From: QA Team Robot <qa@altlinux.org>
To: sisyphus-cybertalk@lists.altlinux.org
Subject: [cyber] I: p10/branch packages: +1 (19081)
Date: Wed, 3 Dec 2025 00:21:10 +0000
Message-ID: <aS+Cdr5Y8ODPfuRK@beehive.mskdc.altlinux.org> (raw)
1 UPDATED package
firefox-esr - The Mozilla Firefox project is a redesign of Mozilla's browser [639M]
* Mon Nov 24 2025 Pavel Vasenkov <pav@altlinux> 140.5.0-alt0.p10.1
- Backport new version.
* Fri Nov 14 2025 Pavel Vasenkov <pav@altlinux> 140.5.0-alt1
- New ESR version.
- Security fixes:
+ CVE-2025-13012 Race condition in the Graphics component
+ CVE-2025-13016 Incorrect boundary conditions in the JavaScript: WebAssembly component
+ CVE-2025-13017 Same-origin policy bypass in the DOM: Notifications component
+ CVE-2025-13018 Mitigation bypass in the DOM: Security component
+ CVE-2025-13019 Same-origin policy bypass in the DOM: Workers component
+ CVE-2025-13013 Mitigation bypass in the DOM: Core & HTML component
+ CVE-2025-13020 Use-after-free in the WebRTC: Audio/Video component
+ CVE-2025-13014 Use-after-free in the Audio/Video component
+ CVE-2025-13015 Spoofing issue in Firefox
- provides x-www-browser (Closes: #44717).
* Wed Oct 15 2025 Pavel Vasenkov <pav@altlinux> 140.4.0-alt1
- New ESR version.
- Security fixes:
+ CVE-2025-11708 Use-after-free in MediaTrackGraphImpl::GetInstance()
+ CVE-2025-11709 Out of bounds read/write in a privileged process triggered by WebGL textures
+ CVE-2025-11710 Cross-process information leaked due to malicious IPC messages
+ CVE-2025-11711 Some non-writable Object properties could be modified
+ CVE-2025-11712 An OBJECT tag type attribute overrode browser behavior on web resources without a content-type
+ CVE-2025-11713 Potential user-assisted code execution in 'Copy as cURL' command
+ CVE-2025-11714 Memory safety bugs fixed in Firefox ESR 115.29, Firefox ESR 140.4, Thunderbird ESR 140.4, Firefox 144 and Thunderbird 144
+ CVE-2025-11715 Memory safety bugs fixed in Firefox ESR 140.4, Thunderbird ESR 140.4, Firefox 144 and Thunderbird 144
* Wed Oct 15 2025 Pavel Vasenkov <pav@altlinux> 140.3.1-alt1
Note: changelog entry for 140.4.0-alt0.p10.1 not found.
Total 19081 source packages.
reply other threads:[~2025-12-03 0:21 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=aS+Cdr5Y8ODPfuRK@beehive.mskdc.altlinux.org \
--to=qa@altlinux.org \
--cc=devel@lists.altlinux.org \
--cc=sisyphus-cybertalk@lists.altlinux.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
ALT Linux Sisyphus cybertalk
This inbox may be cloned and mirrored by anyone:
git clone --mirror http://lore.altlinux.org/sisyphus-cybertalk/0 sisyphus-cybertalk/git/0.git
# If you have public-inbox 1.1+ installed, you may
# initialize and index your mirror using the following commands:
public-inbox-init -V2 sisyphus-cybertalk sisyphus-cybertalk/ http://lore.altlinux.org/sisyphus-cybertalk \
sisyphus-cybertalk@lists.altlinux.org sisyphus-cybertalk@lists.altlinux.ru sisyphus-cybertalk@lists.altlinux.com
public-inbox-index sisyphus-cybertalk
Example config snippet for mirrors.
Newsgroup available over NNTP:
nntp://lore.altlinux.org/org.altlinux.lists.sisyphus-cybertalk
AGPL code for this site: git clone https://public-inbox.org/public-inbox.git