pool/mozjs102
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
307cf13d8b
mozjs102/mozjs102.changes
Bjørn Lie 307cf13d8b Accepting request 1058990 from GNOME:Next 
- Update to version 102.7.0:
  + Various stability, functionality, and security fixes.
  + CVE-2022-46871: libusrsctp library out of date.
  + CVE-2023-23598: Arbitrary file read from GTK drag and drop on
    Linux.
  + CVE-2023-23599: Malicious command could be hidden in devtools
    output on Windows.
  + CVE-2023-23601: URL being dragged from cross-origin iframe into
    same tab triggers navigation.
  + CVE-2023-23602: Content Security Policy wasn't being correctly
    applied to WebSockets in WebWorkers.
  + CVE-2022-46877: Fullscreen notification bypass.
  + CVE-2023-23603: Calls to <code>console.log</code> allowed
    bypasing Content Security Policy via format directive.
  + CVE-2023-23605: Memory safety bugs fixed in Firefox 109 and
    Firefox ESR 102.7.

OBS-URL: https://build.opensuse.org/request/show/1058990
OBS-URL: https://build.opensuse.org/package/show/GNOME:Factory/mozjs102?expand=0&rev=13
2023-01-19 08:53:02 +00:00

103 lines
4.4 KiB
Plaintext
Raw Blame History

-------------------------------------------------------------------
Tue Jan 17 13:35:58 UTC 2023 - Bjørn Lie <bjorn.lie@gmail.com>
- Update to version 102.7.0:
+ Various stability, functionality, and security fixes.
+ CVE-2022-46871: libusrsctp library out of date.
+ CVE-2023-23598: Arbitrary file read from GTK drag and drop on
Linux.
+ CVE-2023-23599: Malicious command could be hidden in devtools
output on Windows.
+ CVE-2023-23601: URL being dragged from cross-origin iframe into
same tab triggers navigation.
+ CVE-2023-23602: Content Security Policy wasn't being correctly
applied to WebSockets in WebWorkers.
+ CVE-2022-46877: Fullscreen notification bypass.
+ CVE-2023-23603: Calls to <code>console.log</code> allowed
bypasing Content Security Policy via format directive.
+ CVE-2023-23605: Memory safety bugs fixed in Firefox 109 and
Firefox ESR 102.7.
-------------------------------------------------------------------
Wed Dec 14 10:31:25 UTC 2022 - Bjørn Lie <bjorn.lie@gmail.com>
- Update to version 102.6.0:
+ Various stability, functionality, and security fixes.
+ CVE-2022-46880: Use-after-free in WebGL.
+ CVE-2022-46872: Arbitrary file read from a compromised content
process.
+ CVE-2022-46881: Memory corruption in WebGL.
+ CVE-2022-46874: Drag and Dropped Filenames could have been
truncated to malicious extensions.
+ CVE-2022-46875: Download Protections were bypassed by .atloc
and .ftploc files on Mac OS.
+ CVE-2022-46882: Use-after-free in WebGL.
+ CVE-2022-46878: Memory safety bugs fixed in Firefox 108 and
Firefox ESR 102.6.
-------------------------------------------------------------------
Fri Nov 18 18:04:53 UTC 2022 - Bjørn Lie <bjorn.lie@gmail.com>
- Update to version 102.5.0:
+ Various stability, functionality, and security fixes.
+ CVE-2022-45403: Service Workers might have learned size of
cross-origin media files.
+ CVE-2022-45404: Fullscreen notification bypass.
+ CVE-2022-45405: Use-after-free in InputStream implementation.
+ CVE-2022-45406: Use-after-free of a JavaScript Realm.
+ CVE-2022-45408: Fullscreen notification bypass via windowName.
+ CVE-2022-45409: Use-after-free in Garbage Collection.
+ CVE-2022-45410: ServiceWorker-intercepted requests bypassed
SameSite cookie policy.
+ CVE-2022-45411: Cross-Site Tracing was possible via
non-standard override headers.
+ CVE-2022-45412: Symlinks may resolve to partially uninitialized
buffers.
+ CVE-2022-45416: Keystroke Side-Channel Leakage.
+ CVE-2022-45418: Custom mouse cursor could have been drawn over
browser UI.
+ CVE-2022-45420: Iframe contents could be rendered outside the
iframe.
+ CVE-2022-45421: Memory safety bugs fixed in Firefox 107 and
Firefox ESR 102.5.
-------------------------------------------------------------------
Tue Oct 18 14:14:17 UTC 2022 - Bjørn Lie <bjorn.lie@gmail.com>
- Update to version 102.4.0:
+ Various stability, functionality, and security fixes.
+ CVE-2022-42927: Same-origin policy violation could have leaked
cross-origin URLs.
+ CVE-2022-42928: Memory Corruption in JS Engine.
+ CVE-2022-42929: Denial of Service via window.print.
+ CVE-2022-42932: Memory safety bugs fixed in Firefox 106 and
Firefox ESR 102.4.
-------------------------------------------------------------------
Tue Sep 27 14:13:15 UTC 2022 - Fabian Vogt <fvogt@suse.com>
- Adjust name of ICU data file to fix build on big-endian platforms
-------------------------------------------------------------------
Tue Sep 20 07:41:19 UTC 2022 - Bjørn Lie <bjorn.lie@gmail.com>
- Update to version 102.3.0:
+ Various stability, functionality, and security fixes.
+ CVE-2022-3266: Out of bounds read when decoding H264.
+ CVE-2022-40959: Bypassing FeaturePolicy restrictions on
transient pages.
+ CVE-2022-40960: Data-race when parsing non-UTF-8 URLs in
threads.
+ CVE-2022-40958: Bypassing Secure Context restriction for
cookies with __Host and __Secure prefix.
+ CVE-2022-40956: Content-Security-Policy base-uri bypass.
+ CVE-2022-40957: Incoherent instruction cache when building WASM
on ARM64.
+ CVE-2022-40962: Memory safety bugs fixed in Firefox 105 and
Firefox ESR 102.3.
-------------------------------------------------------------------
Fri Aug 26 18:08:37 UTC 2022 - Bjørn Lie <bjorn.lie@gmail.com>
- Initial packaging for openSUSE.
Reference in New Issue View Git Blame Copy Permalink