From: QA Team Robot <qa@altlinux.org>
To: sisyphus-cybertalk@lists.altlinux.org
Subject: [cyber] I: p10/branch packages: +9 (18948)
Date: Sun, 3 Nov 2024 00:19:01 +0000
Message-ID: <ZybBdYtno9jDd9zY@beehive.mskdc.altlinux.org> (raw)
9 UPDATED packages
MySQL - A very fast and reliable SQL database engine [425M]
* Fri Oct 18 2024 Nikolai Kostrigin <nickel@altlinux> 8.0.40-alt1
- new version
+ (fixes: CVE-2024-21193, CVE-2024-21194, CVE-2024-21196, CVE-2024-21197)
+ (fixes: CVE-2024-21198, CVE-2024-21199, CVE-2024-21200, CVE-2024-21201)
+ (fixes: CVE-2024-21203, CVE-2024-21207, CVE-2024-21212, CVE-2024-21213)
+ (fixes: CVE-2024-21218, CVE-2024-21219, CVE-2024-21230, CVE-2024-21231)
+ (fixes: CVE-2024-21236, CVE-2024-21237, CVE-2024-21238, CVE-2024-21239)
+ (fixes: CVE-2024-21241, CVE-2024-21247)
- update mysql-shell 8.0.38 -> 8.0.40
* Tue Oct 15 2024 Andrey Cherepanov <cas@altlinux> 8.0.39-alt1.1
- disable use Faster TLS model (ALT #45499).
* Tue Aug 27 2024 Nikolai Kostrigin <nickel@altlinux> 8.0.39-alt1
blender - 3D modeling, animation, rendering and post-production [42M]
* Tue Oct 22 2024 L.A. Kostis <lakostis@altlinux> 3.3.21-alt0.p10.1
- 3.3.21.
- Build back with gcc (closes #51768).
* Thu Jun 27 2024 L.A. Kostis <lakostis@altlinux> 3.3.20-alt0.p10.1
gtkhash - A cross-platform desktop utility for computing message digests or checksums
* Tue Oct 08 2024 Andrey Cherepanov <cas@altlinux> 1.5-alt2
- Disabled libnettle support.
- Used GOST R 34.11-2012 (Stribog) hash function.
* Tue Apr 16 2024 Andrey Cherepanov <cas@altlinux> 1.5-alt1
kde5-dolphin - The file manager for KDE
* Mon Oct 28 2024 Oleg Solovyov <mcpain@altlinux> 23.08.5-alt4
- Skip MIME guessing on network-mounted file systems when listing dir
* Tue Oct 08 2024 Sergey V Turchin <zerg@altlinux> 23.08.5-alt3
- add nfs:/ handler
* Thu Jul 25 2024 Sergey V Turchin <zerg@altlinux> 23.08.5-alt2
- temporary build without baloo
* Fri Feb 16 2024 Sergey V Turchin <zerg@altlinux> 23.08.5-alt1
kf5-kio - KDE Frameworks 5 network transparent access to files and data
* Wed Oct 23 2024 Oleg Solovyov <mcpain@altlinux> 5.116.0-alt7
- move patch to Dolphin: Skip MIME guessing on network-mounted file systems
* Thu Oct 10 2024 Sergey V Turchin <zerg@altlinux> 5.116.0-alt6
- rename kcm_trash.desktop
* Mon Aug 12 2024 Sergey V Turchin <zerg@altlinux> 5.116.0-alt5
lazarus - Lazarus Component Library and IDE [162M]
* Sat Sep 28 2024 Andrey Cherepanov <cas@altlinux> 1:3.6-alt1
- New version.
* Sat May 25 2024 Andrey Cherepanov <cas@altlinux> 1:3.4-alt1
- New version.
* Mon Mar 18 2024 Andrey Cherepanov <cas@altlinux> 1:3.2-alt2
qgis3 - A user friendly Open Source Geographic Information System [102M]
* Fri Nov 01 2024 Andrey Cherepanov <cas@altlinux> 3.20.3-alt3.p10.2
- Do not use developer map from external untrusted resource.
* Mon Aug 28 2023 Andrey Cherepanov <cas@altlinux> 3.20.3-alt3.p10.1
task-edu - Educational software (base set)
* Fri Nov 01 2024 Andrey Cherepanov <cas@altlinux> 1.5.9-alt13.p10.2
- task-edu-kde5: added kde5-autofs-shares.
- task-edu-server-apps: returned installed-db-mediawiki.
* Sun Sep 29 2024 Andrey Cherepanov <cas@altlinux> 1.5.9-alt13.p10.1
thunderbird - Thunderbird is Mozilla's e-mail client [538M]
* Tue Oct 29 2024 Pavel Vasenkov <pav@altlinux> 115.16.2-alt1
- New version.
- Security fixes:
+ CVE-2024-3852 GetBoundName in the JIT returned the wrong object
+ CVE-2024-3854 Out-of-bounds-read after mis-optimized switch statement
+ CVE-2024-3857 Incorrect JITting of arguments led to use-after-free during garbage collection
+ CVE-2024-2609 Permission prompt input delay could expire when not in focus
+ CVE-2024-3859 Integer-overflow led to out-of-bounds-read in the OpenType sanitizer
+ CVE-2024-3861 Potential use-after-free due to AlignedBuffer self-move
+ CVE-2024-3863 Download Protections were bypassed by .xrm-ms files on Windows
+ CVE-2024-3302 Denial of Service using HTTP/2 CONTINUATION frames
+ CVE-2024-3864 Memory safety bug fixed in Firefox 125, Firefox ESR 115.10, and Thunderbird 115.10
+ CVE-2024-4367 Arbitrary JavaScript execution in PDF.js
+ CVE-2024-4767 IndexedDB files retained in private browsing mode
+ CVE-2024-4768 Potential permissions request bypass via clickjacking
+ CVE-2024-4769 Cross-origin responses could be distinguished between script and non-script content-types
+ CVE-2024-4770 Use-after-free could occur when printing to PDF
+ CVE-2024-4777 Memory safety bugs fixed in Firefox 126, Firefox ESR 115.11, and Thunderbird 115.11
+ CVE-2024-5702 Use-after-free in networking
+ CVE-2024-5688 Use-after-free in JavaScript object transplant
+ CVE-2024-5690 External protocol handlers leaked by timing attack
+ CVE-2024-5691 Sandboxed iframes were able to bypass sandbox restrictions to open a new window
+ CVE-2024-5692 Bypass of file name restrictions during saving
+ CVE-2024-5693 Cross-Origin Image leak via Offscreen Canvas
+ CVE-2024-5696 Memory Corruption in Text Fragments
+ CVE-2024-5700 Memory safety bugs fixed in Firefox 127, Firefox ESR 115.12, and Thunderbird 115.12
+ CVE-2024-7652 Type Confusion in Async Generators in Javascript Engine
+ CVE-2024-6600 Memory corruption in WebGL API
+ CVE-2024-6601 Race condition in permission assignment
+ CVE-2024-6602 Memory corruption in NSS
+ CVE-2024-6603 Memory corruption in thread creation
+ CVE-2024-6604 Memory safety bugs fixed in Firefox 128, Firefox ESR 115.13, Thunderbird 128, and Thunderbird 115.13
+ CVE-2024-7519 Out of bounds memory access in graphics shared memory handling
+ CVE-2024-7521 Incomplete WebAssembly exception handing
+ CVE-2024-7522 Out of bounds read in editor component
+ CVE-2024-7525 Missing permission check when creating a StreamFilter
+ CVE-2024-7526 Uninitialized memory used by WebGL
+ CVE-2024-7527 Use-after-free in JavaScript garbage collection
+ CVE-2024-7529 Document content could partially obscure security prompts
+ CVE-2024-7519 Out of bounds memory access in graphics shared memory handling
+ CVE-2024-7521 Incomplete WebAssembly exception handing
+ CVE-2024-7522 Out of bounds read in editor component
+ CVE-2024-7525 Missing permission check when creating a StreamFilter
+ CVE-2024-7526 Uninitialized memory used by WebGL
+ CVE-2024-7527 Use-after-free in JavaScript garbage collection
+ CVE-2024-7529 Document content could partially obscure security prompts
* Wed Apr 03 2024 Pavel Vasenkov <pav@altlinux> 115.9.0-alt1
Total 18948 source packages.
reply other threads:[~2024-11-03 0:19 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ZybBdYtno9jDd9zY@beehive.mskdc.altlinux.org \
--to=qa@altlinux.org \
--cc=devel@lists.altlinux.org \
--cc=sisyphus-cybertalk@lists.altlinux.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
ALT Linux Sisyphus cybertalk
This inbox may be cloned and mirrored by anyone:
git clone --mirror http://lore.altlinux.org/sisyphus-cybertalk/0 sisyphus-cybertalk/git/0.git
# If you have public-inbox 1.1+ installed, you may
# initialize and index your mirror using the following commands:
public-inbox-init -V2 sisyphus-cybertalk sisyphus-cybertalk/ http://lore.altlinux.org/sisyphus-cybertalk \
sisyphus-cybertalk@lists.altlinux.org sisyphus-cybertalk@lists.altlinux.ru sisyphus-cybertalk@lists.altlinux.com
public-inbox-index sisyphus-cybertalk
Example config snippet for mirrors.
Newsgroup available over NNTP:
nntp://lore.altlinux.org/org.altlinux.lists.sisyphus-cybertalk
AGPL code for this site: git clone https://public-inbox.org/public-inbox.git