From: QA Team Robot <qa@altlinux.org>
To: sisyphus-cybertalk@lists.altlinux.org
Subject: [cyber] I: p11/branch packages: +3! +20 (19874)
Date: Fri, 24 Oct 2025 00:18:25 +0000
Message-ID: <aPrF0TAnMiQLmAgE@beehive.mskdc.altlinux.org> (raw)
3 ADDED packages
grass-sass - Sass compiler written purely in Rust
* Tue Sep 30 2025 Sergey Konev <darisishe@altlinux> 0.13.4-alt2
- NMU: Add 'Conflicts: grass' (Closes: #55046)
* Sun Mar 16 2025 Ildar Mulyukov <ildar@altlinux> 0.13.4-alt1
kernel-modules-drbd9-talos - Kernel driver for DRBD
* Thu Oct 23 2025 Maxim Slipenko <maks1ms@altlinux> 1:9.2.12-alt1.396333.1
- Build for kernel-image-talos-6.12.45-alt1.
normcap - OCR powered screen-capture tool to capture information instead of images [74M]
* Thu Sep 25 2025 Aleksandr Shamaraev <shad@altlinux> 0.6.0-alt4
- remove update check
* Sat Sep 20 2025 Aleksandr Shamaraev <shad@altlinux> 0.6.0-alt3
- add locales
* Thu Sep 18 2025 Aleksandr Shamaraev <shad@altlinux> 0.6.0-alt2
- add requires xsel
* Tue Sep 02 2025 Aleksandr Shamaraev <shad@altlinux> 0.6.0-alt1
20 UPDATED packages
389-ds-base - 389 Directory Server (base) [59M]
* Thu Oct 02 2025 Stanislav Levin <slev@altlinux> 3.1.3-alt3
- Backported fixes for https://github.com/389ds/389-ds-base/issues/6857
* Mon Sep 01 2025 Stanislav Levin <slev@altlinux> 3.1.3-alt2
- Fixed FTBFS (rust 1.89).
* Mon Jun 30 2025 Stanislav Levin <slev@altlinux> 3.1.3-alt1
- 3.1.2 -> 3.1.3.
* Mon Feb 03 2025 Stanislav Levin <slev@altlinux> 3.1.2-alt2
anki2 - Flashcard program for using space repetition learning [455M]
* Thu Aug 28 2025 Alexander Stepchenko <geochip@altlinux> 25.07.5-alt1
- Update to 25.07.5.
* Thu Aug 28 2025 Alexander Stepchenko <geochip@altlinux> 24.11-alt2
- Fix build with rust 1.89.
* Mon Dec 09 2024 Alexander Stepchenko <geochip@altlinux> 24.11-alt1
ca-certificates - Common CA Certificates
* Mon Sep 08 2025 Ajrat Makhmutov <rauty@altlinux> 2025.09.08-alt1
- mozilla: sync with nss-3.115.1.
* Tue Jul 29 2025 Ajrat Makhmutov <rauty@altlinux> 2025.07.29-alt1
- mozilla: sync with nss-3.114.
* Mon May 12 2025 Ajrat Makhmutov <rauty@altlinux> 2025.05.12-alt1
- mozilla: sync with nss-3.111.
* Mon Feb 10 2025 Ajrat Makhmutov <rauty@altlinux> 2025.02.10-alt1
certmonger - Certificate status monitor and PKI enrollment client
* Thu Oct 02 2025 Stanislav Levin <slev@altlinux> 0.79.21-alt1
- 0.79.20 -> 0.79.21.
* Tue Sep 02 2025 Stanislav Levin <slev@altlinux> 0.79.20-alt3
- Fixed FTBFS (temporarily xfail nss dbm tests).
* Mon Jun 24 2024 Stanislav Levin <slev@altlinux> 0.79.20-alt2
chromium - An open source web browser developed by Google [2315M]
* Wed Oct 15 2025 Andrey Cherepanov <cas@altlinux> 141.0.7390.76-alt0.p11.1
- Backport new version with security fixes to p11 branch.
* Fri Oct 10 2025 Andrew A. Vasilyev <andy@altlinux> 141.0.7390.76-alt1
- New version (141.0.7390.76).
- Disable LTO on aarch64.
* Wed Oct 08 2025 Andrew A. Vasilyev <andy@altlinux> 141.0.7390.65-alt1
- New version (141.0.7390.65).
- Fix CHROME_WRAPPER (Closes #40695).
- Fixes:
+ CVE-2025-11458: Heap buffer overflow in Sync
+ CVE-2025-11460: Use after free in Storage
* Wed Oct 01 2025 Andrew A. Vasilyev <andy@altlinux> 141.0.7390.54-alt1
- New version (141.0.7390.54).
- Fixes:
+ CVE-2025-11205: Heap buffer overflow in WebGPU
+ CVE-2025-11206: Heap buffer overflow in Video
+ CVE-2025-11207: Side-channel information leakage in Storage
+ CVE-2025-11208: Inappropriate implementation in Media
+ CVE-2025-11209: Inappropriate implementation in Omnibox
+ CVE-2025-11210: Side-channel information leakage in Tab
+ CVE-2025-11211: Out of bounds read in Media
+ CVE-2025-11212: Inappropriate implementation in Media
+ CVE-2025-11213: Inappropriate implementation in Omnibox
+ CVE-2025-11215: Off by one error in V8
+ CVE-2025-11216: Inappropriate implementation in Storage
+ CVE-2025-11219: Use after free in V8
* Sun Sep 28 2025 Andrey Cherepanov <cas@altlinux> 140.0.7339.207-alt0.p11.1
- Backport new version with security fixes to p11 branch.
* Wed Sep 24 2025 Andrew A. Vasilyev <andy@altlinux> 140.0.7339.207-alt1
- New version (140.0.7339.207).
- Fixes:
+ CVE-2025-10890: Side-channel information leakage in V8
+ CVE-2025-10891: Integer overflow in V8
+ CVE-2025-10892: Integer overflow in V8
* Thu Sep 18 2025 Andrew A. Vasilyev <andy@altlinux> 140.0.7339.185-alt1
- New version (140.0.7339.185).
- Fixes:
+ CVE-2025-10585: Type Confusion in V8
+ CVE-2025-10500: Use after free in Dawn
+ CVE-2025-10501: Use after free in WebRTC
+ CVE-2025-10502: Heap buffer overflow in ANGLE
* Wed Sep 10 2025 Andrew A. Vasilyev <andy@altlinux> 140.0.7339.127-alt1
- New version (140.0.7339.127).
- Fixes:
+ CVE-2025-10200: Use after free in Serviceworker
+ CVE-2025-10201: Inappropriate implementation in Mojo
* Wed Sep 10 2025 Andrey Cherepanov <cas@altlinux> 140.0.7339.80-alt0.p11.1
drbd-reactor - React to DRBD events via plugins.
* Fri Sep 19 2025 Andrew A. Vasilyev <andy@altlinux> 1.9.0-alt2
- fix FTBFS (Closes: #55722)
* Thu Jul 10 2025 Andrew A. Vasilyev <andy@altlinux> 1.9.0-alt1
- v1.9.0
* Wed Feb 12 2025 Andrew A. Vasilyev <andy@altlinux> 1.8.0-alt1
- v1.8.0
* Sat Dec 21 2024 Andrew A. Vasilyev <andy@altlinux> 1.7.0-alt1
- v1.7.0
* Sun Nov 24 2024 Andrew A. Vasilyev <andy@altlinux> 1.6.0-alt1
- v1.6.0
* Sun Oct 06 2024 Andrew A. Vasilyev <andy@altlinux> 1.5.0-alt1
- v1.5.0
* Sun Aug 18 2024 Andrew A. Vasilyev <andy@altlinux> 1.4.2-alt1
drbd-utils - DRBD user-land tools and scripts
* Wed Aug 13 2025 Andrew A. Vasilyev <andy@altlinux> 9.32.0-alt1
- 9.32.0
- drop rgmanager and heartbeat support
* Thu Apr 10 2025 Andrew A. Vasilyev <andy@altlinux> 9.31.0-alt1
- 9.31.0
- drop xen support
* Thu Jan 23 2025 Andrew A. Vasilyev <andy@altlinux> 9.30.0-alt1
- 9.30.0
* Tue Oct 29 2024 Andrew A. Vasilyev <andy@altlinux> 9.29.0-alt1
- 9.29.0
* Mon Jun 24 2024 Andrew A. Vasilyev <andy@altlinux> 9.28.0-alt1.2
firefox - The Mozilla Firefox project is a redesign of Mozilla's browser [650M]
* Wed Sep 17 2025 Ajrat Makhmutov <rauty@altlinux> 143.0-alt1
- New version (143.0).
- Fixes:
+ CVE-2025-10527: Sandbox escape due to use-after-free in the Graphics: Canvas2D component
+ CVE-2025-10528: Sandbox escape due to undefined behavior, invalid pointer in the Graphics: Canvas2D component
+ CVE-2025-10529: Same-origin policy bypass in the Layout component
+ CVE-2025-10530: Spoofing issue in the WebAuthn component in Firefox for Android
+ CVE-2025-10531: Mitigation bypass in the Web Compatibility: Tooling component
+ CVE-2025-10532: Incorrect boundary conditions in the JavaScript: GC component
+ CVE-2025-10533: Integer overflow in the SVG component
+ CVE-2025-10534: Spoofing issue in the Site Permissions component
+ CVE-2025-10535: Information disclosure, mitigation bypass in the Privacy component in Firefox for Android
+ CVE-2025-10536: Information disclosure in the Networking: Cache component
+ CVE-2025-10537: Memory safety bugs fixed in Firefox ESR 140.3, Thunderbird ESR 140.3, Firefox 143 and Thunderbird 143
* Fri Aug 29 2025 Ajrat Makhmutov <rauty@altlinux> 142.0.1-alt1
- New version (142.0.1).
* Tue Aug 19 2025 Ajrat Makhmutov <rauty@altlinux> 142.0-alt1
- New version (142.0).
- Fixes:
+ CVE-2025-9179: Sandbox escape due to invalid pointer in the Audio/Video: GMP component
+ CVE-2025-9180: Same-origin policy bypass in the Graphics: Canvas2D component
+ CVE-2025-9181: Uninitialized memory in the JavaScript Engine component
+ CVE-2025-9186: Spoofing issue in the Address Bar component of Firefox Focus for Android
+ CVE-2025-9182: Denial-of-service due to out-of-memory in the Graphics: WebRender component
+ CVE-2025-9183: Spoofing issue in the Address Bar component
+ CVE-2025-9187: Memory safety bugs fixed in Firefox 142 and Thunderbird 142
+ CVE-2025-9184: Memory safety bugs fixed in Firefox ESR 140.2, Thunderbird ESR 140.2, Firefox 142 and Thunderbird 142
+ CVE-2025-9185: Memory safety bugs fixed in Firefox ESR 115.27, Firefox ESR 128.14, Thunderbird ESR 128.14, Firefox ESR 140.2, Thunderbird ESR 140.2, Firefox 142 and Thunderbird 142
* Thu Aug 07 2025 Ajrat Makhmutov <rauty@altlinux> 141.0.3-alt1
- New version (141.0.3).
* Wed Aug 06 2025 Ajrat Makhmutov <rauty@altlinux> 141.0.2-alt1
firefox-esr - The Mozilla Firefox project is a redesign of Mozilla's browser [639M]
* Wed Oct 15 2025 Pavel Vasenkov <pav@altlinux> 140.4.0-alt1
- New ESR version.
- Security fixes:
+ CVE-2025-11708 Use-after-free in MediaTrackGraphImpl::GetInstance()
+ CVE-2025-11709 Out of bounds read/write in a privileged process triggered by WebGL textures
+ CVE-2025-11710 Cross-process information leaked due to malicious IPC messages
+ CVE-2025-11711 Some non-writable Object properties could be modified
+ CVE-2025-11712 An OBJECT tag type attribute overrode browser behavior on web resources without a content-type
+ CVE-2025-11713 Potential user-assisted code execution in 'Copy as cURL' command
+ CVE-2025-11714 Memory safety bugs fixed in Firefox ESR 115.29, Firefox ESR 140.4, Thunderbird ESR 140.4, Firefox 144 and Thunderbird 144
+ CVE-2025-11715 Memory safety bugs fixed in Firefox ESR 140.4, Thunderbird ESR 140.4, Firefox 144 and Thunderbird 144
* Wed Oct 15 2025 Pavel Vasenkov <pav@altlinux> 140.3.1-alt1
- New ESR version.
* Tue Sep 23 2025 Pavel Vasenkov <pav@altlinux> 140.3.0-alt1
- New ESR version.
- Security fixes:
+ CVE-2025-10527 Sandbox escape due to use-after-free in the Graphics: Canvas2D component
+ CVE-2025-10528 Sandbox escape due to undefined behavior, invalid pointer in the Graphics: Canvas2D component
+ CVE-2025-10529 Same-origin policy bypass in the Layout component
+ CVE-2025-10532 Incorrect boundary conditions in the JavaScript: GC component
+ CVE-2025-10533 Integer overflow in the SVG component
+ CVE-2025-10536 Information disclosure in the Networking: Cache component
+ CVE-2025-10537 Memory safety bugs fixed in Firefox ESR 140.3, Thunderbird ESR 140.3, Firefox 143 and Thunderbird 143
* Sat Aug 30 2025 Andrey Cherepanov <cas@altlinux> 140.2.0-alt2
fractal - Matrix messaging app for GNOME written in Rust [67M]
* Sat Mar 15 2025 Ildar Mulyukov <ildar@altlinux> 10.1-alt1
- new version
* Sat May 25 2024 Ildar Mulyukov <ildar@altlinux> 7-alt1
freeipa - The Identity, Policy and Audit system
* Tue Sep 02 2025 Stanislav Levin <slev@altlinux> 4.12.4-alt5
- Fixed FTBFS (temporarily xfail nss dbm tests).
* Tue Jul 22 2025 Stanislav Levin <slev@altlinux> 4.12.4-alt4
- Backported upstream HSM fixes.
* Thu Jul 10 2025 Stanislav Levin <slev@altlinux> 4.12.4-alt3
- Dropped excessive dependency on samba-dc-mitkrb5 (closes: #50444).
* Mon Jun 30 2025 Stanislav Levin <slev@altlinux> 4.12.4-alt2
- Added support for libp11 0.4.14.
- Dropped dependency on deprecated pkg_resources.
* Tue Jun 17 2025 Stanislav Levin <slev@altlinux> 4.12.4-alt1
libcxx - C++ standard library targeting C++11 [10M]
* Tue Sep 16 2025 Andrey Cherepanov <cas@altlinux> 20.1.7-alt1
- Update to new version 20.1.7 (thanks nash@).
* Sat Jan 18 2025 Andrey Cherepanov <cas@altlinux> 19.1.5-alt1.p10.1
Note: changelog entry for 19.1.5-alt2 not found.
nss - Netscape Network Security Services(NSS) [52M]
* Sat Oct 11 2025 Ajrat Makhmutov <rauty@altlinux> 3.117-alt1
- New version (3.117).
- Fix FTBFS in mozilla products.
- Certificate Authority Changes:
+ Add CN=OISTE Client Root ECC G1
+ Add CN=OISTE Client Root RSA G1
+ Add CN=OISTE Server Root ECC G1
+ Add CN=OISTE Server Root RSA G1
* Sat Sep 20 2025 Ajrat Makhmutov <rauty@altlinux> 3.116-alt1
- New version (3.116).
* Mon Sep 08 2025 Ajrat Makhmutov <rauty@altlinux> 3.115.1-alt1
- New version (3.115.1).
- Certificate Authority Changes:
+ Remove CN=DigiNotar Root CA
* Tue Jul 29 2025 Ajrat Makhmutov <rauty@altlinux> 3.114-alt1
- New version (3.114).
- Certificate Authority Changes:
+ Remove CN=Baltimore CyberTrust Root,OU=CyberTrust
+ Add CN=SwissSign RSA SMIME Root CA 2022 - 1
+ Add CN=SwissSign RSA TLS Root CA 2022 - 1
+ Add CN=TrustAsia SMIME ECC Root CA
+ Add CN=TrustAsia SMIME RSA Root CA
+ Add CN=TrustAsia TLS ECC Root CA
+ Add CN=TrustAsia TLS RSA Root CA
* Sat Jul 05 2025 Ajrat Makhmutov <rauty@altlinux> 3.113.1-alt1
- New version (3.113.1).
* Thu Jun 26 2025 Ajrat Makhmutov <rauty@altlinux> 3.113-alt1
rocs - Graph Theory
* Mon Sep 29 2025 Sergey V Turchin <zerg@altlinux> 25.08.1-alt1
- new version
* Mon Apr 14 2025 Sergey V Turchin <zerg@altlinux> 24.12.3-alt1
- new version
* Wed Feb 19 2025 Sergey V Turchin <zerg@altlinux> 24.12.2-alt1
rust - The Rust Programming Language [232M]
* Fri Aug 22 2025 Sergey Zhidkih <rx1513@altlinux> 1:1.89.0-alt1
- New version (1.89.0).
- Add wasm32-unknown-unknown target support (Closes: 55591).
* Fri Jun 27 2025 Ajrat Makhmutov <rauty@altlinux> 1:1.88.0-alt1
thunderbird - Thunderbird is Mozilla's e-mail client [762M]
* Wed Sep 17 2025 Ajrat Makhmutov <rauty@altlinux> 143.0-alt1
- New version.
- Fixes:
+ CVE-2025-10527: Sandbox escape due to use-after-free in the Graphics: Canvas2D component
+ CVE-2025-10528: Sandbox escape due to undefined behavior, invalid pointer in the Graphics: Canvas2D component
+ CVE-2025-10529: Same-origin policy bypass in the Layout component
+ CVE-2025-10530: Spoofing issue in the WebAuthn component in Firefox for Android
+ CVE-2025-10531: Mitigation bypass in the Web Compatibility: Tooling component
+ CVE-2025-10532: Incorrect boundary conditions in the JavaScript: GC component
+ CVE-2025-10533: Integer overflow in the SVG component
+ CVE-2025-10534: Spoofing issue in the Site Permissions component
+ CVE-2025-10536: Information disclosure in the Networking: Cache component
+ CVE-2025-10537: Memory safety bugs fixed in Firefox ESR 140.3, Thunderbird ESR 140.3, Firefox 143 and Thunderbird 143
* Wed Aug 20 2025 Ajrat Makhmutov <rauty@altlinux> 142.0-alt1
- New version.
- Fixes:
+ CVE-2025-9179: Sandbox escape due to invalid pointer in the Audio/Video: GMP component
+ CVE-2025-9180: Same-origin policy bypass in the Graphics: Canvas2D component
+ CVE-2025-9181: Uninitialized memory in the JavaScript Engine component
+ CVE-2025-9182: Denial-of-service due to out-of-memory in the Graphics: WebRender component
+ CVE-2025-9187: Memory safety bugs fixed in Firefox 142 and Thunderbird 142
+ CVE-2025-9184: Memory safety bugs fixed in Firefox ESR 140.2, Thunderbird ESR 140.2, Firefox 142 and Thunderbird 142
+ CVE-2025-9185: Memory safety bugs fixed in Firefox ESR 115.27, Firefox ESR 128.14, Thunderbird ESR 128.14, Firefox ESR 140.2, Thunderbird ESR 140.2, Firefox 142 and Thunderbird 142
* Tue Jul 29 2025 Ajrat Makhmutov <rauty@altlinux> 141.0-alt1
turnon - Turn on devices in your network [12M]
* Tue Sep 02 2025 Yuri N. Sedunov <aris@altlinux> 2.8.1-alt1
- 2.8.1
* Wed Aug 13 2025 Yuri N. Sedunov <aris@altlinux> 2.7.4-alt1
- 2.7.4
* Tue Jun 17 2025 Yuri N. Sedunov <aris@altlinux> 2.7.2-alt1
- 2.7.2
* Thu Jun 05 2025 Yuri N. Sedunov <aris@altlinux> 2.7.1-alt1
- 2.7.1
- use full path in dbus service file (ALT #53609)
* Wed May 21 2025 Yuri N. Sedunov <aris@altlinux> 2.6.7-alt1
- 2.6.7
* Tue Apr 22 2025 Yuri N. Sedunov <aris@altlinux> 2.6.0-alt1
- 2.6.0
* Sun Apr 06 2025 Yuri N. Sedunov <aris@altlinux> 2.5.2-alt1
- 2.5.2
* Thu Apr 03 2025 Yuri N. Sedunov <aris@altlinux> 2.5.1-alt1
- 2.5.1
* Tue Apr 01 2025 Yuri N. Sedunov <aris@altlinux> 2.5.0-alt1
- 2.5.0
* Tue Mar 25 2025 Yuri N. Sedunov <aris@altlinux> 2.4.1-alt1
- 2.4.1
* Mon Mar 24 2025 Yuri N. Sedunov <aris@altlinux> 2.4.0-alt1
- 2.4.0
* Mon Feb 17 2025 Yuri N. Sedunov <aris@altlinux> 2.3.4-alt1
umbrello - UML Modeller
* Mon Sep 29 2025 Sergey V Turchin <zerg@altlinux> 25.08.1-alt1
- new version
* Mon Apr 14 2025 Sergey V Turchin <zerg@altlinux> 24.12.3-alt1
- new version
* Wed Feb 19 2025 Sergey V Turchin <zerg@altlinux> 24.12.2-alt1
- new version
* Fri Nov 08 2024 Sergey V Turchin <zerg@altlinux> 24.08.2-alt1
vector - A lightweight and ultra-fast tool for building observability pipelines [122M]
* Sun Sep 28 2025 Ilya Muhamadeev <nicourced@altlinux> 0.49.0-alt1
- New version.
* Fri Aug 08 2025 Ilya Muhamadeev <nicourced@altlinux> 0.48.0-alt1
zxing-cpp - C++ port of ZXing
* Mon Sep 01 2025 Aleksandr Shamaraev <shad@altlinux> 2.3.0-alt4
- NMU: python3-module-zxing-cpp added (ALT #55702)
* Mon Jan 06 2025 Andrey Cherepanov <cas@altlinux> 2.3.0-alt3
- Remove qt and opencv requires because they are needed by examples.
- Set license to Apache-2.0.
- Official URL https://github.com/zxing-cpp/zxing-cpp.
* Sat Jan 04 2025 Andrey Cherepanov <cas@altlinux> 2.3.0-alt2
- Packaged executables.
* Thu Jan 02 2025 Andrey Cherepanov <cas@altlinux> 2.3.0-alt1
- New version.
* Mon Dec 11 2023 Andrey Cherepanov <cas@altlinux> 2.2.1-alt1
Total 19874 source packages.
reply other threads:[~2025-10-24 0:18 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=aPrF0TAnMiQLmAgE@beehive.mskdc.altlinux.org \
--to=qa@altlinux.org \
--cc=devel@lists.altlinux.org \
--cc=sisyphus-cybertalk@lists.altlinux.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
ALT Linux Sisyphus cybertalk
This inbox may be cloned and mirrored by anyone:
git clone --mirror http://lore.altlinux.org/sisyphus-cybertalk/0 sisyphus-cybertalk/git/0.git
# If you have public-inbox 1.1+ installed, you may
# initialize and index your mirror using the following commands:
public-inbox-init -V2 sisyphus-cybertalk sisyphus-cybertalk/ http://lore.altlinux.org/sisyphus-cybertalk \
sisyphus-cybertalk@lists.altlinux.org sisyphus-cybertalk@lists.altlinux.ru sisyphus-cybertalk@lists.altlinux.com
public-inbox-index sisyphus-cybertalk
Example config snippet for mirrors.
Newsgroup available over NNTP:
nntp://lore.altlinux.org/org.altlinux.lists.sisyphus-cybertalk
AGPL code for this site: git clone https://public-inbox.org/public-inbox.git