From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: DKIM-Filter: OpenDKIM Filter v2.11.0 mskdc-relay.altlinux.org CB1BE60147 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=altlinux.org; s=relay-alt2025; t=1756945103; bh=w03H3iza3k36R0YL8ZOugevJPDsveGkY649KmYyDo00=; h=Date:From:To:Subject:From; b=npDJ16dWMqVUg1u3xG8M1GZl2q+TzLbz3b2gSUJWYe2qn+sGj2fo/O44nYgITUPF5 SpPInSEDaX7oUQPTfD6je0LYPVjukEXeFn8z+6lo+V1VJrHsRYNXtBH/BXIu+kt+CP WS/JIaMyA/RNKuavwoWRbQLHMx7aM2mILCyyCwuA= Date: Thu, 4 Sep 2025 00:18:23 +0000 From: QA Team Robot To: sisyphus-cybertalk@lists.altlinux.org Message-ID: Mail-Followup-To: sisyphus-cybertalk@lists.altlinux.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Subject: [cyber] I: p11/branch packages: +10 (19766) X-BeenThere: sisyphus-cybertalk@lists.altlinux.org X-Mailman-Version: 2.1.12 Precedence: list Reply-To: devel@lists.altlinux.org List-Id: ALT Linux Sisyphus cybertalk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 04 Sep 2025 00:18:24 -0000 Archived-At: List-Archive: 10 UPDATED packages aardvark-dns - Authoritative DNS server for A/AAAA container records [22M] * Mon Aug 18 2025 Alexey Shabalin 1.16.0-alt1 - New version 1.16.0. * Mon May 19 2025 Alexey Shabalin 1.15.0-alt1 firefox - The Mozilla Firefox project is a redesign of Mozilla's browser [640M] * Wed Aug 06 2025 Ajrat Makhmutov 141.0.2-alt1 - New version (141.0.2). * Tue Jul 29 2025 Ajrat Makhmutov 141.0-alt1 - New version (141.0). - Fixes: + CVE-2025-8027: JavaScript engine only wrote partial return value to stack + CVE-2025-8028: Large branch table could lead to truncated instruction + CVE-2025-8041: Incorrect URL truncation in Firefox for Android + CVE-2025-8042: Sandboxed iframe could start downloads + CVE-2025-8029: javascript: URLs executed on object and embed tags + CVE-2025-8036: DNS rebinding circumvents CORS + CVE-2025-8037: Nameless cookies shadow secure cookies + CVE-2025-8030: Potential user-assisted code execution in "Copy as cURL" command + CVE-2025-8043: Incorrect URL truncation + CVE-2025-8031: Incorrect URL stripping in CSP reports + CVE-2025-8032: XSLT documents could bypass CSP + CVE-2025-8038: CSP frame-src was not correctly enforced for paths + CVE-2025-8039: Search terms persisted in URL bar + CVE-2025-8033: Incorrect JavaScript state machine for generators + CVE-2025-8044: Memory safety bugs fixed in Firefox 141 and Thunderbird 141 + CVE-2025-8034: Memory safety bugs fixed in Firefox ESR 115.26, Firefox ESR 128.13, Thunderbird ESR 128.13, Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141 + CVE-2025-8040: Memory safety bugs fixed in Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141 + CVE-2025-8035: Memory safety bugs fixed in Firefox ESR 128.13, Thunderbird ESR 128.13, Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141 * Thu Jul 10 2025 Ajrat Makhmutov 140.0.4-alt1 - New version (140.0.4). - Terminate buggy unfinished D&D operation as DragDrop (closes: 54713). * Sat Jun 28 2025 Ajrat Makhmutov 140.0.2-alt1 gambit - Gambit-C Scheme programming system [11M] * Sat Aug 30 2025 Paul Wolneykien 4.9.7-alt4 - Extract C-precompiled files into the separate 'modules-C' package. - List all module files and directories using a script. * Fri Aug 29 2025 Paul Wolneykien 4.9.7-alt3 - Build with --enable-trust-c-tco configure option. * Fri Aug 29 2025 Paul Wolneykien 4.9.7-alt2 - Applied 1e6655c upstream fix for executable-path test (thx Marc Feeley). * Thu Aug 28 2025 Paul Wolneykien 4.9.7-alt1 - New version 4.9.7. - Don't require /proc for building. - Disable pre-compilation of the Emacs module. - Skip executable-path test as it depends on /proc (patch). - Delete unused patches. * Fri Dec 01 2023 Paul Wolneykien 4.9.5-alt4 - Move gsc to 'devel' package, extract the 'modules' package and place *.js in 'modules-js' package. - Place module demos to examples/ (package 'docs'). - Add compilation options that seem to workaround compliation of srfi/42. - Add `--enable-moduledir=` option and install Gambit modules in /usr/lib64/gambit. - Remove AC_LANG(C++) from configure.ac and build with autoreconf. - Disable duplicate-var-message patch (needs bootstrap to apply). * Wed Nov 29 2023 Paul Wolneykien 4.9.5-alt3 - Make bootstrap in order to compile changes made by gambit-4.9.5-duplicate-var-message.patch. - Make the "duplicate pattern variable" message more informative (patch). - Switch to build from git. - Remove target directory on module compilation error (patch). * Mon Sep 11 2023 Paul Wolneykien 4.9.5-alt2 - Remove UTF-8 patch for docs (fixed in upstream). * Mon Sep 11 2023 Paul Wolneykien 4.9.5-alt1 - New version 4.9.5. * Sun Apr 09 2023 Michael Shigorin 4.9.4-alt3 gambit-dsock - UNIX domain sockets for Gambit-C Scheme programming system * Sat Aug 30 2025 Paul Wolneykien 1.2.3-alt1 - Fixed library symlinks. * Sat Aug 30 2025 Paul Wolneykien 1.2.2-alt1 - Run gsc with -warnings and check for undefined symbols. - Fix: Generate an incremental link file. - Build so-named library and install it into /usr/lib64/. * Thu Aug 28 2025 Paul Wolneykien 1.2.1-alt1 - Rebuild with a new version of Gambit. - Use ___return() instead of ___result. * Thu Jan 09 2025 Paul Wolneykien 1.2-alt4 - Ignore some compilation warnings to fix the build with GCC14. - Build with the standard %optflags. - Honor CFLAGS for compilation. * Mon Feb 11 2019 Paul Wolneykien 1.2-alt3 gambit-signal - UNIX signal handling library for Gambit-C Scheme programming system * Sat Aug 30 2025 Paul Wolneykien 1.2.3-alt1 - Fixed library symlinks. * Sat Aug 30 2025 Paul Wolneykien 1.2.2-alt1 - Build so-named library and install it into /usr/lib64/. - Run gsc with -warnings and check for undefined symbols. - Fix: Generate an incremental link file. * Thu Aug 28 2025 Paul Wolneykien 1.2.1-alt1 - Rebuild with a new version of Gambit. - Use ___return() instead of ___result. * Thu Jan 09 2025 Paul Wolneykien 1.2-alt5 - Ignore some compilation warnings to fix the build with GCC14. - Build with the standard %optflags. - Honor CFLAGS for compilation. * Mon Feb 11 2019 Michael Shigorin 1.2-alt4 gambit-sqlite3 - SQLite3 database library for Gambit-C Scheme programming system * Sat Aug 30 2025 Paul Wolneykien 1.3.4-alt1 - Fixed library symlinks. * Sat Aug 30 2025 Paul Wolneykien 1.3.3-alt1 - Run gsc with -warnings and check for undefined symbols. - Fix: Generate an incremental link file. - Build so-named library and install it into /usr/lib64/. * Thu Aug 28 2025 Paul Wolneykien 1.3.2-alt1 - Rebuild with a new version of Gambit. - Use ___return() instead of ___result. * Thu Jan 09 2025 Paul Wolneykien 1.3.1-alt2 - Ignore some compilation warnings to fix the build with GCC14. - Build with the standard %optflags. - Honor CFLAGS for compilation. * Mon Feb 13 2023 Paul Wolneykien 1.3.1-alt1 libwmf - A library to convert wmf files * Sat Apr 05 2025 Anton Farygin 0.2.13-alt1 - 0.2.8.4 -> 0.2.13 * Wed Sep 27 2017 Anton V. Boyarshinov 0.2.8.4-alt13 netavark - OCI network stack [23M] * Tue Sep 02 2025 Alexey Shabalin 1.16.1-alt1 - New version 1.16.1. * Mon Aug 18 2025 Alexey Shabalin 1.16.0-alt1 - New version 1.16.0. - Fixes a compatibility problem with nftables v1.1.4. * Tue Jun 17 2025 Alexey Shabalin 1.15.2-alt1 squidmill - Squid proxy server access log collector with rounding support * Sat Aug 30 2025 Paul Wolneykien 2.7.0-alt2 - Build without RPATH. * Thu Aug 28 2025 Paul Wolneykien 2.7.0-alt1 - Added a special test with no debug messages in daemon log (closes: 30142). - Make SysV-init script to remove the socket file on stop (closes: 29894). - Also, add support to print the test main log on success (PRINT_LOG_OK). - Repeat all tests 10 times when building. - Fixed/improved C-interface functions with Gambit 4.9.7. - Allow to select tests (RUN_TESTS) and to repeat them (TEST_COUNT). - Reworked tests + more tests. - Reworked top-level exception handling. - Rewrote the file-follow machinery (in the hope it's more stable now). * Fri Aug 22 2025 Paul Wolneykien 2.6.4-alt1 - Version 2.6.4. - Replace SRFI-1 named getters with list-ref to avoid call to undefined symbols with some versions of Gambit (Fixes: OVE-20250822-0001). - Run gsc with -warnings and check for undefined symbols. - Fixed the extra log title in test output. - Try to improve backtrace on error. * Thu Aug 21 2025 Paul Wolneykien 2.6.3-alt1 - Output SQL statements to the log with debug level > 1 only (-D -D). - Print test logs on test fail (PRINT_LOG=1). - Improved tests. * Tue Aug 19 2025 Paul Wolneykien 2.6.2-alt2 - Make [/var]/run/squidmill a ghost dir. * Tue Aug 19 2025 Paul Wolneykien 2.6.2-alt1 - Use squidmill.service unit to configure some fragile options (closes: 50276, 55654, 29894). * Wed Feb 19 2025 Paul Wolneykien 2.6.1-alt3 - Fixed build (drop rpm-macros-fillup). * Thu Jan 09 2025 Paul Wolneykien 2.6.1-alt2 - Build with the standard %optflags. - Honor CFLAGS for compilation. * Tue Feb 14 2023 Paul Wolneykien 2.6.1-alt1 thunderbird - Thunderbird is Mozilla's e-mail client [752M] * Tue Jul 29 2025 Ajrat Makhmutov 141.0-alt1 - New version. - Fixes: + CVE-2025-8027: JavaScript engine only wrote partial return value to stack + CVE-2025-8028: Large branch table could lead to truncated instruction + CVE-2025-8029: javascript: URLs executed on object and embed tags + CVE-2025-8036: DNS rebinding circumvents CORS + CVE-2025-8037: Nameless cookies shadow secure cookies + CVE-2025-8030: Potential user-assisted code execution in "Copy as cURL" command + CVE-2025-8043: Incorrect URL truncation + CVE-2025-8031: Incorrect URL stripping in CSP reports + CVE-2025-8032: XSLT documents could bypass CSP + CVE-2025-8038: CSP frame-src was not correctly enforced for paths + CVE-2025-8039: Search terms persisted in URL bar + CVE-2025-8033: Incorrect JavaScript state machine for generators + CVE-2025-8044: Memory safety bugs fixed in Firefox 141 and Thunderbird 141 + CVE-2025-8034: Memory safety bugs fixed in Firefox ESR 115.26, Firefox ESR 128.13, Thunderbird ESR 128.13, Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141 + CVE-2025-8040: Memory safety bugs fixed in Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141 + CVE-2025-8035: Memory safety bugs fixed in Firefox ESR 128.13, Thunderbird ESR 128.13, Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141 * Thu Jul 10 2025 Ajrat Makhmutov 140.0.1-alt1 - New version. * Mon Jul 07 2025 Ivan A. Melnikov 140.0-alt2 - NMU: Disable crashreporter on loongarch64 and riscv64 as it does not support these architectures yet (fixes FTBFS) * Sat Jul 05 2025 Ajrat Makhmutov 140.0-alt1 - New version. - Security fixes: + CVE-2025-6424: Use-after-free in FontFaceSet + CVE-2025-6425: The WebCompat WebExtension shipped exposed a persistent UUID + CVE-2025-6426: No warning when opening executable terminal files on macOS + CVE-2025-6427: connect-src Content Security Policy restriction could be bypassed + CVE-2025-6429: Incorrect parsing of URLs could have allowed embedding of youtube.com + CVE-2025-6430: Content-Disposition header ignored when a file is included in an embed or object tag + CVE-2025-6432: DNS Requests leaked outside of a configured SOCKS proxy + CVE-2025-6433: WebAuthn would allow a user to sign a challenge on a webpage with an invalid TLS certificate + CVE-2025-6434: HTTPS-Only exception screen lacked anti-clickjacking delay + CVE-2025-6435: Save as in Devtools could download files without sanitizing the extension + CVE-2025-6436: Memory safety bugs fixed in Firefox 140 and Thunderbird 140 * Wed Jun 11 2025 Ajrat Makhmutov 139.0.2-alt1 Total 19766 source packages.