[cyber] I: p9/branch packages: +3 (18279)
QA Team Robot
qa на altlinux.org
Пт Июл 21 03:18:42 MSK 2023
3 UPDATED packages
firefox-esr - The Mozilla Firefox project is a redesign of Mozilla's browser (ESR version) [487M]
* Tue Jun 06 2023 Pavel Vasenkov <pav на altlinux> 102.11.0-alt0.c9.1
- Backported new version to c9 branch.
* Mon May 15 2023 Pavel Vasenkov <pav на altlinux> 102.11.0-alt1
- New ESR version.
- Security fixes
+ CVE-2023-32205 Browser prompts could have been obscured by popups
+ CVE-2023-32206 Crash in RLBox Expat driver
+ CVE-2023-32207 Potential permissions request bypass via clickjacking
+ CVE-2023-32211 Content process crash due to invalid wasm code
+ CVE-2023-32212 Potential spoof due to obscured address bar
+ CVE-2023-32213 Potential memory corruption in FileReader::DoReadData()
+ CVE-2023-32214 Potential DoS via exposed protocol handlers
+ CVE-2023-32215 Memory safety bugs fixed in Firefox 113 and Firefox ESR 102.11
* Wed Apr 19 2023 Pavel Vasenkov <pav на altlinux> 102.10.0-alt1
- New ESR version.
- Security fixes
+ CVE-2023-29531 Out-of-bound memory access in WebGL on macOS
+ CVE-2023-29532 Mozilla Maintenance Service Write-lock bypass
+ CVE-2023-29533 Fullscreen notification obscured
+ CVE-2023-1999 Double-free in libwebp
+ CVE-2023-29535 Potential Memory Corruption following Garbage Collector compaction
+ CVE-2023-29536 Invalid free from JavaScript code
+ CVE-2023-29539 Content-Disposition filename truncation leads to Reflected File Download
+ CVE-2023-29541 Files with malicious extensions could have been downloaded unsafely on Linux
+ CVE-2023-29542 Bypass of file download extension restrictions
+ CVE-2023-29545 Windows Save As dialog resolved environment variables
+ CVE-2023-1945 Memory Corruption in Safe Browsing Code
+ CVE-2023-29548 Incorrect optimization result on ARM64
+ CVE-2023-29550 Memory safety bugs fixed in Firefox 112 and Firefox ESR 102.10
* Wed Mar 22 2023 Pavel Vasenkov <pav на altlinux> 102.9.0-alt1
- New ESR version.
- Security fixes
+ CVE-2023-25751 Incorrect code generation during JIT compilation
+ CVE-2023-28164 URL being dragged from a removed cross-origin iframe into the same tab triggered navigation
+ CVE-2023-28162 Invalid downcast in Worklets
+ CVE-2023-25752 Potential out-of-bounds when accessing throttled streams
+ CVE-2023-28163 Windows Save As dialog resolved environment variables
+ CVE-2023-28176 Memory safety bugs fixed in Firefox 111 and Firefox ESR 102.9
* Fri Mar 03 2023 Pavel Vasenkov <pav на altlinux> 102.8.0-alt1
- New ESR version.
- Security fixes
+ CVE-2023-25728 Content security policy leak in violation reports using iframes
+ CVE-2023-25730 Screen hijack via browser fullscreen mode
+ CVE-2023-0767 Arbitrary memory write via PKCS 12 in NSS
+ CVE-2023-25735 Potential use-after-free from compartment mismatch in SpiderMonkey
+ CVE-2023-25737 Invalid downcast in SVGUtils::SetupStrokeGeometry
+ CVE-2023-25738 Printing on Windows could potentially crash Firefox with some device drivers
+ CVE-2023-25739 Use-after-free in mozilla::dom::ScriptLoadContext::~ScriptLoadContext
+ CVE-2023-25729 Extensions could have opened external schemes without user knowledge
+ CVE-2023-25732 Out of bounds memory write from EncodeInputStream
+ CVE-2023-25734 Opening local .url files could cause unexpected network loads
+ CVE-2023-25742 Web Crypto ImportKey crashes tab
+ CVE-2023-25744 Memory safety bugs fixed in Firefox 110 and Firefox ESR 102.8
+ CVE-2023-25746 Memory safety bugs fixed in Firefox ESR 102.8
* Wed Jan 18 2023 Pavel Vasenkov <pav на altlinux> 102.7.0-alt1
- New ESR version.
- Security fixes
+ CVE-2022-46871 libusrsctp library out of date
+ CVE-2023-23598 Arbitrary file read from GTK drag and drop on Linux
+ CVE-2023-23599 Malicious command could be hidden in devtools output on Windows
+ CVE-2023-23601 URL being dragged from cross-origin iframe into same tab triggers navigation
+ CVE-2023-23602 Content Security Policy wasn't being correctly applied to WebSockets in WebWorkers
+ CVE-2022-46877 Fullscreen notification bypass
+ CVE-2023-23603 Calls to <code>console.log</code> allowed bypasing Content Security Policy via format directive
+ CVE-2023-23605 Memory safety bugs fixed in Firefox 109 and Firefox ESR 102.7
* Tue Jan 17 2023 Andrey Cherepanov <cas на altlinux> 102.6.0-alt0.c9.1
rust - The Rust Programming Language [124M]
* Sat Feb 04 2023 Andrey Cherepanov <cas на altlinux> 1:1.64.0-alt0.c9.2
- Built without bootstrapping.
* Sun Nov 20 2022 Andrey Cherepanov <cas на altlinux> 1:1.64.0-alt0.c9.1
thunderbird - Thunderbird is Mozilla's e-mail client [508M]
* Mon Jun 05 2023 Pavel Vasenkov <pav на altlinux> 102.11.0-alt0.c9.1
- Backport new version with security fixes to c9 branch.
* Wed May 17 2023 Pavel Vasenkov <pav на altlinux> 102.11.0-alt1
- New version.
- Security fixes:
+ CVE-2023-32205 Browser prompts could have been obscured by popups
+ CVE-2023-32206 Crash in RLBox Expat driver
+ CVE-2023-32207 Potential permissions request bypass via clickjacking
+ CVE-2023-32211 Content process crash due to invalid wasm code
+ CVE-2023-32212 Potential spoof due to obscured address bar
+ CVE-2023-32213 Potential memory corruption in FileReader::DoReadData()
+ CVE-2023-32214 Potential DoS via exposed protocol handlers
+ CVE-2023-32215 Memory safety bugs fixed in Thunderbird 102.11
* Wed Apr 19 2023 Pavel Vasenkov <pav на altlinux> 102.10.0-alt1
- New version.
- Security fixes:
+ CVE-2023-29531 Out-of-bound memory access in WebGL on macOS
+ CVE-2023-29532 Mozilla Maintenance Service Write-lock bypass
+ CVE-2023-29533 Fullscreen notification obscured
+ CVE-2023-1999 Double-free in libwebp
+ CVE-2023-29535 Potential Memory Corruption following Garbage Collector compaction
+ CVE-2023-29536 Invalid free from JavaScript code
+ CVE-2023-0547 Revocation status of S/Mime recipient certificates was not checked
+ CVE-2023-29479 Hang when processing certain OpenPGP messages
+ CVE-2023-29539 Content-Disposition filename truncation leads to Reflected File Download
+ CVE-2023-29541 Files with malicious extensions could have been downloaded unsafely on Linux
+ CVE-2023-29542 Bypass of file download extension restrictions
+ CVE-2023-29545 Windows Save As dialog resolved environment variables
+ CVE-2023-1945 Memory Corruption in Safe Browsing Code
+ CVE-2023-29548 Incorrect optimization result on ARM64
+ CVE-2023-29550 Memory safety bugs fixed in Thunderbird 102.10
* Wed Mar 22 2023 Pavel Vasenkov <pav на altlinux> 102.9.0-alt1
- New version.
- Security fixes:
+ CVE-2023-25751 Incorrect code generation during JIT compilation
+ CVE-2023-28164 URL being dragged from a removed cross-origin iframe into the same tab triggered navigation
+ CVE-2023-28162 Invalid downcast in Worklets
+ CVE-2023-25752 Potential out-of-bounds when accessing throttled streams
+ CVE-2023-28163 Windows Save As dialog resolved environment variables
+ CVE-2023-28176 Memory safety bugs fixed in Thunderbird 102.9
* Tue Feb 28 2023 Pavel Vasenkov <pav на altlinux> 102.8.0-alt1
- New version.
- Security fixes:
+ CVE-2023-0616 User Interface lockup with messages combining S/MIME and OpenPGP
+ CVE-2023-25728 Content security policy leak in violation reports using iframes
+ CVE-2023-25730 Screen hijack via browser fullscreen mode
+ CVE-2023-0767 Arbitrary memory write via PKCS 12 in NSS
+ CVE-2023-25735 Potential use-after-free from compartment mismatch in SpiderMonkey
+ CVE-2023-25737 Invalid downcast in SVGUtils::SetupStrokeGeometry
+ CVE-2023-25738 Printing on Windows could potentially crash Thunderbird with some device drivers
+ CVE-2023-25739 Use-after-free in mozilla::dom::ScriptLoadContext::~ScriptLoadContext
+ CVE-2023-25729 Extensions could have opened external schemes without user knowledge
+ CVE-2023-25732 Out of bounds memory write from EncodeInputStream
+ CVE-2023-25734 Opening local .url files could cause unexpected network loads
+ CVE-2023-25742 Web Crypto ImportKey crashes tab
+ CVE-2023-25746 Memory safety bugs fixed in Thunderbird 102.8
* Fri Feb 03 2023 Pavel Vasenkov <pav на altlinux> 102.7.1-alt1
Total 18279 source packages.
Подробная информация о списке рассылки Sisyphus-cybertalk