Accepting request 1036701 from GNOME:Next

New stable release OBS-URL: https://build.opensuse.org/request/show/1036701 OBS-URL: https://build.opensuse.org/package/show/GNOME:Factory/mozjs102?expand=0&rev=9
2022-11-21 11:43:47 +00:00
parent 3ef870e8ec
commit 24dc957ecc
6 changed files with 46 additions and 20 deletions
--- a/mozjs102.changes
+++ b/mozjs102.changes
@@ -1,3 +1,29 @@
+-------------------------------------------------------------------
+Fri Nov 18 18:04:53 UTC 2022 - Bjørn Lie <bjorn.lie@gmail.com>
+
+- Update to version 102.5.0:
+  + Various stability, functionality, and security fixes.
+  + CVE-2022-45403: Service Workers might have learned size of
+    cross-origin media files.
+  + CVE-2022-45404: Fullscreen notification bypass.
+  + CVE-2022-45405: Use-after-free in InputStream implementation.
+  + CVE-2022-45406: Use-after-free of a JavaScript Realm.
+  + CVE-2022-45408: Fullscreen notification bypass via windowName.
+  + CVE-2022-45409: Use-after-free in Garbage Collection.
+  + CVE-2022-45410: ServiceWorker-intercepted requests bypassed
+    SameSite cookie policy.
+  + CVE-2022-45411: Cross-Site Tracing was possible via
+    non-standard override headers.
+  + CVE-2022-45412: Symlinks may resolve to partially uninitialized
+    buffers.
+  + CVE-2022-45416: Keystroke Side-Channel Leakage.
+  + CVE-2022-45418: Custom mouse cursor could have been drawn over
+    browser UI.
+  + CVE-2022-45420: Iframe contents could be rendered outside the
+    iframe.
+  + CVE-2022-45421: Memory safety bugs fixed in Firefox 107 and
+    Firefox ESR 102.5.
+
 -------------------------------------------------------------------
 Tue Oct 18 14:14:17 UTC 2022 - Bjørn Lie <bjorn.lie@gmail.com>