From: QA Team Robot <qa@altlinux.org>
To: sisyphus-cybertalk@lists.altlinux.org
Subject: [cyber] I: p10/branch packages: +1! +7 (19058)
Date: Wed, 2 Jul 2025 00:21:07 +0000
Message-ID: <aGR7c+Gz+0Jyia1A@beehive.mskdc.altlinux.org> (raw)
1 ADDED package
dump_syms - Is a command-line utility for parsing the debugging information the compiler provides [16M]
* Fri Apr 18 2025 Ivan Khanas <xeno@altlinux> 2.3.4-alt1
- First build for ALT.
7 UPDATED packages
cbindgen - A project for generating C bindings from Rust code.
* Mon May 05 2025 Ajrat Makhmutov <rauty@altlinux> 0.28.0-alt1
- New version.
- Change group tag from File tools to Development/Tools.
- Update VCS, URL and summary.
* Fri Aug 30 2024 L.A. Kostis <lakostis@altlinux> 0.27.0-alt1
firefox - The Mozilla Firefox project is a redesign of Mozilla's browser [633M]
* Tue May 27 2025 Ajrat Makhmutov <rauty@altlinux> 138.0.1-alt0.p10.1
- Backprort new version to p10 branch.
* Sun May 04 2025 Ajrat Makhmutov <rauty@altlinux> 138.0.1-alt1
- New version (138.0.1).
- Disable sponsored shortcuts on the New Tab page.
- Security fixes:
+ CVE-2025-2817: Privilege escalation in Firefox Updater
+ CVE-2025-4082: WebGL shader attribute memory corruption in Firefox for macOS
+ CVE-2025-4083: Process isolation bypass using "javascript:" URI links in cross-origin frames
+ CVE-2025-4085: Potential information leakage and privilege escalation in UITour actor
+ CVE-2025-4086: Specially crafted filename could be used to obscure download type
+ CVE-2025-4087: Unsafe attribute access during XPath parsing
+ CVE-2025-4088: Cross-site request forgery via storage access API redirects
+ CVE-2025-4089: Potential local code execution in "copy as cURL" command
+ CVE-2025-4090: Leaked library paths in Firefox for Android
+ CVE-2025-4091: Memory safety bugs fixed in Firefox 138, Thunderbird 138, Firefox ESR 128.10, and Thunderbird 128.10
+ CVE-2025-4092: Memory safety bugs fixed in Firefox 138 and Thunderbird 138
* Tue Apr 15 2025 Ajrat Makhmutov <rauty@altlinux> 137.0.2-alt1
- New version (137.0.2).
- Security fixes:
+ CVE-2025-3608: Race condition in nsHttpTransaction could lead to memory corruption
* Tue Apr 01 2025 Ajrat Makhmutov <rauty@altlinux> 137.0-alt1
- New version (137.0).
- Security fixes:
+ CVE-2025-2857: Incorrect handle could lead to sandbox escapes
+ CVE-2025-3028: Use-after-free triggered by XSLTProcessor
+ CVE-2025-3031: JIT optimization bug with different stack slot sizes
+ CVE-2025-3032: Leaking file descriptors from the fork server
+ CVE-2025-3029: URL bar spoofing via non-BMP Unicode characters
+ CVE-2025-3035: Tab title disclosure across pages when using AI chatbot
+ CVE-2025-3033: Opening local .url files could lead to another file being opened
+ CVE-2025-3030: Memory safety bugs fixed in Firefox 137, Thunderbird 137, Firefox ESR 128.9, and Thunderbird 128.9
+ CVE-2025-3034: Memory safety bugs fixed in Firefox 137 and Thunderbird 137
* Tue Mar 18 2025 Ajrat Makhmutov <rauty@altlinux> 136.0.2-alt1
- New version (136.0.2).
- Set the MOZ_APP_REMOTINGNAME variable (closes: 52594, 53117).
- Update desktop file.
* Wed Mar 12 2025 Ajrat Makhmutov <rauty@altlinux> 136.0.1-alt1
- New version (136.0.1).
* Tue Mar 11 2025 Ajrat Makhmutov <rauty@altlinux> 136.0-alt1
- New version (136.0).
- Security fixes:
+ CVE-2025-1930: AudioIPC StreamData could trigger a use-after-free in the Browser process
+ CVE-2025-1939: Tapjacking in Android Custom Tabs using transition animations
+ CVE-2025-1931: Use-after-free in WebTransportChild
+ CVE-2025-1932: Inconsistent comparator in XSLT sorting led to out-of-bounds access
+ CVE-2025-1933: JIT corruption of WASM i32 return values on 64-bit CPUs
+ CVE-2025-1940: Android Intent confirmation prompt tapjacking using Select options
+ CVE-2024-9956: Passkey phishing within Bluetooth range
+ CVE-2025-1934: Unexpected GC during RegExp bailout processing
+ CVE-2025-1941: Lock screen setting bypass in Firefox Focus for Android
+ CVE-2025-1942: Disclosure of uninitialized memory when .toUpperCase() causes string to get longer
+ CVE-2025-1935: Clickjacking the registerProtocolHandler info-bar
+ CVE-2025-1936: Adding %00 and a fake extension to a jar: URL changed the interpretation of the contents
+ CVE-2025-1937: Memory safety bugs fixed in Firefox 136, Thunderbird 136, Firefox ESR 115.21, Firefox ESR 128.8, and Thunderbird 128.8
+ CVE-2025-1938: Memory safety bugs fixed in Firefox 136, Thunderbird 136, Firefox ESR 128.8, and Thunderbird 128.8
+ CVE-2025-1943: Memory safety bugs fixed in Firefox 136 and Thunderbird 136
* Wed Feb 19 2025 Ajrat Makhmutov <rauty@altlinux> 135.0.1-alt1
- New version (135.0.1).
- Security fixes:
+ CVE-2025-1414: Memory safety bugs fixed in Firefox 135.0.1
* Mon Feb 10 2025 Ajrat Makhmutov <rauty@altlinux> 135.0-alt1
- New version (135.0).
- Security fixes:
+ CVE-2025-1009: Use-after-free in XSLT
+ CVE-2025-1010: Use-after-free in Custom Highlight
+ CVE-2025-1018: Fullscreen notification is not displayed when fullscreen is re-requested
+ CVE-2025-1011: A bug in WebAssembly code generation could result in a crash
+ CVE-2025-1012: Use-after-free during concurrent delazification
+ CVE-2025-1019: Fullscreen notification not properly displayed
+ CVE-2025-1013: Potential opening of private browsing tabs in normal browsing windows
+ CVE-2025-1014: Certificate length was not properly checked
+ CVE-2025-1016: Memory safety bugs fixed in Firefox 135, Thunderbird 135, Firefox ESR 115.20, Firefox ESR 128.7, Thunderbird 115.20, and Thunderbird 128.7
+ CVE-2025-1017: Memory safety bugs fixed in Firefox 135, Thunderbird 135, Firefox ESR 128.7, and Thunderbird 128.7
+ CVE-2025-1020: Memory safety bugs fixed in Firefox 135 and Thunderbird 135
* Fri Jan 31 2025 Ajrat Makhmutov <rauty@altlinux> 134.0.2-alt0.p10.1
kde5-virtual - Virtual packages for KDE 5
* Mon Jun 02 2025 Ajrat Makhmutov <rauty@altlinux> 5.28.2-alt2
- clean requires
* Tue Nov 19 2024 Andrey Cherepanov <cas@altlinux> 5.28.2-alt1.p10.1
libaom - AV1 Codec Library
* Fri Apr 18 2025 Ilya Kurdyukov <ilyakurdyukov@altlinux> 3.12.0-alt2
- e2k: simd patch update
* Thu Feb 27 2025 Ivan A. Melnikov <iv@altlinux> 3.12.0-alt1.1
- NMU: build v/o RVV on riscv64 (fixes FTBFS)
* Thu Feb 27 2025 Anton Farygin <rider@altlinux> 3.12.0-alt1
- 3.9.1 -> 3.12.0
* Mon Aug 05 2024 Ilya Kurdyukov <ilyakurdyukov@altlinux> 3.9.1-alt2
- e2k: simd patch update
* Mon Jul 15 2024 Anton Farygin <rider@altlinux> 3.9.1-alt1
- 3.5.0 -> 3.9.1
* Tue May 30 2023 Alexey Sheplyakov <asheplyakov@altlinux> 3.5.0-alt2
- NMU: fixed FTBFS on LoongArch. While at it made it possible to skip
the documentation.
* Tue Dec 20 2022 Valery Inozemtsev <shrek@altlinux> 3.5.0-alt1
- Updated to upstream version 3.5.0.
* Mon Feb 28 2022 Aleksei Nikiforov <darktemplar@altlinux> 3.3.0-alt1
- Updated to upstream version 3.3.0.
* Tue Dec 14 2021 Aleksei Nikiforov <darktemplar@altlinux> 3.2.0-alt1
- Updated to upstream version 3.2.0.
* Mon Aug 30 2021 Aleksei Nikiforov <darktemplar@altlinux> 3.1.2-alt2
- Disabled installation of static libraries.
* Tue Jul 27 2021 Aleksei Nikiforov <darktemplar@altlinux> 3.1.2-alt1
- Updated to upstream version 3.1.2.
* Mon Jun 21 2021 Aleksei Nikiforov <darktemplar@altlinux> 3.1.1-alt1
nss - Netscape Network Security Services(NSS) [52M]
* Mon May 05 2025 Ajrat Makhmutov <rauty@altlinux> 3.110-alt1
- New version (3.110).
* Mon Mar 03 2025 Ajrat Makhmutov <rauty@altlinux> 3.109-alt1
- New version (3.109).
* Mon Feb 10 2025 Ajrat Makhmutov <rauty@altlinux> 3.108-alt1
- New version (3.108).
- Certificate Authority Changes:
+ Add CN=D-TRUST BR Root CA 2 2023
+ Add CN=D-TRUST EV Root CA 2 2023
+ Remove CN=SwissSign Silver CA - G2
* Tue Dec 10 2024 Ajrat Makhmutov <rauty@altlinux> 3.107-alt1
systray-x - A system tray extension for Thunderbird
* Fri Apr 25 2025 Andrey Cherepanov <cas@altlinux> 0.9.11-alt3
- FTBFS: fixed build with new thunderbird.
* Fri Apr 18 2025 Andrey Cherepanov <cas@altlinux> 0.9.11-alt2
- Adapted to Thunderbird 137.x (ALT #53895).
- Built with Qt6.
* Thu Mar 13 2025 Andrey Cherepanov <cas@altlinux> 0.9.11-alt1
- New version.
* Tue Nov 19 2024 Andrey Cherepanov <cas@altlinux> 0.9.10-alt2
thunderbird - Thunderbird is Mozilla's e-mail client [746M]
* Sat May 31 2025 Ajrat Makhmutov <rauty@altlinux> 138.0-alt1.p10.1
- Backport new version to p10 branch.
- Explicitly use llvm 17 instead of the default.
* Wed May 07 2025 Ajrat Makhmutov <rauty@altlinux> 138.0-alt2
- New version.
- Disable debug mode.
- Stop putting commonDialogs.properties into shared memory (closes: 50737).
* Mon May 05 2025 Ajrat Makhmutov <rauty@altlinux> 138.0-alt1
- New version.
- Enable building of debug information symbols.
- Build with crash reporter.
- Security fixes:
+ CVE-2025-2817: Privilege escalation in Thunderbird Updater
+ CVE-2025-4082: WebGL shader attribute memory corruption in Thunderbird for macOS
+ CVE-2025-4083: Process isolation bypass using "javascript:" URI links in cross-origin frames
+ CVE-2025-4085: Potential information leakage and privilege escalation in UITour actor
+ CVE-2025-4086: Specially crafted filename could be used to obscure download type
+ CVE-2025-4087: Unsafe attribute access during XPath parsing
+ CVE-2025-4088: Cross-site request forgery via storage access API redirects
+ CVE-2025-4089: Potential local code execution in "copy as cURL" command
+ CVE-2025-4090: Leaked library paths in Thunderbird for Android
+ CVE-2025-4091: Memory safety bugs fixed in Firefox 138, Thunderbird 138, Firefox ESR 128.10, and Thunderbird 128.10
+ CVE-2025-4092: Memory safety bugs fixed in Firefox 138 and Thunderbird 138
* Wed Apr 16 2025 Ajrat Makhmutov <rauty@altlinux> 137.0.2-alt1
- New version.
- Remove duplication in the desktop file (closes: 52475).
- Security fixes:
+ CVE-2025-3522: Leak of hashed Window credentials via crafted attachment URL
+ CVE-2025-2830: Information Disclosure of /tmp directory listing
+ CVE-2025-3523: User Interface (UI) Misrepresentation of attachment URL
* Sat Apr 05 2025 Ajrat Makhmutov <rauty@altlinux> 137.0.1-alt1
- New version.
* Wed Apr 02 2025 Ajrat Makhmutov <rauty@altlinux> 137.0-alt1
- New version.
- Set the MOZ_APP_REMOTINGNAME variable.
- Security fixes:
+ CVE-2025-3028: Use-after-free triggered by XSLTProcessor
+ CVE-2025-3031: JIT optimization bug with different stack slot sizes
+ CVE-2025-3032: Leaking file descriptors from the fork server
+ CVE-2025-3029: URL bar spoofing via non-BMP Unicode characters
+ CVE-2025-3033: Opening local .url files could lead to another file being opened
+ CVE-2025-3030: Memory safety bugs fixed in Firefox 137, Thunderbird 137, Firefox ESR 128.9, and Thunderbird 128.9
+ CVE-2025-3034: Memory safety bugs fixed in Firefox 137 and Thunderbird 137
* Wed Mar 26 2025 Ajrat Makhmutov <rauty@altlinux> 136.0.1-alt2
- Fix opening of email attachments in applications running on XWayland.
* Thu Mar 20 2025 Ajrat Makhmutov <rauty@altlinux> 136.0.1-alt1
- New version.
* Sat Mar 15 2025 Ajrat Makhmutov <rauty@altlinux> 136.0-alt1
- New version.
- Security fixes:
+ CVE-2025-1942: Disclosure of uninitialized memory when .toUpperCase() causes string to get longer
+ CVE-2025-1943: Memory safety bugs fixed in Firefox 136 and Thunderbird 136
* Fri Mar 07 2025 Ajrat Makhmutov <rauty@altlinux> 128.8.0-alt1
- New version.
- Security fixes:
+ CVE-2024-43097: Overflow when growing an SkRegion's RunArray
+ CVE-2025-1930: AudioIPC StreamData could trigger a use-after-free in the Browser process
+ CVE-2025-1931: Use-after-free in WebTransportChild
+ CVE-2025-1932: Inconsistent comparator in XSLT sorting led to out-of-bounds access
+ CVE-2025-1933: JIT corruption of WASM i32 return values on 64-bit CPUs
+ CVE-2025-1934: Unexpected GC during RegExp bailout processing
+ CVE-2025-1935: Clickjacking the registerProtocolHandler info-bar
+ CVE-2025-1936: Adding %00 and a fake extension to a jar: URL changed the interpretation of the contents
+ CVE-2025-1937: Memory safety bugs fixed in Firefox 136, Thunderbird 136, Firefox ESR 115.21, Firefox ESR 128.8, and Thunderbird 128.8
+ CVE-2025-1938: Memory safety bugs fixed in Firefox 136, Thunderbird 136, Firefox ESR 128.8, and Thunderbird 128.8
* Mon Feb 24 2025 Ajrat Makhmutov <rauty@altlinux> 128.7.1-alt1
- New version.
* Mon Feb 10 2025 Ajrat Makhmutov <rauty@altlinux> 128.7.0-alt1
- New version.
- Security fixes:
+ CVE-2025-1009: Use-after-free in XSLT
+ CVE-2025-1010: Use-after-free in Custom Highlight
+ CVE-2025-1011: A bug in WebAssembly code generation could result in a crash
+ CVE-2025-1012: Use-after-free during concurrent delazification
+ CVE-2024-11704: Potential double-free vulnerability in PKCS#7 decryption handling
+ CVE-2025-1013: Potential opening of private browsing tabs in normal browsing windows
+ CVE-2025-1014: Certificate length was not properly checked
+ CVE-2025-1015: Unsanitized address book fields
+ CVE-2025-0510: Address of e-mail sender can be spoofed by malicious email
+ CVE-2025-1016: Memory safety bugs fixed in Firefox 135, Thunderbird 135, Firefox ESR 115.20, Firefox ESR 128.7, Thunderbird 115.20, and Thunderbird 128.7
+ CVE-2025-1017: Memory safety bugs fixed in Firefox 135, Thunderbird 135, Firefox ESR 128.7, and Thunderbird 128.7
* Mon Jan 27 2025 Ajrat Makhmutov <rauty@altlinux> 128.6.0-alt0.p10.1
Total 19058 source packages.
reply other threads:[~2025-07-02 0:21 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=aGR7c+Gz+0Jyia1A@beehive.mskdc.altlinux.org \
--to=qa@altlinux.org \
--cc=devel@lists.altlinux.org \
--cc=sisyphus-cybertalk@lists.altlinux.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
ALT Linux Sisyphus cybertalk
This inbox may be cloned and mirrored by anyone:
git clone --mirror http://lore.altlinux.org/sisyphus-cybertalk/0 sisyphus-cybertalk/git/0.git
# If you have public-inbox 1.1+ installed, you may
# initialize and index your mirror using the following commands:
public-inbox-init -V2 sisyphus-cybertalk sisyphus-cybertalk/ http://lore.altlinux.org/sisyphus-cybertalk \
sisyphus-cybertalk@lists.altlinux.org sisyphus-cybertalk@lists.altlinux.ru sisyphus-cybertalk@lists.altlinux.com
public-inbox-index sisyphus-cybertalk
Example config snippet for mirrors.
Newsgroup available over NNTP:
nntp://lore.altlinux.org/org.altlinux.lists.sisyphus-cybertalk
AGPL code for this site: git clone https://public-inbox.org/public-inbox.git