From: QA Team Robot <qa@altlinux.org>
To: sisyphus-cybertalk@lists.altlinux.org
Subject: [cyber] I: p10/branch packages: +1! +2 (19074)
Date: Thu, 2 Apr 2026 00:27:09 +0000
Message-ID: <ac233TpazvkaC+6m@beehive.mskdc.altlinux.org> (raw)
1 ADDED package
openbao - Secure secrets and encryption management system [34M]
* Mon Dec 29 2025 Maxim Tulskiy <tulskijms@altlinux> 2.4.4-alt1
- Updated to new version v2.4.4.
- Support building package with bundled web ui (Closes: #56797).
* Sun Jun 08 2025 Maxim Tulskiy <tulskijms@altlinux> 2.2.2-alt1
2 UPDATED packages
firefox-esr - The Mozilla Firefox project is a redesign of Mozilla's browser [640M]
* Wed Mar 25 2026 Pavel Vasenkov <pav@altlinux> 140.8.0-alt0.p10.1
- Backport new version.
* Tue Mar 10 2026 Pavel Vasenkov <pav@altlinux> 140.8.0-alt2
- Fix "Thunderbird and Firefox accounts are reset." (Closes: #58172)
* Mon Mar 02 2026 Pavel Vasenkov <pav@altlinux> 140.8.0-alt1
- New ESR version.
- Security fixes:
+ CVE-2026-2757 Incorrect boundary conditions in the WebRTC: Audio/Video component
+ CVE-2026-2758 Use-after-free in the JavaScript: GC component
+ CVE-2026-2759 Incorrect boundary conditions in the Graphics: ImageLib component
+ CVE-2026-2760 Sandbox escape due to incorrect boundary conditions in the Graphics: WebRender component
+ CVE-2026-2761 Sandbox escape in the Graphics: WebRender component
+ CVE-2026-2762 Integer overflow in the JavaScript: Standard Library component
+ CVE-2026-2763 Use-after-free in the JavaScript Engine component
+ CVE-2026-2764 JIT miscompilation, use-after-free in the JavaScript Engine: JIT component
+ CVE-2026-2765 Use-after-free in the JavaScript Engine component
+ CVE-2026-2766 Use-after-free in the JavaScript Engine: JIT component
+ CVE-2026-2767 Use-after-free in the JavaScript: WebAssembly component
+ CVE-2026-2768 Sandbox escape in the Storage: IndexedDB component
+ CVE-2026-2769 Use-after-free in the Storage: IndexedDB component
+ CVE-2026-2770 Use-after-free in the DOM: Bindings (WebIDL) component
+ CVE-2026-2771 Undefined behavior in the DOM: Core & HTML component
+ CVE-2026-2772 Use-after-free in the Audio/Video: Playback component
+ CVE-2026-2773 Incorrect boundary conditions in the Web Audio component
+ CVE-2026-2774 Integer overflow in the Audio/Video component
+ CVE-2026-2775 Mitigation bypass in the DOM: HTML Parser component
+ CVE-2026-2776 Sandbox escape due to incorrect boundary conditions in the Telemetry component in External Software
+ CVE-2026-2777 Privilege escalation in the Messaging System component
+ CVE-2026-2778 Sandbox escape due to incorrect boundary conditions in the DOM: Core & HTML component
+ CVE-2026-2779 Incorrect boundary conditions in the Networking: JAR component
+ CVE-2026-2780 Privilege escalation in the Netmonitor component
+ CVE-2026-2781 Integer overflow in the Libraries component in NSS
+ CVE-2026-2782 Privilege escalation in the Netmonitor component
+ CVE-2026-2783 Information disclosure due to JIT miscompilation in the JavaScript Engine: JIT component
+ CVE-2026-2784 Mitigation bypass in the DOM: Security component
+ CVE-2026-2785 Invalid pointer in the JavaScript Engine component
+ CVE-2026-2786 Use-after-free in the JavaScript Engine component
+ CVE-2026-2787 Use-after-free in the DOM: Window and Location component
+ CVE-2026-2788 Incorrect boundary conditions in the Audio/Video: GMP component
+ CVE-2026-2789 Use-after-free in the Graphics: ImageLib component
+ CVE-2026-2790 Same-origin policy bypass in the Networking: JAR component
+ CVE-2026-2791 Mitigation bypass in the Networking: Cache component
+ CVE-2026-2792 Memory safety bugs fixed in Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148
+ CVE-2026-2793 Memory safety bugs fixed in Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148
* Wed Feb 18 2026 Pavel Vasenkov <pav@altlinux> 140.7.1-alt1
- New ESR version.
- Security fixes:
+ CVE-2026-2447 Heap buffer overflow in libvpx
* Thu Jan 22 2026 Michael Shigorin <mike@altlinux> 140.7.0-alt3
- Fix "new version means new blank profile" (Closes: #57602)
+ thanks NixOS guys, see http://github.com/NixOS/nixpkgs/pull/119849
* Thu Jan 22 2026 Michael Shigorin <mike@altlinux> 140.7.0-alt2
- Get yandex search back through default policy
(Closes: #45190; see also: #43516; thanks Ruslan Gilfanov).
* Wed Jan 14 2026 Pavel Vasenkov <pav@altlinux> 140.7.0-alt1
- New ESR version.
- Security fixes:
+ CVE-2026-0877 Mitigation bypass in the DOM: Security component
+ CVE-2026-0878 Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component
+ CVE-2026-0879 Sandbox escape due to incorrect boundary conditions in the Graphics component
+ CVE-2026-0880 Sandbox escape due to integer overflow in the Graphics component
+ CVE-2026-0882 Use-after-free in the IPC component
+ CVE-2025-14327 Spoofing issue in the Downloads Panel component
+ CVE-2026-0883 Information disclosure in the Networking component
+ CVE-2026-0884 Use-after-free in the JavaScript Engine component
+ CVE-2026-0885 Use-after-free in the JavaScript: GC component
+ CVE-2026-0886 Incorrect boundary conditions in the Graphics component
+ CVE-2026-0887 Clickjacking issue, information disclosure in the PDF Viewer component
+ CVE-2026-0890 Spoofing issue in the DOM: Copy & Paste and Drag & Drop component
+ CVE-2026-0891 Memory safety bugs fixed in Firefox ESR 140.7, Thunderbird ESR 140.7, Firefox 147 and Thunderbird 147
* Wed Dec 10 2025 Pavel Vasenkov <pav@altlinux> 140.6.0-alt1
- New ESR version.
- Security fixes:
+ CVE-2025-14321 Use-after-free in the WebRTC: Signaling component
+ CVE-2025-14322 Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component
+ CVE-2025-14323 Privilege escalation in the DOM: Notifications component
+ CVE-2025-14324 JIT miscompilation in the JavaScript Engine: JIT component
+ CVE-2025-14325 JIT miscompilation in the JavaScript Engine: JIT component
+ CVE-2025-14328 Privilege escalation in the Netmonitor component
+ CVE-2025-14329 Privilege escalation in the Netmonitor component
+ CVE-2025-14330 JIT miscompilation in the JavaScript Engine: JIT component
+ CVE-2025-14331 Same-origin policy bypass in the Request Handling component
+ CVE-2025-14333 Memory safety bugs fixed in Firefox ESR 140.6, Thunderbird ESR 140.6, Firefox 146 and Thunderbird 146
* Fri Nov 14 2025 Pavel Vasenkov <pav@altlinux> 140.5.0-alt1
Note: changelog entry for 140.6.0-alt0.p10.1 not found.
winehelper - Program for easy installation of Windows applications.
* Wed Mar 18 2026 Mikhail Tergoev <fidel@altlinux> 0.10.0-alt1
- updated to version 0.10.0
- updated installation scripts: emias, ctm-service (ALT bug: 58046)
- added installation scripts: apropos-z, olimp
- added wine-cx support (fork crossover)
- GUI: fixes and improvements
* Fri Feb 13 2026 Mikhail Tergoev <fidel@altlinux> 0.9.0-alt1
- updated to version 0.9.0
- added wine-wow64 support
- added wine-cpcsp_proxy support for wine-wow64
- added an option to skip 32-bit dependency checking if wine-wow64 is used
- added installation scripts: dialux 4, ksamu, emias
- updated the ved-control installation script
- tax programs have been migrated to 64-bit prefixes and wine-wow64
- t-flex programs have been migrated to use wine-wow64
- arm-kt programs have been migrated to use wine-wow64
- improved base prefix creation
- improved creation and unpacking of prefix backups
- system winetricks is used
- GUI: main functions fixed/improved
- GUI: icon display fixed for shortcuts (desktop files)
- GUI: added the ability to launch the "Wine Control Panel"
- GUI: moved file association, ESYNC, FSYNC, DXVK, and VK3D to "Advanced Settings"
- GUI: removed unused Wine versions
- GUI: added a filter to limit Wine version usage based on prefix
* Fri Oct 24 2025 Mikhail Tergoev <fidel@altlinux> 0.8.0-alt1
- updated to version 0.8.0
- added autodetection of .reg and .dll files to add them to the prefix registry
- added links to certificate pages to the "Help" tab
- other minor improvements and optimizations to scripts and the graphical interface
* Mon Oct 20 2025 Mikhail Tergoev <fidel@altlinux> 0.7.0-alt1
- updated to version 0.7.0
- GUI: added a button to open a directory with backups and logs
- GUI: added a button to open a directory with a prefix
- GUI: added a button to block buttons for an installed application if it is already running
- GUI: added a display of the installation process for third-party components using winetricks
- GUI: added the ability to display and install test scripts (disabled by default)
- added installation scripts for t-flex version 18
- added a list of test software installation scripts to the CLI
- added the ability to associate files for transfer to applications launched in WineHelper
* Wed Oct 01 2025 Mikhail Tergoev <fidel@altlinux> 0.6.0-alt1
- updated to version 0.6.0
- fixed typos (ALT bug: 55538)
- added Qt5 graphics mode
- added tray icon for Qt5 graphics mode
- updated installation scripts for t-flex-*
- updated installation script for scadoffice
- added manual installation of NetTest (demo version)
- added ARM-KT installation scripts
- winehelper killall - kills only processes running in WinwHelper
- other minor script improvements and optimizations
* Mon Jul 14 2025 Mikhail Tergoev <fidel@altlinux> 0.5.0-alt1
Total 19074 source packages.
reply other threads:[~2026-04-02 0:27 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ac233TpazvkaC+6m@beehive.mskdc.altlinux.org \
--to=qa@altlinux.org \
--cc=devel@lists.altlinux.org \
--cc=sisyphus-cybertalk@lists.altlinux.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
ALT Linux Sisyphus cybertalk
This inbox may be cloned and mirrored by anyone:
git clone --mirror http://lore.altlinux.org/sisyphus-cybertalk/0 sisyphus-cybertalk/git/0.git
# If you have public-inbox 1.1+ installed, you may
# initialize and index your mirror using the following commands:
public-inbox-init -V2 sisyphus-cybertalk sisyphus-cybertalk/ http://lore.altlinux.org/sisyphus-cybertalk \
sisyphus-cybertalk@lists.altlinux.org sisyphus-cybertalk@lists.altlinux.ru sisyphus-cybertalk@lists.altlinux.com
public-inbox-index sisyphus-cybertalk
Example config snippet for mirrors.
Newsgroup available over NNTP:
nntp://lore.altlinux.org/org.altlinux.lists.sisyphus-cybertalk
AGPL code for this site: git clone https://public-inbox.org/public-inbox.git