Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package mozjs102 for openSUSE:Factory checked in at 2023-08-15 16:39:33 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/mozjs102 (Old) and /work/SRC/openSUSE:Factory/.mozjs102.new.11712 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "mozjs102" Tue Aug 15 16:39:33 2023 rev:14 rq:1103892 version:102.14.0 Changes: -------- --- /work/SRC/openSUSE:Factory/mozjs102/mozjs102.changes 2023-06-27 23:15:34.171004212 +0200 +++ /work/SRC/openSUSE:Factory/.mozjs102.new.11712/mozjs102.changes 2023-08-15 16:39:44.162876491 +0200 @@ -1,0 +2,31 @@ +Fri Aug 11 10:54:47 UTC 2023 - Bjørn Lie <[email protected]> + +- Update to version 102.14.0: + + Various security fixes and other quality improvements. + + CVE-2023-4045: Offscreen Canvas could have bypassed + cross-origin restrictions. + + CVE-2023-4046: Incorrect value used during WASM compilation. + + CVE-2023-4047: Potential permissions request bypass via + clickjacking. + + CVE-2023-4048: Crash in DOMParser due to out-of-memory + conditions. + + CVE-2023-4049: Fix potential race conditions when releasing + platform objects. + + CVE-2023-4050: Stack buffer overflow in StorageManager. + + CVE-2023-4054: Lack of warning when opening appref-ms files. + + CVE-2023-4055: Cookie jar overflow caused unexpected cookie jar + state. + + CVE-2023-4056: Memory safety bugs fixed in Firefox 116, Firefox + ESR 115.1, Firefox ESR 102.14, Thunderbird 115.1, and + Thunderbird 102.14. +- Changes from version 102.13.0: + + Various security fixes and other quality improvements. + + CVE-2023-37201: Use-after-free in WebRTC certificate generation + + CVE-2023-37202: Potential use-after-free from compartment + mismatch in SpiderMonkey + + CVE-2023-37207: Fullscreen notification obscured + + CVE-2023-37208: Lack of warning when opening Diagcab files + + CVE-2023-37211: Memory safety bugs fixed in Firefox 115, + Firefox ESR 102.13, and Thunderbird 102.13 + +------------------------------------------------------------------- Old: ---- firefox-102.12.0esr.source.tar.xz firefox-102.12.0esr.source.tar.xz.asc New: ---- firefox-102.14.0esr.source.tar.xz firefox-102.14.0esr.source.tar.xz.asc ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ mozjs102.spec ++++++ --- /var/tmp/diff_new_pack.8KdEnx/_old 2023-08-15 16:39:49.950915964 +0200 +++ /var/tmp/diff_new_pack.8KdEnx/_new 2023-08-15 16:39:49.958916019 +0200 @@ -41,7 +41,7 @@ %global big_endian 1 %endif Name: mozjs%{major} -Version: 102.12.0 +Version: 102.14.0 Release: 1%{?dist} Summary: SpiderMonkey JavaScript library License: MPL-2.0 ++++++ firefox-102.12.0esr.source.tar.xz -> firefox-102.14.0esr.source.tar.xz ++++++ /work/SRC/openSUSE:Factory/mozjs102/firefox-102.12.0esr.source.tar.xz /work/SRC/openSUSE:Factory/.mozjs102.new.11712/firefox-102.14.0esr.source.tar.xz differ: char 15, line 1 ++++++ mozilla.keyring ++++++ --- /var/tmp/diff_new_pack.8KdEnx/_old 2023-08-15 16:39:50.062916728 +0200 +++ /var/tmp/diff_new_pack.8KdEnx/_new 2023-08-15 16:39:50.066916755 +0200 @@ -12,8 +12,8 @@ uid [ full ] Mozilla Software Releases <[email protected]> sub rsa4096 2015-07-17 [S] [expired: 2017-07-16] sub rsa4096 2017-06-22 [S] [expired: 2019-06-22] -sub rsa4096 2019-05-30 [S] [expires: 2021-05-29] -sub rsa4096 2021-05-17 [S] [expires: 2023-05-17] +sub rsa4096 2019-05-30 [S] [expired: 2021-05-29] +sub rsa4096 2021-05-17 [S] [expired: 2023-05-17] sub rsa4096 2023-05-05 [S] [expires: 2025-05-04] -----BEGIN PGP PUBLIC KEY BLOCK-----
