From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on sa.local.altlinux.org X-Spam-Level: X-Spam-Status: No, score=-3.3 required=5.0 tests=BAYES_00,RP_MATCHES_RCVD autolearn=ham autolearn_force=no version=3.4.1 Date: Tue, 29 Oct 2024 00:18:56 +0000 From: QA Team Robot To: sisyphus-cybertalk@lists.altlinux.org Message-ID: Mail-Followup-To: sisyphus-cybertalk@lists.altlinux.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Subject: [cyber] I: p10/branch packages: +1 (18946) X-BeenThere: sisyphus-cybertalk@lists.altlinux.org X-Mailman-Version: 2.1.12 Precedence: list Reply-To: devel@lists.altlinux.org List-Id: ALT Linux Sisyphus cybertalk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 29 Oct 2024 00:18:58 -0000 Archived-At: List-Archive: 1 UPDATED package chromium-gost - An open source web browser developed by Google [2097M] * Mon Oct 14 2024 Andrey Cherepanov 125.0.6422.112-alt0.c10.1 - Backported new version to c10 branch. - Used LLVM 17.0 and libstdc++ from gcc13. - Built only for x86_64. * Thu May 30 2024 Daniel Zagaynov 125.0.6422.112-alt1 - Update chromium to 125.0.6422.112 - Update chromium-gost to 125.0.6422.112 * Sat May 25 2024 Andrey Cherepanov 125.0.6422.112-alt1 - New version (125.0.6422.112). - Security fixes: + CVE-2024-5274: Type Confusion in V8. * Wed May 22 2024 Andrey Cherepanov 125.0.6422.76-alt1 - New version (125.0.6422.76). - Security fixes: + CVE-2024-5157: Use after free in Scheduling. + CVE-2024-5158: Type Confusion in V8. + CVE-2024-5159: Heap buffer overflow in ANGLE. + CVE-2024-5160: Heap buffer overflow in Dawn. * Sat May 18 2024 Andrey Cherepanov 125.0.6422.60-alt1 - New version (125.0.6422.60). - Security fixes: + CVE-2024-4947: Type Confusion in V8. + CVE-2024-4948: Use after free in Dawn. + CVE-2024-4949: Use after free in V8. + CVE-2024-4950: Inappropriate implementation in Downloads. - Apply patches from Debian to fix webpage hangs. * Tue May 14 2024 Andrey Cherepanov 124.0.6367.207-alt1 - New version (124.0.6367.207). - Security fixes: + CVE-2024-4761: Out of bounds write in V8. * Sun May 12 2024 Andrey Cherepanov 124.0.6367.201-alt1 - New version (124.0.6367.201). - Security fixes: + CVE-2024-4671: Use after free in Visuals. * Thu May 09 2024 Andrey Cherepanov 124.0.6367.155-alt1 - New version (124.0.6367.155). - Security fixes: + CVE-2024-4558: Use after free in ANGLE. + CVE-2024-4559: Heap buffer overflow in WebAudio. - Built using LLVM 18.1. * Wed May 01 2024 Andrey Cherepanov 124.0.6367.118-alt1 - New version (124.0.6367.118). - Security fixes: + CVE-2024-4331: Use after free in Picture In Picture. + CVE-2024-4368: Use after free in Dawn. * Tue Apr 30 2024 Fr. Br. George 124.0.6367.78-alt1 - GOST version * Thu Apr 25 2024 Andrey Cherepanov 124.0.6367.78-alt1 - New version (124.0.6367.78). - Security fixes: + CVE-2024-4058: Type Confusion in ANGLE. + CVE-2024-4059: Out of bounds read in V8 API. + CVE-2024-4060: Use after free in Dawn. * Sat Apr 20 2024 Andrey Cherepanov 124.0.6367.60-alt1 - New version (124.0.6367.60). - Security fixes: + CVE-2024-3832: Object corruption in V8. + CVE-2024-3833: Object corruption in WebAssembly. + CVE-2024-3914: Use after free in V8. + CVE-2024-3834: Use after free in Downloads. + CVE-2024-3837: Use after free in QUIC. + CVE-2024-3838: Inappropriate implementation in Autofill. + CVE-2024-3839: Out of bounds read in Fonts. + CVE-2024-3840: Insufficient policy enforcement in Site Isolation. + CVE-2024-3841: Insufficient data validation in Browser Switcher. + CVE-2024-3843: Insufficient data validation in Downloads. + CVE-2024-3844: Inappropriate implementation in Extensions. + CVE-2024-3845: Inappropriate implementation in Network. + CVE-2024-3846: Inappropriate implementation in Prompts. + CVE-2024-3847: Insufficient policy enforcement in WebUI. * Sat Apr 13 2024 Andrey Cherepanov 123.0.6312.122-alt1 - New version (123.0.6312.122). - Security fixes: + CVE-2024-3157: Out of bounds write in Compositing. + CVE-2024-3516: Heap buffer overflow in ANGLE. + CVE-2024-3515: Use after free in Dawn. - Use vaapi flags from Fedora defaults. * Wed Mar 27 2024 Andrey Cherepanov 123.0.6312.86-alt1 - New version (123.0.6312.86). - Security fixes: + CVE-2024-2883: Use after free in ANGLE. + CVE-2024-2885: Use after free in Daw. + CVE-2024-2886: Use after free in WebCodecs. + CVE-2024-2887: Type Confusion in WebAssembly. * Thu Mar 21 2024 Alexey Gladkov 123.0.6312.58-alt1 - New version (123.0.6312.58). - Security fixes: - CVE-2024-2173: Out of bounds memory access in V8. - CVE-2024-2174: Inappropriate implementation in V8. - CVE-2024-2176: Use after free in FedCM. - CVE-2024-2400: Use after free in Performance Manager. - CVE-2024-2625: Object lifecycle issue in V8. - CVE-2024-2626: Out of bounds read in Swiftshader. - CVE-2024-2627: Use after free in Canvas. - CVE-2024-2628: Inappropriate implementation in Downloads. - CVE-2024-2629: Incorrect security UI in iOS. - CVE-2024-2630: Inappropriate implementation in iOS. - CVE-2024-2631: Inappropriate implementation in iOS. * Thu Feb 29 2024 Fr. Br. George 121.0.6167.160-alt1 - GOST version * Wed Feb 28 2024 Alexey Gladkov 122.0.6261.94-alt1 - New version (122.0.6261.94). - Security fixes: - CVE-2024-1669: Out of bounds memory access in Blink. - CVE-2024-1670: Use after free in Mojo. - CVE-2024-1671: Inappropriate implementation in Site Isolation. - CVE-2024-1672: Inappropriate implementation in Content Security Policy. - CVE-2024-1673: Use after free in Accessibility. - CVE-2024-1674: Inappropriate implementation in Navigation. - CVE-2024-1675: Insufficient policy enforcement in Download. - CVE-2024-1676: Inappropriate implementation in Navigation. - CVE-2024-1938: Type Confusion in V8. - CVE-2024-1939: Type Confusion in V8. * Thu Feb 08 2024 Alexey Gladkov 121.0.6167.160-alt1 - New version (121.0.6167.160). - Security fixes: - CVE-2024-1283: Heap buffer overflow in Skia. - CVE-2024-1284: Use after free in Mojo. * Thu Feb 08 2024 Alexey Gladkov 121.0.6167.139-alt1 - New version (121.0.6167.139). - Security fixes: - CVE-2024-1059: Use after free in WebRTC. - CVE-2024-1060: Use after free in Canvas. - CVE-2024-1077: Use after free in Network. * Wed Jan 24 2024 Alexey Gladkov 121.0.6167.85-alt1 - New version (121.0.6167.85). - Security fixes: - CVE-2024-0804: Insufficient policy enforcement in iOS Security UI. - CVE-2024-0805: Inappropriate implementation in Downloads. - CVE-2024-0806: Use after free in Passwords. - CVE-2024-0807: Use after free in WebAudio. - CVE-2024-0808: Integer underflow in WebUI. - CVE-2024-0809: Inappropriate implementation in Autofill. - CVE-2024-0810: Insufficient policy enforcement in DevTools. - CVE-2024-0811: Inappropriate implementation in Extensions API. - CVE-2024-0812: Inappropriate implementation in Accessibility. - CVE-2024-0813: Use after free in Reading Mode. - CVE-2024-0814: Incorrect security UI in Payments. * Wed Dec 27 2023 Fr. Br. George 120.0.6099.109-alt2 - GOST version * Mon Dec 18 2023 Alexey Gladkov 120.0.6099.109-alt2 - Bring back optimization flags. * Sat Dec 16 2023 Alexey Gladkov 120.0.6099.109-alt1 - New version (120.0.6099.109). - Security fixes: - CVE-2023-6702: Type Confusion in V8. - CVE-2023-6703: Use after free in Blink. - CVE-2023-6704: Use after free in libavif. - CVE-2023-6705: Use after free in WebRTC. - CVE-2023-6706: Use after free in FedCM. - CVE-2023-6707: Use after free in CSS. * Thu Dec 07 2023 Alexey Gladkov 120.0.6099.71-alt1 - New version (120.0.6099.71). * Thu Nov 16 2023 Alexey Gladkov 119.0.6045.159-alt1 - New version (119.0.6045.159). - Security fixes: - CVE-2023-5997: Use after free in Garbage Collection. - CVE-2023-6112: Use after free in Navigation. * Mon Nov 13 2023 Alexey Gladkov 119.0.6045.123-alt1 - New version (119.0.6045.123). - Security fixes: - CVE-2023-5996: Use after free in WebAudio. * Fri Nov 03 2023 Alexey Gladkov 119.0.6045.105-alt1 - New version (119.0.6045.105). - Security fixes: - CVE-2023-5480: Inappropriate implementation in Payments. - CVE-2023-5482: Insufficient data validation in USB. - CVE-2023-5849: Integer overflow in USB. - CVE-2023-5850: Incorrect security UI in Downloads. - CVE-2023-5851: Inappropriate implementation in Downloads. - CVE-2023-5852: Use after free in Printing. - CVE-2023-5853: Incorrect security UI in Downloads. - CVE-2023-5854: Use after free in Profiles. - CVE-2023-5855: Use after free in Reading Mode. - CVE-2023-5856: Use after free in Side Panel. - CVE-2023-5857: Inappropriate implementation in Downloads. - CVE-2023-5858: Inappropriate implementation in WebApp Provider. - CVE-2023-5859: Incorrect security UI in Picture In Picture. - CVE-2023-5472: Use after free in Profiles. * Mon Oct 16 2023 Alexey Gladkov 118.0.5993.70-alt1 - New version (118.0.5993.70). - Security fixes: - CVE-2023-5218: Use after free in Site Isolation. - CVE-2023-5346: Type Confusion in V8. - CVE-2023-5473: Use after free in Cast. - CVE-2023-5474: Heap buffer overflow in PDF. - CVE-2023-5475: Inappropriate implementation in DevTools. - CVE-2023-5476: Use after free in Blink History. - CVE-2023-5477: Inappropriate implementation in Installer. - CVE-2023-5478: Inappropriate implementation in Autofill. - CVE-2023-5479: Inappropriate implementation in Extensions API. - CVE-2023-5481: Inappropriate implementation in Downloads. - CVE-2023-5483: Inappropriate implementation in Intents. - CVE-2023-5484: Inappropriate implementation in Navigation. - CVE-2023-5485: Inappropriate implementation in Autofill. - CVE-2023-5486: Inappropriate implementation in Input. - CVE-2023-5487: Inappropriate implementation in Fullscreen. * Thu Sep 28 2023 Alexey Gladkov 117.0.5938.132-alt1 - New version (117.0.5938.132). - Security fixes: - CVE-2023-5186: Use after free in Passwords. - CVE-2023-5187: Use after free in Extensions. - CVE-2023-5217: Heap buffer overflow in vp8 encoding in libvpx. * Mon Sep 25 2023 Alexey Gladkov 117.0.5938.92-alt1 - New version (117.0.5938.92). * Thu Sep 21 2023 Fr. Br. George 117.0.5938.62-alt1 - GOST vesrion * Wed Sep 13 2023 Alexey Gladkov 117.0.5938.62-alt1 - New version (117.0.5938.62). - Security fixes: - CVE-2023-4863: Heap buffer overflow in WebP. - CVE-2023-4900: Inappropriate implementation in Custom Tabs. - CVE-2023-4901: Inappropriate implementation in Prompts. - CVE-2023-4902: Inappropriate implementation in Input. - CVE-2023-4903: Inappropriate implementation in Custom Mobile Tabs. - CVE-2023-4904: Insufficient policy enforcement in Downloads. - CVE-2023-4905: Inappropriate implementation in Prompts. - CVE-2023-4906: Insufficient policy enforcement in Autofill. - CVE-2023-4907: Inappropriate implementation in Intents. - CVE-2023-4908: Inappropriate implementation in Picture in Picture. - CVE-2023-4909: Inappropriate implementation in Interstitials. * Thu Aug 17 2023 Alexey Gladkov 116.0.5845.96-alt1 - New version (116.0.5845.96). - Security fixes: - CVE-2023-2312: Use after free in Offline. - CVE-2023-4349: Use after free in Device Trust Connectors. - CVE-2023-4350: Inappropriate implementation in Fullscreen. - CVE-2023-4351: Use after free in Network. - CVE-2023-4352: Type Confusion in V8. - CVE-2023-4353: Heap buffer overflow in ANGLE. - CVE-2023-4354: Heap buffer overflow in Skia. - CVE-2023-4355: Out of bounds memory access in V8. - CVE-2023-4356: Use after free in Audio. - CVE-2023-4357: Insufficient validation of untrusted input in XML. - CVE-2023-4358: Use after free in DNS. - CVE-2023-4359: Inappropriate implementation in App Launcher. - CVE-2023-4360: Inappropriate implementation in Color. - CVE-2023-4361: Inappropriate implementation in Autofill. - CVE-2023-4362: Heap buffer overflow in Mojom IDL. - CVE-2023-4363: Inappropriate implementation in WebShare. - CVE-2023-4364: Inappropriate implementation in Permission Prompts. - CVE-2023-4365: Inappropriate implementation in Fullscreen. - CVE-2023-4366: Use after free in Extensions. - CVE-2023-4367: Insufficient policy enforcement in Extensions API. - CVE-2023-4368: Insufficient policy enforcement in Extensions API. * Wed Jul 26 2023 Alexey Gladkov 115.0.5790.110-alt1 - New version (115.0.5790.110). * Fri Jul 21 2023 Alexey Gladkov 115.0.5790.102-alt1 - New version (115.0.5790.102). * Tue Jul 18 2023 Alexey Gladkov 114.0.5735.198-alt1 - New version (114.0.5735.198). - Use LLVM16. - Security fixes: - CVE-2023-3214: Use after free in Autofill payments. - CVE-2023-3215: Use after free in WebRTC. - CVE-2023-3216: Type Confusion in V8. - CVE-2023-3217: Use after free in WebXR. - CVE-2023-3420: Type Confusion in V8. - CVE-2023-3421: Use after free in Media. - CVE-2023-3422: Use after free in Guest View. * Sat Jun 03 2023 Alexey Gladkov 114.0.5735.90-alt1 - New version (114.0.5735.90). - Security fixes: - CVE-2023-2929: Out of bounds write in Swiftshader. - CVE-2023-2930: Use after free in Extensions. - CVE-2023-2931: Use after free in PDF. - CVE-2023-2932: Use after free in PDF. - CVE-2023-2933: Use after free in PDF. - CVE-2023-2934: Out of bounds memory access in Mojo. - CVE-2023-2935: Type Confusion in V8. - CVE-2023-2936: Type Confusion in V8. - CVE-2023-2937: Inappropriate implementation in Picture In Picture. - CVE-2023-2938: Inappropriate implementation in Picture In Picture. - CVE-2023-2939: Insufficient data validation in Installer. - CVE-2023-2940: Inappropriate implementation in Downloads. - CVE-2023-2941: Inappropriate implementation in Extensions API. * Wed May 03 2023 Alexey Gladkov 113.0.5672.63-alt1 - New version (113.0.5672.63). - Security fixes: - CVE-2023-2459: Inappropriate implementation in Prompts. - CVE-2023-2460: Insufficient validation of untrusted input in Extensions. - CVE-2023-2461: Use after free in OS Inputs. - CVE-2023-2462: Inappropriate implementation in Prompts. - CVE-2023-2463: Inappropriate implementation in Full Screen Mode. - CVE-2023-2464: Inappropriate implementation in PictureInPicture. - CVE-2023-2465: Inappropriate implementation in CORS. - CVE-2023-2466: Inappropriate implementation in Prompts. - CVE-2023-2467: Inappropriate implementation in Prompts. - CVE-2023-2468: Inappropriate implementation in PictureInPicture. * Thu Apr 20 2023 Alexey Gladkov 112.0.5615.165-alt1 - New version (112.0.5615.165). - Security fixes: - CVE-2023-1810: Heap buffer overflow in Visuals. - CVE-2023-1811: Use after free in Frames. - CVE-2023-1812: Out of bounds memory access in DOM Bindings. - CVE-2023-1813: Inappropriate implementation in Extensions. - CVE-2023-1814: Insufficient validation of untrusted input in Safe Browsing. - CVE-2023-1815: Use after free in Networking APIs. - CVE-2023-1816: Incorrect security UI in Picture In Picture. - CVE-2023-1817: Insufficient policy enforcement in Intents. - CVE-2023-1818: Use after free in Vulkan. - CVE-2023-1819: Out of bounds read in Accessibility. - CVE-2023-1820: Heap buffer overflow in Browser History. - CVE-2023-1821: Inappropriate implementation in WebShare. - CVE-2023-1822: Incorrect security UI in Navigation. - CVE-2023-1823: Inappropriate implementation in FedCM. - CVE-2023-2033: Type Confusion in V8. - CVE-2023-2133: Out of bounds memory access in Service Worker API. - CVE-2023-2134: Out of bounds memory access in Service Worker API. - CVE-2023-2135: Use after free in DevTools. - CVE-2023-2136: Integer overflow in Skia. - CVE-2023-2137: Heap buffer overflow in sqlite. * Wed Mar 15 2023 Fr. Br. George 111.0.5563.64-alt1 - GOST version - Fix startup script (Closes: #45538) * Wed Mar 08 2023 Alexey Gladkov 111.0.5563.64-alt1 - New version (111.0.5563.64). - Security fixes: - CVE-2023-1213: Use after free in Swiftshader. - CVE-2023-1214: Type Confusion in V8. - CVE-2023-1215: Type Confusion in CSS. - CVE-2023-1216: Use after free in DevTools. - CVE-2023-1217: Stack buffer overflow in Crash reporting. - CVE-2023-1218: Use after free in WebRTC. - CVE-2023-1219: Heap buffer overflow in Metrics. - CVE-2023-1220: Heap buffer overflow in UMA. - CVE-2023-1221: Insufficient policy enforcement in Extensions API. - CVE-2023-1222: Heap buffer overflow in Web Audio API. - CVE-2023-1223: Insufficient policy enforcement in Autofill. - CVE-2023-1224: Insufficient policy enforcement in Web Payments API. - CVE-2023-1225: Insufficient policy enforcement in Navigation. - CVE-2023-1226: Insufficient policy enforcement in Web Payments API. - CVE-2023-1227: Use after free in Core. - CVE-2023-1228: Insufficient policy enforcement in Intents. - CVE-2023-1229: Inappropriate implementation in Permission prompts. - CVE-2023-1230: Inappropriate implementation in WebApp Installs. - CVE-2023-1231: Inappropriate implementation in Autofill. - CVE-2023-1232: Insufficient policy enforcement in Resource Timing. - CVE-2023-1233: Insufficient policy enforcement in Resource Timing. - CVE-2023-1234: Inappropriate implementation in Intents. - CVE-2023-1235: Type Confusion in DevTools. - CVE-2023-1236: Inappropriate implementation in Internals. * Tue Mar 07 2023 Fr. Br. George 110.0.5481.177-alt2 - GOST version * Wed Mar 01 2023 Alexey Gladkov 110.0.5481.177-alt2 - Bring back compiler optimizations (ALT#45454). * Thu Feb 23 2023 Alexey Gladkov 110.0.5481.177-alt1 Note: changelog entry for 110.0.5481.177-alt1.p10.1 not found. Total 18946 source packages.