commit mozjs102 for openSUSE:Factory

Tue, 22 Nov 2022 07:09:58 -0800 

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package mozjs102 for openSUSE:Factory 
checked in at 2022-11-22 16:09:29
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/mozjs102 (Old)
 and      /work/SRC/openSUSE:Factory/.mozjs102.new.1597 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "mozjs102"

Tue Nov 22 16:09:29 2022 rev:5 rq:1037078 version:102.5.0

Changes:
--------
--- /work/SRC/openSUSE:Factory/mozjs102/mozjs102.changes        2022-10-20 
11:09:59.115809831 +0200
+++ /work/SRC/openSUSE:Factory/.mozjs102.new.1597/mozjs102.changes      
2022-11-22 16:09:37.449859739 +0100
@@ -1,0 +2,26 @@
+Fri Nov 18 18:04:53 UTC 2022 - Bjørn Lie <[email protected]>
+
+- Update to version 102.5.0:
+  + Various stability, functionality, and security fixes.
+  + CVE-2022-45403: Service Workers might have learned size of
+    cross-origin media files.
+  + CVE-2022-45404: Fullscreen notification bypass.
+  + CVE-2022-45405: Use-after-free in InputStream implementation.
+  + CVE-2022-45406: Use-after-free of a JavaScript Realm.
+  + CVE-2022-45408: Fullscreen notification bypass via windowName.
+  + CVE-2022-45409: Use-after-free in Garbage Collection.
+  + CVE-2022-45410: ServiceWorker-intercepted requests bypassed
+    SameSite cookie policy.
+  + CVE-2022-45411: Cross-Site Tracing was possible via
+    non-standard override headers.
+  + CVE-2022-45412: Symlinks may resolve to partially uninitialized
+    buffers.
+  + CVE-2022-45416: Keystroke Side-Channel Leakage.
+  + CVE-2022-45418: Custom mouse cursor could have been drawn over
+    browser UI.
+  + CVE-2022-45420: Iframe contents could be rendered outside the
+    iframe.
+  + CVE-2022-45421: Memory safety bugs fixed in Firefox 107 and
+    Firefox ESR 102.5.
+
+-------------------------------------------------------------------

Old:
----
  firefox-102.4.0esr.source.tar.xz
  firefox-102.4.0esr.source.tar.xz.asc

New:
----
  firefox-102.5.0esr.source.tar.xz
  firefox-102.5.0esr.source.tar.xz.asc

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ mozjs102.spec ++++++
--- /var/tmp/diff_new_pack.6Vrb5O/_old  2022-11-22 16:09:44.013893096 +0100
+++ /var/tmp/diff_new_pack.6Vrb5O/_new  2022-11-22 16:09:44.017893116 +0100
@@ -39,7 +39,7 @@
 %global big_endian 1
 %endif
 Name:           mozjs%{major}
-Version:        102.4.0
+Version:        102.5.0
 Release:        1%{?dist}
 Summary:        SpiderMonkey JavaScript library
 License:        MPL-2.0

++++++ firefox-102.4.0esr.source.tar.xz -> firefox-102.5.0esr.source.tar.xz 
++++++
/work/SRC/openSUSE:Factory/mozjs102/firefox-102.4.0esr.source.tar.xz 
/work/SRC/openSUSE:Factory/.mozjs102.new.1597/firefox-102.5.0esr.source.tar.xz 
differ: char 15, line 1

Reply via email to