From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: DKIM-Filter: OpenDKIM Filter v2.11.0 mskdc-relay.altlinux.org 1D7D860163 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=altlinux.org; s=relay-alt2025; t=1776298922; bh=c1f0Q1UXgUE9VbSJl8/vffW7AkSOFckk4rzHbLkK8mI=; h=Date:From:To:Subject:From; b=Bb1wUIUYuP2KL7eE3jsPCfY9hHBbnA+Kuducz3Qn5+Dje5BMbmfKDgYwVAOUAmTUw jKGfrtbJYknnpVmAxQG2lWOHcnYmR1Ga8O5IoWygfwYxfnu7dFtthMOZ69iZUGD5ng f4/jO7FVIIW7gLpnhHLXSXkwOBI+q7j3yuC8fFfQ= Date: Thu, 16 Apr 2026 00:22:02 +0000 From: QA Team Robot To: sisyphus-cybertalk@lists.altlinux.org Message-ID: Mail-Followup-To: sisyphus-cybertalk@lists.altlinux.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Subject: [cyber] I: p10/branch packages: +2 (19075) X-BeenThere: sisyphus-cybertalk@lists.altlinux.org X-Mailman-Version: 2.1.12 Precedence: list Reply-To: devel@lists.altlinux.org List-Id: ALT Linux Sisyphus cybertalk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 16 Apr 2026 00:22:02 -0000 Archived-At: List-Archive: 2 UPDATED packages firefox-esr - The Mozilla Firefox project is a redesign of Mozilla's browser [640M] * Sat Apr 11 2026 Pavel Vasenkov 140.9.0-alt0.p10.1 - Backport new version. * Fri Mar 27 2026 Pavel Vasenkov 140.9.0-alt1 - New ESR version. - Security fixes: + CVE-2026-4684 Race condition, use-after-free in the Graphics: WebRender component + CVE-2026-4685 Incorrect boundary conditions in the Graphics: Canvas2D component + CVE-2026-4686 Incorrect boundary conditions in the Graphics: Canvas2D component + CVE-2026-4687 Sandbox escape due to incorrect boundary conditions in the Telemetry component + CVE-2026-4688 Sandbox escape due to use-after-free in the Disability Access APIs component + CVE-2026-4689 Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component + CVE-2026-4690 Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component + CVE-2026-4691 Use-after-free in the CSS Parsing and Computation component + CVE-2026-4692 Sandbox escape in the Responsive Design Mode component + CVE-2026-4693 Incorrect boundary conditions in the Audio/Video: Playback component + CVE-2026-4694 Incorrect boundary conditions, integer overflow in the Graphics component + CVE-2026-4695 Incorrect boundary conditions in the Audio/Video: Web Codecs component + CVE-2026-4696 Use-after-free in the Layout: Text and Fonts component + CVE-2026-4697 Incorrect boundary conditions in the Audio/Video: Web Codecs component + CVE-2026-4698 JIT miscompilation in the JavaScript Engine: JIT component + CVE-2026-4699 Incorrect boundary conditions in the Layout: Text and Fonts component + CVE-2026-4700 Mitigation bypass in the Networking: HTTP component + CVE-2026-4701 Use-after-free in the JavaScript Engine component + CVE-2026-4702 JIT miscompilation in the JavaScript Engine component + CVE-2026-4704 Denial-of-service in the WebRTC: Signaling component + CVE-2026-4705 Undefined behavior in the WebRTC: Signaling component + CVE-2026-4706 Incorrect boundary conditions in the Graphics: Canvas2D component + CVE-2026-4707 Incorrect boundary conditions in the Graphics: Canvas2D component + CVE-2026-4708 Incorrect boundary conditions in the Graphics component + CVE-2026-4709 Incorrect boundary conditions in the Audio/Video: GMP component + CVE-2026-4710 Incorrect boundary conditions in the Audio/Video component + CVE-2026-4711 Use-after-free in the Widget: Cocoa component + CVE-2026-4712 Information disclosure in the Widget: Cocoa component + CVE-2026-4713 Incorrect boundary conditions in the Graphics component + CVE-2026-4714 Incorrect boundary conditions in the Audio/Video component + CVE-2026-4715 Uninitialized memory in the Graphics: Canvas2D component + CVE-2026-4716 Incorrect boundary conditions, uninitialized memory in the JavaScript Engine component + CVE-2026-4717 Privilege escalation in the Netmonitor component + CVE-2025-59375 Denial-of-service in the XML component + CVE-2026-4718 Undefined behavior in the WebRTC: Signaling component + CVE-2026-4719 Incorrect boundary conditions in the Graphics: Text component + CVE-2026-4720 Memory safety bugs fixed in Firefox ESR 140.9, Thunderbird ESR 140.9, Firefox 149 and Thunderbird 149 + CVE-2026-4721 Memory safety bugs fixed in Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird ESR 140.9, Firefox 149 and Thunderbird 149 * Tue Mar 10 2026 Pavel Vasenkov 140.8.0-alt2 - Fix "Thunderbird and Firefox accounts are reset." (Closes: #58172) * Mon Mar 02 2026 Pavel Vasenkov 140.8.0-alt1 - New ESR version. - Security fixes: + CVE-2026-2757 Incorrect boundary conditions in the WebRTC: Audio/Video component + CVE-2026-2758 Use-after-free in the JavaScript: GC component + CVE-2026-2759 Incorrect boundary conditions in the Graphics: ImageLib component + CVE-2026-2760 Sandbox escape due to incorrect boundary conditions in the Graphics: WebRender component + CVE-2026-2761 Sandbox escape in the Graphics: WebRender component + CVE-2026-2762 Integer overflow in the JavaScript: Standard Library component + CVE-2026-2763 Use-after-free in the JavaScript Engine component + CVE-2026-2764 JIT miscompilation, use-after-free in the JavaScript Engine: JIT component + CVE-2026-2765 Use-after-free in the JavaScript Engine component + CVE-2026-2766 Use-after-free in the JavaScript Engine: JIT component + CVE-2026-2767 Use-after-free in the JavaScript: WebAssembly component + CVE-2026-2768 Sandbox escape in the Storage: IndexedDB component + CVE-2026-2769 Use-after-free in the Storage: IndexedDB component + CVE-2026-2770 Use-after-free in the DOM: Bindings (WebIDL) component + CVE-2026-2771 Undefined behavior in the DOM: Core & HTML component + CVE-2026-2772 Use-after-free in the Audio/Video: Playback component + CVE-2026-2773 Incorrect boundary conditions in the Web Audio component + CVE-2026-2774 Integer overflow in the Audio/Video component + CVE-2026-2775 Mitigation bypass in the DOM: HTML Parser component + CVE-2026-2776 Sandbox escape due to incorrect boundary conditions in the Telemetry component in External Software + CVE-2026-2777 Privilege escalation in the Messaging System component + CVE-2026-2778 Sandbox escape due to incorrect boundary conditions in the DOM: Core & HTML component + CVE-2026-2779 Incorrect boundary conditions in the Networking: JAR component + CVE-2026-2780 Privilege escalation in the Netmonitor component + CVE-2026-2781 Integer overflow in the Libraries component in NSS + CVE-2026-2782 Privilege escalation in the Netmonitor component + CVE-2026-2783 Information disclosure due to JIT miscompilation in the JavaScript Engine: JIT component + CVE-2026-2784 Mitigation bypass in the DOM: Security component + CVE-2026-2785 Invalid pointer in the JavaScript Engine component + CVE-2026-2786 Use-after-free in the JavaScript Engine component + CVE-2026-2787 Use-after-free in the DOM: Window and Location component + CVE-2026-2788 Incorrect boundary conditions in the Audio/Video: GMP component + CVE-2026-2789 Use-after-free in the Graphics: ImageLib component + CVE-2026-2790 Same-origin policy bypass in the Networking: JAR component + CVE-2026-2791 Mitigation bypass in the Networking: Cache component + CVE-2026-2792 Memory safety bugs fixed in Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148 + CVE-2026-2793 Memory safety bugs fixed in Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148 * Wed Feb 18 2026 Pavel Vasenkov 140.7.1-alt1 Note: changelog entry for 140.8.0-alt0.p10.1 not found. glibc - The GNU libc libraries [17M] * Thu Apr 09 2026 Gleb F-Malinovskiy 6:2.32-alt5.p10.6 - Updated to glibc-2.32-153-g3a56c4ee4e. - Backported upstream security fixes (fixes CVE-2025-4802, CVE-2025-15281, CVE-2026-0861, CVE-2026-0915). * Wed Jun 11 2025 Gleb F-Malinovskiy 6:2.32-alt5.p10.5 Total 19075 source packages.