From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: DKIM-Filter: OpenDKIM Filter v2.11.0 mskdc-relay.altlinux.org C9BF560164 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=altlinux.org; s=relay-alt2025; t=1776989922; bh=pMxw8H6dLWI+MZL3W6Pe1ytxAKoiFkhieTHIMhLoS8k=; h=Date:From:To:Subject:From; b=dxtAjgjjmdJWhlxFTmm+gReWoxJKnYa512Mi10iENyNoDomQuq5lkHUHQuOIin2nL ridKDbC0l0mHTluaZI73K5psyGnDZLZImeHhRp9FdHVAF6vYJiVpgbV1O90dKXYrxG ZYoQbrzS8CPLaPeP1Xk3OPB9rcVkRarSlo+kmUVU= Date: Fri, 24 Apr 2026 00:18:42 +0000 From: QA Team Robot To: sisyphus-cybertalk@lists.altlinux.org Message-ID: Mail-Followup-To: sisyphus-cybertalk@lists.altlinux.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Subject: [cyber] I: p11/branch packages: +6! +11 (20295) X-BeenThere: sisyphus-cybertalk@lists.altlinux.org X-Mailman-Version: 2.1.12 Precedence: list Reply-To: devel@lists.altlinux.org List-Id: ALT Linux Sisyphus cybertalk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 24 Apr 2026 00:18:43 -0000 Archived-At: List-Archive: 6 ADDED packages clickgen - The hassle-free cursor building toolbox * Wed Nov 13 2024 Alexander Kovalev 2.2.5-alt2 - fix build requires - fix python3 shebang - add docs - build with check * Wed Nov 06 2024 Daniil-Viktor Ratkin 2.2.5-alt1 git-pages - Scalable static site server for Git forges (like GitHub Pages or Netlify) * Sat Mar 28 2026 Maxim Slipenko 0.7.0-alt1 - Initial build. git-pages-cli - Command-line tool for publishing a site to a git-pages server * Sat Mar 28 2026 Maxim Slipenko 1.8.0-alt1 - Initial build. lightdm-conf-allow-user-switching-false - Disallow user switching * Wed Apr 15 2026 Anton Midyukov 0.1-alt1 - Initial build. prek - Better pre-commit, re-engineered in Rust [21M] * Mon Mar 23 2026 Dmitry Maksimenkov 0.3.6-alt1 - Initial build for ALT. zsh-history-substring-search - ZSH port of Fish history search (up arrow) * Sat Mar 21 2026 Dmitry Maksimenkov 1.1.0-alt1 - Initial build for ALT. 11 UPDATED packages alt-components - Alterator application for managing system components * Mon Apr 20 2026 Maria Alexeeva 0.6.15-alt1 - Fixed: + error "Did not receive a reply" for CheckApply method; + update the interface after deleting a edition (thx Oleg Chagaev); + rebuild the component tree after its multiple updates (thx Oleg Chagaev). - Added: + automatic selection of the component tree display mode if a edition appears (thx Oleg Chagaev). * Fri Mar 27 2026 Maria Alexeeva 0.6.14-alt1 alt-weather-adw - Weather forecast * Fri Apr 17 2026 Alexander Davydzik 1.0.9-alt2 - updated description * Mon Dec 15 2025 Alexander Davydzik 1.0.9-alt1 gimp - The GNU Image Manipulation Program [33M] * Mon Apr 20 2026 Valery Inozemtsev 3.2.4-alt1 - 3.2.4 * Mon Mar 30 2026 Valery Inozemtsev 3.2.2-alt1 glances - CLI curses based monitoring tool * Tue Apr 21 2026 Egor Ignatov 4.5.4-alt1 - New version 4.5.4. * Tue Mar 31 2026 Egor Ignatov 4.5.3-alt1 incus - Incus is a system container and virtual machine manager [11M] * Mon Apr 20 2026 Mikhail Gordeev 6.23.0-alt1 - Updated to 6.23.0. - Fixes: CVE-2026-33945 CVE-2026-33897 CVE-2026-33898 CVE-2026-33743 CVE-2026-33542 CVE-2026-33711 * Fri Feb 27 2026 Mikhail Gordeev 6.22.0-alt1 - Updated to 6.22.0. * Fri Jan 23 2026 Mikhail Gordeev 6.21.0-alt1 - Updated to 6.21.0. * Tue Dec 23 2025 Mikhail Gordeev 6.20.0-alt1 - Updated to 6.20.0. * Fri Oct 31 2025 Mikhail Gordeev 6.18.0-alt1 - Updated to 6.18.0. * Fri Aug 29 2025 Mikhail Gordeev 6.16.0-alt1 - Updated to 6.16.0. * Fri Jul 04 2025 Mikhail Gordeev 6.14.0-alt1 libexif - libexif is a library for parsing, editing, and saving EXIF data * Tue Apr 21 2026 Alexander Danilov 0.6.26-alt1 - 0.6.26 (fixes: CVE-2026-40386, CVE-2026-40385, CVE-2026-32775). * Fri Jan 24 2025 Dmitriy Khanzhin 0.6.25-alt1 - 0.6.25 * Sat Feb 05 2022 Dmitriy Khanzhin 0.6.24-alt1 ntfs-3g - third generation Linux NTFS driver * Wed Apr 22 2026 Valery Inozemtsev 2:2026.2.25-alt1 - 2026.2.25 * Wed Aug 09 2023 Valery Inozemtsev 2:2022.10.3-alt1 planify - Planify * Tue Apr 21 2026 Yuri N. Sedunov 4.19.0-alt1 - 4.19.0 * Thu Mar 19 2026 Yuri N. Sedunov 4.18.3-alt1 - 4.18.3 * Sun Feb 08 2026 Yuri N. Sedunov 4.18.0-alt1 - 4.18.0 * Sat Dec 27 2025 Yuri N. Sedunov 4.17.0-alt1 rpi-imager - Raspberry Pi Imaging Utility * Wed Apr 15 2026 Dmitry Terekhin 2.0.8-alt1 - Update to new release 2.0.8 * Tue Mar 17 2026 Dmitry Terekhin 2.0.6-alt1 - Update to new release 2.0.6 (Closes: 58040) * Fri Oct 27 2023 Dmitry Terekhin 1.8.1-alt1 thunderbird - Thunderbird is Mozilla's e-mail client [823M] * Mon Apr 20 2026 Ajrat Makhmutov 149.0.2-alt2 - Apply upstream fix for broken disabled state of tasks context menu (Closes: 58704). * Sat Apr 11 2026 Ajrat Makhmutov 149.0.2-alt1 - New version. - Fix OTR query message split on newline (Closes: 40934). - Fixes: + CVE-2026-5732: Incorrect boundary conditions, integer overflow in the Graphics: Text component + CVE-2026-5733: Incorrect boundary conditions in the Graphics: WebGPU component + CVE-2026-5731: Memory safety bugs fixed in Firefox ESR 115.34.1, Firefox ESR 140.9.1, Thunderbird ESR 140.9.1, Firefox 149.0.2 and Thunderbird 149.0.2 + CVE-2026-5734: Memory safety bugs fixed in Firefox ESR 140.9.1, Thunderbird ESR 140.9.1, Firefox 149.0.2 and Thunderbird 149.0.2 + CVE-2026-5735: Memory safety bugs fixed in Firefox 149.0.2 and Thunderbird 149.0.2 * Fri Apr 03 2026 Ajrat Makhmutov 149.0.1-alt1 - New version. * Thu Mar 26 2026 Ajrat Makhmutov 149.0-alt1 - New version. - Fixes: + CVE-2026-3889: Spoofing issue in Thunderbird + CVE-2026-4371: Out of bounds read in IMAP parsing + CVE-2026-4684: Race condition, use-after-free in the Graphics: WebRender component + CVE-2026-4685: Incorrect boundary conditions in the Graphics: Canvas2D component + CVE-2026-4686: Incorrect boundary conditions in the Graphics: Canvas2D component + CVE-2026-4687: Sandbox escape due to incorrect boundary conditions in the Telemetry component + CVE-2026-4688: Sandbox escape due to use-after-free in the Disability Access APIs component + CVE-2026-4689: Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component + CVE-2026-4690: Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component + CVE-2026-4691: Use-after-free in the CSS Parsing and Computation component + CVE-2026-4692: Sandbox escape in the Responsive Design Mode component + CVE-2026-4693: Incorrect boundary conditions in the Audio/Video: Playback component + CVE-2026-4694: Incorrect boundary conditions, integer overflow in the Graphics component + CVE-2026-4695: Incorrect boundary conditions in the Audio/Video: Web Codecs component + CVE-2026-4696: Use-after-free in the Layout: Text and Fonts component + CVE-2026-4697: Incorrect boundary conditions in the Audio/Video: Web Codecs component + CVE-2026-4698: JIT miscompilation in the JavaScript Engine: JIT component + CVE-2026-4699: Incorrect boundary conditions in the Layout: Text and Fonts component + CVE-2026-4700: Mitigation bypass in the Networking: HTTP component + CVE-2026-4701: Use-after-free in the JavaScript Engine component + CVE-2026-4722: Privilege escalation in the IPC component + CVE-2026-4702: JIT miscompilation in the JavaScript Engine component + CVE-2026-4723: Use-after-free in the JavaScript Engine component + CVE-2026-4724: Undefined behavior in the Audio/Video component + CVE-2026-4704: Denial-of-service in the WebRTC: Signaling component + CVE-2026-4705: Undefined behavior in the WebRTC: Signaling component + CVE-2026-4706: Incorrect boundary conditions in the Graphics: Canvas2D component + CVE-2026-4707: Incorrect boundary conditions in the Graphics: Canvas2D component + CVE-2026-4708: Incorrect boundary conditions in the Graphics component + CVE-2026-4709: Incorrect boundary conditions in the Audio/Video: GMP component + CVE-2026-4710: Incorrect boundary conditions in the Audio/Video component + CVE-2026-4711: Use-after-free in the Widget: Cocoa component + CVE-2026-4725: Sandbox escape due to use-after-free in the Graphics: Canvas2D component + CVE-2026-4712: Information disclosure in the Widget: Cocoa component + CVE-2026-4713: Incorrect boundary conditions in the Graphics component + CVE-2026-4714: Incorrect boundary conditions in the Audio/Video component + CVE-2026-4715: Uninitialized memory in the Graphics: Canvas2D component + CVE-2026-4716: Incorrect boundary conditions, uninitialized memory in the JavaScript Engine component + CVE-2026-4717: Privilege escalation in the Netmonitor component + CVE-2026-4726: Denial-of-service in the XML component + CVE-2025-59375: Denial-of-service in the XML component + CVE-2026-4727: Denial-of-service in the Libraries component in NSS + CVE-2026-4728: Spoofing issue in the Privacy: Anti-Tracking component + CVE-2026-4718: Undefined behavior in the WebRTC: Signaling component + CVE-2026-4719: Incorrect boundary conditions in the Graphics: Text component + CVE-2026-4720: Memory safety bugs fixed in Firefox ESR 140.9, Thunderbird ESR 140.9, Firefox 149 and Thunderbird 149 + CVE-2026-4729: Memory safety bugs fixed in Firefox 149 and Thunderbird 149 + CVE-2026-4721: Memory safety bugs fixed in Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird ESR 140.9, Firefox 149 and Thunderbird 149 * Sun Mar 15 2026 Ajrat Makhmutov 148.0.1-alt1 - New version. * Sat Feb 28 2026 Ajrat Makhmutov 148.0-alt2 - Update l10n for the 148. * Wed Feb 25 2026 Ajrat Makhmutov 148.0-alt1 - New version. - Fixes: + CVE-2026-2757: Incorrect boundary conditions in the WebRTC: Audio/Video component + CVE-2026-2758: Use-after-free in the JavaScript: GC component + CVE-2026-2759: Incorrect boundary conditions in the Graphics: ImageLib component + CVE-2026-2795: Use-after-free in the JavaScript: GC component + CVE-2026-2760: Sandbox escape due to incorrect boundary conditions in the Graphics: WebRender component + CVE-2026-2761: Sandbox escape in the Graphics: WebRender component + CVE-2026-2762: Integer overflow in the JavaScript: Standard Library component + CVE-2026-2763: Use-after-free in the JavaScript Engine component + CVE-2026-2764: JIT miscompilation, use-after-free in the JavaScript Engine: JIT component + CVE-2026-2796: JIT miscompilation in the JavaScript: WebAssembly component + CVE-2026-2797: Use-after-free in the JavaScript: GC component + CVE-2026-2765: Use-after-free in the JavaScript Engine component + CVE-2026-2766: Use-after-free in the JavaScript Engine: JIT component + CVE-2026-2767: Use-after-free in the JavaScript: WebAssembly component + CVE-2026-2768: Sandbox escape in the Storage: IndexedDB component + CVE-2026-2798: Use-after-free in the DOM: Core & HTML component + CVE-2026-2769: Use-after-free in the Storage: IndexedDB component + CVE-2026-2799: Use-after-free in the DOM: Core & HTML component + CVE-2026-2770: Use-after-free in the DOM: Bindings (WebIDL) component + CVE-2026-2771: Undefined behavior in the DOM: Core & HTML component + CVE-2026-2772: Use-after-free in the Audio/Video: Playback component + CVE-2026-2773: Incorrect boundary conditions in the Web Audio component + CVE-2026-2774: Integer overflow in the Audio/Video component + CVE-2026-2775: Mitigation bypass in the DOM: HTML Parser component + CVE-2026-2776: Sandbox escape due to incorrect boundary conditions in the Telemetry component in External Software + CVE-2026-2777: Privilege escalation in the Messaging System component + CVE-2026-2778: Sandbox escape due to incorrect boundary conditions in the DOM: Core & HTML component + CVE-2026-2779: Incorrect boundary conditions in the Networking: JAR component + CVE-2026-2800: Spoofing issue in the WebAuthn component in Firefox for Android + CVE-2026-2780: Privilege escalation in the Netmonitor component + CVE-2026-2781: Integer overflow in the Libraries component in NSS + CVE-2026-2801: Incorrect boundary conditions in the JavaScript: WebAssembly component + CVE-2026-2782: Privilege escalation in the Netmonitor component + CVE-2026-2783: Information disclosure due to JIT miscompilation in the JavaScript Engine: JIT component + CVE-2026-2802: Race condition in the JavaScript: GC component + CVE-2026-2803: Information disclosure, mitigation bypass in the Settings UI component + CVE-2026-2784: Mitigation bypass in the DOM: Security component + CVE-2026-2785: Invalid pointer in the JavaScript Engine component + CVE-2026-2804: Use-after-free in the JavaScript: WebAssembly component + CVE-2026-2786: Use-after-free in the JavaScript Engine component + CVE-2026-2805: Invalid pointer in the DOM: Core & HTML component + CVE-2026-2787: Use-after-free in the DOM: Window and Location component + CVE-2026-2788: Incorrect boundary conditions in the Audio/Video: GMP component + CVE-2026-2789: Use-after-free in the Graphics: ImageLib component + CVE-2026-2806: Uninitialized memory in the Graphics: Text component + CVE-2026-2790: Same-origin policy bypass in the Networking: JAR component + CVE-2026-2791: Mitigation bypass in the Networking: Cache component + CVE-2026-2807: Memory safety bugs fixed in Firefox 148 and Thunderbird 148 + CVE-2026-2792: Memory safety bugs fixed in Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148 + CVE-2026-2793: Memory safety bugs fixed in Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148 * Fri Feb 20 2026 Ajrat Makhmutov 147.0.2-alt1 - New version. - Fixes: + CVE-2026-2447: Heap buffer overflow in libvpx * Thu Feb 12 2026 Ajrat Makhmutov 147.0.1-alt1 - New version. - Fixes: + CVE-2026-0818: CSS-based exfiltration of the content from partially encrypted emails when allowing remote content * Thu Jan 15 2026 Ajrat Makhmutov 147.0-alt1 - New version. - Fixes: + CVE-2026-0877: Mitigation bypass in the DOM: Security component + CVE-2026-0878: Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component + CVE-2026-0879: Sandbox escape due to incorrect boundary conditions in the Graphics component + CVE-2026-0880: Sandbox escape due to integer overflow in the Graphics component + CVE-2026-0881: Sandbox escape in the Messaging System component + CVE-2026-0882: Use-after-free in the IPC component + CVE-2026-0883: Information disclosure in the Networking component + CVE-2026-0884: Use-after-free in the JavaScript Engine component + CVE-2026-0885: Use-after-free in the JavaScript: GC component + CVE-2026-0886: Incorrect boundary conditions in the Graphics component + CVE-2026-0887: Clickjacking issue, information disclosure in the PDF Viewer component + CVE-2026-0888: Information disclosure in the XML component + CVE-2026-0889: Denial-of-service in the DOM: Service Workers component + CVE-2026-0890: Spoofing issue in the DOM: Copy & Paste and Drag & Drop component + CVE-2026-0891: Memory safety bugs fixed in Firefox ESR 140.7, Thunderbird ESR 140.7, Firefox 147 and Thunderbird 147 + CVE-2026-0892: Memory safety bugs fixed in Firefox 147 and Thunderbird 147 * Sat Dec 20 2025 Ajrat Makhmutov 146.0.1-alt1 - New version. * Thu Dec 11 2025 Ajrat Makhmutov 146.0-alt1 - New version. - Fixes: + CVE-2025-14321: Use-after-free in the WebRTC: Signaling component + CVE-2025-14322: Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component + CVE-2025-14323: Privilege escalation in the DOM: Notifications component + CVE-2025-14324: JIT miscompilation in the JavaScript Engine: JIT component + CVE-2025-14325: JIT miscompilation in the JavaScript Engine: JIT component + CVE-2025-14326: Use-after-free in the Audio/Video: GMP component + CVE-2025-14327: Spoofing issue in the Downloads Panel component + CVE-2025-14328: Privilege escalation in the Netmonitor component + CVE-2025-14329: Privilege escalation in the Netmonitor component + CVE-2025-14330: JIT miscompilation in the JavaScript Engine: JIT component + CVE-2025-14331: Same-origin policy bypass in the Request Handling component + CVE-2025-14332: Memory safety bugs fixed in Firefox 146 and Thunderbird 146 + CVE-2025-14333: Memory safety bugs fixed in Firefox ESR 140.6, Thunderbird ESR 140.6, Firefox 146 and Thunderbird 146 * Mon Nov 17 2025 Ajrat Makhmutov 145.0-alt1 yuzu - Nintendo Switch emulator/debugger * Tue Apr 21 2026 Sergey V Turchin 1734-alt9 - fix compile with llvm-21 * Fri Mar 13 2026 Sergey V Turchin 1734-alt8 Total 20295 source packages.