From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: DKIM-Filter: OpenDKIM Filter v2.11.0 mskdc-relay.altlinux.org 2BA8B600D1 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=altlinux.org; s=relay-alt2025; t=1761265105; bh=i3PvbJ7AHTryAIlBYzmtfzDG3BuGaSp8JIu5oUm6wek=; h=Date:From:To:Subject:From; b=EfOV75u2JMjP0GyZ7XGwUUq3lmY1nUMsGGvTs41RNXQNzlqRoU4lzZJMLZAejnDzP ILUNk0PvXKfUtzbFny23UqERMCEQxkfMfjcUxZtfVF6B9F0vLk/4231Xd4+pKl08CY YldohX/ES9rFWVFSYmETAtq1S42AJU7YQad9GenU= Date: Fri, 24 Oct 2025 00:18:25 +0000 From: QA Team Robot To: sisyphus-cybertalk@lists.altlinux.org Message-ID: Mail-Followup-To: sisyphus-cybertalk@lists.altlinux.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Subject: [cyber] I: p11/branch packages: +3! +20 (19874) X-BeenThere: sisyphus-cybertalk@lists.altlinux.org X-Mailman-Version: 2.1.12 Precedence: list Reply-To: devel@lists.altlinux.org List-Id: ALT Linux Sisyphus cybertalk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 24 Oct 2025 00:18:25 -0000 Archived-At: List-Archive: 3 ADDED packages grass-sass - Sass compiler written purely in Rust * Tue Sep 30 2025 Sergey Konev 0.13.4-alt2 - NMU: Add 'Conflicts: grass' (Closes: #55046) * Sun Mar 16 2025 Ildar Mulyukov 0.13.4-alt1 kernel-modules-drbd9-talos - Kernel driver for DRBD * Thu Oct 23 2025 Maxim Slipenko 1:9.2.12-alt1.396333.1 - Build for kernel-image-talos-6.12.45-alt1. normcap - OCR powered screen-capture tool to capture information instead of images [74M] * Thu Sep 25 2025 Aleksandr Shamaraev 0.6.0-alt4 - remove update check * Sat Sep 20 2025 Aleksandr Shamaraev 0.6.0-alt3 - add locales * Thu Sep 18 2025 Aleksandr Shamaraev 0.6.0-alt2 - add requires xsel * Tue Sep 02 2025 Aleksandr Shamaraev 0.6.0-alt1 20 UPDATED packages 389-ds-base - 389 Directory Server (base) [59M] * Thu Oct 02 2025 Stanislav Levin 3.1.3-alt3 - Backported fixes for https://github.com/389ds/389-ds-base/issues/6857 * Mon Sep 01 2025 Stanislav Levin 3.1.3-alt2 - Fixed FTBFS (rust 1.89). * Mon Jun 30 2025 Stanislav Levin 3.1.3-alt1 - 3.1.2 -> 3.1.3. * Mon Feb 03 2025 Stanislav Levin 3.1.2-alt2 anki2 - Flashcard program for using space repetition learning [455M] * Thu Aug 28 2025 Alexander Stepchenko 25.07.5-alt1 - Update to 25.07.5. * Thu Aug 28 2025 Alexander Stepchenko 24.11-alt2 - Fix build with rust 1.89. * Mon Dec 09 2024 Alexander Stepchenko 24.11-alt1 ca-certificates - Common CA Certificates * Mon Sep 08 2025 Ajrat Makhmutov 2025.09.08-alt1 - mozilla: sync with nss-3.115.1. * Tue Jul 29 2025 Ajrat Makhmutov 2025.07.29-alt1 - mozilla: sync with nss-3.114. * Mon May 12 2025 Ajrat Makhmutov 2025.05.12-alt1 - mozilla: sync with nss-3.111. * Mon Feb 10 2025 Ajrat Makhmutov 2025.02.10-alt1 certmonger - Certificate status monitor and PKI enrollment client * Thu Oct 02 2025 Stanislav Levin 0.79.21-alt1 - 0.79.20 -> 0.79.21. * Tue Sep 02 2025 Stanislav Levin 0.79.20-alt3 - Fixed FTBFS (temporarily xfail nss dbm tests). * Mon Jun 24 2024 Stanislav Levin 0.79.20-alt2 chromium - An open source web browser developed by Google [2315M] * Wed Oct 15 2025 Andrey Cherepanov 141.0.7390.76-alt0.p11.1 - Backport new version with security fixes to p11 branch. * Fri Oct 10 2025 Andrew A. Vasilyev 141.0.7390.76-alt1 - New version (141.0.7390.76). - Disable LTO on aarch64. * Wed Oct 08 2025 Andrew A. Vasilyev 141.0.7390.65-alt1 - New version (141.0.7390.65). - Fix CHROME_WRAPPER (Closes #40695). - Fixes: + CVE-2025-11458: Heap buffer overflow in Sync + CVE-2025-11460: Use after free in Storage * Wed Oct 01 2025 Andrew A. Vasilyev 141.0.7390.54-alt1 - New version (141.0.7390.54). - Fixes: + CVE-2025-11205: Heap buffer overflow in WebGPU + CVE-2025-11206: Heap buffer overflow in Video + CVE-2025-11207: Side-channel information leakage in Storage + CVE-2025-11208: Inappropriate implementation in Media + CVE-2025-11209: Inappropriate implementation in Omnibox + CVE-2025-11210: Side-channel information leakage in Tab + CVE-2025-11211: Out of bounds read in Media + CVE-2025-11212: Inappropriate implementation in Media + CVE-2025-11213: Inappropriate implementation in Omnibox + CVE-2025-11215: Off by one error in V8 + CVE-2025-11216: Inappropriate implementation in Storage + CVE-2025-11219: Use after free in V8 * Sun Sep 28 2025 Andrey Cherepanov 140.0.7339.207-alt0.p11.1 - Backport new version with security fixes to p11 branch. * Wed Sep 24 2025 Andrew A. Vasilyev 140.0.7339.207-alt1 - New version (140.0.7339.207). - Fixes: + CVE-2025-10890: Side-channel information leakage in V8 + CVE-2025-10891: Integer overflow in V8 + CVE-2025-10892: Integer overflow in V8 * Thu Sep 18 2025 Andrew A. Vasilyev 140.0.7339.185-alt1 - New version (140.0.7339.185). - Fixes: + CVE-2025-10585: Type Confusion in V8 + CVE-2025-10500: Use after free in Dawn + CVE-2025-10501: Use after free in WebRTC + CVE-2025-10502: Heap buffer overflow in ANGLE * Wed Sep 10 2025 Andrew A. Vasilyev 140.0.7339.127-alt1 - New version (140.0.7339.127). - Fixes: + CVE-2025-10200: Use after free in Serviceworker + CVE-2025-10201: Inappropriate implementation in Mojo * Wed Sep 10 2025 Andrey Cherepanov 140.0.7339.80-alt0.p11.1 drbd-reactor - React to DRBD events via plugins. * Fri Sep 19 2025 Andrew A. Vasilyev 1.9.0-alt2 - fix FTBFS (Closes: #55722) * Thu Jul 10 2025 Andrew A. Vasilyev 1.9.0-alt1 - v1.9.0 * Wed Feb 12 2025 Andrew A. Vasilyev 1.8.0-alt1 - v1.8.0 * Sat Dec 21 2024 Andrew A. Vasilyev 1.7.0-alt1 - v1.7.0 * Sun Nov 24 2024 Andrew A. Vasilyev 1.6.0-alt1 - v1.6.0 * Sun Oct 06 2024 Andrew A. Vasilyev 1.5.0-alt1 - v1.5.0 * Sun Aug 18 2024 Andrew A. Vasilyev 1.4.2-alt1 drbd-utils - DRBD user-land tools and scripts * Wed Aug 13 2025 Andrew A. Vasilyev 9.32.0-alt1 - 9.32.0 - drop rgmanager and heartbeat support * Thu Apr 10 2025 Andrew A. Vasilyev 9.31.0-alt1 - 9.31.0 - drop xen support * Thu Jan 23 2025 Andrew A. Vasilyev 9.30.0-alt1 - 9.30.0 * Tue Oct 29 2024 Andrew A. Vasilyev 9.29.0-alt1 - 9.29.0 * Mon Jun 24 2024 Andrew A. Vasilyev 9.28.0-alt1.2 firefox - The Mozilla Firefox project is a redesign of Mozilla's browser [650M] * Wed Sep 17 2025 Ajrat Makhmutov 143.0-alt1 - New version (143.0). - Fixes: + CVE-2025-10527: Sandbox escape due to use-after-free in the Graphics: Canvas2D component + CVE-2025-10528: Sandbox escape due to undefined behavior, invalid pointer in the Graphics: Canvas2D component + CVE-2025-10529: Same-origin policy bypass in the Layout component + CVE-2025-10530: Spoofing issue in the WebAuthn component in Firefox for Android + CVE-2025-10531: Mitigation bypass in the Web Compatibility: Tooling component + CVE-2025-10532: Incorrect boundary conditions in the JavaScript: GC component + CVE-2025-10533: Integer overflow in the SVG component + CVE-2025-10534: Spoofing issue in the Site Permissions component + CVE-2025-10535: Information disclosure, mitigation bypass in the Privacy component in Firefox for Android + CVE-2025-10536: Information disclosure in the Networking: Cache component + CVE-2025-10537: Memory safety bugs fixed in Firefox ESR 140.3, Thunderbird ESR 140.3, Firefox 143 and Thunderbird 143 * Fri Aug 29 2025 Ajrat Makhmutov 142.0.1-alt1 - New version (142.0.1). * Tue Aug 19 2025 Ajrat Makhmutov 142.0-alt1 - New version (142.0). - Fixes: + CVE-2025-9179: Sandbox escape due to invalid pointer in the Audio/Video: GMP component + CVE-2025-9180: Same-origin policy bypass in the Graphics: Canvas2D component + CVE-2025-9181: Uninitialized memory in the JavaScript Engine component + CVE-2025-9186: Spoofing issue in the Address Bar component of Firefox Focus for Android + CVE-2025-9182: Denial-of-service due to out-of-memory in the Graphics: WebRender component + CVE-2025-9183: Spoofing issue in the Address Bar component + CVE-2025-9187: Memory safety bugs fixed in Firefox 142 and Thunderbird 142 + CVE-2025-9184: Memory safety bugs fixed in Firefox ESR 140.2, Thunderbird ESR 140.2, Firefox 142 and Thunderbird 142 + CVE-2025-9185: Memory safety bugs fixed in Firefox ESR 115.27, Firefox ESR 128.14, Thunderbird ESR 128.14, Firefox ESR 140.2, Thunderbird ESR 140.2, Firefox 142 and Thunderbird 142 * Thu Aug 07 2025 Ajrat Makhmutov 141.0.3-alt1 - New version (141.0.3). * Wed Aug 06 2025 Ajrat Makhmutov 141.0.2-alt1 firefox-esr - The Mozilla Firefox project is a redesign of Mozilla's browser [639M] * Wed Oct 15 2025 Pavel Vasenkov 140.4.0-alt1 - New ESR version. - Security fixes: + CVE-2025-11708 Use-after-free in MediaTrackGraphImpl::GetInstance() + CVE-2025-11709 Out of bounds read/write in a privileged process triggered by WebGL textures + CVE-2025-11710 Cross-process information leaked due to malicious IPC messages + CVE-2025-11711 Some non-writable Object properties could be modified + CVE-2025-11712 An OBJECT tag type attribute overrode browser behavior on web resources without a content-type + CVE-2025-11713 Potential user-assisted code execution in 'Copy as cURL' command + CVE-2025-11714 Memory safety bugs fixed in Firefox ESR 115.29, Firefox ESR 140.4, Thunderbird ESR 140.4, Firefox 144 and Thunderbird 144 + CVE-2025-11715 Memory safety bugs fixed in Firefox ESR 140.4, Thunderbird ESR 140.4, Firefox 144 and Thunderbird 144 * Wed Oct 15 2025 Pavel Vasenkov 140.3.1-alt1 - New ESR version. * Tue Sep 23 2025 Pavel Vasenkov 140.3.0-alt1 - New ESR version. - Security fixes: + CVE-2025-10527 Sandbox escape due to use-after-free in the Graphics: Canvas2D component + CVE-2025-10528 Sandbox escape due to undefined behavior, invalid pointer in the Graphics: Canvas2D component + CVE-2025-10529 Same-origin policy bypass in the Layout component + CVE-2025-10532 Incorrect boundary conditions in the JavaScript: GC component + CVE-2025-10533 Integer overflow in the SVG component + CVE-2025-10536 Information disclosure in the Networking: Cache component + CVE-2025-10537 Memory safety bugs fixed in Firefox ESR 140.3, Thunderbird ESR 140.3, Firefox 143 and Thunderbird 143 * Sat Aug 30 2025 Andrey Cherepanov 140.2.0-alt2 fractal - Matrix messaging app for GNOME written in Rust [67M] * Sat Mar 15 2025 Ildar Mulyukov 10.1-alt1 - new version * Sat May 25 2024 Ildar Mulyukov 7-alt1 freeipa - The Identity, Policy and Audit system * Tue Sep 02 2025 Stanislav Levin 4.12.4-alt5 - Fixed FTBFS (temporarily xfail nss dbm tests). * Tue Jul 22 2025 Stanislav Levin 4.12.4-alt4 - Backported upstream HSM fixes. * Thu Jul 10 2025 Stanislav Levin 4.12.4-alt3 - Dropped excessive dependency on samba-dc-mitkrb5 (closes: #50444). * Mon Jun 30 2025 Stanislav Levin 4.12.4-alt2 - Added support for libp11 0.4.14. - Dropped dependency on deprecated pkg_resources. * Tue Jun 17 2025 Stanislav Levin 4.12.4-alt1 libcxx - C++ standard library targeting C++11 [10M] * Tue Sep 16 2025 Andrey Cherepanov 20.1.7-alt1 - Update to new version 20.1.7 (thanks nash@). * Sat Jan 18 2025 Andrey Cherepanov 19.1.5-alt1.p10.1 Note: changelog entry for 19.1.5-alt2 not found. nss - Netscape Network Security Services(NSS) [52M] * Sat Oct 11 2025 Ajrat Makhmutov 3.117-alt1 - New version (3.117). - Fix FTBFS in mozilla products. - Certificate Authority Changes: + Add CN=OISTE Client Root ECC G1 + Add CN=OISTE Client Root RSA G1 + Add CN=OISTE Server Root ECC G1 + Add CN=OISTE Server Root RSA G1 * Sat Sep 20 2025 Ajrat Makhmutov 3.116-alt1 - New version (3.116). * Mon Sep 08 2025 Ajrat Makhmutov 3.115.1-alt1 - New version (3.115.1). - Certificate Authority Changes: + Remove CN=DigiNotar Root CA * Tue Jul 29 2025 Ajrat Makhmutov 3.114-alt1 - New version (3.114). - Certificate Authority Changes: + Remove CN=Baltimore CyberTrust Root,OU=CyberTrust + Add CN=SwissSign RSA SMIME Root CA 2022 - 1 + Add CN=SwissSign RSA TLS Root CA 2022 - 1 + Add CN=TrustAsia SMIME ECC Root CA + Add CN=TrustAsia SMIME RSA Root CA + Add CN=TrustAsia TLS ECC Root CA + Add CN=TrustAsia TLS RSA Root CA * Sat Jul 05 2025 Ajrat Makhmutov 3.113.1-alt1 - New version (3.113.1). * Thu Jun 26 2025 Ajrat Makhmutov 3.113-alt1 rocs - Graph Theory * Mon Sep 29 2025 Sergey V Turchin 25.08.1-alt1 - new version * Mon Apr 14 2025 Sergey V Turchin 24.12.3-alt1 - new version * Wed Feb 19 2025 Sergey V Turchin 24.12.2-alt1 rust - The Rust Programming Language [232M] * Fri Aug 22 2025 Sergey Zhidkih 1:1.89.0-alt1 - New version (1.89.0). - Add wasm32-unknown-unknown target support (Closes: 55591). * Fri Jun 27 2025 Ajrat Makhmutov 1:1.88.0-alt1 thunderbird - Thunderbird is Mozilla's e-mail client [762M] * Wed Sep 17 2025 Ajrat Makhmutov 143.0-alt1 - New version. - Fixes: + CVE-2025-10527: Sandbox escape due to use-after-free in the Graphics: Canvas2D component + CVE-2025-10528: Sandbox escape due to undefined behavior, invalid pointer in the Graphics: Canvas2D component + CVE-2025-10529: Same-origin policy bypass in the Layout component + CVE-2025-10530: Spoofing issue in the WebAuthn component in Firefox for Android + CVE-2025-10531: Mitigation bypass in the Web Compatibility: Tooling component + CVE-2025-10532: Incorrect boundary conditions in the JavaScript: GC component + CVE-2025-10533: Integer overflow in the SVG component + CVE-2025-10534: Spoofing issue in the Site Permissions component + CVE-2025-10536: Information disclosure in the Networking: Cache component + CVE-2025-10537: Memory safety bugs fixed in Firefox ESR 140.3, Thunderbird ESR 140.3, Firefox 143 and Thunderbird 143 * Wed Aug 20 2025 Ajrat Makhmutov 142.0-alt1 - New version. - Fixes: + CVE-2025-9179: Sandbox escape due to invalid pointer in the Audio/Video: GMP component + CVE-2025-9180: Same-origin policy bypass in the Graphics: Canvas2D component + CVE-2025-9181: Uninitialized memory in the JavaScript Engine component + CVE-2025-9182: Denial-of-service due to out-of-memory in the Graphics: WebRender component + CVE-2025-9187: Memory safety bugs fixed in Firefox 142 and Thunderbird 142 + CVE-2025-9184: Memory safety bugs fixed in Firefox ESR 140.2, Thunderbird ESR 140.2, Firefox 142 and Thunderbird 142 + CVE-2025-9185: Memory safety bugs fixed in Firefox ESR 115.27, Firefox ESR 128.14, Thunderbird ESR 128.14, Firefox ESR 140.2, Thunderbird ESR 140.2, Firefox 142 and Thunderbird 142 * Tue Jul 29 2025 Ajrat Makhmutov 141.0-alt1 turnon - Turn on devices in your network [12M] * Tue Sep 02 2025 Yuri N. Sedunov 2.8.1-alt1 - 2.8.1 * Wed Aug 13 2025 Yuri N. Sedunov 2.7.4-alt1 - 2.7.4 * Tue Jun 17 2025 Yuri N. Sedunov 2.7.2-alt1 - 2.7.2 * Thu Jun 05 2025 Yuri N. Sedunov 2.7.1-alt1 - 2.7.1 - use full path in dbus service file (ALT #53609) * Wed May 21 2025 Yuri N. Sedunov 2.6.7-alt1 - 2.6.7 * Tue Apr 22 2025 Yuri N. Sedunov 2.6.0-alt1 - 2.6.0 * Sun Apr 06 2025 Yuri N. Sedunov 2.5.2-alt1 - 2.5.2 * Thu Apr 03 2025 Yuri N. Sedunov 2.5.1-alt1 - 2.5.1 * Tue Apr 01 2025 Yuri N. Sedunov 2.5.0-alt1 - 2.5.0 * Tue Mar 25 2025 Yuri N. Sedunov 2.4.1-alt1 - 2.4.1 * Mon Mar 24 2025 Yuri N. Sedunov 2.4.0-alt1 - 2.4.0 * Mon Feb 17 2025 Yuri N. Sedunov 2.3.4-alt1 umbrello - UML Modeller * Mon Sep 29 2025 Sergey V Turchin 25.08.1-alt1 - new version * Mon Apr 14 2025 Sergey V Turchin 24.12.3-alt1 - new version * Wed Feb 19 2025 Sergey V Turchin 24.12.2-alt1 - new version * Fri Nov 08 2024 Sergey V Turchin 24.08.2-alt1 vector - A lightweight and ultra-fast tool for building observability pipelines [122M] * Sun Sep 28 2025 Ilya Muhamadeev 0.49.0-alt1 - New version. * Fri Aug 08 2025 Ilya Muhamadeev 0.48.0-alt1 zxing-cpp - C++ port of ZXing * Mon Sep 01 2025 Aleksandr Shamaraev 2.3.0-alt4 - NMU: python3-module-zxing-cpp added (ALT #55702) * Mon Jan 06 2025 Andrey Cherepanov 2.3.0-alt3 - Remove qt and opencv requires because they are needed by examples. - Set license to Apache-2.0. - Official URL https://github.com/zxing-cpp/zxing-cpp. * Sat Jan 04 2025 Andrey Cherepanov 2.3.0-alt2 - Packaged executables. * Thu Jan 02 2025 Andrey Cherepanov 2.3.0-alt1 - New version. * Mon Dec 11 2023 Andrey Cherepanov 2.2.1-alt1 Total 19874 source packages.