From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on sa.local.altlinux.org X-Spam-Level: X-Spam-Status: No, score=-3.3 required=5.0 tests=BAYES_00,RP_MATCHES_RCVD autolearn=ham autolearn_force=no version=3.4.1 Date: Sun, 3 Nov 2024 00:19:01 +0000 From: QA Team Robot To: sisyphus-cybertalk@lists.altlinux.org Message-ID: Mail-Followup-To: sisyphus-cybertalk@lists.altlinux.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Subject: [cyber] I: p10/branch packages: +9 (18948) X-BeenThere: sisyphus-cybertalk@lists.altlinux.org X-Mailman-Version: 2.1.12 Precedence: list Reply-To: devel@lists.altlinux.org List-Id: ALT Linux Sisyphus cybertalk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 03 Nov 2024 00:19:04 -0000 Archived-At: List-Archive: 9 UPDATED packages MySQL - A very fast and reliable SQL database engine [425M] * Fri Oct 18 2024 Nikolai Kostrigin 8.0.40-alt1 - new version + (fixes: CVE-2024-21193, CVE-2024-21194, CVE-2024-21196, CVE-2024-21197) + (fixes: CVE-2024-21198, CVE-2024-21199, CVE-2024-21200, CVE-2024-21201) + (fixes: CVE-2024-21203, CVE-2024-21207, CVE-2024-21212, CVE-2024-21213) + (fixes: CVE-2024-21218, CVE-2024-21219, CVE-2024-21230, CVE-2024-21231) + (fixes: CVE-2024-21236, CVE-2024-21237, CVE-2024-21238, CVE-2024-21239) + (fixes: CVE-2024-21241, CVE-2024-21247) - update mysql-shell 8.0.38 -> 8.0.40 * Tue Oct 15 2024 Andrey Cherepanov 8.0.39-alt1.1 - disable use Faster TLS model (ALT #45499). * Tue Aug 27 2024 Nikolai Kostrigin 8.0.39-alt1 blender - 3D modeling, animation, rendering and post-production [42M] * Tue Oct 22 2024 L.A. Kostis 3.3.21-alt0.p10.1 - 3.3.21. - Build back with gcc (closes #51768). * Thu Jun 27 2024 L.A. Kostis 3.3.20-alt0.p10.1 gtkhash - A cross-platform desktop utility for computing message digests or checksums * Tue Oct 08 2024 Andrey Cherepanov 1.5-alt2 - Disabled libnettle support. - Used GOST R 34.11-2012 (Stribog) hash function. * Tue Apr 16 2024 Andrey Cherepanov 1.5-alt1 kde5-dolphin - The file manager for KDE * Mon Oct 28 2024 Oleg Solovyov 23.08.5-alt4 - Skip MIME guessing on network-mounted file systems when listing dir * Tue Oct 08 2024 Sergey V Turchin 23.08.5-alt3 - add nfs:/ handler * Thu Jul 25 2024 Sergey V Turchin 23.08.5-alt2 - temporary build without baloo * Fri Feb 16 2024 Sergey V Turchin 23.08.5-alt1 kf5-kio - KDE Frameworks 5 network transparent access to files and data * Wed Oct 23 2024 Oleg Solovyov 5.116.0-alt7 - move patch to Dolphin: Skip MIME guessing on network-mounted file systems * Thu Oct 10 2024 Sergey V Turchin 5.116.0-alt6 - rename kcm_trash.desktop * Mon Aug 12 2024 Sergey V Turchin 5.116.0-alt5 lazarus - Lazarus Component Library and IDE [162M] * Sat Sep 28 2024 Andrey Cherepanov 1:3.6-alt1 - New version. * Sat May 25 2024 Andrey Cherepanov 1:3.4-alt1 - New version. * Mon Mar 18 2024 Andrey Cherepanov 1:3.2-alt2 qgis3 - A user friendly Open Source Geographic Information System [102M] * Fri Nov 01 2024 Andrey Cherepanov 3.20.3-alt3.p10.2 - Do not use developer map from external untrusted resource. * Mon Aug 28 2023 Andrey Cherepanov 3.20.3-alt3.p10.1 task-edu - Educational software (base set) * Fri Nov 01 2024 Andrey Cherepanov 1.5.9-alt13.p10.2 - task-edu-kde5: added kde5-autofs-shares. - task-edu-server-apps: returned installed-db-mediawiki. * Sun Sep 29 2024 Andrey Cherepanov 1.5.9-alt13.p10.1 thunderbird - Thunderbird is Mozilla's e-mail client [538M] * Tue Oct 29 2024 Pavel Vasenkov 115.16.2-alt1 - New version. - Security fixes: + CVE-2024-3852 GetBoundName in the JIT returned the wrong object + CVE-2024-3854 Out-of-bounds-read after mis-optimized switch statement + CVE-2024-3857 Incorrect JITting of arguments led to use-after-free during garbage collection + CVE-2024-2609 Permission prompt input delay could expire when not in focus + CVE-2024-3859 Integer-overflow led to out-of-bounds-read in the OpenType sanitizer + CVE-2024-3861 Potential use-after-free due to AlignedBuffer self-move + CVE-2024-3863 Download Protections were bypassed by .xrm-ms files on Windows + CVE-2024-3302 Denial of Service using HTTP/2 CONTINUATION frames + CVE-2024-3864 Memory safety bug fixed in Firefox 125, Firefox ESR 115.10, and Thunderbird 115.10 + CVE-2024-4367 Arbitrary JavaScript execution in PDF.js + CVE-2024-4767 IndexedDB files retained in private browsing mode + CVE-2024-4768 Potential permissions request bypass via clickjacking + CVE-2024-4769 Cross-origin responses could be distinguished between script and non-script content-types + CVE-2024-4770 Use-after-free could occur when printing to PDF + CVE-2024-4777 Memory safety bugs fixed in Firefox 126, Firefox ESR 115.11, and Thunderbird 115.11 + CVE-2024-5702 Use-after-free in networking + CVE-2024-5688 Use-after-free in JavaScript object transplant + CVE-2024-5690 External protocol handlers leaked by timing attack + CVE-2024-5691 Sandboxed iframes were able to bypass sandbox restrictions to open a new window + CVE-2024-5692 Bypass of file name restrictions during saving + CVE-2024-5693 Cross-Origin Image leak via Offscreen Canvas + CVE-2024-5696 Memory Corruption in Text Fragments + CVE-2024-5700 Memory safety bugs fixed in Firefox 127, Firefox ESR 115.12, and Thunderbird 115.12 + CVE-2024-7652 Type Confusion in Async Generators in Javascript Engine + CVE-2024-6600 Memory corruption in WebGL API + CVE-2024-6601 Race condition in permission assignment + CVE-2024-6602 Memory corruption in NSS + CVE-2024-6603 Memory corruption in thread creation + CVE-2024-6604 Memory safety bugs fixed in Firefox 128, Firefox ESR 115.13, Thunderbird 128, and Thunderbird 115.13 + CVE-2024-7519 Out of bounds memory access in graphics shared memory handling + CVE-2024-7521 Incomplete WebAssembly exception handing + CVE-2024-7522 Out of bounds read in editor component + CVE-2024-7525 Missing permission check when creating a StreamFilter + CVE-2024-7526 Uninitialized memory used by WebGL + CVE-2024-7527 Use-after-free in JavaScript garbage collection + CVE-2024-7529 Document content could partially obscure security prompts + CVE-2024-7519 Out of bounds memory access in graphics shared memory handling + CVE-2024-7521 Incomplete WebAssembly exception handing + CVE-2024-7522 Out of bounds read in editor component + CVE-2024-7525 Missing permission check when creating a StreamFilter + CVE-2024-7526 Uninitialized memory used by WebGL + CVE-2024-7527 Use-after-free in JavaScript garbage collection + CVE-2024-7529 Document content could partially obscure security prompts * Wed Apr 03 2024 Pavel Vasenkov 115.9.0-alt1 Total 18948 source packages.