* [cyber] I: p10/branch packages: +2 (19075)
@ 2026-04-16 0:22 QA Team Robot
0 siblings, 0 replies; only message in thread
From: QA Team Robot @ 2026-04-16 0:22 UTC (permalink / raw)
To: sisyphus-cybertalk
2 UPDATED packages
firefox-esr - The Mozilla Firefox project is a redesign of Mozilla's browser [640M]
* Sat Apr 11 2026 Pavel Vasenkov <pav@altlinux> 140.9.0-alt0.p10.1
- Backport new version.
* Fri Mar 27 2026 Pavel Vasenkov <pav@altlinux> 140.9.0-alt1
- New ESR version.
- Security fixes:
+ CVE-2026-4684 Race condition, use-after-free in the Graphics: WebRender component
+ CVE-2026-4685 Incorrect boundary conditions in the Graphics: Canvas2D component
+ CVE-2026-4686 Incorrect boundary conditions in the Graphics: Canvas2D component
+ CVE-2026-4687 Sandbox escape due to incorrect boundary conditions in the Telemetry component
+ CVE-2026-4688 Sandbox escape due to use-after-free in the Disability Access APIs component
+ CVE-2026-4689 Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component
+ CVE-2026-4690 Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component
+ CVE-2026-4691 Use-after-free in the CSS Parsing and Computation component
+ CVE-2026-4692 Sandbox escape in the Responsive Design Mode component
+ CVE-2026-4693 Incorrect boundary conditions in the Audio/Video: Playback component
+ CVE-2026-4694 Incorrect boundary conditions, integer overflow in the Graphics component
+ CVE-2026-4695 Incorrect boundary conditions in the Audio/Video: Web Codecs component
+ CVE-2026-4696 Use-after-free in the Layout: Text and Fonts component
+ CVE-2026-4697 Incorrect boundary conditions in the Audio/Video: Web Codecs component
+ CVE-2026-4698 JIT miscompilation in the JavaScript Engine: JIT component
+ CVE-2026-4699 Incorrect boundary conditions in the Layout: Text and Fonts component
+ CVE-2026-4700 Mitigation bypass in the Networking: HTTP component
+ CVE-2026-4701 Use-after-free in the JavaScript Engine component
+ CVE-2026-4702 JIT miscompilation in the JavaScript Engine component
+ CVE-2026-4704 Denial-of-service in the WebRTC: Signaling component
+ CVE-2026-4705 Undefined behavior in the WebRTC: Signaling component
+ CVE-2026-4706 Incorrect boundary conditions in the Graphics: Canvas2D component
+ CVE-2026-4707 Incorrect boundary conditions in the Graphics: Canvas2D component
+ CVE-2026-4708 Incorrect boundary conditions in the Graphics component
+ CVE-2026-4709 Incorrect boundary conditions in the Audio/Video: GMP component
+ CVE-2026-4710 Incorrect boundary conditions in the Audio/Video component
+ CVE-2026-4711 Use-after-free in the Widget: Cocoa component
+ CVE-2026-4712 Information disclosure in the Widget: Cocoa component
+ CVE-2026-4713 Incorrect boundary conditions in the Graphics component
+ CVE-2026-4714 Incorrect boundary conditions in the Audio/Video component
+ CVE-2026-4715 Uninitialized memory in the Graphics: Canvas2D component
+ CVE-2026-4716 Incorrect boundary conditions, uninitialized memory in the JavaScript Engine component
+ CVE-2026-4717 Privilege escalation in the Netmonitor component
+ CVE-2025-59375 Denial-of-service in the XML component
+ CVE-2026-4718 Undefined behavior in the WebRTC: Signaling component
+ CVE-2026-4719 Incorrect boundary conditions in the Graphics: Text component
+ CVE-2026-4720 Memory safety bugs fixed in Firefox ESR 140.9, Thunderbird ESR 140.9, Firefox 149 and Thunderbird 149
+ CVE-2026-4721 Memory safety bugs fixed in Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird ESR 140.9, Firefox 149 and Thunderbird 149
* Tue Mar 10 2026 Pavel Vasenkov <pav@altlinux> 140.8.0-alt2
- Fix "Thunderbird and Firefox accounts are reset." (Closes: #58172)
* Mon Mar 02 2026 Pavel Vasenkov <pav@altlinux> 140.8.0-alt1
- New ESR version.
- Security fixes:
+ CVE-2026-2757 Incorrect boundary conditions in the WebRTC: Audio/Video component
+ CVE-2026-2758 Use-after-free in the JavaScript: GC component
+ CVE-2026-2759 Incorrect boundary conditions in the Graphics: ImageLib component
+ CVE-2026-2760 Sandbox escape due to incorrect boundary conditions in the Graphics: WebRender component
+ CVE-2026-2761 Sandbox escape in the Graphics: WebRender component
+ CVE-2026-2762 Integer overflow in the JavaScript: Standard Library component
+ CVE-2026-2763 Use-after-free in the JavaScript Engine component
+ CVE-2026-2764 JIT miscompilation, use-after-free in the JavaScript Engine: JIT component
+ CVE-2026-2765 Use-after-free in the JavaScript Engine component
+ CVE-2026-2766 Use-after-free in the JavaScript Engine: JIT component
+ CVE-2026-2767 Use-after-free in the JavaScript: WebAssembly component
+ CVE-2026-2768 Sandbox escape in the Storage: IndexedDB component
+ CVE-2026-2769 Use-after-free in the Storage: IndexedDB component
+ CVE-2026-2770 Use-after-free in the DOM: Bindings (WebIDL) component
+ CVE-2026-2771 Undefined behavior in the DOM: Core & HTML component
+ CVE-2026-2772 Use-after-free in the Audio/Video: Playback component
+ CVE-2026-2773 Incorrect boundary conditions in the Web Audio component
+ CVE-2026-2774 Integer overflow in the Audio/Video component
+ CVE-2026-2775 Mitigation bypass in the DOM: HTML Parser component
+ CVE-2026-2776 Sandbox escape due to incorrect boundary conditions in the Telemetry component in External Software
+ CVE-2026-2777 Privilege escalation in the Messaging System component
+ CVE-2026-2778 Sandbox escape due to incorrect boundary conditions in the DOM: Core & HTML component
+ CVE-2026-2779 Incorrect boundary conditions in the Networking: JAR component
+ CVE-2026-2780 Privilege escalation in the Netmonitor component
+ CVE-2026-2781 Integer overflow in the Libraries component in NSS
+ CVE-2026-2782 Privilege escalation in the Netmonitor component
+ CVE-2026-2783 Information disclosure due to JIT miscompilation in the JavaScript Engine: JIT component
+ CVE-2026-2784 Mitigation bypass in the DOM: Security component
+ CVE-2026-2785 Invalid pointer in the JavaScript Engine component
+ CVE-2026-2786 Use-after-free in the JavaScript Engine component
+ CVE-2026-2787 Use-after-free in the DOM: Window and Location component
+ CVE-2026-2788 Incorrect boundary conditions in the Audio/Video: GMP component
+ CVE-2026-2789 Use-after-free in the Graphics: ImageLib component
+ CVE-2026-2790 Same-origin policy bypass in the Networking: JAR component
+ CVE-2026-2791 Mitigation bypass in the Networking: Cache component
+ CVE-2026-2792 Memory safety bugs fixed in Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148
+ CVE-2026-2793 Memory safety bugs fixed in Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148
* Wed Feb 18 2026 Pavel Vasenkov <pav@altlinux> 140.7.1-alt1
Note: changelog entry for 140.8.0-alt0.p10.1 not found.
glibc - The GNU libc libraries [17M]
* Thu Apr 09 2026 Gleb F-Malinovskiy <glebfm@altlinux> 6:2.32-alt5.p10.6
- Updated to glibc-2.32-153-g3a56c4ee4e.
- Backported upstream security fixes (fixes CVE-2025-4802, CVE-2025-15281,
CVE-2026-0861, CVE-2026-0915).
* Wed Jun 11 2025 Gleb F-Malinovskiy <glebfm@altlinux> 6:2.32-alt5.p10.5
Total 19075 source packages.
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2026-04-16 0:22 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2026-04-16 0:22 [cyber] I: p10/branch packages: +2 (19075) QA Team Robot
ALT Linux Sisyphus cybertalk
This inbox may be cloned and mirrored by anyone:
git clone --mirror http://lore.altlinux.org/sisyphus-cybertalk/0 sisyphus-cybertalk/git/0.git
# If you have public-inbox 1.1+ installed, you may
# initialize and index your mirror using the following commands:
public-inbox-init -V2 sisyphus-cybertalk sisyphus-cybertalk/ http://lore.altlinux.org/sisyphus-cybertalk \
sisyphus-cybertalk@lists.altlinux.org sisyphus-cybertalk@lists.altlinux.ru sisyphus-cybertalk@lists.altlinux.com
public-inbox-index sisyphus-cybertalk
Example config snippet for mirrors.
Newsgroup available over NNTP:
nntp://lore.altlinux.org/org.altlinux.lists.sisyphus-cybertalk
AGPL code for this site: git clone https://public-inbox.org/public-inbox.git