123 lines
5.1 KiB
Plaintext
123 lines
5.1 KiB
Plaintext
-------------------------------------------------------------------
|
|
Mon Sep 30 17:35:18 UTC 2024 - Cliff Zhao <qzhao@suse.com>
|
|
|
|
- Add mozjs115-CVE-2024-45492.patch:
|
|
Backporting 9bf0f2c1 from libexpat upstream, Detect integer
|
|
overflow in function nextScaffoldPart.
|
|
(CVE-2024-45492, bsc#1230038)
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Sep 30 17:25:22 UTC 2024 - Cliff Zhao <qzhao@suse.com>
|
|
|
|
- Add mozjs115-CVE-2024-45491.patch:
|
|
Backporting 8e439a99 from libexpat upstream, Detect integer
|
|
overflow in dtdCopy.
|
|
(CVE-2024-45491, bsc#1230037)
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Sep 30 17:15:45 UTC 2024 - Cliff Zhao <qzhao@suse.com>
|
|
|
|
- Add mozjs115-CVE-2024-45490-part01-5c1a3164.patch:
|
|
Backporting 5c1a3164 from libexpat upstream, Reject negative len
|
|
for XML_ParseBuffer.
|
|
CVE-2024-45490's fixes including 3 parts: 5c1a3164 for libexpat
|
|
sources; c12f039b for libexpat tests; 2db23301 for libexpat docs;
|
|
Because mozjs only embeds libexpat sources, so unnecessary to
|
|
port prart02 and part03.
|
|
(CVE-2024-45490, bsc#1230036)
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Apr 4 13:56:30 UTC 2024 - Dominique Leuenberger <dimstar@opensuse.org>
|
|
|
|
- Properly tag patches.
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Dec 7 09:45:46 UTC 2023 - Yifan Jiang <yfjiang@suse.com>
|
|
|
|
- mozjs115 requires gcc >= 8.1, icu >= 73.1. Specify them in spec.
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Dec 6 08:51:59 UTC 2023 - Yifan Jiang <yfjiang@suse.com>
|
|
|
|
- Update icu data file name in spec to build in big endian machine.
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Nov 28 12:02:22 UTC 2023 - Dominique Leuenberger <dimstar@opensuse.org>
|
|
|
|
- Use %patch -p N instead of deprecated %patchN.
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Nov 9 08:37:08 UTC 2023 - Bjørn Lie <bjorn.lie@gmail.com>
|
|
|
|
- Update to version 115.4.0:
|
|
+ Various security fixes and other quality improvements.
|
|
+ CVE-2023-5721: Queued up rendering could have allowed websites
|
|
to clickjack
|
|
+ CVE-2023-5732: Address bar spoofing via bidirectional
|
|
characters
|
|
+ CVE-2023-5724: Large WebGL draw could have led to a crash
|
|
+ CVE-2023-5725: WebExtensions could open arbitrary URLs
|
|
+ CVE-2023-5726: Full screen notification obscured by file open
|
|
dialog on macOS
|
|
+ CVE-2023-5727: Download Protections were bypassed by .msix,
|
|
.msixbundle, .appx, and .appxbundle files on Windows
|
|
+ CVE-2023-5728: Improper object tracking during GC in the
|
|
JavaScript engine could have led to a crash
|
|
+ CVE-2023-5730: Memory safety bugs fixed in Firefox 119, Firefox
|
|
ESR 115.4, and Thunderbird 115.4.1
|
|
|
|
-------------------------------------------------------------------
|
|
Sun Oct 1 11:40:37 UTC 2023 - Bjørn Lie <bjorn.lie@gmail.com>
|
|
|
|
- Update to version 115.3.1:
|
|
+ Security fix: CVE-2023-5217: Heap buffer overflow in libvpx.
|
|
- Changes from version 115.3.0:
|
|
+ Various security fixes and other quality improvements.
|
|
+ CVE-2023-5168: Out-of-bounds write in FilterNodeD2D1
|
|
+ CVE-2023-5169: Out-of-bounds write in PathOps
|
|
+ CVE-2023-5171: Use-after-free in Ion Compiler
|
|
+ CVE-2023-5174: Double-free in process spawning on Windows
|
|
+ CVE-2023-5176: Memory safety bugs fixed in Firefox 118, Firefox
|
|
ESR 115.3, and Thunderbird 115.3
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Sep 25 14:52:38 UTC 2023 - Bjørn Lie <bjorn.lie@gmail.com>
|
|
|
|
- Update to version 115.2.1:
|
|
+ Security fix: CVE-2023-4863: Heap buffer overflow in libwebp.
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Sep 5 09:40:20 UTC 2023 - Bjørn Lie <bjorn.lie@gmail.com>
|
|
|
|
- Update to version 115.2.0:
|
|
+ Various security fixes and other quality improvements.
|
|
+ CVE-2023-4573: Memory corruption in IPC CanvasTranslator
|
|
+ CVE-2023-4574: Memory corruption in IPC
|
|
ColorPickerShownCallback
|
|
+ CVE-2023-4575: Memory corruption in IPC FilePickerShownCallback
|
|
+ CVE-2023-4576: Integer Overflow in
|
|
RecordedSourceSurfaceCreation
|
|
+ CVE-2023-4577: Memory corruption in JIT UpdateRegExpStatics
|
|
+ CVE-2023-4051: Full screen notification obscured by file open
|
|
dialog
|
|
+ CVE-2023-4578: Error reporting methods in SpiderMonkey could
|
|
have triggered an Out of Memory Exception
|
|
+ CVE-2023-4053: Full screen notification obscured by external
|
|
program
|
|
+ CVE-2023-4580: Push notifications saved to disk unencrypted
|
|
+ CVE-2023-4581: XLL file extensions were downloadable without
|
|
warnings
|
|
+ CVE-2023-4582: Buffer Overflow in WebGL glGetProgramiv
|
|
+ CVE-2023-4583: Browsing Context potentially not cleared when
|
|
closing Private Window
|
|
+ CVE-2023-4584: Memory safety bugs fixed in Firefox 117, Firefox
|
|
ESR 102.15, Firefox ESR 115.2, Thunderbird 102.15, and
|
|
Thunderbird 115.2
|
|
+ CVE-2023-4585: Memory safety bugs fixed in Firefox 117, Firefox
|
|
ESR 115.2, and Thunderbird 115.2
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Aug 11 11:24:28 UTC 2023 - Bjørn Lie <bjorn.lie@gmail.com>
|
|
|
|
- Initial packaging for openSUSE, based on mozjs102.
|