Update submodules from pool/chromium#14 and create patchinfo.20251030080843825030.187004354831441/_patchinfo

Update patchinfo incident numbers [skip actions]
Merging
2025-10-30 09:08:58 +01:00 · 2025-10-29 16:01:09 +00:00 · 2025-10-29 16:00:48 +00:00 · 2025-10-29 15:29:34 +00:00 · 2025-10-29 11:37:25 +00:00 · 2025-10-29 11:37:08 +00:00
8 changed files with 123 additions and 3 deletions
--- a/.gitmodules
+++ b/.gitmodules
@@ -26106,3 +26106,7 @@
 	path = perl-MCP
 	url = ../../pool/perl-MCP
 	branch = leap-16.0
+[submodule "fprintd"]
+	path = fprintd
+	url = ../../pool/fprintd
+	branch = leap-16.0
--- a/2
+++ b/2
--- a/2
+++ b/2
--- a/1
+++ b/1
--- a/2
+++ b/2
--- a/patchinfo.20251023150135882810.90520734224245/_patchinfo
+++ b/patchinfo.20251023150135882810.90520734224245/_patchinfo
@@ -0,0 +1,11 @@
+<patchinfo incident="packagehub-9">
+  <packager>dgarcia</packager>
+  <rating>moderate</rating>
+  <category>optional</category>
+  <summary>Optional update for fprintd</summary>
+  <description>
+This update ships fprintd 1.94.4 to openSUSE Leap 16.0 and SLES Package Hub 16.0
+</description>
+  <package>fprintd</package>
+  <seperate_build_arch/>
+</patchinfo>
--- a/patchinfo.20251027101939269288.187004354831441/_patchinfo
+++ b/patchinfo.20251027101939269288.187004354831441/_patchinfo
@@ -0,0 +1,48 @@
+<patchinfo incident="packagehub-10">
+  <issue tracker="cve" id="2025-10527">This vulnerability affects Firefox &lt; 143, Firefox ESR &lt; 140.3, Thunderbird &lt; 143, and Thunderbird &lt; 140.3.</issue>
+  <issue tracker="cve" id="2025-10536">This vulnerability affects Firefox &lt; 143, Firefox ESR &lt; 140.3, Thunderbird &lt; 143, and Thunderbird &lt; 140.3.</issue>
+  <issue tracker="cve" id="2025-10528">This vulnerability affects Firefox &lt; 143, Firefox ESR &lt; 140.3, Thunderbird &lt; 143, and Thunderbird &lt; 140.3.</issue>
+  <issue tracker="cve" id="2025-10537">Memory safety bugs present in Firefox ESR 140.2, Thunderbird ESR 140.2, Firefox 142 and Thunderbird 142. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox &lt; 143, Firefox ESR &lt; 140.3, Thunderbird &lt; 143, and Thunderbird &lt; 140.3.</issue>
+  <issue tracker="cve" id="2025-10529">This vulnerability affects Firefox &lt; 143, Firefox ESR &lt; 140.3, Thunderbird &lt; 143, and Thunderbird &lt; 140.3.</issue>
+  <issue tracker="cve" id="2025-10532">This vulnerability affects Firefox &lt; 143, Firefox ESR &lt; 140.3, Thunderbird &lt; 143, and Thunderbird &lt; 140.3.</issue>
+  <issue tracker="cve" id="2025-10533">This vulnerability affects Firefox &lt; 143, Firefox ESR &lt; 115.28, Firefox ESR &lt; 140.3, Thunderbird &lt; 143, and Thunderbird &lt; 140.3.</issue>
+  <issue tracker="bnc" id="1249391">VUL-0: MozillaFirefox / MozillaThunderbird: update to 143.0 and 140.3esr</issue>
+  <packager>Yoshio_Sato</packager>
+  <rating>important</rating>
+  <category>security</category>
+  <summary>Security update for MozillaThunderbird</summary>
+  <description>This update for MozillaThunderbird fixes the following issues:
+
+Changes in MozillaThunderbird:
+
+Mozilla Thunderbird 140.3.0 ESR:
+
+  * Right-clicking 'List-ID' -&gt; 'Unsubscribe' created double encoded
+    draft subject
+  * Thunderbird could crash on startup
+  * Thunderbird could crash when importing mail
+  * Opening Website header link in RSS feed incorrectly re-encoded
+    URL parameters
+  MFSA 2025-78 (bsc#1249391)
+  * CVE-2025-10527
+    Sandbox escape due to use-after-free in the Graphics:
+    Canvas2D component
+  * CVE-2025-10528
+    Sandbox escape due to undefined behavior, invalid pointer in
+    the Graphics: Canvas2D component
+  * CVE-2025-10529
+    Same-origin policy bypass in the Layout component
+  * CVE-2025-10532
+    Incorrect boundary conditions in the JavaScript: GC component
+  * CVE-2025-10533
+    Integer overflow in the SVG component
+  * CVE-2025-10536
+    Information disclosure in the Networking: Cache component
+  * CVE-2025-10537
+    Memory safety bugs fixed in Firefox ESR 140.3, Thunderbird
+    ESR 140.3, Firefox 143 and Thunderbird 143
+
+</description>
+  <package>MozillaThunderbird</package>
+  <seperate_build_arch/>
+</patchinfo>
--- a/patchinfo.20251030080843825030.187004354831441/_patchinfo
+++ b/patchinfo.20251030080843825030.187004354831441/_patchinfo
@@ -0,0 +1,56 @@
+<patchinfo>
+  <issue tracker="cve" id="2025-12441"/>
+  <issue tracker="cve" id="2025-12429"/>
+  <issue tracker="cve" id="2025-12431"/>
+  <issue tracker="cve" id="2025-12444"/>
+  <issue tracker="cve" id="2025-12428"/>
+  <issue tracker="cve" id="2025-12438"/>
+  <issue tracker="cve" id="2025-12435"/>
+  <issue tracker="cve" id="2025-12437"/>
+  <issue tracker="cve" id="2025-12443"/>
+  <issue tracker="cve" id="2025-12430"/>
+  <issue tracker="cve" id="2025-12440"/>
+  <issue tracker="cve" id="2025-12445"/>
+  <issue tracker="cve" id="2025-12446"/>
+  <issue tracker="cve" id="2025-12432"/>
+  <issue tracker="cve" id="2025-12436"/>
+  <issue tracker="cve" id="2025-12434"/>
+  <issue tracker="cve" id="2025-54874">VUL-0: CVE-2025-54874: TRACKERBUG: openjpeg: missing error check can lead to the use of an uninitialized pointer and cause an out-of-bounds heap</issue>
+  <issue tracker="cve" id="2025-12433"/>
+  <issue tracker="bnc" id="1252881">VUL-0: chromium: release 142.0.7444.59</issue>
+  <issue tracker="cve" id="2025-12439"/>
+  <issue tracker="cve" id="2025-12447"/>
+  <packager>AndreasStieger</packager>
+  <rating>important</rating>
+  <category>security</category>
+  <summary>Security update for chromium</summary>
+  <description>This update for chromium fixes the following issues:
+
+Chromium 142.0.7444.59, the stable channel promotion of 142.
+
+Security fixes (boo#1252881):
+
+  * CVE-2025-12428: Type Confusion in V8
+  * CVE-2025-12429: Inappropriate implementation in V8
+  * CVE-2025-12430: Object lifecycle issue in Media
+  * CVE-2025-12431: Inappropriate implementation in Extensions
+  * CVE-2025-12432: Race in V8
+  * CVE-2025-12433: Inappropriate implementation in V8
+  * CVE-2025-12434: Race in Storage
+  * CVE-2025-12435: Incorrect security UI in Omnibox
+  * CVE-2025-12436: Policy bypass in Extensions
+  * CVE-2025-12437: Use after free in PageInfo
+  * CVE-2025-12438: Use after free in Ozone
+  * CVE-2025-12439: Inappropriate implementation in App-Bound Encryption
+  * CVE-2025-12440: Inappropriate implementation in Autofill
+  * CVE-2025-12441: Out of bounds read in V8
+  * CVE-2025-12443: Out of bounds read in WebXR
+  * CVE-2025-12444: Incorrect security UI in Fullscreen UI
+  * CVE-2025-12445: Policy bypass in Extensions
+  * CVE-2025-12446: Incorrect security UI in SplitView
+  * CVE-2025-12447: Incorrect security UI in Omnibox
+
+</description>
+  <package>chromium</package>
+  <seperate_build_arch/>
+</patchinfo>
Author	SHA256	Message	Date
Marcus Meissner	1aeb477ba1	Update submodules from pool/chromium#14 and create patchinfo.20251030080843825030.187004354831441/_patchinfo All checks were successful ObsStaging OBS Staging build Details	2025-10-30 09:08:58 +01:00
Patchinfo incident numbering	280b37a43b	Update patchinfo incident numbers [skip actions]	2025-10-29 16:01:09 +00:00
AutoGits PR Review Bot	537ee79523	Merging All checks were successful Patchinfo incident numbering / use-go-action (push) Successful in 17s Details PR: products/PackageHub!196	2025-10-29 16:00:48 +00:00
AutoGits PR Review Bot	1d8648ba28	Merging All checks were successful Patchinfo incident numbering / use-go-action (push) Successful in 16s Details PR: products/PackageHub!198	2025-10-29 15:29:34 +00:00
Patchinfo incident numbering	f42dcc1f68	Update patchinfo incident numbers [skip actions]	2025-10-29 11:37:25 +00:00
AutoGits PR Review Bot	45f8a23cee	Merging All checks were successful Patchinfo incident numbering / use-go-action (push) Successful in 14s Details PR: products/PackageHub!190	2025-10-29 11:37:08 +00:00
Elisei Roca	f089aa345a	Fix melange submodule reference All checks were successful ObsStaging OBS Staging build Details For some reason, pool/melange did not have a leap-16.0 branch. I've created one based on .changes, .spec file and sha256sum of the package source archives.	2025-10-27 16:34:51 +01:00
Marcus Meissner	bd04a8821e	Update submodules from pool/MozillaThunderbird#5 and create patchinfo.20251027101939269288.187004354831441/_patchinfo All checks were successful ObsStaging OBS Staging build Details	2025-10-27 11:20:22 +01:00
Marcus Meissner	47614025ea	Added fprintd to PHUB All checks were successful ObsStaging OBS Staging build Details	2025-10-23 15:06:14 +02:00