[cyber] I: p9/branch packages: -3 +39 (18084)
QA Team Robot
qa на altlinux.org
Вс Окт 4 07:58:24 MSK 2020
3 REMOVED packages
apache2-mod_revocator 1.0.3-alt4
firefox-esr-l10n 68.0.1-alt1
thunderbird-ru 68.0-alt1
39 UPDATED packages
firefox-esr - The Mozilla Firefox project is a redesign of Mozilla's browser [345M]
* Thu Sep 24 2020 Andrey Cherepanov <cas на altlinux> 78.3.0-alt0.1.p9
- Backport new version to p9 branch.
* Wed Sep 23 2020 Andrey Cherepanov <cas на altlinux> 78.3.0-alt1
- New release (78.3.0).
- Fixes:
+ CVE-2020-15677 Download origin spoofing via redirect
+ CVE-2020-15676 XSS when pasting attacker-controlled data into a contenteditable element
+ CVE-2020-15678 When recursing through layers while scrolling, an iterator may have become invalid, resulting in a potential use-after-free
+ CVE-2020-15673 Memory safety bugs fixed in Firefox 81 and Firefox ESR 78.3
* Mon Sep 14 2020 Andrey Cherepanov <cas на altlinux> 78.2.0-alt1.1.p9
- Backport new version to p9 branch.
* Mon Sep 14 2020 Andrey Cherepanov <cas на altlinux> 78.2.0-alt2
- Allow sideloading app and system unsigned addons.
* Tue Aug 25 2020 Andrey Cherepanov <cas на altlinux> 78.2.0-alt1
- New release (78.2.0).
- Fixes:
+ CVE-2020-15663 Downgrade attack on the Mozilla Maintenance Service could have resulted in escalation of privilege
+ CVE-2020-15664 Attacker-induced prompt for extension installation
+ CVE-2020-15670 Memory safety bugs fixed in Firefox 80 and Firefox ESR 78.2
* Fri Aug 14 2020 Andrey Cherepanov <cas на altlinux> 78.1.0-alt2
- Remove python2-base from build requirements.
* Tue Jul 28 2020 Andrey Cherepanov <cas на altlinux> 78.1.0-alt1
- New release (78.1.0).
- Fixes:
+ CVE-2020-15652 Potential leak of redirect targets when loading scripts in a worker
+ CVE-2020-6514 WebRTC data channel leaks internal address to peer
+ CVE-2020-15655 Extension APIs could be used to bypass Same-Origin Policy
+ CVE-2020-15653 Bypassing iframe sandbox when allowing popups
+ CVE-2020-6463 Use-after-free in ANGLE gl::Texture::onUnbindAsSamplerTexture
+ CVE-2020-15656 Type confusion for special arguments in IonMonkey
+ CVE-2020-15658 Overriding file type when saving to disk
+ CVE-2020-15657 DLL hijacking due to incorrect loading path
+ CVE-2020-15654 Custom cursor can overlay user interface
+ CVE-2020-15659 Memory safety bugs fixed in Firefox 79 and Firefox ESR 78.1
* Sat Jul 18 2020 Andrey Cherepanov <cas на altlinux> 78.0.2-alt1
- New ESR version (78.0.2) (based on legion@ spec and patches).
- Package localization files bundled (only kk,ru,uk locales are suppored).
* Mon Jul 13 2020 Alexey Gladkov <legion на altlinux> 78.0.2-alt1
- New release (78.0.2).
- Fixes:
+ MFSA-2020-0003: X-Frame-Options bypass using object or embed tags
* Sat Jul 04 2020 Alexey Gladkov <legion на altlinux> 78.0.1-alt1
- New release (78.0.1).
- Fixes:
+ CVE-2020-12415: AppCache manifest poisoning due to url encoded character processing
+ CVE-2020-12416: Use-after-free in WebRTC VideoBroadcaster
+ CVE-2020-12417: Memory corruption due to missing sign-extension for ValueTags on ARM64
+ CVE-2020-12418: Information disclosure due to manipulated URL object
+ CVE-2020-12419: Use-after-free in nsGlobalWindowInner
+ CVE-2020-12420: Use-After-Free when trying to connect to a STUN server
+ CVE-2020-12402: RSA Key Generation vulnerable to side-channel attack
+ CVE-2020-12421: Add-On updates did not respect the same certificate trust rules as software updates
+ CVE-2020-12422: Integer overflow in nsJPEGEncoder::emptyOutputBuffer
+ CVE-2020-12423: DLL Hijacking due to searching %PATH% for a library
+ CVE-2020-12424: WebRTC permission prompt could have been bypassed by a compromised content process
+ CVE-2020-12425: Out of bound read in Date.parse()
+ CVE-2020-12426: Memory safety bugs fixed in Firefox 78
* Wed Jun 03 2020 Andrey Cherepanov <cas на altlinux> 68.9.0-alt1
jss - Java Security Services (JSS)
* Sat Sep 19 2020 Andrey Cherepanov <cas на altlinux> 4.6.2-alt2.1
- NMU: Fix build with nss-3.52.
- NMU: Fix bigus timestamp in changelog.
* Thu Nov 07 2019 Stanislav Levin <slev на altlinux> 4.6.2-alt2
kernel-image-std-def - The Linux kernel (the core of the Linux operating system)
* Wed Sep 30 2020 Kernel Bot <kernelbot на altlinux> 1:5.4.68-alt1.1
- SD card usage on Raspberry Pi 3 fixed
* Mon Sep 28 2020 Kernel Bot <kernelbot на altlinux> 1:5.4.68-alt1
- v5.4.68
* Thu Sep 24 2020 Kernel Bot <kernelbot на altlinux> 1:5.4.67-alt3
- memory sanitize patch added
* Thu Sep 24 2020 Kernel Bot <kernelbot на altlinux> 1:5.4.67-alt2
- lost baikal-m patches added
* Wed Sep 23 2020 Kernel Bot <kernelbot на altlinux> 1:5.4.67-alt1
- v5.4.67
* Tue Sep 22 2020 Kernel Bot <kernelbot на altlinux> 1:5.4.66-alt1
- v5.4.66
* Fri Sep 18 2020 Kernel Bot <kernelbot на altlinux> 1:5.4.65-alt2
- baikal-m drivers and configuration from asheplyakov@ merged
* Wed Sep 16 2020 Kernel Bot <kernelbot на altlinux> 1:5.4.65-alt1
- v5.4.65
* Thu Sep 10 2020 Kernel Bot <kernelbot на altlinux> 1:5.4.64-alt1
- v5.4.64 (Fixes: CVE-2020-12888, CVE-2020-14386)
* Thu Sep 03 2020 Kernel Bot <kernelbot на altlinux> 1:5.4.62-alt1
kernel-modules-LiME-std-def - LiME module for Linux kernel
* Sat Oct 03 2020 Anton V. Boyarshinov <boyarsh на altlinux> 1.8.1-alt2.328772.1.1
- Build for kernel-image-std-def-5.4.68-alt1.1.
Note: changelog entry for 1.8.1-alt1.328766.1 not found.
kernel-modules-accel-ppp-std-def - Linux Kernel drivers support IPoE for accel-ppp
* Sat Oct 03 2020 Alexei Takaseev <taf на altlinux> 1.12.0-alt1.328772.1.1
- Build for kernel-image-std-def-5.4.68-alt1.1.
* Tue Aug 06 2019 Alexei Takaseev <taf на altlinux> 1.12.0-alt1
Note: changelog entry for 1.12.0-alt1.328766.1 not found.
kernel-modules-acpi_call-std-def - acpi_call module
* Sat Oct 03 2020 Anton V. Boyarshinov <boyarsh на altlinux> 0.1-alt5.k.328772.1.1
- Build for kernel-image-std-def-5.4.68-alt1.1.
* Mon Dec 17 2012 Gleb F-Malinovskiy <glebfm на altlinux> 0.1-alt3
Note: changelog entry for 0.1-alt5.k.328766.1 not found.
kernel-modules-bbswitch-std-def - bbswitch module
* Sat Oct 03 2020 Anton V. Boyarshinov <boyarsh на altlinux> 0.8-alt1.k.328772.1.1
- Build for kernel-image-std-def-5.4.68-alt1.1.
* Mon Dec 23 2013 Anton V. Boyarshinov <boyarsh на altlinux> 0.7-alt1
Note: changelog entry for 0.8-alt1.k.328766.1 not found.
kernel-modules-bcmwl-std-def - Modules for Broadcom-based WiFi .11a/b/g adapters
* Sat Oct 03 2020 Nikolai Kostrigin <nickel на altlinux> 6.30.223.248-alt17.328772.1.1
- Build for kernel-image-std-def-5.4.68-alt1.1.
* Fri Sep 06 2019 Nikolai Kostrigin <nickel на altlinux> 6.30.223.248-alt17
Note: changelog entry for 6.30.223.248-alt17.328766.1 not found.
kernel-modules-ch34x-std-def - Linux ch34x modules for CH340 serial to usb chip.
* Sat Oct 03 2020 Anton V. Boyarshinov <boyarsh на altlinux> 20180821-alt1.328772.1.1
- Build for kernel-image-std-def-5.4.68-alt1.1.
Note: changelog entry for 20180821-alt1.328766.1 not found.
kernel-modules-dm-secdel-std-def - dm-linear with secure deletion on discard
* Sat Oct 03 2020 Vitaly Chikunov <vt на altlinux> 1:1.0.7-alt2.328772.1.1
- Build for kernel-image-std-def-5.4.68-alt1.1.
Note: changelog entry for 1:1.0.7-alt2.328766.1 not found.
kernel-modules-drbd9-std-def - Kernel driver for DRBD
* Sat Oct 03 2020 Andrew A. Vasilyev (Andrew A. Vasilyev) <andy на altlinux> 1:9.0.23-alt1.328772.1.1
- Build for kernel-image-std-def-5.4.68-alt1.1.
Note: changelog entry for 1:9.0.23-alt1.328766.1 not found.
kernel-modules-e1000e-std-def - E1000E Driver for e1000 Intel(R) Ethernet adapter
* Sat Oct 03 2020 Anton V. Boyarshinov <boyarsh на altlinux> 3.4.2.1-alt2.328772.1.1
- Build for kernel-image-std-def-5.4.68-alt1.1.
Note: changelog entry for 3.4.2.1-alt2.328766.1 not found.
kernel-modules-ipset-std-def - ipset kernel modules
* Sat Oct 03 2020 Anton Farygin <rider на altlinux> 7.5-alt1.328772.1.1
- Build for kernel-image-std-def-5.4.68-alt1.1.
* Wed Jan 15 2020 Anton Farygin <rider на altlinux> 7.5-alt1
Note: changelog entry for 7.5-alt1.328766.1 not found.
kernel-modules-ipt-ratelimit-std-def - Linux kernel module for ipt-ratelimit
* Sat Oct 03 2020 Alexei Takaseev <taf на altlinux> 0.3.2-alt1.328772.1.1
- Build for kernel-image-std-def-5.4.68-alt1.1.
* Wed Aug 19 2020 Alexei Takaseev <taf на altlinux> 0.3.2-alt1
Note: changelog entry for 0.3.2-alt1.328766.1 not found.
kernel-modules-ipt-so-std-def - Iptables match for Security Options (IPSO) Labels (kernel module)
* Sat Oct 03 2020 Vitaly Chikunov <vt на altlinux> 1.0-alt6.328772.1.1
- Build for kernel-image-std-def-5.4.68-alt1.1.
Note: changelog entry for 1.0-alt6.328766.1 not found.
kernel-modules-ipt_netflow-std-def - Netflow iptables module for Linux kernel
* Sat Oct 03 2020 Anton V. Boyarshinov <boyarsh на altlinux> 2.5-alt1.k.328772.1.1
- Build for kernel-image-std-def-5.4.68-alt1.1.
* Tue Feb 10 2015 Anton V. Boyarshinov <boyarsh на altlinux> 2.1-alt1
Note: changelog entry for 2.5-alt1.k.328766.1 not found.
kernel-modules-ixgbe-std-def - Intel(R) 10GbE PCI Express Linux Network Driver
* Sat Oct 03 2020 Alexei Takaseev <taf на altlinux> 5.8.1-alt1.328772.1.1
- Build for kernel-image-std-def-5.4.68-alt1.1.
* Wed Aug 19 2020 Alexei Takaseev <taf на altlinux> 5.8.1-alt1
Note: changelog entry for 5.8.1-alt1.328766.1 not found.
kernel-modules-kvdo-std-def - Kernel modules which provide pools of deduplicated and compressed block storage
* Sat Oct 03 2020 Vitaly Chikunov <vt на altlinux> 6.2.2.117-alt1.328772.1.1
- Build for kernel-image-std-def-5.4.68-alt1.1.
Note: changelog entry for 6.2.2.117-alt1.328766.1 not found.
kernel-modules-linux-gpib-std-def - linux-gpib kernel modules
* Sat Oct 03 2020 Vladislav Zavjalov <slazav на altlinux> 4.3.0-alt3.328772.1.1
- Build for kernel-image-std-def-5.4.68-alt1.1.
Note: changelog entry for 4.3.0-alt3.328766.1 not found.
kernel-modules-lsadrv-std-def - Linux Kernel drivers supporting Hitachi StarBoard interactive whiteboard
* Sat Oct 03 2020 Vitaly Chikunov <vt на altlinux> 1:1.2.3-alt4.328772.1.1
- Build for kernel-image-std-def-5.4.68-alt1.1.
* Thu Oct 27 2016 Anton V. Boyarshinov <boyarsh на altlinux> 1:1.2.3-alt2
Note: changelog entry for 1:1.2.3-alt4.328766.1 not found.
kernel-modules-ndpi-std-def - Deep packet inspection module for Linux kernel
* Sat Oct 03 2020 Anton V. Boyarshinov <boyarsh на altlinux> 2.6-alt2.328772.1.1
- Build for kernel-image-std-def-5.4.68-alt1.1.
Note: changelog entry for 2.6-alt2.328766.1 not found.
kernel-modules-nvidia-std-def - nVidia video card drivers
* Sat Oct 03 2020 Sergey V Turchin <zerg на altlinux> 450.57-alt2.328772.1.1
- Build for kernel-image-std-def-5.4.68-alt1.1.
* Wed Sep 16 2020 Sergey V Turchin <zerg на altlinux> 450.57-alt2
Note: changelog entry for 450.57-alt2.328766.1 not found.
kernel-modules-nxp-pn71xx-getmobit-std-def - NXP's NFC Open Source kernel module optimized for GM-box
* Sat Oct 03 2020 Nikolai Kostrigin <nickel на altlinux> 1.4-alt1.328772.1.1
- Build for kernel-image-std-def-5.4.68-alt1.1.
* Wed Aug 14 2019 Nikolai Kostrigin <nickel на altlinux> 1.4-alt1
Note: changelog entry for 1.4-alt1.328766.1 not found.
kernel-modules-r8168-std-def - Linux driver for RealTek Ethernet controllers
* Sat Oct 03 2020 Nazarov Denis (nenderus) <nenderus на altlinux> 8.048.02-alt1.k.328772.1.1
- Build for kernel-image-std-def-5.4.68-alt1.1.
* Thu Apr 16 2020 Nazarov Denis <nenderus на altlinux> 8.048.02-alt1
Note: changelog entry for 8.048.02-alt1.k.328766.1 not found.
kernel-modules-rtl8723de-std-def - Module for Realtek RTL8723DE
* Sat Oct 03 2020 Sergey V Turchin <zerg на altlinux> 5.1.1.8-alt15.328772.1.1
- Build for kernel-image-std-def-5.4.68-alt1.1.
* Tue Mar 10 2020 Sergey V Turchin <zerg на altlinux> 5.1.1.8-alt15
Note: changelog entry for 5.1.1.8-alt15.328766.1 not found.
kernel-modules-rtl8821ce-std-def - Module for Realtek RTL8821CE
* Sat Oct 03 2020 shrek на altlinux.ru (Valery Inozemtsev) <shrek на altlinux> 5.5.2-alt1.328772.1.1
- Build for kernel-image-std-def-5.4.68-alt1.1.
Note: changelog entry for 5.5.2-alt1.328766.1 not found.
kernel-modules-tripso-std-def - Translate between CISPO and AstraLinux labels
* Sat Oct 03 2020 Vitaly Chikunov <vt на altlinux> 1.1-alt1.328772.1.1
- Build for kernel-image-std-def-5.4.68-alt1.1.
Note: changelog entry for 1.1-alt1.328766.1 not found.
kernel-modules-vhba-std-def - VHBA virtual host bus adapter module
* Sat Oct 03 2020 Nazarov Denis (nenderus) <nenderus на altlinux> 20190410-alt1.k.328772.1.1
- Build for kernel-image-std-def-5.4.68-alt1.1.
* Mon Jun 17 2019 Nazarov Denis <nenderus на altlinux> 20190410-alt1
Note: changelog entry for 20190410-alt1.k.328766.1 not found.
kernel-modules-virtualbox-addition-std-def - VirtualBox modules
* Sat Oct 03 2020 Valery Sinelnikov (ALT) <greh на altlinux> 6.1.8-alt1.328772.1.1
- Build for kernel-image-std-def-5.4.68-alt1.1.
* Thu May 21 2020 Valery Sinelnikov <greh на altlinux> 6.1.8-alt1
Note: changelog entry for 6.1.8-alt1.328766.1 not found.
kernel-modules-virtualbox-std-def - VirtualBox modules
* Sat Oct 03 2020 Valery Sinelnikov (ALT) <greh на altlinux> 6.1.8-alt1.328772.1.1
- Build for kernel-image-std-def-5.4.68-alt1.1.
* Thu May 21 2020 Valery Sinelnikov <greh на altlinux> 6.1.8-alt1
Note: changelog entry for 6.1.8-alt1.328766.1 not found.
kernel-modules-wireguard-std-def - Wireguard is a fast, modern, secure VPN tunnel module for Linux kernel
* Sat Oct 03 2020 Nikolai Kostrigin <nickel на altlinux> 1.0.20200908-alt1.328772.1.1
- Build for kernel-image-std-def-5.4.68-alt1.1.
* Wed Sep 09 2020 Nikolai Kostrigin <nickel на altlinux> 1.0.20200908-alt1
Note: changelog entry for 1.0.20200908-alt1.328766.1 not found.
kernel-modules-xtables-addons-std-def - xtables-addons kernel module
* Sat Oct 03 2020 Anton Farygin <rider на altlinux> 3.9-alt1.328772.1.1
- Build for kernel-image-std-def-5.4.68-alt1.1.
* Tue Mar 10 2020 Anton Farygin <rider на altlinux> 3.9-alt1
Note: changelog entry for 3.9-alt1.328766.1 not found.
kernel-modules-zfs-std-def - ZFS Linux modules
* Sat Oct 03 2020 Anton Farygin <rider на altlinux> 0.8.4-alt1.328772.1.1
- Build for kernel-image-std-def-5.4.68-alt1.1.
Note: changelog entry for 0.8.4-alt1.328766.1 not found.
nspr - Netscape Portable Runtime (NSPR)
* Tue Sep 08 2020 Alexey Gladkov <legion на altlinux> 1:4.28-alt1
- New version (4.28).
* Thu Jul 30 2020 Alexey Gladkov <legion на altlinux> 1:4.27-alt1
- New version (4.27).
* Mon Jun 29 2020 Alexey Gladkov <legion на altlinux> 1:4.26-alt1
- New version (4.26).
* Fri Feb 14 2020 Alexey Gladkov <legion на altlinux> 1:4.25-alt1
nss - Netscape Network Security Services(NSS) [58M]
* Tue Sep 08 2020 Alexey Gladkov <legion на altlinux> 3.56.0-alt1
- New version (3.56).
* Thu Jul 30 2020 Alexey Gladkov <legion на altlinux> 3.55.0-alt1
- New version (3.55).
- Security fixes:
+ CVE-2020-6829, CVE-2020-12400: Replace P384 and P521 with new, verifiable implementations from Fiat-Crypto and ECCKiila.
+ CVE-2020-12401: Remove unnecessary scalar padding.
+ CVE-2020-12403: Explicitly disable multi-part ChaCha20 (which was not functioning correctly) and more strictly enforce tag length.
* Mon Jun 29 2020 Alexey Gladkov <legion на altlinux> 3.54.0-alt1
- New version (3.54).
- Merge libnss and libnss-sysinit.
- Certificate Authority Changes:
+ Add CN = certSIGN Root CA G2
+ Add CN = e-Szigno Root CA 2017
+ Add CN = Microsoft ECC Root Certificate Authority 2017
+ Add CN = Microsoft RSA Root Certificate Authority 2017
+ Remove CN = AddTrust Class 1 CA Root
+ Remove CN = AddTrust External CA Root
+ Remove CN = LuxTrust Global Root 2
+ Remove CN = Staat der Nederlanden Root CA - G2
+ Remove CN = Symantec Class 2 Public Primary Certification Authority - G4
+ Remove CN = Symantec Class 1 Public Primary Certification Authority - G4
+ Remove CN = VeriSign Class 3 Public Primary Certification Authority - G3
* Wed Jun 24 2020 Alexey Gladkov <legion на altlinux> 3.53.0-alt4
- Enable an RFC3280 compliant certificate path validation library (ALT#38636).
* Wed Jun 10 2020 Alexey Gladkov <legion на altlinux> 3.53.0-alt3
- Fix build with nss headers and -Werror=strict-prototypes (ALT#38597).
* Mon Jun 08 2020 Alexey Gladkov <legion на altlinux> 3.53.0-alt2
- Enable NSS legacy DBM type (ALT#38590).
* Thu Jun 04 2020 Alexey Gladkov <legion на altlinux> 3.53.0-alt1
- New version (3.53).
- Security fixes:
+ CVE-2020-12399 - Force a fixed length for DSA exponentiation
* Wed May 06 2020 Alexey Gladkov <legion на altlinux> 3.52.0-alt1
- New version (3.52).
- Stop pulling in nss-pem automatically, packages that need it should depend on it.
* Sat Mar 14 2020 Alexey Gladkov <legion на altlinux> 3.51.0-alt1
p11-kit - Utilities for PKCS#11 modules
* Thu Jun 04 2020 Andrew Savchenko <bircoph на altlinux> 0.23.15-alt2
- Add rpm-macros-alternatives build dependency for %_altdir.
* Tue Apr 02 2019 Mikhail Efremov <sem на altlinux> 0.23.15-alt1
seamonkey - Web browser and mail reader [294M]
* Wed Sep 23 2020 Andrey Cherepanov <cas на altlinux> 1:2.53.4-alt1
- New version.
* Sat Sep 19 2020 Andrey Cherepanov <cas на altlinux> 1:2.53.3-alt2
- Fix build with Rust 1.45 (see https://bugzilla.mozilla.org/show_bug.cgi?id=1617782).
* Mon Jul 13 2020 Andrey Cherepanov <cas на altlinux> 1:2.53.3-alt1
- New version.
* Mon May 18 2020 Andrey Cherepanov <cas на altlinux> 1:2.53.2-alt1
seamonkey-ru - Russian (RU) Language Pack for Seamonkey
* Wed Sep 23 2020 Andrey Cherepanov <cas на altlinux> 2.53.4-alt1
- New version.
* Mon Jul 13 2020 Andrey Cherepanov <cas на altlinux> 2.53.3-alt1
- New version.
* Tue May 19 2020 Andrey Cherepanov <cas на altlinux> 2.53.2-alt1
thunderbird - Thunderbird is Mozilla's e-mail client [363M]
* Sat Sep 26 2020 Andrey Cherepanov <cas на altlinux> 78.3.1-alt1
- New version (78.3.1).
- Fix Thunderbird crash after updating to 78.3.0.
* Fri Sep 25 2020 Andrey Cherepanov <cas на altlinux> 78.3.0-alt1
- New version (78.3.0).
- Fixes:
+ CVE-2020-15677 Download origin spoofing via redirect
+ CVE-2020-15676 XSS when pasting attacker-controlled data into a contenteditable element
+ CVE-2020-15678 When recursing through layers while scrolling, an iterator may have become invalid, resulting in a potential use-after-free
+ CVE-2020-15673 Memory safety bugs fixed in Thunderbird 78.3
* Sat Sep 19 2020 Andrey Cherepanov <cas на altlinux> 78.2.2-alt2
- Fix show folders and messages by patches from Debian (ALT #38964).
* Thu Sep 17 2020 Andrey Cherepanov <cas на altlinux> 78.2.2-alt1
- New version (78.2.2).
* Wed Sep 02 2020 Andrey Cherepanov <cas на altlinux> 78.2.1-alt1
- New version (78.2.1).
- Fixes:
+ CVE-2020-15663 Downgrade attack on the Mozilla Maintenance Service could have resulted in escalation of privilege
+ CVE-2020-15664 Attacker-induced prompt for extension installation
+ CVE-2020-15670 Memory safety bugs fixed in Thunderbird 78.2
- Build without thunderbird-enigmail because this extension is not compatible
with Thunderbird 78.x.
* Tue Aug 18 2020 Aleksei Nikiforov <darktemplar на altlinux> 78.1.1-alt1
- Updated to upstream version 78.1.1 (thx to cas@ and sbolshakov@).
- Fixes:
+ CVE-2020-15652 Potential leak of redirect targets when loading scripts in a worker
+ CVE-2020-6514 WebRTC data channel leaks internal address to peer
+ CVE-2020-15655 Extension APIs could be used to bypass Same-Origin Policy
+ CVE-2020-15653 Bypassing iframe sandbox when allowing popups
+ CVE-2020-6463 Use-after-free in ANGLE gl::Texture::onUnbindAsSamplerTexture
+ CVE-2020-15656 Type confusion for special arguments in IonMonkey
+ CVE-2020-15658 Overriding file type when saving to disk
+ CVE-2020-15657 DLL hijacking due to incorrect loading path
+ CVE-2020-15654 Custom cursor can overlay user interface
+ CVE-2020-15659 Memory safety bugs fixed in Thunderbird 78.1
* Tue Jul 21 2020 Andrey Cherepanov <cas на altlinux> 78.0-alt1
- New version (78.0).
- Fixes:
+ CVE-2020-12415 AppCache manifest poisoning due to url encoded character processing
+ CVE-2020-12416 Use-after-free in WebRTC VideoBroadcaster
+ CVE-2020-12417 Memory corruption due to missing sign-extension for ValueTags on ARM64
+ CVE-2020-12418 Information disclosure due to manipulated URL object
+ CVE-2020-12419 Use-after-free in nsGlobalWindowInner
+ CVE-2020-12420 Use-After-Free when trying to connect to a STUN server
+ CVE-2020-15648 X-Frame-Options bypass using object or embed tags
+ CVE-2020-12402 RSA Key Generation vulnerable to side-channel attack
+ CVE-2020-12421 Add-On updates did not respect the same certificate trust rules as software updates
+ CVE-2020-12422 Integer overflow in nsJPEGEncoder::emptyOutputBuffer
+ CVE-2020-12423 DLL Hijacking due to searching %PATH% for a library
+ CVE-2020-12424 WebRTC permission prompt could have been bypassed by a compromised content process
+ CVE-2020-12425 Out of bound read in Date.parse()
+ CVE-2020-12426 Memory safety bugs fixed in Thunderbird 78
- Build with bundled languages: kk, ru, uk.
* Mon Jul 13 2020 Andrey Cherepanov <cas на altlinux> 68.10.0-alt1
- New version (68.10.0).
- Fixes:
+ CVE-2020-12417 Memory corruption due to missing sign-extension for ValueTags on ARM64
+ CVE-2020-12418 Information disclosure due to manipulated URL object
+ CVE-2020-12419 Use-after-free in nsGlobalWindowInner
+ CVE-2020-12420 Use-After-Free when trying to connect to a STUN server
+ CVE-2020-12421 Add-On updates did not respect the same certificate trust rules as software updates
+ MFSA-2020-0001 Automatic account setup leaks Microsoft Exchange login credentials
- Enigmail 2.1.7.
* Thu Jun 04 2020 Andrey Cherepanov <cas на altlinux> 68.9.0-alt1
Total 18084 source packages.
Подробная информация о списке рассылки Sisyphus-cybertalk