commit mozjs128 for openSUSE:Factory

Tue, 05 Nov 2024 06:39:59 -0800 

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package mozjs128 for openSUSE:Factory 
checked in at 2024-11-05 15:39:19
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/mozjs128 (Old)
 and      /work/SRC/openSUSE:Factory/.mozjs128.new.2020 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "mozjs128"

Tue Nov  5 15:39:19 2024 rev:5 rq:1221106 version:128.4.0

Changes:
--------
--- /work/SRC/openSUSE:Factory/mozjs128/mozjs128.changes        2024-10-12 
13:25:20.935340031 +0200
+++ /work/SRC/openSUSE:Factory/.mozjs128.new.2020/mozjs128.changes      
2024-11-05 15:39:38.578609481 +0100
@@ -1,0 +2,21 @@
+Mon Nov  4 10:37:43 UTC 2024 - Bjørn Lie <bjorn....@gmail.com>
+
+- Update to version 128.4.0:
+  + CVE-2024-10458: Permission leak via embed or object elements
+  + CVE-2024-10459: Use-after-free in layout with accessibility
+  + CVE-2024-10460: Confusing display of origin for external
+    protocol handler prompt
+  + CVE-2024-10461: XSS due to Content-Disposition being ignored in
+    multipart/x-mixed-replace response
+  + CVE-2024-10462: Origin of permission prompt could be spoofed by
+    long URL
+  + CVE-2024-10463: Cross origin video frame leak
+  + CVE-2024-10464: History interface could have been used to cause
+    a Denial of Service condition in the browser
+  + CVE-2024-10465: Clipboard "paste" button persisted across tabs
+  + CVE-2024-10466: DOM push subscription message could hang
+    Firefox
+  + CVE-2024-10467: Memory safety bugs fixed in Firefox 132,
+    Thunderbird 132, Firefox ESR 128.4, and Thunderbird 128.4
+
+-------------------------------------------------------------------

Old:
----
  firefox-128.3.1esr.source.tar.xz
  firefox-128.3.1esr.source.tar.xz.asc

New:
----
  firefox-128.4.0esr.source.tar.xz
  firefox-128.4.0esr.source.tar.xz.asc

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ mozjs128.spec ++++++
--- /var/tmp/diff_new_pack.feDU2r/_old  2024-11-05 15:39:41.638737580 +0100
+++ /var/tmp/diff_new_pack.feDU2r/_new  2024-11-05 15:39:41.642737747 +0100
@@ -41,7 +41,7 @@
 %global big_endian 1
 %endif
 Name:           mozjs%{major}
-Version:        128.3.1
+Version:        128.4.0
 Release:        1%{?dist}
 Summary:        SpiderMonkey JavaScript library
 License:        MPL-2.0

++++++ firefox-128.3.1esr.source.tar.xz -> firefox-128.4.0esr.source.tar.xz 
++++++
/work/SRC/openSUSE:Factory/mozjs128/firefox-128.3.1esr.source.tar.xz 
/work/SRC/openSUSE:Factory/.mozjs128.new.2020/firefox-128.4.0esr.source.tar.xz 
differ: char 15, line 1

Reply via email to