From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: DKIM-Filter: OpenDKIM Filter v2.11.0 mskdc-relay.altlinux.org CB744600D3 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=altlinux.org; s=relay-alt2025; t=1763598112; bh=cubX7DUtIMrKIz4eRHZcJMqZTU5KywWSGNDcVtMQoZU=; h=Date:From:To:Subject:From; b=nh4xsAwNen8gO2Brbssj+7kbowwoT85Fq2dPjWNYx38Qku6hjzTWz/P3oelVNZQXb AJ4WLSJpMwaidtFD4ekx8lQeiRgNlUpNaLmTexhxfnn36fzNxVPbwHbTdhwnKQ3K8t 071q7un9vlqDsFHKKgGq4sNEdTkH46o6RDBw/aR0= Date: Thu, 20 Nov 2025 00:21:52 +0000 From: QA Team Robot To: sisyphus-cybertalk@lists.altlinux.org Message-ID: Mail-Followup-To: sisyphus-cybertalk@lists.altlinux.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Subject: [cyber] I: p10/branch packages: +2! +4 (19080) X-BeenThere: sisyphus-cybertalk@lists.altlinux.org X-Mailman-Version: 2.1.12 Precedence: list Reply-To: devel@lists.altlinux.org List-Id: ALT Linux Sisyphus cybertalk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 20 Nov 2025 00:21:53 -0000 Archived-At: List-Archive: 2 ADDED packages angelscript - Flexible cross-platform scripting library * Tue Aug 19 2025 Leontiy Volodin 2.38.0-alt1 - New version 2.38.0. - Updated vcs tag. * Mon Sep 23 2024 Ivan A. Melnikov 2.37.0-alt2 libgamerzilla - Gamerzilla Integration Library * Thu Oct 12 2023 Igor Vlasenko 0.1.3-alt1_1 - new version 4 UPDATED packages firefox-esr - The Mozilla Firefox project is a redesign of Mozilla's browser [639M] * Sun Nov 16 2025 Pavel Vasenkov 140.4.0-alt0.p10.1 - disable build for armh * Wed Oct 15 2025 Pavel Vasenkov 140.4.0-alt1 - New ESR version. - Security fixes: + CVE-2025-11708 Use-after-free in MediaTrackGraphImpl::GetInstance() + CVE-2025-11709 Out of bounds read/write in a privileged process triggered by WebGL textures + CVE-2025-11710 Cross-process information leaked due to malicious IPC messages + CVE-2025-11711 Some non-writable Object properties could be modified + CVE-2025-11712 An OBJECT tag type attribute overrode browser behavior on web resources without a content-type + CVE-2025-11713 Potential user-assisted code execution in 'Copy as cURL' command + CVE-2025-11714 Memory safety bugs fixed in Firefox ESR 115.29, Firefox ESR 140.4, Thunderbird ESR 140.4, Firefox 144 and Thunderbird 144 + CVE-2025-11715 Memory safety bugs fixed in Firefox ESR 140.4, Thunderbird ESR 140.4, Firefox 144 and Thunderbird 144 * Wed Oct 15 2025 Pavel Vasenkov 140.3.1-alt1 - New ESR version. * Tue Sep 23 2025 Pavel Vasenkov 140.3.0-alt1 - New ESR version. - Security fixes: + CVE-2025-10527 Sandbox escape due to use-after-free in the Graphics: Canvas2D component + CVE-2025-10528 Sandbox escape due to undefined behavior, invalid pointer in the Graphics: Canvas2D component + CVE-2025-10529 Same-origin policy bypass in the Layout component + CVE-2025-10532 Incorrect boundary conditions in the JavaScript: GC component + CVE-2025-10533 Integer overflow in the SVG component + CVE-2025-10536 Information disclosure in the Networking: Cache component + CVE-2025-10537 Memory safety bugs fixed in Firefox ESR 140.3, Thunderbird ESR 140.3, Firefox 143 and Thunderbird 143 * Sat Aug 30 2025 Andrey Cherepanov 140.2.0-alt2 - Build with gcc and bfd linker on i586. * Mon Aug 25 2025 Pavel Vasenkov 140.2.0-alt1 - New ESR version. - Security fixes: + CVE-2025-9179 Sandbox escape due to invalid pointer in the Audio/Video: GMP component + CVE-2025-9180 Same-origin policy bypass in the Graphics: Canvas2D component + CVE-2025-9181 Uninitialized memory in the JavaScript Engine component + CVE-2025-9182 Denial-of-service due to out-of-memory in the Graphics: WebRender component + CVE-2025-9183 Spoofing issue in the Address Bar component + CVE-2025-9184 Memory safety bugs fixed in Firefox ESR 140.2, Thunderbird ESR 140.2, Firefox 142 and Thunderbird 142 + CVE-2025-9185 Memory safety bugs fixed in Firefox ESR 115.27, Firefox ESR 128.14, Thunderbird ESR 128.14, Firefox ESR 140.2, Thunderbird ESR * Sat Jul 26 2025 Pavel Vasenkov 128.13.0-alt1 - New ESR version. - Security fixes: + CVE-2025-8027 JavaScript engine only wrote partial return value to stack + CVE-2025-8028 Large branch table could lead to truncated instruction + CVE-2025-8029 javascript: URLs executed on object and embed tags + CVE-2025-8030 Potential user-assisted code execution in "Copy as cURL" command + CVE-2025-8031 Incorrect URL stripping in CSP reports + CVE-2025-8032 XSLT documents could bypass CSP + CVE-2025-8033 Incorrect JavaScript state machine for generators + CVE-2025-8034 Memory safety bugs fixed in Firefox ESR 115.26, Firefox ESR 128.13, Thunderbird ESR 128.13, Firefox ESR 140.1, Thunderbird ESR + CVE-2025-8035 Memory safety bugs fixed in Firefox ESR 128.13, Thunderbird ESR 128.13, Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox 141 and * Sun Jul 06 2025 Pavel Vasenkov 128.12.0-alt1 - New ESR version. - Security fixes: + CVE-2025-6424 Use-after-free in FontFaceSet + CVE-2025-6425 The WebCompat WebExtension shipped with Firefox exposed a persistent UUID + CVE-2025-6426 No warning when opening executable terminal files on macOS + CVE-2025-6429 Incorrect parsing of URLs could have allowed embedding of youtube.com + CVE-2025-6430 Content-Disposition header ignored when a file is included in an embed or object tag * Wed Jun 18 2025 Pavel Vasenkov 128.11.0-alt1 - New ESR version. - Exclude i586 arch due to idle time limit exceeded - Security fixes: + CVE-2025-5283 Double-free in libvpx encoder + CVE-2025-5263 Error handling for script execution was incorrectly isolated from web content + CVE-2025-5264 Potential local code execution in "Copy as cURL command" + CVE-2025-5265 Potential local code execution in "Copy as cURL command" + CVE-2025-5266 Script element events leaked cross-origin resource status + CVE-2025-5267 Clickjacking vulnerability could have led to leaking saved payment card details + CVE-2025-5268 Memory safety bugs fixed in Firefox 139, Thunderbird 139, Firefox ESR 128.11, and Thunderbird 128.11 + CVE-2025-5269 Memory safety bug fixed in Firefox ESR 128.11 and Thunderbird 128.11 * Wed May 21 2025 Pavel Vasenkov 128.10.1-alt1 lilypond - A program for printing sheet music [15M] * Sun Oct 15 2023 Artyom Bystrov 2.24.2-alt1 - Update to new version * Tue Jul 18 2023 Artyom Bystrov 2.22.1-alt2 - Fix build on GCC13 * Tue Aug 03 2021 Aleksei Nikiforov 2.22.1-alt1 - Updated to stable upstream version 2.22.1. * Thu Feb 04 2021 Aleksei Nikiforov 2.22.0-alt1 supertuxkart - SuperTuxKart is a kart racing game [28M] * Tue Oct 21 2025 Leontiy Volodin 1.5-alt1 - New version 1.5. * Fri Aug 15 2025 Leontiy Volodin 1.5-alt0.2.rc1 - New release-candidate version 1.5-rc1. * Fri Dec 20 2024 Leontiy Volodin 1.5-alt0.1.beta1 - New beta version 1.5-beta1. - Built with gamerzilla support. * Tue Jul 02 2024 Leontiy Volodin 1.4-alt3 - Excluded non-executable optimize_data.sh script (ALT #50286). - Built with system angelscript instead built-in. * Thu Jun 22 2023 Leontiy Volodin 1.4-alt2 - Fixed build on gcc13. * Tue Nov 01 2022 Leontiy Volodin 1.4-alt1 supertuxkart-data - SuperTuxKart is a kart racing game [656M] * Tue Oct 21 2025 Leontiy Volodin 1.5-alt1 - New version 1.5. * Fri Aug 15 2025 Leontiy Volodin 1.5-alt0.2.rc1 - New release-candidate version (1.5-rc1). * Fri Dec 20 2024 Leontiy Volodin 1.5-alt0.1.beta1 - New beta version (1.5-beta1). * Tue Nov 01 2022 Leontiy Volodin 1.4-alt1 Total 19080 source packages.