118).
- Security fixes:
  + CVE-2024-4331: Use after free in Picture In Picture.
  + CVE-2024-4368: Use after free in Dawn.
* Thu Apr 25 2024 Andrey Cherepanov <cas@altlinux> 124.0.6367.78-alt1
- New version (124.0.6367.78).
- Security fixes:
  + CVE-2024-4058: Type Confusion in ANGLE.
  + CVE-2024-4059: Out of bounds read in V8 API.
  + CVE-2024-4060: Use after free in Dawn.
* Sat Apr 20 2024 Andrey Cherepanov <cas@altlinux> 124.0.6367.60-alt1
- New version (124.0.6367.60).
- Security fixes:
  + CVE-2024-3832: Object corruption in V8.
  + CVE-2024-3833: Object corruption in WebAssembly.
  + CVE-2024-3914: Use after free in V8.
  + CVE-2024-3834: Use after free in Downloads.
  + CVE-2024-3837: Use after free in QUIC.
  + CVE-2024-3838: Inappropriate implementation in Autofill.
  + CVE-2024-3839: Out of bounds read in Fonts.
  + CVE-2024-3840: Insufficient policy enforcement in Site Isolation.
  + CVE-2024-3841: Insufficient data validation in Browser Switcher.
  + CVE-2024-3843: Insufficient data validation in Downloads.
  + CVE-2024-3844: Inappropriate implementation in Extensions.
  + CVE-2024-3845: Inappropriate implementation in Network.
  + CVE-2024-3846: Inappropriate implementation in Prompts.
  + CVE-2024-3847: Insufficient policy enforcement in WebUI.
* Sat Apr 13 2024 Andrey Cherepanov <cas@altlinux> 123.0.6312.122-alt1
- New version (123.0.6312.122).
- Security fixes:
  + CVE-2024-3157: Out of bounds write in Compositing.
  + CVE-2024-3516: Heap buffer overflow in ANGLE.
  + CVE-2024-3515: Use after free in Dawn.
- Use vaapi flags from Fedora defaults.
* Wed Mar 27 2024 Andrey Cherepanov <cas@altlinux> 123.0.6312.86-alt1
- New version (123.0.6312.86).
- Security fixes:
  + CVE-2024-2883: Use after free in ANGLE.
  + CVE-2024-2885: Use after free in Daw.
  + CVE-2024-2886: Use after free in WebCodecs.
  + CVE-2024-2887: Type Confusion in WebAssembly.
* Thu Mar 21 2024 Alexey Gladkov <legion@altlinux> 123.0.6312.58-alt1
- New version (123.0.6312.58).
- Security fixes:
  - CVE-2024-2173: Out of bounds memory access in V8.
  - CVE-2024-2174: Inappropriate implementation in V8.
  - CVE-2024-2176: Use after free in FedCM.
  - CVE-2024-2400: Use after free in Performance Manager.
  - CVE-2024-2625: Object lifecycle issue in V8.
  - CVE-2024-2626: Out of bounds read in Swiftshader.
  - CVE-2024-2627: Use after free in Canvas.
  - CVE-2024-2628: Inappropriate implementation in Downloads.
  - CVE-2024-2629: Incorrect security UI in iOS.
  - CVE-2024-2630: Inappropriate implementation in iOS.
  - CVE-2024-2631: Inappropriate implementation in iOS.
* Wed Feb 28 2024 Alexey Gladkov <legion@altlinux> 122.0.6261.94-alt1
- New version (122.0.6261.94).
- Security fixes:
  - CVE-2024-1669: Out of bounds memory access in Blink.
  - CVE-2024-1670: Use after free in Mojo.
  - CVE-2024-1671: Inappropriate implementation in Site Isolation.
  - CVE-2024-1672: Inappropriate implementation in Content Security Policy.
  - CVE-2024-1673: Use after free in Accessibility.
  - CVE-2024-1674: Inappropriate implementation in Navigation.
  - CVE-2024-1675: Insufficient policy enforcement in Download.
  - CVE-2024-1676: Inappropriate implementation in Navigation.
  - CVE-2024-1938: Type Confusion in V8.
  - CVE-2024-1939: Type Confusion in V8.
* Thu Feb 08 2024 Alexey Gladkov <legion@altlinux> 121.0.6167.160-alt1
- New version (121.0.6167.160).
- Security fixes:
  - CVE-2024-1283: Heap buffer overflow in Skia.
  - CVE-2024-1284: Use after free in Mojo.
* Thu Feb 08 2024 Alexey Gladkov <legion@altlinux> 121.0.6167.139-alt1
- New version (121.0.6167.139).
- Security fixes:
  - CVE-2024-1059: Use after free in WebRTC.
  - CVE-2024-1060: Use after free in Canvas.
  - CVE-2024-1077: Use after free in Network.
* Wed Jan 24 2024 Alexey Gladkov <legion@altlinux> 121.0.6167.85-alt1
- New version (121.0.6167.85).
- Security fixes:
  - CVE-2024-0804: Insufficient policy enforcement in iOS Security UI.
  - CVE-2024-0805: Inappropriate implementation in Downloads.
  - CVE-2024-0806: Use after free in Passwords.
  - CVE-2024-0807: Use after free in WebAudio.
  - CVE-2024-0808: Integer underflow in WebUI.
  - CVE-2024-0809: Inappropriate implementation in Autofill.
  - CVE-2024-0810: Insufficient policy enforcement in DevTools.
  - CVE-2024-0811: Inappropriate implementation in Extensions API.
  - CVE-2024-0812: Inappropriate implementation in Accessibility.
  - CVE-2024-0813: Use after free in Reading Mode.
  - CVE-2024-0814: Incorrect security UI in Payments.
* Tue Dec 26 2023 Andrey Cherepanov <cas@altlinux> 120.0.6099.109-alt1.p10.1
- Backport new version to p10 branch.
* Mon Dec 18 2023 Alexey Gladkov <legion@altlinux> 120.0.6099.109-alt2
- Bring back optimization flags.
* Sat Dec 16 2023 Alexey Gladkov <legion@altlinux> 120.0.6099.109-alt1
- New version (120.0.6099.109).
- Security fixes:
  - CVE-2023-6702: Type Confusion in V8.
  - CVE-2023-6703: Use after free in Blink.
  - CVE-2023-6704: Use after free in libavif.
  - CVE-2023-6705: Use after free in WebRTC.
  - CVE-2023-6706: Use after free in FedCM.
  - CVE-2023-6707: Use after free in CSS.
* Thu Dec 07 2023 Alexey Gladkov <legion@altlinux> 120.0.6099.71-alt1
- New version (120.0.6099.71).
* Thu Nov 23 2023 Andrey Cherepanov <cas@altlinux> 119.0.6045.159-alt0.p10.1

Total 18941 source packages.

                 reply	other threads:[~2024-09-06  0:19 UTC|newest]

Thread overview: [no followups] expand[flat|nested]  mbox.gz  Atom feed

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=ZtpKeR9IGNWYA6Qc@beehive.mskdc.altlinux.org \
    --to=qa@altlinux.org \
    --cc=devel@lists.altlinux.org \
    --cc=sisyphus-cybertalk@lists.altlinux.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

ALT Linux Sisyphus cybertalk

This inbox may be cloned and mirrored by anyone:

	git clone --mirror http://lore.altlinux.org/sisyphus-cybertalk/0 sisyphus-cybertalk/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 sisyphus-cybertalk sisyphus-cybertalk/ http://lore.altlinux.org/sisyphus-cybertalk \
		sisyphus-cybertalk@lists.altlinux.org sisyphus-cybertalk@lists.altlinux.ru sisyphus-cybertalk@lists.altlinux.com
	public-inbox-index sisyphus-cybertalk

Example config snippet for mirrors.
Newsgroup available over NNTP:
	nntp://lore.altlinux.org/org.altlinux.lists.sisyphus-cybertalk


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git