[cyber] I: p10/branch packages: +6 (18056)
QA Team Robot
qa на altlinux.org
Сб Мар 11 03:16:23 MSK 2023
6 UPDATED packages
chromium - An open source web browser developed by Google [2030M]
* Mon Mar 06 2023 Andrey Cherepanov <cas на altlinux> 110.0.5481.177-alt1.p10.1
- Backported new version to p10 branch.
* Wed Mar 01 2023 Alexey Gladkov <legion на altlinux> 110.0.5481.177-alt2
- Bring back compiler optimizations (ALT#45454).
* Thu Feb 23 2023 Alexey Gladkov <legion на altlinux> 110.0.5481.177-alt1
- New version (110.0.5481.177).
- Fix crach in autofill (ALT#45269).
- Security fixes:
- CVE-2023-0927: Use after free in Web Payments API.
- CVE-2023-0928: Use after free in SwiftShader.
- CVE-2023-0929: Use after free in Vulkan.
- CVE-2023-0930: Heap buffer overflow in Video.
- CVE-2023-0931: Use after free in Video.
- CVE-2023-0932: Use after free in WebRTC.
- CVE-2023-0933: Integer overflow in PDF.
- CVE-2023-0941: Use after free in Prompts.
* Thu Feb 09 2023 Alexey Gladkov <legion на altlinux> 110.0.5481.77-alt1
- New version (110.0.5481.77).
- Upstream disallow to chromium build with system libwayland (crbug.com/1385736).
- Add more parameters to Yandex search url (ALT#45192).
- Security fixes:
- CVE-2023-0696: Type Confusion in V8.
- CVE-2023-0697: Inappropriate implementation in Full screen mode.
- CVE-2023-0698: Out of bounds read in WebRTC.
- CVE-2023-0699: Use after free in GPU.
- CVE-2023-0700: Inappropriate implementation in Download.
- CVE-2023-0701: Heap buffer overflow in WebUI.
- CVE-2023-0702: Type Confusion in Data Transfer.
- CVE-2023-0703: Type Confusion in DevTools.
- CVE-2023-0704: Insufficient policy enforcement in DevTools.
- CVE-2023-0705: Integer overflow in Core.
* Mon Jan 30 2023 Alexey Gladkov <legion на altlinux> 109.0.5414.119-alt1
- New version (109.0.5414.119).
- Add a workaround to make the https_proxy environment variable work (ALT#44986).
- Security fixes:
- CVE-2023-0471: Use after free in WebTransport.
- CVE-2023-0472: Use after free in WebRTC.
- CVE-2023-0473: Type Confusion in ServiceWorker API.
- CVE-2023-0474: Use after free in GuestView.
* Mon Jan 23 2023 Andrey Cherepanov <cas на altlinux> 109.0.5414.74-alt0.p10.1
- Backported new version to p10 branch.
- Built with system ffmpeg.
* Thu Jan 12 2023 Alexey Gladkov <legion на altlinux> 109.0.5414.74-alt1
- New version (109.0.5414.74).
- Security fixes:
- CVE-2023-0128: Use after free in Overview Mode.
- CVE-2023-0129: Heap buffer overflow in Network Service.
- CVE-2023-0130: Inappropriate implementation in Fullscreen API.
- CVE-2023-0131: Inappropriate implementation in iframe Sandbox.
- CVE-2023-0132: Inappropriate implementation in Permission prompts.
- CVE-2023-0133: Inappropriate implementation in Permission prompts.
- CVE-2023-0134: Use after free in Cart.
- CVE-2023-0135: Use after free in Cart.
- CVE-2023-0136: Inappropriate implementation in Fullscreen API.
- CVE-2023-0137: Heap buffer overflow in Platform Apps.
- CVE-2023-0138: Heap buffer overflow in libphonenumber.
- CVE-2023-0139: Insufficient validation of untrusted input in Downloads.
- CVE-2023-0140: Inappropriate implementation in File System API.
- CVE-2023-0141: Insufficient policy enforcement in CORS.
* Sat Dec 10 2022 Andrey Cherepanov <cas на altlinux> 108.0.5359.71-alt0.p10.1
- Backported new version to p10 branch.
* Fri Dec 02 2022 Alexey Gladkov <legion на altlinux> 108.0.5359.71-alt1
- New version (108.0.5359.71).
- Use LLVM 15.
- Security fixes:
- CVE-2022-4174: Type Confusion in V8.
- CVE-2022-4175: Use after free in Camera Capture.
- CVE-2022-4176: Out of bounds write in Lacros Graphics.
- CVE-2022-4177: Use after free in Extensions.
- CVE-2022-4178: Use after free in Mojo.
- CVE-2022-4179: Use after free in Audio.
- CVE-2022-4180: Use after free in Mojo.
- CVE-2022-4181: Use after free in Forms.
- CVE-2022-4182: Inappropriate implementation in Fenced Frames.
- CVE-2022-4183: Insufficient policy enforcement in Popup Blocker.
- CVE-2022-4184: Insufficient policy enforcement in Autofill.
- CVE-2022-4185: Inappropriate implementation in Navigation.
- CVE-2022-4186: Insufficient validation of untrusted input in Downloads.
- CVE-2022-4187: Insufficient policy enforcement in DevTools.
- CVE-2022-4188: Insufficient validation of untrusted input in CORS.
- CVE-2022-4189: Insufficient policy enforcement in DevTools.
- CVE-2022-4190: Insufficient data validation in Directory.
- CVE-2022-4191: Use after free in Sign-In.
- CVE-2022-4192: Use after free in Live Caption.
- CVE-2022-4193: Insufficient policy enforcement in File System API.
- CVE-2022-4194: Use after free in Accessibility.
- CVE-2022-4195: Insufficient policy enforcement in Safe Browsing.
* Fri Nov 18 2022 Alexey Gladkov <legion на altlinux> 107.0.5304.110-alt1
- New version (107.0.5304.110).
- Security fixes:
- CVE-2022-3885: Use after free in V8.
- CVE-2022-3886: Use after free in Speech Recognition.
- CVE-2022-3887: Use after free in Web Workers.
- CVE-2022-3888: Use after free in WebCodecs.
- CVE-2022-3889: Type Confusion in V8.
- CVE-2022-3890: Heap buffer overflow in Crashpad.
* Wed Nov 16 2022 Andrey Cherepanov <cas на altlinux> 107.0.5304.87-alt0.p10.1
crda - Regulatory compliance agent for 802.11 wireless networking
* Fri Feb 24 2023 L.A. Kostis <lakostis на altlinux> 4.15-alt2.2023.02.13
- regdb: updated to 20230213.
* Mon Jan 23 2023 L.A. Kostis <lakostis на altlinux> 4.15-alt1
- regdb: updated to 20220812.
- crda: updated to 4.15.
- added crda deprecation notice.
* Thu Aug 05 2021 Grigory Ustinov <grenka на altlinux> 4.14-alt6
- Transfer on python3.
* Tue Jul 06 2021 Andrey Cherepanov <cas на altlinux> 4.14-alt5.1
golang - The Go Programming Language [18M]
* Tue Mar 07 2023 Alexey Shabalin <shaba на altlinux> 1.19.7-alt1
- New version (1.19.7) (Fixes: CVE-2023-24532).
* Thu Feb 16 2023 Alexey Shabalin <shaba на altlinux> 1.19.6-alt1
jitsi-videobridge - Jitsi Videobridge - WebRTC compatible Selective Forwarding Unit [198M]
* Sat Feb 25 2023 Igor Vlasenko <viy на altlinux> 2.1-alt0.8
- java17 support (closes: #45385)
* Mon Jan 24 2022 Igor Vlasenko <viy на altlinux> 2.1-alt0.7
libharfbuzz - HarfBuzz is an OpenType text shaping engine [21M]
* Sun Oct 23 2022 Yuri N. Sedunov <aris на altlinux> 5.3.1-alt1
- updated to 5.3.1-8-g83769b9cb
* Mon Sep 26 2022 Yuri N. Sedunov <aris на altlinux> 5.2.0-alt1
- 5.2.0
* Sun Jul 24 2022 Yuri N. Sedunov <aris на altlinux> 5.0.1-alt1
- 5.0.1
* Wed Jun 29 2022 Yuri N. Sedunov <aris на altlinux> 4.4.1-alt1
- updated to 4.4.1-2-g22835dea2
- introduced experimental API knob (disabled by default)
* Thu Jun 23 2022 Yuri N. Sedunov <aris на altlinux> 4.3.0-alt1
- 4.3.0
* Wed Apr 27 2022 Yuri N. Sedunov <aris на altlinux> 4.2.1-alt1
- 4.2.1
* Fri Apr 08 2022 Yuri N. Sedunov <aris на altlinux> 4.2.0-alt1
- 4.2.0
* Sat Mar 12 2022 Yuri N. Sedunov <aris на altlinux> 4.0.1-alt1
- 4.0.1
* Thu Mar 03 2022 Yuri N. Sedunov <aris на altlinux> 4.0.0-alt1
- 4.0.0
* Sun Dec 12 2021 Yuri N. Sedunov <aris на altlinux> 3.2.0-alt1
thunderbird - Thunderbird is Mozilla's e-mail client [508M]
* Tue Feb 28 2023 Pavel Vasenkov <pav на altlinux> 102.8.0-alt1
- New version.
- Security fixes:
+ CVE-2023-0616 User Interface lockup with messages combining S/MIME and OpenPGP
+ CVE-2023-25728 Content security policy leak in violation reports using iframes
+ CVE-2023-25730 Screen hijack via browser fullscreen mode
+ CVE-2023-0767 Arbitrary memory write via PKCS 12 in NSS
+ CVE-2023-25735 Potential use-after-free from compartment mismatch in SpiderMonkey
+ CVE-2023-25737 Invalid downcast in SVGUtils::SetupStrokeGeometry
+ CVE-2023-25738 Printing on Windows could potentially crash Thunderbird with some device drivers
+ CVE-2023-25739 Use-after-free in mozilla::dom::ScriptLoadContext::~ScriptLoadContext
+ CVE-2023-25729 Extensions could have opened external schemes without user knowledge
+ CVE-2023-25732 Out of bounds memory write from EncodeInputStream
+ CVE-2023-25734 Opening local .url files could cause unexpected network loads
+ CVE-2023-25742 Web Crypto ImportKey crashes tab
+ CVE-2023-25746 Memory safety bugs fixed in Thunderbird 102.8
* Fri Feb 03 2023 Pavel Vasenkov <pav на altlinux> 102.7.1-alt1
Total 18056 source packages.
Подробная информация о списке рассылки Sisyphus-cybertalk