[cyber] I: p9/branch packages: +16 (18282)
QA Team Robot
qa на altlinux.org
Пт Апр 29 03:19:42 MSK 2022
16 UPDATED packages
firefox - The Mozilla Firefox project is a redesign of Mozilla's browser [389M]
* Fri Oct 29 2021 Andrey Cherepanov <cas на altlinux> 93.0-alt0.p9.1
- Backport new version to p9 branch.
* Wed Oct 06 2021 Alexey Gladkov <legion на altlinux> 93.0-alt1
- New release (93.0).
- Security fixes:
+ CVE-2021-38496: Use-after-free in MessageTask
+ CVE-2021-38497: Validation message could have been overlaid on another origin
+ CVE-2021-38498: Use-after-free of nsLanguageAtomService object
+ CVE-2021-32810: Data race in crossbeam-deque
+ CVE-2021-38500: Memory safety bugs fixed in Firefox 93, Firefox ESR 78.15, and Firefox ESR 91.2
+ CVE-2021-38501: Memory safety bugs fixed in Firefox 93 and Firefox ESR 91.2
+ CVE-2021-38499: Memory safety bugs fixed in Firefox 93
* Tue Sep 28 2021 Alexey Gladkov <legion на altlinux> 92.0.1-alt1
- New release (92.0.1).
* Tue Sep 07 2021 Alexey Gladkov <legion на altlinux> 92.0-alt1
- New release (92.0).
- Security fixes:
+ CVE-2021-29993: Handling custom intents could lead to crashes and UI spoofs
+ CVE-2021-38491: Mixed-Content-Blocking was unable to check opaque origins
+ CVE-2021-38492: Navigating to `mk:` URL scheme could load Internet Explorer
+ CVE-2021-38493: Memory safety bugs fixed in Firefox 92, Firefox ESR 78.14 and Firefox ESR 91.1
+ CVE-2021-38494: Memory safety bugs fixed in Firefox 92
* Tue Sep 07 2021 Alexey Gladkov <legion на altlinux> 91.0.2-alt2
- Rebuild with llvm12.0.
* Wed Aug 25 2021 Alexey Gladkov <legion на altlinux> 91.0.2-alt1
- New release (91.0.2).
* Wed Aug 18 2021 Alexey Gladkov <legion на altlinux> 91.0.1-alt1
- New release (91.0.1).
- Security fixes:
+ CVE-2021-29991: Header Splitting possible with HTTP/3 Responses
* Tue Aug 10 2021 Alexey Gladkov <legion на altlinux> 91.0-alt1
- New release (91.0).
- Security fixes:
+ CVE-2021-29986: Race condition when resolving DNS names could have led to memory corruption
+ CVE-2021-29981: Live range splitting could have led to conflicting assignments in the JIT
+ CVE-2021-29988: Memory corruption as a result of incorrect style treatment
+ CVE-2021-29983: Firefox for Android could get stuck in fullscreen mode
+ CVE-2021-29984: Incorrect instruction reordering during JIT optimization
+ CVE-2021-29980: Uninitialized memory in a canvas object could have led to memory corruption
+ CVE-2021-29987: Users could have been tricked into accepting unwanted permissions on Linux
+ CVE-2021-29985: Use-after-free media channels
+ CVE-2021-29982: Single bit data leak due to incorrect JIT optimization and type confusion
+ CVE-2021-29989: Memory safety bugs fixed in Firefox 91 and Firefox ESR 78.13
+ CVE-2021-29990: Memory safety bugs fixed in Firefox 91
* Fri Jul 23 2021 Alexey Gladkov <legion на altlinux> 90.0.2-alt1
- New release (90.0.2).
* Tue Jul 20 2021 Alexey Gladkov <legion на altlinux> 90.0.1-alt1
- New release (90.0.1).
* Tue Jul 13 2021 Alexey Gladkov <legion на altlinux> 90.0-alt1
- New release (90.0).
- Move rpm-build-firefox from firefox to separate package.
- Security fixes:
+ CVE-2021-29970: Use-after-free in accessibility features of a document
+ CVE-2021-29971: Granted permissions only compared host; omitting scheme and port on Android
+ CVE-2021-30547: Out of bounds write in ANGLE
+ CVE-2021-29972: Use of out-of-date library included use-after-free vulnerability
+ CVE-2021-29973: Password autofill on HTTP websites was enabled without user interaction on Android
+ CVE-2021-29974: HSTS errors could be overridden when network partitioning was enabled
+ CVE-2021-29975: Text message could be overlaid on top of another website
+ CVE-2021-29976: Memory safety bugs fixed in Firefox 90 and Firefox ESR 78.12
+ CVE-2021-29977: Memory safety bugs fixed in Firefox 90
* Fri Jul 09 2021 Alexey Gladkov <legion на altlinux> 89.0.2-alt2
- Enable searching system- and account-global directories for extensions (ALT#40364).
* Tue Jun 29 2021 Alexey Gladkov <legion на altlinux> 89.0.2-alt1
- New release (89.0.2).
* Thu Jun 17 2021 Alexey Gladkov <legion на altlinux> 89.0.1-alt1
- New release (89.0.1).
- Security fixes:
+ CVE-2021-29968: Out of bounds read when drawing text characters onto a Canvas
* Thu Jun 03 2021 Alexey Gladkov <legion на altlinux> 89.0-alt1
- New release (89.0).
- Security fixes:
+ CVE-2021-29965: Password Manager on Firefox for Android susceptible to domain spoofing
+ CVE-2021-29960: Filenames printed from private browsing mode incorrectly retained in preferences
+ CVE-2021-29961: Firefox UI spoof using `<select>` elements and CSS scaling
+ CVE-2021-29963: Shared cookies for search suggestions in private browsing mode
+ CVE-2021-29964: Out of bounds-read when parsing a `WM_COPYDATA` message
+ CVE-2021-29959: Devices could be re-enabled without additional permission prompt
+ CVE-2021-29962: No rate-limiting for popups on Firefox for Android
+ CVE-2021-29967: Memory safety bugs fixed in Firefox 89 and Firefox ESR 78.11
+ CVE-2021-29966: Memory safety bugs fixed in Firefox 89
* Fri May 07 2021 Alexey Gladkov <legion на altlinux> 88.0.1-alt1
- New release (88.0.1).
- Security fixes:
+ CVE-2021-29953: Universal Cross-Site Scripting
+ CVE-2021-29952: Race condition in Web Render Components
* Mon Apr 19 2021 Alexey Gladkov <legion на altlinux> 88.0-alt1
- New release (88.0).
- Security fixes:
+ CVE-2021-23994: Out of bound write due to lazy initialization
+ CVE-2021-23995: Use-after-free in Responsive Design Mode
+ CVE-2021-23996: Content rendered outside of webpage viewport
+ CVE-2021-23997: Use-after-free when freeing fonts from cache
+ CVE-2021-23998: Secure Lock icon could have been spoofed
+ CVE-2021-23999: Blob URLs may have been granted additional privileges
+ CVE-2021-24000: requestPointerLock() could be applied to a tab different from the visible tab
+ CVE-2021-24001: Testing code could have enabled session history manipulations by a compromised content process
+ CVE-2021-24002: Arbitrary FTP command execution on FTP servers using an encoded URL
+ CVE-2021-29945: Incorrect size computation in WebAssembly JIT could lead to null-reads
+ CVE-2021-29944: HTML injection vulnerability in Firefox for Android's Reader View
+ CVE-2021-29946: Port blocking could be bypassed
+ CVE-2021-29947: Memory safety bugs fixed in Firefox 88
* Wed Mar 24 2021 Alexey Gladkov <legion на altlinux> 87.0-alt1
- New release (87.0).
- Security fixes:
+ CVE-2021-23981: Texture upload into an unbound backing buffer resulted in an out-of-bound read
+ CVE-2021-23982: Internal network hosts could have been probed by a malicious webpage
+ CVE-2021-23983: Transitions for invalid ::marker properties resulted in memory corruption
+ CVE-2021-23984: Malicious extensions could have spoofed popup information
+ CVE-2021-23985: Devtools remote debugging feature could have been enabled without indication to the user
+ CVE-2021-23986: A malicious extension could have performed credential-less same origin policy violations
+ CVE-2021-23987: Memory safety bugs fixed in Firefox 87 and Firefox ESR 78.9
+ CVE-2021-23988: Memory safety bugs fixed in Firefox 87
* Mon Mar 01 2021 Alexey Gladkov <legion на altlinux> 86.0-alt1
- New release (86.0).
- Security fixes:
+ CVE-2021-23969: Content Security Policy violation report could have contained the destination of a redirect
+ CVE-2021-23970: Multithreaded WASM triggered assertions validating separation of script domains
+ CVE-2021-23968: Content Security Policy violation report could have contained the destination of a redirect
+ CVE-2021-23974: noscript elements could have led to an HTML Sanitizer bypass
+ CVE-2021-23971: A website's Referrer-Policy could have been be overridden, potentially resulting in the full URL being sent as a Referrer
+ CVE-2021-23976: Local spoofing of web manifests for arbitrary pages in Firefox for Android
+ CVE-2021-23977: Malicious application could read sensitive data from Firefox for Android's application directories
+ CVE-2021-23972: HTTP Auth phishing warning was omitted when a redirect is cached
+ CVE-2021-23975: about:memory Measure function caused an incorrect pointer operation
+ CVE-2021-23973: MediaError message property could have leaked information about cross-origin resources
+ CVE-2021-23978: Memory safety bugs fixed in Firefox 86 and Firefox ESR 78.8
+ CVE-2021-23979: Memory safety bugs fixed in Firefox 86
* Tue Feb 09 2021 Alexey Gladkov <legion на altlinux> 85.0.2-alt1
- New release (85.0.2).
* Fri Feb 05 2021 Alexey Gladkov <legion на altlinux> 85.0.1-alt1
- New release (85.0.1).
- Security fixes:
+ MOZ-2021-0001: Buffer overflow in depth pitch calculations for compressed textures
* Tue Jan 26 2021 Alexey Gladkov <legion на altlinux> 85.0-alt1
- New release (85.0).
- Security fixes:
+ CVE-2021-23953: Cross-origin information leakage via redirected PDF requests
+ CVE-2021-23954: Type confusion when using logical assignment operators in JavaScript switch statements
+ CVE-2021-23955: Clickjacking across tabs through misusing requestPointerLock
+ CVE-2021-23956: File picker dialog could have been used to disclose a complete directory
+ CVE-2021-23957: Iframe sandbox could have been bypassed on Android via the intent URL scheme
+ CVE-2021-23958: Screen sharing permission leaked across tabs
+ CVE-2021-23959: Cross-Site Scripting in error pages on Firefox for Android
+ CVE-2021-23960: Use-after-poison for incorrectly redeclared JavaScript variables during GC
+ CVE-2021-23961: More internal network hosts could have been probed by a malicious webpage
+ CVE-2021-23962: Use-after-poison in <code>nsTreeBodyFrame::RowCountChanged</code>
+ CVE-2021-23963: Permission prompt inaccessible after asking for additional permissions
+ CVE-2021-23964: Memory safety bugs fixed in Firefox 85 and Firefox ESR 78.7
+ CVE-2021-23965: Memory safety bugs fixed in Firefox 85
* Wed Jan 06 2021 Alexey Gladkov <legion на altlinux> 84.0.2-alt1
- New release (84.0.2).
- Security fixes:
+ CVE-2020-16044: Use-after-free write when handling a malicious COOKIE-ECHO SCTP chunk
- Add firefox GNOME Shell search provider.
- Enable smooth scrolling option.
* Sun Jan 03 2021 Andrey Cherepanov <cas на altlinux> 82.0.3-alt0.1.p9
firefox-esr - The Mozilla Firefox project is a redesign of Mozilla's browser (ESR version) [389M]
* Fri Apr 08 2022 Andrey Cherepanov <cas на altlinux> 91.7.0-alt0.p9.1
- Backport new ESR version to p9 branch.
* Sun Mar 13 2022 Pavel Vasenkov <pav на altlinux> 91.7.0-alt1
- New ESR version.
- Security fixes:
+ CVE-2022-26383 Browser window spoof using fullscreen mode
+ CVE-2022-26384 iframe allow-scripts sandbox bypass
+ CVE-2022-26387 Time-of-check time-of-use bug when verifying add-on signatures
+ CVE-2022-26381 Use-after-free in text reflows
+ CVE-2022-26386 Temporary files downloaded to /tmp and accessible by other local users
* Mon Mar 07 2022 Pavel Vasenkov <pav на altlinux> 91.6.1-alt1
- New ESR version.
- Security fixes:
+ CVE-2022-26485 Use-after-free in XSLT parameter processing
+ CVE-2022-26486 Use-after-free in WebGPU IPC Framework
* Sat Feb 12 2022 Andrey Cherepanov <cas на altlinux> 91.6.0-alt0.p9.1
- Backport new ESR version to p9 branch.
* Wed Feb 09 2022 Pavel Vasenkov <pav на altlinux> 91.6.0-alt1
- New ESR version.
- Security fixes:
+ CVE-2022-22753 Privilege Escalation to SYSTEM on Windows via Maintenance Service
+ CVE-2022-22754 Extensions could have bypassed permission confirmation during update
+ CVE-2022-22756 Drag and dropping an image could have resulted in the dropped object being an executable
+ CVE-2022-22759 Sandboxed iframes could have executed script if the parent appended elements
+ CVE-2022-22760 Cross-Origin responses could be distinguished between script and non-script content-types
+ CVE-2022-22761 frame-ancestors Content Security Policy directive was not enforced for framed extension pages
+ CVE-2022-22763 Script Execution during invalid object state
+ CVE-2022-22764 Memory safety bugs fixed in Firefox 97 and Firefox ESR 91.6
* Thu Jan 27 2022 Pavel Vasenkov <pav на altlinux> 91.5.1-alt1
- New ESR version.
* Tue Jan 11 2022 Andrey Cherepanov <cas на altlinux> 91.5.0-alt1
- New ESR version.
- Security fixes:
+ CVE-2022-22746 Calling into reportValidity could have lead to fullscreen window spoof
+ CVE-2022-22743 Browser window spoof using fullscreen mode
+ CVE-2022-22742 Out-of-bounds memory access when inserting text in edit mode
+ CVE-2022-22741 Browser window spoof using fullscreen mode
+ CVE-2022-22740 Use-after-free of ChannelEventQueue::mOwner
+ CVE-2022-22738 Heap-buffer-overflow in blendGaussianBlur
+ CVE-2022-22737 Race condition when playing audio files
+ CVE-2021-4140 Iframe sandbox bypass with XSLT
+ CVE-2022-22748 Spoofed origin on external protocol launch dialog
+ CVE-2022-22745 Leaking cross-origin URLs through securitypolicyviolation event
+ CVE-2022-22744 The 'Copy as curl' feature in DevTools did not fully escape website-controlled data, potentially leading to command injection
+ CVE-2022-22747 Crash when handling empty pkcs7 sequence
+ CVE-2022-22739 Missing throttling on external protocol launch dialog
+ CVE-2022-22751 Memory safety bugs fixed in Firefox 96 and Firefox ESR 91.5
* Fri Dec 17 2021 Andrey Cherepanov <cas на altlinux> 91.4.1-alt1
- New ESR version.
* Mon Dec 06 2021 Andrey Cherepanov <cas на altlinux> 91.4.0-alt1
- New ESR version.
- Security fixes:
+ CVE-2021-43536 URL leakage when navigating while executing asynchronous function
+ CVE-2021-43537 Heap buffer overflow when using structured clone
+ CVE-2021-43538 Missing fullscreen and pointer lock notification when requesting both
+ CVE-2021-43539 GC rooting failure when calling wasm instance methods
+ CVE-2021-43541 External protocol handler parameters were unescaped
+ CVE-2021-43542 XMLHttpRequest error codes could have leaked the existence of an external protocol handler
+ CVE-2021-43543 Bypass of CSP sandbox directive when embedding
+ CVE-2021-43545 Denial of Service when using the Location API in a loop
+ CVE-2021-43546 Cursor spoofing could overlay user interface when native cursor is zoomed
* Fri Nov 26 2021 Andrey Cherepanov <cas на altlinux> 91.3.0-alt1.p9.1
- Backport new ESR major version to p9 branch.
- Disable telemetry by default.
* Thu Nov 18 2021 Andrey Cherepanov <cas на altlinux> 91.3.0-alt2
- Show Home button on toolbar by default (ALT #41360).
* Tue Nov 02 2021 Andrey Cherepanov <cas на altlinux> 91.3.0-alt1
- New ESR version.
- Security fixes:
+ CVE-2021-38503 iframe sandbox rules did not apply to XSLT stylesheets
+ CVE-2021-38504 Use-after-free in file picker dialog
+ CVE-2021-38505 Windows 10 Cloud Clipboard may have recorded sensitive user data
+ CVE-2021-38506 Firefox could be coaxed into going into fullscreen mode without notification or warning
+ CVE-2021-38507 Opportunistic Encryption in HTTP2 could be used to bypass the Same-Origin-Policy on services hosted on other ports
+ CVE-2021-38508 Permission Prompt could be overlaid, resulting in user confusion and potential spoofing
+ CVE-2021-38509 Javascript alert box could have been spoofed onto an arbitrary domain
+ CVE-2021-38510 Download Protections were bypassed by .inetloc files on Mac OS
* Fri Oct 29 2021 Andrey Cherepanov <cas на altlinux> 91.2.0-alt0.p9.1
- Backport new ESR major version to p9 branch.
* Wed Oct 06 2021 Andrey Cherepanov <cas на altlinux> 78.15.0-alt0.p9.1
freeipa - The Identity, Policy and Audit system
* Thu Mar 24 2022 Andrey Cherepanov <cas на altlinux> 4.8.9-alt4.p9.1
- Backport fixes to p9 branch.
* Tue Sep 21 2021 Andrey Cherepanov <cas на altlinux> 4.8.9-alt4.c9f2.2
- WebUI: Fix topology graph navigation crash (patch from upstream).
* Wed Sep 15 2021 Stanislav Levin <slev на altlinux> 4.8.9-alt4.c9f2.1
- Backported to c9f2.
* Fri Jul 02 2021 Stanislav Levin <slev на altlinux> 4.8.9-alt5
- Improved error message for missing supported NTP (closes: #40343).
* Fri Jul 02 2021 Stanislav Levin <slev на altlinux> 4.8.9-alt0.M90P.3
jss - Java Security Services (JSS)
* Fri Feb 05 2021 Stanislav Levin <slev на altlinux> 4.8.1-alt1
- 4.8.0 -> 4.8.1.
* Tue Nov 03 2020 Stanislav Levin <slev на altlinux> 4.8.0-alt1
- 4.7.3 -> 4.8.0.
* Mon Sep 28 2020 Stanislav Levin <slev на altlinux> 4.7.3-alt1
kde5-virtual - Virtual packages for KDE 5
* Thu Aug 26 2021 Andrey Cherepanov <cas на altlinux> 5.21.5-alt1.1
- NMU: thunderbird is built for pc64le, but not for armh
* Wed Jul 21 2021 Sergey V Turchin <zerg на altlinux> 5.21.5-alt1
mono - Cross-platform, Open Source, .NET development framework [153M]
* Tue Nov 02 2021 Andrey Cherepanov <cas на altlinux> 5.20.1.19-alt8.p9.1
- Ignore possible fail of %post core scriptlet.
* Wed Nov 18 2020 Aleksei Nikiforov <darktemplar на altlinux> 5.20.1.19-alt8
nspr - Netscape Portable Runtime (NSPR)
* Tue Aug 10 2021 Alexey Gladkov <legion на altlinux> 1:4.32-alt1
- New version (4.32).
* Thu Jun 03 2021 Alexey Gladkov <legion на altlinux> 1:4.31-alt1
- New version (4.31).
* Wed Mar 24 2021 Alexey Gladkov <legion на altlinux> 1:4.30-alt1
- New version (4.30).
* Thu Oct 22 2020 Alexey Gladkov <legion на altlinux> 1:4.29-alt1
- New version (4.29).
* Tue Sep 08 2020 Alexey Gladkov <legion на altlinux> 1:4.28-alt1
nss - Netscape Network Security Services(NSS) [60M]
* Tue Apr 12 2022 Andrey Cherepanov <cas на altlinux> 3.72-alt1.p9.1
- Backport file conflict with conflict package.
* Thu Nov 11 2021 Alexey Gladkov <legion на altlinux> 3.72-alt2
- nss-utils: Install utilities used by fedora and opensuse (ALT#41317).
* Tue Nov 02 2021 Alexey Gladkov <legion на altlinux> 3.72-alt1
- New version (3.72).
* Wed Oct 06 2021 Alexey Gladkov <legion на altlinux> 3.71-alt1
- New version (3.71).
- Certificate Authority Changes:
+ Add CN=HARICA TLS RSA Root CA 2021
+ Add CN=HARICA TLS ECC Root CA 2021
+ Add CN=HARICA Client RSA Root CA 2021
+ Add CN=HARICA Client ECC Root CA 2021
+ Add CN=TunTrust Root CA
* Tue Sep 07 2021 Alexey Gladkov <legion на altlinux> 3.69.1-alt1
- New version (3.69.1).
* Tue Aug 10 2021 Alexey Gladkov <legion на altlinux> 3.69.0-alt1
- New version (3.69).
* Sat Jul 17 2021 Gleb F-Malinovskiy <glebfm на altlinux> 3.66.0-alt2
- Backported upstream fixes for POWER AES-GCM Vector Acceleration (ALT#40510)
(MBZ#1566124).
- Enabled testsuite.
* Thu Jun 03 2021 Alexey Gladkov <legion на altlinux> 3.66.0-alt1
- New version (3.66).
- Certificate Authority Changes:
+ Add CN=GLOBALTRUST 2020
+ Add CN=ANF Secure Server Root CA
+ Add CN=Certum EC-384 CA
+ Add CN=Certum Trusted Root CA
+ Remove OU=Trustis FPS Root CA
+ Remove CN=QuoVadis Root Certification Authority
+ Remove CN=Sonera Class2 CA
* Wed Mar 24 2021 Alexey Gladkov <legion на altlinux> 3.63.0-alt1
- New version (3.63).
- Certificate Authority Changes:
+ Add CN=GlobalSign Secure Mail Root R45
+ Add CN=GlobalSign Secure Mail Root E45
+ Add CN=GlobalSign Root R46
+ Add CN=GlobalSign Root E46
+ Add CN=AC RAIZ FNMT-RCM SERVIDORES SEGUROS
+ Remove CN=GeoTrust Primary Certification Authority - G2
+ Remove CN=VeriSign Universal Root Certification Authority
+ Turn off Websites trust bit for "Staat der Nederlanden Root CA - G3"
+ Turn off Websites trust bit for "Chambers of Commerce Root - 2008"
+ Turn off Websites trust bit for "Global Chambersign Root - 2008"
* Wed Jan 27 2021 Alexey Gladkov <legion на altlinux> 3.61.0-alt1
- New version (3.61).
- Certificate Authority Changes:
+ Add CN=NAVER Global Root Certification Authority
+ Remove CN=GeoTrust Global CA
+ Remove CN=GeoTrust Primary Certification Authority
+ Remove CN=GeoTrust Primary Certification Authority - G3
+ Remove CN=GeoTrust Universal CA
+ Remove CN=GeoTrust Universal CA 2
+ Remove CN=VeriSign Class 3 Public Primary Certification Authority - G4
+ Remove CN=VeriSign Class 3 Public Primary Certification Authority - G5
+ Remove CN=thawte Primary Root CA
+ Remove CN=thawte Primary Root CA - G2
+ Remove CN=thawte Primary Root CA - G3
* Sat Dec 26 2020 Alexey Gladkov <legion на altlinux> 3.59.1-alt1
- New version (3.59.1).
* Tue Nov 17 2020 Alexey Gladkov <legion на altlinux> 3.59.0-alt1
- New version (3.59).
* Thu Oct 29 2020 Stanislav Levin <slev на altlinux> 3.58.0-alt2
- Backported fix for MBZ#1672703.
* Thu Oct 22 2020 Alexey Gladkov <legion на altlinux> 3.58.0-alt1
- New version (3.58).
- Security fixes:
+ CVE-2020-25648: Tighten CCS handling for middlebox compatibility mode
- Certificate Authority Changes:
+ Add CN=Trustwave Global Certification Authority
+ Add CN=Trustwave Global ECC P256 Certification Authority
+ Add CN=Trustwave Global ECC P384 Certification Authority
+ Remove CN=EE Certification Centre Root CA
+ Remove O=Government Root Certification Authority; C=TW
+ Modify CN=OISTE WISeKey Global Root GA CA
* Tue Sep 08 2020 Alexey Gladkov <legion на altlinux> 3.56.0-alt1
pki-core - Certificate System - PKI Core Components
* Wed Sep 15 2021 Stanislav Levin <slev на altlinux> 10.10.6-alt1.c9f2.1
- Backported to c9f2.
* Wed Jun 23 2021 Stanislav Levin <slev на altlinux> 10.10.6-alt2
- Made python-nss really optional.
* Fri Jun 18 2021 Stanislav Levin <slev на altlinux> 10.10.6-alt1
- 10.10.5 -> 10.10.6 (fixes: CVE-2021-3551).
* Fri Jun 11 2021 Stanislav Levin <slev на altlinux> 10.10.5-alt3
- Built with Java11.
* Mon May 31 2021 Stanislav Levin <slev на altlinux> 10.10.5-alt2
- Fixed FTBFS(new CMake policy).
* Wed Mar 03 2021 Stanislav Levin <slev на altlinux> 10.10.5-alt1
- 10.10.4 -> 10.10.5.
* Mon Feb 15 2021 Stanislav Levin <slev на altlinux> 10.10.4-alt1
- 10.10.3 -> 10.10.4.
* Fri Feb 05 2021 Stanislav Levin <slev на altlinux> 10.10.3-alt1
- 10.10.0 -> 10.10.3.
* Tue Nov 03 2020 Stanislav Levin <slev на altlinux> 10.10.0-alt1
- 10.9.4 -> 10.10.0.
* Mon Oct 19 2020 Stanislav Levin <slev на altlinux> 10.9.4-alt2
- Fixed FTBFS (new flake8 and pylint).
* Mon Sep 14 2020 Stanislav Levin <slev на altlinux> 10.9.4-alt1
pve-backup - PVE Backup Server [84M]
* Mon Jul 19 2021 Andrew A. Vasilyev <andy на altlinux> 1.0.5-alt2
- FTBFS: new rust (ALT #40521)
* Tue Feb 16 2021 Andrew A. Vasilyev <andy на altlinux> 1.0.5-alt1
python-module-nss - Python binding for NSS (Network Security Services) and NSPR (Netscape Portable Runtime)
* Wed Feb 10 2021 Andrey Cherepanov <cas на altlinux> 1.0.1-alt3.1.p9
- Rebuild with nss-3.61.0.
* Fri Apr 05 2019 Grigory Ustinov <grenka на altlinux> 1.0.1-alt3
rust - The Rust Programming Language [2009M]
* Sat Oct 23 2021 Andrey Cherepanov <cas на altlinux> 1:1.55.0-alt0.p9.1
- Backport new version to p9 branch (bootstrapped).
* Mon Sep 13 2021 Alexey Gladkov <legion на altlinux> 1:1.55.0-alt1
- New version (1.55.0).
* Sun Sep 05 2021 Alexey Gladkov <legion на altlinux> 1:1.54.0-alt2
- Build with llvm12.0 (ALT#40847).
* Tue Aug 10 2021 Alexey Gladkov <legion на altlinux> 1:1.54.0-alt1
- New version (1.54.0).
* Tue Jul 13 2021 Alexey Gladkov <legion на altlinux> 1:1.53.0-alt1
- New version (1.53.0).
* Thu May 20 2021 Alexey Gladkov <legion на altlinux> 1:1.52.1-alt1
- New version (1.52.1).
* Sat May 08 2021 Alexey Gladkov <legion на altlinux> 1:1.52.0-alt1
- New version (1.52.0).
* Sat May 01 2021 Alexey Gladkov <legion на altlinux> 1:1.51.0-alt1
- New version (1.51.0).
- Use llvm12.0.
- Security fixes:
+ CVE-2020-36323 rust: optimization for joining strings can cause uninitialized bytes to be exposed
+ CVE-2021-28876 rust: panic safety issue in Zip implementation
+ CVE-2021-28878 rust: memory safety violation in Zip implementation when next_back() and next() are used together
+ CVE-2021-28879 rust: integer overflow in the Zip implementation can lead to a buffer overflow
+ CVE-2021-31162 rust: double free in Vec::from_iter function if freeing the element panics
* Fri Feb 26 2021 Alexey Gladkov <legion на altlinux> 1:1.50.0-alt1
- New version (1.50.0).
* Thu Jan 07 2021 Alexey Gladkov <legion на altlinux> 1:1.49.0-alt1
- New version (1.49.0).
- Use clang.
* Thu Dec 31 2020 Andrey Cherepanov <cas на altlinux> 1:1.47.0-alt0.1.p9
seamonkey - Web browser and mail reader [277M]
* Mon Nov 01 2021 Andrey Cherepanov <cas на altlinux> 1:2.53.9.1-alt0.p9.1
- Backport new version to p9 branch.
* Tue Sep 28 2021 Andrey Cherepanov <cas на altlinux> 1:2.53.9.1-alt1
- New version.
* Mon Aug 30 2021 Andrey Cherepanov <cas на altlinux> 1:2.53.9-alt1
- New version.
* Thu Jul 22 2021 Andrey Cherepanov <cas на altlinux> 1:2.53.8.1-alt1
- New version.
* Tue Jun 29 2021 Andrey Cherepanov <cas на altlinux> 1:2.53.8-alt1
- New version.
* Mon May 10 2021 Andrey Cherepanov <cas на altlinux> 1:2.53.7.1-alt3
- FTBFS: Update cbindgen-vendor to 0.18.0 for rust 1.52.0.
* Wed May 05 2021 Andrey Cherepanov <cas на altlinux> 1:2.53.7.1-alt2
- Build with bundled libvpx.
* Sun Apr 18 2021 Andrey Cherepanov <cas на altlinux> 1:2.53.7.1-alt1
- New version.
* Fri Apr 02 2021 Andrey Cherepanov <cas на altlinux> 1:2.53.7-alt0.1.p9
task-edu - Educational software (base set)
* Mon Nov 01 2021 Andrey Cherepanov <cas на altlinux> 1.4.3-alt2.p9.2
- Do not require thunderbord on armh.
* Wed Jun 16 2021 Aleksei Nikiforov <darktemplar на altlinux> 1.4.3-alt2.p9.1
thunderbird - Thunderbird is Mozilla's e-mail client [408M]
* Sat Feb 12 2022 Andrey Cherepanov <cas на altlinux> 91.6.0-alt0.p9.1
- Backport new version to p9 branch.
* Sat Feb 12 2022 Pavel Vasenkov <pav на altlinux> 91.6.0-alt1
- New version.
- Security fixes:
+ CVE-2022-22753 Privilege Escalation to SYSTEM on Windows via Maintenance Service
+ CVE-2022-22754 Extensions could have bypassed permission confirmation during update
+ CVE-2022-22756 Drag and dropping an image could have resulted in the dropped object being an executable
+ CVE-2022-22759 Sandboxed iframes could have executed script if the parent appended elements
+ CVE-2022-22760 Cross-Origin responses could be distinguished between script and non-script content-types
+ CVE-2022-22761 frame-ancestors Content Security Policy directive was not enforced for framed extension pages
+ CVE-2022-22763 Script Execution during invalid object state
+ CVE-2022-22764 Memory safety bugs fixed in Thunderbird 91.6
* Tue Jan 25 2022 Pavel Vasenkov <pav на altlinux> 91.5.1-alt1
- New version.
* Wed Jan 12 2022 Andrey Cherepanov <cas на altlinux> 91.5.0-alt1
- New version.
- Security fixes:
+ CVE-2022-22746 Calling into reportValidity could have lead to fullscreen window spoof
+ CVE-2022-22743 Browser window spoof using fullscreen mode
+ CVE-2022-22742 Out-of-bounds memory access when inserting text in edit mode
+ CVE-2022-22741 Browser window spoof using fullscreen mode
+ CVE-2022-22740 Use-after-free of ChannelEventQueue::mOwner
+ CVE-2022-22738 Heap-buffer-overflow in blendGaussianBlur
+ CVE-2022-22737 Race condition when playing audio files
+ CVE-2021-4140 Iframe sandbox bypass with XSLT
+ CVE-2022-22748 Spoofed origin on external protocol launch dialog
+ CVE-2022-22745 Leaking cross-origin URLs through securitypolicyviolation event
+ CVE-2022-22744 The 'Copy as curl' feature in DevTools did not fully escape website-controlled data, potentially leading to command injection
+ CVE-2022-22747 Crash when handling empty pkcs7 sequence
+ CVE-2022-22739 Missing throttling on external protocol launch dialog
+ CVE-2022-22751 Memory safety bugs fixed in Thunderbird 91.5
* Tue Dec 21 2021 Andrey Cherepanov <cas на altlinux> 91.4.1-alt1
- New version.
- Security fixes:
+ CVE-2021-4126 OpenPGP signature status doesn't consider additional message content
+ CVE-2021-44538 Matrix chat library libolm bundled with Thunderbird vulnerable to a buffer overflow
* Fri Dec 10 2021 Andrey Cherepanov <cas на altlinux> 91.4.0-alt1
- New version.
- Security fixes:
+ CVE-2021-43536 URL leakage when navigating while executing asynchronous function
+ CVE-2021-43537 Heap buffer overflow when using structured clone
+ CVE-2021-43538 Missing fullscreen and pointer lock notification when requesting both
+ CVE-2021-43539 GC rooting failure when calling wasm instance methods
+ CVE-2021-43541 External protocol handler parameters were unescaped
+ CVE-2021-43542 XMLHttpRequest error codes could have leaked the existence of an external protocol handler
+ CVE-2021-43543 Bypass of CSP sandbox directive when embedding
+ CVE-2021-43545 Denial of Service when using the Location API in a loop
+ CVE-2021-43546 Cursor spoofing could overlay user interface when native cursor is zoomed
+ CVE-2021-43528 JavaScript unexpectedly enabled for the composition area
* Fri Nov 19 2021 Andrey Cherepanov <cas на altlinux> 91.3.2-alt1
- New version.
* Mon Nov 15 2021 Andrey Cherepanov <cas на altlinux> 91.3.1-alt1
- New version.
* Wed Nov 03 2021 Andrey Cherepanov <cas на altlinux> 91.3.0-alt0.p9.1
- Backport new version to p9 branch.
- Completely disable telemetry.
* Wed Nov 03 2021 Andrey Cherepanov <cas на altlinux> 91.3.0-alt1
- New version.
- Security fixes:
+ CVE-2021-38503 iframe sandbox rules did not apply to XSLT stylesheets
+ CVE-2021-38504 Use-after-free in file picker dialog
+ CVE-2021-38505 Windows 10 Cloud Clipboard may have recorded sensitive user data
+ CVE-2021-38506 Thunderbird could be coaxed into going into fullscreen mode without notification or warning
+ CVE-2021-38507 Opportunistic Encryption in HTTP2 could be used to bypass the Same-Origin-Policy on services hosted on other ports
+ CVE-2021-38508 Permission Prompt could be overlaid, resulting in user confusion and potential spoofing
+ CVE-2021-38509 Javascript alert box could have been spoofed onto an arbitrary domain
+ CVE-2021-38510 Download Protections were bypassed by .inetloc files on Mac OS
- Disable telemetry by default.
<<<<<<< HEAD
* Fri Oct 29 2021 Andrey Cherepanov <cas на altlinux> 91.2.1-alt0.p9.1
- Backport new version to p9 branch.
=======
>>>>>>> gears/sisyphus
* Fri Oct 22 2021 Andrey Cherepanov <cas на altlinux> 91.2.1-alt1
- New version.
- Security fixes:
+ CVE-2021-38502 Downgrade attack on SMTP STARTTLS connections
+ CVE-2021-38496 Use-after-free in MessageTask
+ CVE-2021-38497 Validation message could have been overlaid on another origin
+ CVE-2021-38498 Use-after-free of nsLanguageAtomService object
+ CVE-2021-32810 Data race in crossbeam-deque
+ CVE-2021-38500 Memory safety bugs fixed in Thunderbird 91.2
+ CVE-2021-38501 Memory safety bugs fixed in Thunderbird 91.2
* Wed Oct 06 2021 Andrey Cherepanov <cas на altlinux> 91.2.0-alt1
- New version.
* Tue Sep 28 2021 Andrey Cherepanov <cas на altlinux> 91.1.2-alt1
- New version.
* Wed Sep 22 2021 Andrey Cherepanov <cas на altlinux> 91.1.1-alt1
- New version.
* Mon Sep 13 2021 Andrey Cherepanov <cas на altlinux> 91.1.0-alt2
- Fix unreadable text in chat (ALT #40907).
* Fri Sep 10 2021 Andrey Cherepanov <cas на altlinux> 78.14.0-alt0.p9.1
tomcatjss - JSSE module for Apache Tomcat that uses JSS
* Sun Mar 06 2022 Andrey Cherepanov <cas на altlinux> 7.6.1-alt0.p9.1
- Backport new version to p9 branch.
* Fri Feb 05 2021 Stanislav Levin <slev на altlinux> 7.6.1-alt1
- 7.6.0 -> 7.6.1.
* Tue Nov 03 2020 Stanislav Levin <slev на altlinux> 7.6.0-alt1
- 7.5.0 -> 7.6.0.
* Mon Sep 14 2020 Stanislav Levin <slev на altlinux> 7.5.0-alt1
Total 18282 source packages.
Подробная информация о списке рассылки Sisyphus-cybertalk