pool/mozjs102
SHA256
12
0
Fork 1
Code Issues Pull Requests Activity

Accepting request 1058990 from GNOME:Next

Browse Source 
- Update to version 102.7.0:
  + Various stability, functionality, and security fixes.
  + CVE-2022-46871: libusrsctp library out of date.
  + CVE-2023-23598: Arbitrary file read from GTK drag and drop on
    Linux.
  + CVE-2023-23599: Malicious command could be hidden in devtools
    output on Windows.
  + CVE-2023-23601: URL being dragged from cross-origin iframe into
    same tab triggers navigation.
  + CVE-2023-23602: Content Security Policy wasn't being correctly
    applied to WebSockets in WebWorkers.
  + CVE-2022-46877: Fullscreen notification bypass.
  + CVE-2023-23603: Calls to <code>console.log</code> allowed
    bypasing Content Security Policy via format directive.
  + CVE-2023-23605: Memory safety bugs fixed in Firefox 109 and
    Firefox ESR 102.7.

OBS-URL: https://build.opensuse.org/request/show/1058990
OBS-URL: https://build.opensuse.org/package/show/GNOME:Factory/mozjs102?expand=0&rev=13
This commit is contained in:
Bjørn Lie
2023-01-19 08:53:02 +00:00
committed by Git OBS Bridge
parent 12f5359628
commit 307cf13d8b
6 changed files with 41 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
mozjs102.changes
View File

@@ -1,3 +1,23 @@
-------------------------------------------------------------------
Tue Jan 17 13:35:58 UTC 2023 - Bjørn Lie <bjorn.lie@gmail.com>
- Update to version 102.7.0:
+ Various stability, functionality, and security fixes.
+ CVE-2022-46871: libusrsctp library out of date.
+ CVE-2023-23598: Arbitrary file read from GTK drag and drop on
Linux.
+ CVE-2023-23599: Malicious command could be hidden in devtools
output on Windows.
+ CVE-2023-23601: URL being dragged from cross-origin iframe into
same tab triggers navigation.
+ CVE-2023-23602: Content Security Policy wasn't being correctly
applied to WebSockets in WebWorkers.
+ CVE-2022-46877: Fullscreen notification bypass.
+ CVE-2023-23603: Calls to <code>console.log</code> allowed
bypasing Content Security Policy via format directive.
+ CVE-2023-23605: Memory safety bugs fixed in Firefox 109 and
Firefox ESR 102.7.
-------------------------------------------------------------------
Wed Dec 14 10:31:25 UTC 2022 - Bjørn Lie <bjorn.lie@gmail.com>