* [cyber] I: p10/branch packages: +1! +8 (19068)
@ 2025-10-02 0:23 QA Team Robot
0 siblings, 0 replies; only message in thread
From: QA Team Robot @ 2025-10-02 0:23 UTC (permalink / raw)
To: sisyphus-cybertalk
1 ADDED package
rpm-macros-thunderbird - Set of RPM macros for packaging applications that requires thunderbird
* Wed Jun 04 2025 Ajrat Makhmutov <rauty@altlinux> 0.0.1-alt1
- Initial build.
8 UPDATED packages
ca-certificates - Common CA Certificates
* Mon Feb 10 2025 Ajrat Makhmutov <rauty@altlinux> 2025.02.10-alt1
- mozilla: sync with nss-3.108.
* Tue Dec 10 2024 Ajrat Makhmutov <rauty@altlinux> 2024.12.10-alt1
firefox - The Mozilla Firefox project is a redesign of Mozilla's browser [641M]
* Wed Aug 06 2025 Ajrat Makhmutov <rauty@altlinux> 141.0.2-alt0.p10.1
- Backprort new version to p10 branch.
* Wed Aug 06 2025 Ajrat Makhmutov <rauty@altlinux> 141.0.2-alt1
- New version (141.0.2).
* Tue Jul 29 2025 Ajrat Makhmutov <rauty@altlinux> 141.0-alt1
- New version (141.0).
- Fixes:
+ CVE-2025-8027: JavaScript engine only wrote partial return value to stack
+ CVE-2025-8028: Large branch table could lead to truncated instruction
+ CVE-2025-8041: Incorrect URL truncation in Firefox for Android
+ CVE-2025-8042: Sandboxed iframe could start downloads
+ CVE-2025-8029: javascript: URLs executed on object and embed tags
+ CVE-2025-8036: DNS rebinding circumvents CORS
+ CVE-2025-8037: Nameless cookies shadow secure cookies
+ CVE-2025-8030: Potential user-assisted code execution in "Copy as cURL" command
+ CVE-2025-8043: Incorrect URL truncation
+ CVE-2025-8031: Incorrect URL stripping in CSP reports
+ CVE-2025-8032: XSLT documents could bypass CSP
+ CVE-2025-8038: CSP frame-src was not correctly enforced for paths
+ CVE-2025-8039: Search terms persisted in URL bar
+ CVE-2025-8033: Incorrect JavaScript state machine for generators
+ CVE-2025-8044: Memory safety bugs fixed in Firefox 141 and Thunderbird 141
+ CVE-2025-8034: Memory safety bugs fixed in Firefox ESR 115.26, Firefox ESR 128.13, Thunderbird ESR 128.13, Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141
+ CVE-2025-8040: Memory safety bugs fixed in Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141
+ CVE-2025-8035: Memory safety bugs fixed in Firefox ESR 128.13, Thunderbird ESR 128.13, Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141
* Thu Jul 10 2025 Ajrat Makhmutov <rauty@altlinux> 140.0.4-alt1
- New version (140.0.4).
- Terminate buggy unfinished D&D operation as DragDrop (closes: 54713).
* Sat Jun 28 2025 Ajrat Makhmutov <rauty@altlinux> 140.0.2-alt1
- New version (140.0.2).
* Thu Jun 26 2025 Ajrat Makhmutov <rauty@altlinux> 140.0-alt1
- New version (140.0).
- Security fixes:
+ CVE-2025-6424: Use-after-free in FontFaceSet
+ CVE-2025-6425: The WebCompat WebExtension shipped with Firefox exposed a persistent UUID
+ CVE-2025-6426: No warning when opening executable terminal files on macOS
+ CVE-2025-6427: connect-src Content Security Policy restriction could be bypassed
+ CVE-2025-6428: Firefox for Android opened URLs specified in a link querystring parameter
+ CVE-2025-6429: Incorrect parsing of URLs could have allowed embedding of youtube.com
+ CVE-2025-6430: Content-Disposition header ignored when a file is included in an embed or object tag
+ CVE-2025-6431: The prompt in Firefox for Android that asks before opening a link in an external application could be bypassed
+ CVE-2025-6432: DNS Requests leaked outside of a configured SOCKS proxy
+ CVE-2025-6433: WebAuthn would allow a user to sign a challenge on a webpage with an invalid TLS certificate
+ CVE-2025-6434: HTTPS-Only exception screen lacked anti-clickjacking delay
+ CVE-2025-6435: Save as in Devtools could download files without sanitizing the extension
+ CVE-2025-6436: Memory safety bugs fixed in Firefox 140 and Thunderbird 140
* Tue Jun 10 2025 Ajrat Makhmutov <rauty@altlinux> 139.0.4-alt1
- New version (139.0.4).
- Security fixes:
+ CVE-2025-49709: Memory corruption in canvas surfaces
+ CVE-2025-49710: Integer overflow in OrderedHashTable
* Sat May 31 2025 Ajrat Makhmutov <rauty@altlinux> 139.0.1-alt1
- New version (139.0.1).
- Fix FTBFS: exclude i586 arch due to idle time limit exceeded.
- Security fixes:
+ MFSA-TMP-2025-0001: Double-free in libvpx encoder
+ CVE-2025-5263: Error handling for script execution was incorrectly isolated from web content
+ CVE-2025-5264: Potential local code execution in "Copy as cURL" command
+ CVE-2025-5265: Potential local code execution in "Copy as cURL" command
+ CVE-2025-5266: Script element events leaked cross-origin resource status
+ CVE-2025-5270: SNI was sometimes unencrypted
+ CVE-2025-5271: Devtools' preview ignored CSP headers
+ CVE-2025-5267: Clickjacking vulnerability could have led to leaking saved payment card details
+ CVE-2025-5268: Memory safety bugs fixed in Firefox 139, Thunderbird 139, Firefox ESR 128.11, and Thunderbird 128.11
+ CVE-2025-5272: Memory safety bugs fixed in Firefox 139 and Thunderbird 139
* Tue May 27 2025 Ajrat Makhmutov <rauty@altlinux> 138.0.1-alt0.p10.1
kde5-virtual - Virtual packages for KDE 5
* Wed Aug 06 2025 Ajrat Makhmutov <rauty@altlinux> 5.28.2-alt3
- use thunderbird_arch macro for kde-email-client files
* Mon Jun 02 2025 Ajrat Makhmutov <rauty@altlinux> 5.28.2-alt2
nss - Netscape Network Security Services(NSS) [52M]
* Thu Jun 26 2025 Ajrat Makhmutov <rauty@altlinux> 3.113-alt1
- New version (3.113).
* Sat Jun 07 2025 Ajrat Makhmutov <rauty@altlinux> 3.112-alt1
- New version (3.112).
* Mon May 12 2025 Ajrat Makhmutov <rauty@altlinux> 3.111-alt1
- New version (3.111).
* Mon May 05 2025 Ajrat Makhmutov <rauty@altlinux> 3.110-alt1
systray-x - A system tray extension for Thunderbird
* Wed Jun 04 2025 Ajrat Makhmutov <rauty@altlinux> 0.9.11-alt4
- Use %thunderbird_arch to specify supported architectures.
* Fri Apr 25 2025 Andrey Cherepanov <cas@altlinux> 0.9.11-alt3
task-edu - Educational software (base set)
* Thu Aug 07 2025 Ajrat Makhmutov <rauty@altlinux> 1.5.9-alt13.p10.3.2
- Use the thunderbird_arch macro for the thunderbird requirement.
* Wed Apr 09 2025 Andrey Cherepanov <cas@altlinux> 1.5.9-alt13.p10.3.1
thunderbird - Thunderbird is Mozilla's e-mail client [752M]
* Wed Aug 06 2025 Ajrat Makhmutov <rauty@altlinux> 141.0-alt0.p10.1
- Backport new version to p10 branch.
* Tue Jul 29 2025 Ajrat Makhmutov <rauty@altlinux> 141.0-alt1
- New version.
- Fixes:
+ CVE-2025-8027: JavaScript engine only wrote partial return value to stack
+ CVE-2025-8028: Large branch table could lead to truncated instruction
+ CVE-2025-8029: javascript: URLs executed on object and embed tags
+ CVE-2025-8036: DNS rebinding circumvents CORS
+ CVE-2025-8037: Nameless cookies shadow secure cookies
+ CVE-2025-8030: Potential user-assisted code execution in "Copy as cURL" command
+ CVE-2025-8043: Incorrect URL truncation
+ CVE-2025-8031: Incorrect URL stripping in CSP reports
+ CVE-2025-8032: XSLT documents could bypass CSP
+ CVE-2025-8038: CSP frame-src was not correctly enforced for paths
+ CVE-2025-8039: Search terms persisted in URL bar
+ CVE-2025-8033: Incorrect JavaScript state machine for generators
+ CVE-2025-8044: Memory safety bugs fixed in Firefox 141 and Thunderbird 141
+ CVE-2025-8034: Memory safety bugs fixed in Firefox ESR 115.26, Firefox ESR 128.13, Thunderbird ESR 128.13, Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141
+ CVE-2025-8040: Memory safety bugs fixed in Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141
+ CVE-2025-8035: Memory safety bugs fixed in Firefox ESR 128.13, Thunderbird ESR 128.13, Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141
* Thu Jul 10 2025 Ajrat Makhmutov <rauty@altlinux> 140.0.1-alt1
- New version.
* Mon Jul 07 2025 Ivan A. Melnikov <iv@altlinux> 140.0-alt2
- NMU: Disable crashreporter on loongarch64 and riscv64
as it does not support these architectures yet (fixes FTBFS)
* Sat Jul 05 2025 Ajrat Makhmutov <rauty@altlinux> 140.0-alt1
- New version.
- Security fixes:
+ CVE-2025-6424: Use-after-free in FontFaceSet
+ CVE-2025-6425: The WebCompat WebExtension shipped exposed a persistent UUID
+ CVE-2025-6426: No warning when opening executable terminal files on macOS
+ CVE-2025-6427: connect-src Content Security Policy restriction could be bypassed
+ CVE-2025-6429: Incorrect parsing of URLs could have allowed embedding of youtube.com
+ CVE-2025-6430: Content-Disposition header ignored when a file is included in an embed or object tag
+ CVE-2025-6432: DNS Requests leaked outside of a configured SOCKS proxy
+ CVE-2025-6433: WebAuthn would allow a user to sign a challenge on a webpage with an invalid TLS certificate
+ CVE-2025-6434: HTTPS-Only exception screen lacked anti-clickjacking delay
+ CVE-2025-6435: Save as in Devtools could download files without sanitizing the extension
+ CVE-2025-6436: Memory safety bugs fixed in Firefox 140 and Thunderbird 140
* Wed Jun 11 2025 Ajrat Makhmutov <rauty@altlinux> 139.0.2-alt1
- New version.
- Security fixes:
+ CVE-2025-5986: Unsolicited File Download, Disk Space Exhaustion, and Credential Leakage via mailbox:/// Links
* Wed Jun 04 2025 Ajrat Makhmutov <rauty@altlinux> 139.0.1-alt1
- New version.
- Put the list of supported architectures to the rpm-macros-thunderbird.
* Sat May 31 2025 Ajrat Makhmutov <rauty@altlinux> 139.0-alt1
- New version.
- Fix FTBFS: exclude i586 arch due to idle time limit exceeded.
- Security fixes:
+ CVE-2025-5262: Double-free in libvpx encoder
+ CVE-2025-5263: Error handling for script execution was incorrectly isolated from web content
+ CVE-2025-5264: Potential local code execution in "Copy as cURL" command
+ CVE-2025-5265: Potential local code execution in "Copy as cURL" command
+ CVE-2025-5266: Script element events leaked cross-origin resource status
+ CVE-2025-5270: SNI was sometimes unencrypted
+ CVE-2025-5271: Devtools' preview ignored CSP headers
+ CVE-2025-5267: Clickjacking vulnerability could have led to leaking saved payment card details
+ CVE-2025-5268: Memory safety bugs fixed in Firefox 139, Thunderbird 139, Firefox ESR 128.11, and Thunderbird 128.11
+ CVE-2025-5272: Memory safety bugs fixed in Firefox 139 and Thunderbird 139
* Sat May 31 2025 Ajrat Makhmutov <rauty@altlinux> 138.0-alt1.p10.1
tomcat - Apache Servlet/JSP Engine, RI for Servlet 4.0/JSP 2.3 API [15M]
* Fri Sep 26 2025 Sergey Gvozdetskiy <serjigva@altlinux> 1:9.0.98-alt0_1jpp17.p10.5
- security fixes:
+ CVE-2025-48989: Denial of service
+ CVE-2025-55668: Session Fixation Via Rewrite Valve
* Tue Aug 12 2025 Sergey Gvozdetskiy <serjigva@altlinux> 1:9.0.98-alt0_1jpp17.p10.4
Total 19068 source packages.
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2025-10-02 0:23 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2025-10-02 0:23 [cyber] I: p10/branch packages: +1! +8 (19068) QA Team Robot
ALT Linux Sisyphus cybertalk
This inbox may be cloned and mirrored by anyone:
git clone --mirror http://lore.altlinux.org/sisyphus-cybertalk/0 sisyphus-cybertalk/git/0.git
# If you have public-inbox 1.1+ installed, you may
# initialize and index your mirror using the following commands:
public-inbox-init -V2 sisyphus-cybertalk sisyphus-cybertalk/ http://lore.altlinux.org/sisyphus-cybertalk \
sisyphus-cybertalk@lists.altlinux.org sisyphus-cybertalk@lists.altlinux.ru sisyphus-cybertalk@lists.altlinux.com
public-inbox-index sisyphus-cybertalk
Example config snippet for mirrors.
Newsgroup available over NNTP:
nntp://lore.altlinux.org/org.altlinux.lists.sisyphus-cybertalk
AGPL code for this site: git clone https://public-inbox.org/public-inbox.git