[cyber] I: p10/branch packages: +4 (19075)

Чт Апр 23 03:24:58 MSK 2026

	4 UPDATED packages

firefox-esr - The Mozilla Firefox project is a redesign of Mozilla's browser	[640M]
* Mon Apr 20 2026 Pavel Vasenkov <pav на altlinux> 140.9.1-alt0.p10.1
- Backport new version.
* Sat Apr 11 2026 Pavel Vasenkov <pav на altlinux> 140.9.1-alt1
- New ESR version.
- Security fixes:
  + CVE-2026-5732 Incorrect boundary conditions, integer overflow in the Graphics: Text component
  + CVE-2026-5731 Memory safety bugs fixed in Firefox ESR 115.34.1, Firefox ESR 140.9.1, Thunderbird ESR 140.9.1, Firefox 149.0.2 and Thunderbird
  + CVE-2026-5734 Memory safety bugs fixed in Firefox ESR 140.9.1, Thunderbird ESR 140.9.1, Firefox 149.0.2 and Thunderbird 149.0.2
* Fri Mar 27 2026 Pavel Vasenkov <pav на altlinux> 140.9.0-alt1
- New ESR version.
- Security fixes:
  + CVE-2026-4684 Race condition, use-after-free in the Graphics: WebRender component
  + CVE-2026-4685 Incorrect boundary conditions in the Graphics: Canvas2D component
  + CVE-2026-4686 Incorrect boundary conditions in the Graphics: Canvas2D component
  + CVE-2026-4687 Sandbox escape due to incorrect boundary conditions in the Telemetry component
  + CVE-2026-4688 Sandbox escape due to use-after-free in the Disability Access APIs component
  + CVE-2026-4689 Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component
  + CVE-2026-4690 Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component
  + CVE-2026-4691 Use-after-free in the CSS Parsing and Computation component
  + CVE-2026-4692 Sandbox escape in the Responsive Design Mode component
  + CVE-2026-4693 Incorrect boundary conditions in the Audio/Video: Playback component
  + CVE-2026-4694 Incorrect boundary conditions, integer overflow in the Graphics component
  + CVE-2026-4695 Incorrect boundary conditions in the Audio/Video: Web Codecs component
  + CVE-2026-4696 Use-after-free in the Layout: Text and Fonts component
  + CVE-2026-4697 Incorrect boundary conditions in the Audio/Video: Web Codecs component
  + CVE-2026-4698 JIT miscompilation in the JavaScript Engine: JIT component
  + CVE-2026-4699 Incorrect boundary conditions in the Layout: Text and Fonts component
  + CVE-2026-4700 Mitigation bypass in the Networking: HTTP component
  + CVE-2026-4701 Use-after-free in the JavaScript Engine component
  + CVE-2026-4702 JIT miscompilation in the JavaScript Engine component
  + CVE-2026-4704 Denial-of-service in the WebRTC: Signaling component
  + CVE-2026-4705 Undefined behavior in the WebRTC: Signaling component
  + CVE-2026-4706 Incorrect boundary conditions in the Graphics: Canvas2D component
  + CVE-2026-4707 Incorrect boundary conditions in the Graphics: Canvas2D component
  + CVE-2026-4708 Incorrect boundary conditions in the Graphics component
  + CVE-2026-4709 Incorrect boundary conditions in the Audio/Video: GMP component
  + CVE-2026-4710 Incorrect boundary conditions in the Audio/Video component
  + CVE-2026-4711 Use-after-free in the Widget: Cocoa component
  + CVE-2026-4712 Information disclosure in the Widget: Cocoa component
  + CVE-2026-4713 Incorrect boundary conditions in the Graphics component
  + CVE-2026-4714 Incorrect boundary conditions in the Audio/Video component
  + CVE-2026-4715 Uninitialized memory in the Graphics: Canvas2D component
  + CVE-2026-4716 Incorrect boundary conditions, uninitialized memory in the JavaScript Engine component
  + CVE-2026-4717 Privilege escalation in the Netmonitor component
  + CVE-2025-59375 Denial-of-service in the XML component
  + CVE-2026-4718 Undefined behavior in the WebRTC: Signaling component
  + CVE-2026-4719 Incorrect boundary conditions in the Graphics: Text component
  + CVE-2026-4720 Memory safety bugs fixed in Firefox ESR 140.9, Thunderbird ESR 140.9, Firefox 149 and Thunderbird 149
  + CVE-2026-4721 Memory safety bugs fixed in Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird ESR 140.9, Firefox 149 and Thunderbird 149
* Tue Mar 10 2026 Pavel Vasenkov <pav на altlinux> 140.8.0-alt2
Note: changelog entry for 140.9.0-alt0.p10.1 not found.

postgresql15-timescaledb - Open-source time-series database powered by PostgreSQL
* Wed Apr 15 2026 Alexei Takaseev <taf на altlinux> 2.26.3-alt1
- 2.26.3
* Wed Apr 08 2026 Alexei Takaseev <taf на altlinux> 2.26.2-alt1
- 2.26.2
- Add BR libicu-devel
* Thu Mar 19 2026 Alexei Takaseev <taf на altlinux> 2.25.2-alt1

postgresql16-timescaledb - Open-source time-series database powered by PostgreSQL
* Wed Apr 15 2026 Alexei Takaseev <taf на altlinux> 2.26.3-alt1
- 2.26.3
* Wed Apr 08 2026 Alexei Takaseev <taf на altlinux> 2.26.2-alt1
- 2.26.2
- Add BR libicu-devel
* Thu Mar 19 2026 Alexei Takaseev <taf на altlinux> 2.25.2-alt1

postgresql17-timescaledb - Open-source time-series database powered by PostgreSQL
* Wed Apr 15 2026 Alexei Takaseev <taf на altlinux> 2.26.3-alt1
- 2.26.3
* Wed Apr 08 2026 Alexei Takaseev <taf на altlinux> 2.26.2-alt1
- 2.26.2
- Add BR libicu-devel
* Thu Mar 19 2026 Alexei Takaseev <taf на altlinux> 2.25.2-alt1

Total 19075 source packages.