From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on sa.local.altlinux.org X-Spam-Level: X-Spam-Status: No, score=-3.3 required=5.0 tests=BAYES_00,RP_MATCHES_RCVD autolearn=ham autolearn_force=no version=3.4.1 Date: Fri, 6 Sep 2024 00:19:05 +0000 From: QA Team Robot To: sisyphus-cybertalk@lists.altlinux.org Message-ID: Mail-Followup-To: sisyphus-cybertalk@lists.altlinux.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Subject: [cyber] I: p10/branch packages: +1 (18941) X-BeenThere: sisyphus-cybertalk@lists.altlinux.org X-Mailman-Version: 2.1.12 Precedence: list Reply-To: devel@lists.altlinux.org List-Id: ALT Linux Sisyphus cybertalk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 06 Sep 2024 00:19:08 -0000 Archived-At: List-Archive: 1 UPDATED package chromium - An open source web browser developed by Google [2893M] * Sat Jul 20 2024 Andrey Cherepanov 126.0.6478.182-alt0.p10.1 - Backport new version to p10 branch. - Use LLVM 17.0 and libstdc++ from gcc13. * Wed Jul 17 2024 Andrey Cherepanov 126.0.6478.182-alt1 - New version (126.0.6478.182). - Security fixes: + CVE-2024-6772: Inappropriate implementation in V8. + CVE-2024-6773: Type Confusion in V8. + CVE-2024-6774: Use after free in Screen Capture. + CVE-2024-6775: Use after free in Media Stream. + CVE-2024-6776: Use after free in Audio. + CVE-2024-6777: Use after free in Navigation. + CVE-2024-6778: Race in DevTools. + CVE-2024-6779: Out of bounds memory access in V8. * Thu Jun 27 2024 Andrey Cherepanov 126.0.6478.126-alt1 - New version (126.0.6478.126). - Security fixes: + CVE-2024-6290: Use after free in Dawn. + CVE-2024-6291: Use after free in Swiftshader. + CVE-2024-6292: Use after free in Dawn. + CVE-2024-6293: Use after free in Dawn. * Sat Jun 22 2024 Andrey Cherepanov 126.0.6478.114-alt1 - New version (126.0.6478.114). - Security fixes: + CVE-2024-6100: Type Confusion in V8. + CVE-2024-6101: Inappropriate implementation in WebAssembly. + CVE-2024-6102: Out of bounds memory access in Dawn. + CVE-2024-6103: Use after free in Dawn. * Sat Jun 15 2024 Andrey Cherepanov 126.0.6478.61-alt1 - New version (126.0.6478.61). * Thu Jun 13 2024 Andrey Cherepanov 126.0.6478.55-alt1 - New version (126.0.6478.55) (ALT #50621). - Security fixes: + CVE-2024-5830: Type Confusion in V8. + CVE-2024-5831: Use after free in Dawn. + CVE-2024-5832: Use after free in Dawn. + CVE-2024-5833: Type Confusion in V8. + CVE-2024-5834: Inappropriate implementation in Dawn. + CVE-2024-5835: Heap buffer overflow in Tab Groups. + CVE-2024-5836: Inappropriate Implementation in DevTools. + CVE-2024-5837: Type Confusion in V8. + CVE-2024-5838: Type Confusion in V8. + CVE-2024-5839: Inappropriate Implementation in Memory Allocator. + CVE-2024-5840: Policy Bypass in CORS. + CVE-2024-5841: Use after free in V8. + CVE-2024-5842: Use after free in Browser UI. + CVE-2024-5843: Inappropriate implementation in Downloads. + CVE-2024-5844: Heap buffer overflow in Tab Strip. + CVE-2024-5845: Use after free in Audio. + CVE-2024-5846: Use after free in PDFium. + CVE-2024-5847: Use after free in PDFium. * Fri May 31 2024 Andrey Cherepanov 125.0.6422.141-alt1 - New version (125.0.6422.141). - Security fixes: + CVE-2024-5493: Heap buffer overflow in WebRTC. + CVE-2024-5494: Use after free in Dawn. + CVE-2024-5495: Use after free in Dawn. + CVE-2024-5496: Use after free in Media Session. + CVE-2024-5497: Out of bounds memory access in Keyboard Inputs. + CVE-2024-5498: Use after free in Presentation API. + CVE-2024-5499: Out of bounds write in Streams API. * Sat May 25 2024 Andrey Cherepanov 125.0.6422.112-alt1 - New version (125.0.6422.112). - Security fixes: + CVE-2024-5274: Type Confusion in V8. * Wed May 22 2024 Andrey Cherepanov 125.0.6422.76-alt1 - New version (125.0.6422.76). - Security fixes: + CVE-2024-5157: Use after free in Scheduling. + CVE-2024-5158: Type Confusion in V8. + CVE-2024-5159: Heap buffer overflow in ANGLE. + CVE-2024-5160: Heap buffer overflow in Dawn. * Sat May 18 2024 Andrey Cherepanov 125.0.6422.60-alt1 - New version (125.0.6422.60). - Security fixes: + CVE-2024-4947: Type Confusion in V8. + CVE-2024-4948: Use after free in Dawn. + CVE-2024-4949: Use after free in V8. + CVE-2024-4950: Inappropriate implementation in Downloads. - Apply patches from Debian to fix webpage hangs. * Tue May 14 2024 Andrey Cherepanov 124.0.6367.207-alt1 - New version (124.0.6367.207). - Security fixes: + CVE-2024-4761: Out of bounds write in V8. * Sun May 12 2024 Andrey Cherepanov 124.0.6367.201-alt1 - New version (124.0.6367.201). - Security fixes: + CVE-2024-4671: Use after free in Visuals. * Thu May 09 2024 Andrey Cherepanov 124.0.6367.155-alt1 - New version (124.0.6367.155). - Security fixes: + CVE-2024-4558: Use after free in ANGLE. + CVE-2024-4559: Heap buffer overflow in WebAudio. - Built using LLVM 18.1. * Wed May 01 2024 Andrey Cherepanov 124.0.6367.118-alt1 - New version (124.0.6367.118). - Security fixes: + CVE-2024-4331: Use after free in Picture In Picture. + CVE-2024-4368: Use after free in Dawn. * Thu Apr 25 2024 Andrey Cherepanov 124.0.6367.78-alt1 - New version (124.0.6367.78). - Security fixes: + CVE-2024-4058: Type Confusion in ANGLE. + CVE-2024-4059: Out of bounds read in V8 API. + CVE-2024-4060: Use after free in Dawn. * Sat Apr 20 2024 Andrey Cherepanov 124.0.6367.60-alt1 - New version (124.0.6367.60). - Security fixes: + CVE-2024-3832: Object corruption in V8. + CVE-2024-3833: Object corruption in WebAssembly. + CVE-2024-3914: Use after free in V8. + CVE-2024-3834: Use after free in Downloads. + CVE-2024-3837: Use after free in QUIC. + CVE-2024-3838: Inappropriate implementation in Autofill. + CVE-2024-3839: Out of bounds read in Fonts. + CVE-2024-3840: Insufficient policy enforcement in Site Isolation. + CVE-2024-3841: Insufficient data validation in Browser Switcher. + CVE-2024-3843: Insufficient data validation in Downloads. + CVE-2024-3844: Inappropriate implementation in Extensions. + CVE-2024-3845: Inappropriate implementation in Network. + CVE-2024-3846: Inappropriate implementation in Prompts. + CVE-2024-3847: Insufficient policy enforcement in WebUI. * Sat Apr 13 2024 Andrey Cherepanov 123.0.6312.122-alt1 - New version (123.0.6312.122). - Security fixes: + CVE-2024-3157: Out of bounds write in Compositing. + CVE-2024-3516: Heap buffer overflow in ANGLE. + CVE-2024-3515: Use after free in Dawn. - Use vaapi flags from Fedora defaults. * Wed Mar 27 2024 Andrey Cherepanov 123.0.6312.86-alt1 - New version (123.0.6312.86). - Security fixes: + CVE-2024-2883: Use after free in ANGLE. + CVE-2024-2885: Use after free in Daw. + CVE-2024-2886: Use after free in WebCodecs. + CVE-2024-2887: Type Confusion in WebAssembly. * Thu Mar 21 2024 Alexey Gladkov 123.0.6312.58-alt1 - New version (123.0.6312.58). - Security fixes: - CVE-2024-2173: Out of bounds memory access in V8. - CVE-2024-2174: Inappropriate implementation in V8. - CVE-2024-2176: Use after free in FedCM. - CVE-2024-2400: Use after free in Performance Manager. - CVE-2024-2625: Object lifecycle issue in V8. - CVE-2024-2626: Out of bounds read in Swiftshader. - CVE-2024-2627: Use after free in Canvas. - CVE-2024-2628: Inappropriate implementation in Downloads. - CVE-2024-2629: Incorrect security UI in iOS. - CVE-2024-2630: Inappropriate implementation in iOS. - CVE-2024-2631: Inappropriate implementation in iOS. * Wed Feb 28 2024 Alexey Gladkov 122.0.6261.94-alt1 - New version (122.0.6261.94). - Security fixes: - CVE-2024-1669: Out of bounds memory access in Blink. - CVE-2024-1670: Use after free in Mojo. - CVE-2024-1671: Inappropriate implementation in Site Isolation. - CVE-2024-1672: Inappropriate implementation in Content Security Policy. - CVE-2024-1673: Use after free in Accessibility. - CVE-2024-1674: Inappropriate implementation in Navigation. - CVE-2024-1675: Insufficient policy enforcement in Download. - CVE-2024-1676: Inappropriate implementation in Navigation. - CVE-2024-1938: Type Confusion in V8. - CVE-2024-1939: Type Confusion in V8. * Thu Feb 08 2024 Alexey Gladkov 121.0.6167.160-alt1 - New version (121.0.6167.160). - Security fixes: - CVE-2024-1283: Heap buffer overflow in Skia. - CVE-2024-1284: Use after free in Mojo. * Thu Feb 08 2024 Alexey Gladkov 121.0.6167.139-alt1 - New version (121.0.6167.139). - Security fixes: - CVE-2024-1059: Use after free in WebRTC. - CVE-2024-1060: Use after free in Canvas. - CVE-2024-1077: Use after free in Network. * Wed Jan 24 2024 Alexey Gladkov 121.0.6167.85-alt1 - New version (121.0.6167.85). - Security fixes: - CVE-2024-0804: Insufficient policy enforcement in iOS Security UI. - CVE-2024-0805: Inappropriate implementation in Downloads. - CVE-2024-0806: Use after free in Passwords. - CVE-2024-0807: Use after free in WebAudio. - CVE-2024-0808: Integer underflow in WebUI. - CVE-2024-0809: Inappropriate implementation in Autofill. - CVE-2024-0810: Insufficient policy enforcement in DevTools. - CVE-2024-0811: Inappropriate implementation in Extensions API. - CVE-2024-0812: Inappropriate implementation in Accessibility. - CVE-2024-0813: Use after free in Reading Mode. - CVE-2024-0814: Incorrect security UI in Payments. * Tue Dec 26 2023 Andrey Cherepanov 120.0.6099.109-alt1.p10.1 - Backport new version to p10 branch. * Mon Dec 18 2023 Alexey Gladkov 120.0.6099.109-alt2 - Bring back optimization flags. * Sat Dec 16 2023 Alexey Gladkov 120.0.6099.109-alt1 - New version (120.0.6099.109). - Security fixes: - CVE-2023-6702: Type Confusion in V8. - CVE-2023-6703: Use after free in Blink. - CVE-2023-6704: Use after free in libavif. - CVE-2023-6705: Use after free in WebRTC. - CVE-2023-6706: Use after free in FedCM. - CVE-2023-6707: Use after free in CSS. * Thu Dec 07 2023 Alexey Gladkov 120.0.6099.71-alt1 - New version (120.0.6099.71). * Thu Nov 23 2023 Andrey Cherepanov 119.0.6045.159-alt0.p10.1 Total 18941 source packages.