From: QA Team Robot <qa@altlinux.org>
To: sisyphus-cybertalk@lists.altlinux.org
Subject: [cyber] I: p10/branch packages: +2! +4 (19080)
Date: Thu, 20 Nov 2025 00:21:52 +0000
Message-ID: <aR5fIKJ5Lm3oTelv@beehive.mskdc.altlinux.org> (raw)
2 ADDED packages
angelscript - Flexible cross-platform scripting library
* Tue Aug 19 2025 Leontiy Volodin <lvol@altlinux> 2.38.0-alt1
- New version 2.38.0.
- Updated vcs tag.
* Mon Sep 23 2024 Ivan A. Melnikov <iv@altlinux> 2.37.0-alt2
libgamerzilla - Gamerzilla Integration Library
* Thu Oct 12 2023 Igor Vlasenko <viy@altlinux> 0.1.3-alt1_1
- new version
4 UPDATED packages
firefox-esr - The Mozilla Firefox project is a redesign of Mozilla's browser [639M]
* Sun Nov 16 2025 Pavel Vasenkov <pav@altlinux> 140.4.0-alt0.p10.1
- disable build for armh
* Wed Oct 15 2025 Pavel Vasenkov <pav@altlinux> 140.4.0-alt1
- New ESR version.
- Security fixes:
+ CVE-2025-11708 Use-after-free in MediaTrackGraphImpl::GetInstance()
+ CVE-2025-11709 Out of bounds read/write in a privileged process triggered by WebGL textures
+ CVE-2025-11710 Cross-process information leaked due to malicious IPC messages
+ CVE-2025-11711 Some non-writable Object properties could be modified
+ CVE-2025-11712 An OBJECT tag type attribute overrode browser behavior on web resources without a content-type
+ CVE-2025-11713 Potential user-assisted code execution in 'Copy as cURL' command
+ CVE-2025-11714 Memory safety bugs fixed in Firefox ESR 115.29, Firefox ESR 140.4, Thunderbird ESR 140.4, Firefox 144 and Thunderbird 144
+ CVE-2025-11715 Memory safety bugs fixed in Firefox ESR 140.4, Thunderbird ESR 140.4, Firefox 144 and Thunderbird 144
* Wed Oct 15 2025 Pavel Vasenkov <pav@altlinux> 140.3.1-alt1
- New ESR version.
* Tue Sep 23 2025 Pavel Vasenkov <pav@altlinux> 140.3.0-alt1
- New ESR version.
- Security fixes:
+ CVE-2025-10527 Sandbox escape due to use-after-free in the Graphics: Canvas2D component
+ CVE-2025-10528 Sandbox escape due to undefined behavior, invalid pointer in the Graphics: Canvas2D component
+ CVE-2025-10529 Same-origin policy bypass in the Layout component
+ CVE-2025-10532 Incorrect boundary conditions in the JavaScript: GC component
+ CVE-2025-10533 Integer overflow in the SVG component
+ CVE-2025-10536 Information disclosure in the Networking: Cache component
+ CVE-2025-10537 Memory safety bugs fixed in Firefox ESR 140.3, Thunderbird ESR 140.3, Firefox 143 and Thunderbird 143
* Sat Aug 30 2025 Andrey Cherepanov <cas@altlinux> 140.2.0-alt2
- Build with gcc and bfd linker on i586.
* Mon Aug 25 2025 Pavel Vasenkov <pav@altlinux> 140.2.0-alt1
- New ESR version.
- Security fixes:
+ CVE-2025-9179 Sandbox escape due to invalid pointer in the Audio/Video: GMP component
+ CVE-2025-9180 Same-origin policy bypass in the Graphics: Canvas2D component
+ CVE-2025-9181 Uninitialized memory in the JavaScript Engine component
+ CVE-2025-9182 Denial-of-service due to out-of-memory in the Graphics: WebRender component
+ CVE-2025-9183 Spoofing issue in the Address Bar component
+ CVE-2025-9184 Memory safety bugs fixed in Firefox ESR 140.2, Thunderbird ESR 140.2, Firefox 142 and Thunderbird 142
+ CVE-2025-9185 Memory safety bugs fixed in Firefox ESR 115.27, Firefox ESR 128.14, Thunderbird ESR 128.14, Firefox ESR 140.2, Thunderbird ESR
* Sat Jul 26 2025 Pavel Vasenkov <pav@altlinux> 128.13.0-alt1
- New ESR version.
- Security fixes:
+ CVE-2025-8027 JavaScript engine only wrote partial return value to stack
+ CVE-2025-8028 Large branch table could lead to truncated instruction
+ CVE-2025-8029 javascript: URLs executed on object and embed tags
+ CVE-2025-8030 Potential user-assisted code execution in "Copy as cURL" command
+ CVE-2025-8031 Incorrect URL stripping in CSP reports
+ CVE-2025-8032 XSLT documents could bypass CSP
+ CVE-2025-8033 Incorrect JavaScript state machine for generators
+ CVE-2025-8034 Memory safety bugs fixed in Firefox ESR 115.26, Firefox ESR 128.13, Thunderbird ESR 128.13, Firefox ESR 140.1, Thunderbird ESR
+ CVE-2025-8035 Memory safety bugs fixed in Firefox ESR 128.13, Thunderbird ESR 128.13, Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox 141 and
* Sun Jul 06 2025 Pavel Vasenkov <pav@altlinux> 128.12.0-alt1
- New ESR version.
- Security fixes:
+ CVE-2025-6424 Use-after-free in FontFaceSet
+ CVE-2025-6425 The WebCompat WebExtension shipped with Firefox exposed a persistent UUID
+ CVE-2025-6426 No warning when opening executable terminal files on macOS
+ CVE-2025-6429 Incorrect parsing of URLs could have allowed embedding of youtube.com
+ CVE-2025-6430 Content-Disposition header ignored when a file is included in an embed or object tag
* Wed Jun 18 2025 Pavel Vasenkov <pav@altlinux> 128.11.0-alt1
- New ESR version.
- Exclude i586 arch due to idle time limit exceeded
- Security fixes:
+ CVE-2025-5283 Double-free in libvpx encoder
+ CVE-2025-5263 Error handling for script execution was incorrectly isolated from web content
+ CVE-2025-5264 Potential local code execution in "Copy as cURL command"
+ CVE-2025-5265 Potential local code execution in "Copy as cURL command"
+ CVE-2025-5266 Script element events leaked cross-origin resource status
+ CVE-2025-5267 Clickjacking vulnerability could have led to leaking saved payment card details
+ CVE-2025-5268 Memory safety bugs fixed in Firefox 139, Thunderbird 139, Firefox ESR 128.11, and Thunderbird 128.11
+ CVE-2025-5269 Memory safety bug fixed in Firefox ESR 128.11 and Thunderbird 128.11
* Wed May 21 2025 Pavel Vasenkov <pav@altlinux> 128.10.1-alt1
lilypond - A program for printing sheet music [15M]
* Sun Oct 15 2023 Artyom Bystrov <arbars@altlinux> 2.24.2-alt1
- Update to new version
* Tue Jul 18 2023 Artyom Bystrov <arbars@altlinux> 2.22.1-alt2
- Fix build on GCC13
* Tue Aug 03 2021 Aleksei Nikiforov <darktemplar@altlinux> 2.22.1-alt1
- Updated to stable upstream version 2.22.1.
* Thu Feb 04 2021 Aleksei Nikiforov <darktemplar@altlinux> 2.22.0-alt1
supertuxkart - SuperTuxKart is a kart racing game [28M]
* Tue Oct 21 2025 Leontiy Volodin <lvol@altlinux> 1.5-alt1
- New version 1.5.
* Fri Aug 15 2025 Leontiy Volodin <lvol@altlinux> 1.5-alt0.2.rc1
- New release-candidate version 1.5-rc1.
* Fri Dec 20 2024 Leontiy Volodin <lvol@altlinux> 1.5-alt0.1.beta1
- New beta version 1.5-beta1.
- Built with gamerzilla support.
* Tue Jul 02 2024 Leontiy Volodin <lvol@altlinux> 1.4-alt3
- Excluded non-executable optimize_data.sh script (ALT #50286).
- Built with system angelscript instead built-in.
* Thu Jun 22 2023 Leontiy Volodin <lvol@altlinux> 1.4-alt2
- Fixed build on gcc13.
* Tue Nov 01 2022 Leontiy Volodin <lvol@altlinux> 1.4-alt1
supertuxkart-data - SuperTuxKart is a kart racing game [656M]
* Tue Oct 21 2025 Leontiy Volodin <lvol@altlinux> 1.5-alt1
- New version 1.5.
* Fri Aug 15 2025 Leontiy Volodin <lvol@altlinux> 1.5-alt0.2.rc1
- New release-candidate version (1.5-rc1).
* Fri Dec 20 2024 Leontiy Volodin <lvol@altlinux> 1.5-alt0.1.beta1
- New beta version (1.5-beta1).
* Tue Nov 01 2022 Leontiy Volodin <lvol@altlinux> 1.4-alt1
Total 19080 source packages.
reply other threads:[~2025-11-20 0:21 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=aR5fIKJ5Lm3oTelv@beehive.mskdc.altlinux.org \
--to=qa@altlinux.org \
--cc=devel@lists.altlinux.org \
--cc=sisyphus-cybertalk@lists.altlinux.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
ALT Linux Sisyphus cybertalk
This inbox may be cloned and mirrored by anyone:
git clone --mirror http://lore.altlinux.org/sisyphus-cybertalk/0 sisyphus-cybertalk/git/0.git
# If you have public-inbox 1.1+ installed, you may
# initialize and index your mirror using the following commands:
public-inbox-init -V2 sisyphus-cybertalk sisyphus-cybertalk/ http://lore.altlinux.org/sisyphus-cybertalk \
sisyphus-cybertalk@lists.altlinux.org sisyphus-cybertalk@lists.altlinux.ru sisyphus-cybertalk@lists.altlinux.com
public-inbox-index sisyphus-cybertalk
Example config snippet for mirrors.
Newsgroup available over NNTP:
nntp://lore.altlinux.org/org.altlinux.lists.sisyphus-cybertalk
AGPL code for this site: git clone https://public-inbox.org/public-inbox.git