commit firefox-esr for openSUSE:Factory

Source-Sync Wed, 20 Aug 2025 04:27:49 -0700

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package firefox-esr for openSUSE:Factory 
checked in at 2025-08-20 13:25:48
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/firefox-esr (Old)
 and      /work/SRC/openSUSE:Factory/.firefox-esr.new.29662 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


Package is "firefox-esr"

Wed Aug 20 13:25:48 2025 rev:16 rq:1300348 version:140.2.0

Changes:
--------
--- /work/SRC/openSUSE:Factory/firefox-esr/MozillaFirefox.changes       
2025-07-23 16:35:38.893082347 +0200
+++ /work/SRC/openSUSE:Factory/.firefox-esr.new.29662/MozillaFirefox.changes    
2025-08-20 13:26:51.900282041 +0200
@@ -1,0 +2,29 @@
+Sun Aug 17 07:07:51 UTC 2025 - Manfred Hollstein <manfre...@gmx.net>
+
+- Firefox Extended Support Release 140.2.0 ESR
+  * Fixed: Various security fixes.
+- Mozilla Firefox ESR 140.2.0
+  https://www.mozilla.org/security/advisories/mfsa2025-67
+  MFSA 2025-67 (boo#1248162)
+  * CVE-2025-9179 (bmo#1979527)
+    Sandbox escape due to invalid pointer in the Audio/Video: GMP
+    component
+  * CVE-2025-9180 (bmo#1979782)
+    Same-origin policy bypass in the Graphics: Canvas2D component
+  * CVE-2025-9181 (bmo#1977130)
+    Uninitialized memory in the JavaScript Engine component
+  * CVE-2025-9182 (bmo#1975837)
+    Denial-of-service due to out-of-memory in the Graphics:
+    WebRender component
+  * CVE-2025-9183 (bmo#1976102)
+    Spoofing issue in the Address Bar component
+  * CVE-2025-9184 (bmo#1929482, bmo#1976376, bmo#1979163,
+    bmo#1979955)
+    Memory safety bugs fixed in Firefox ESR 140.2, Thunderbird
+    ESR 140.2, Firefox 142 and Thunderbird 142
+  * CVE-2025-9185 (bmo#1970154, bmo#1976782, bmo#1977166)
+    Memory safety bugs fixed in Firefox ESR 115.27, Firefox ESR
+    128.14, Thunderbird ESR 128.14, Firefox ESR 140.2,
+    Thunderbird ESR 140.2, Firefox 142 and Thunderbird 142
+
+-------------------------------------------------------------------
firefox-esr.changes: same change

Old:
----
  firefox-140.1.0esr.source.tar.xz
  firefox-140.1.0esr.source.tar.xz.asc
  l10n-140.1.0esr.tar.xz

New:
----
  firefox-140.2.0esr.source.tar.xz
  firefox-140.2.0esr.source.tar.xz.asc
  l10n-140.2.0esr.tar.xz

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ firefox-esr.spec ++++++
--- /var/tmp/diff_new_pack.6qyGaM/_old  2025-08-20 13:27:05.076835992 +0200
+++ /var/tmp/diff_new_pack.6qyGaM/_new  2025-08-20 13:27:05.076835992 +0200
@@ -41,8 +41,8 @@
 # major 69
 # mainver %%major.99
 %define major          140
-%define mainver        %major.1.0
-%define orig_version   140.1.0
+%define mainver        %major.2.0
+%define orig_version   140.2.0
 %define orig_suffix    esr
 %define update_channel esr
 %define branding       1

++++++ MozillaFirefox.changes.txt ++++++
--- /var/tmp/diff_new_pack.6qyGaM/_old  2025-08-20 13:27:05.180840365 +0200
+++ /var/tmp/diff_new_pack.6qyGaM/_new  2025-08-20 13:27:05.188840701 +0200
@@ -1,4 +1,33 @@
 -------------------------------------------------------------------
+Sun Aug 17 07:07:51 UTC 2025 - Manfred Hollstein <manfre...@gmx.net>
+
+- Firefox Extended Support Release 140.2.0 ESR
+  * Fixed: Various security fixes.
+- Mozilla Firefox ESR 140.2.0
+  https://www.mozilla.org/security/advisories/mfsa2025-67
+  MFSA 2025-67 (boo#1248162)
+  * CVE-2025-9179 (bmo#1979527)
+    Sandbox escape due to invalid pointer in the Audio/Video: GMP
+    component
+  * CVE-2025-9180 (bmo#1979782)
+    Same-origin policy bypass in the Graphics: Canvas2D component
+  * CVE-2025-9181 (bmo#1977130)
+    Uninitialized memory in the JavaScript Engine component
+  * CVE-2025-9182 (bmo#1975837)
+    Denial-of-service due to out-of-memory in the Graphics:
+    WebRender component
+  * CVE-2025-9183 (bmo#1976102)
+    Spoofing issue in the Address Bar component
+  * CVE-2025-9184 (bmo#1929482, bmo#1976376, bmo#1979163,
+    bmo#1979955)
+    Memory safety bugs fixed in Firefox ESR 140.2, Thunderbird
+    ESR 140.2, Firefox 142 and Thunderbird 142
+  * CVE-2025-9185 (bmo#1970154, bmo#1976782, bmo#1977166)
+    Memory safety bugs fixed in Firefox ESR 115.27, Firefox ESR
+    128.14, Thunderbird ESR 128.14, Firefox ESR 140.2,
+    Thunderbird ESR 140.2, Firefox 142 and Thunderbird 142
+
+-------------------------------------------------------------------
 Tue Jul 22 15:02:34 UTC 2025 - Manfred Hollstein <manfre...@gmx.net>
 
 - Avoid file conflict with MozillaFirefox regarding

++++++ firefox-140.1.0esr.source.tar.xz -> firefox-140.2.0esr.source.tar.xz 
++++++
/work/SRC/openSUSE:Factory/firefox-esr/firefox-140.1.0esr.source.tar.xz 
/work/SRC/openSUSE:Factory/.firefox-esr.new.29662/firefox-140.2.0esr.source.tar.xz
 differ: char 15, line 1

++++++ firefox-esr.changes.txt ++++++
--- /var/tmp/diff_new_pack.6qyGaM/_old  2025-08-20 13:27:05.324846420 +0200
+++ /var/tmp/diff_new_pack.6qyGaM/_new  2025-08-20 13:27:05.328846587 +0200
@@ -1,4 +1,33 @@
 -------------------------------------------------------------------
+Sun Aug 17 07:07:51 UTC 2025 - Manfred Hollstein <manfre...@gmx.net>
+
+- Firefox Extended Support Release 140.2.0 ESR
+  * Fixed: Various security fixes.
+- Mozilla Firefox ESR 140.2.0
+  https://www.mozilla.org/security/advisories/mfsa2025-67
+  MFSA 2025-67 (boo#1248162)
+  * CVE-2025-9179 (bmo#1979527)
+    Sandbox escape due to invalid pointer in the Audio/Video: GMP
+    component
+  * CVE-2025-9180 (bmo#1979782)
+    Same-origin policy bypass in the Graphics: Canvas2D component
+  * CVE-2025-9181 (bmo#1977130)
+    Uninitialized memory in the JavaScript Engine component
+  * CVE-2025-9182 (bmo#1975837)
+    Denial-of-service due to out-of-memory in the Graphics:
+    WebRender component
+  * CVE-2025-9183 (bmo#1976102)
+    Spoofing issue in the Address Bar component
+  * CVE-2025-9184 (bmo#1929482, bmo#1976376, bmo#1979163,
+    bmo#1979955)
+    Memory safety bugs fixed in Firefox ESR 140.2, Thunderbird
+    ESR 140.2, Firefox 142 and Thunderbird 142
+  * CVE-2025-9185 (bmo#1970154, bmo#1976782, bmo#1977166)
+    Memory safety bugs fixed in Firefox ESR 115.27, Firefox ESR
+    128.14, Thunderbird ESR 128.14, Firefox ESR 140.2,
+    Thunderbird ESR 140.2, Firefox 142 and Thunderbird 142
+
+-------------------------------------------------------------------
 Tue Jul 22 15:02:34 UTC 2025 - Manfred Hollstein <manfre...@gmx.net>
 
 - Avoid file conflict with MozillaFirefox regarding

++++++ l10n-140.1.0esr.tar.xz -> l10n-140.2.0esr.tar.xz ++++++
/work/SRC/openSUSE:Factory/firefox-esr/l10n-140.1.0esr.tar.xz 
/work/SRC/openSUSE:Factory/.firefox-esr.new.29662/l10n-140.2.0esr.tar.xz 
differ: char 15, line 1

++++++ tar_stamps ++++++
--- /var/tmp/diff_new_pack.6qyGaM/_old  2025-08-20 13:27:05.536855332 +0200
+++ /var/tmp/diff_new_pack.6qyGaM/_new  2025-08-20 13:27:05.536855332 +0200
@@ -1,11 +1,11 @@
 PRODUCT="firefox"
 CHANNEL="esr140"
-VERSION="140.1.0"
+VERSION="140.2.0"
 VERSION_SUFFIX="esr"
-PREV_VERSION="140.0"
+PREV_VERSION="140.1.0"
 PREV_VERSION_SUFFIX="esr"
 #SKIP_LOCALES="" # Uncomment to skip l10n and compare-locales-generation
 RELEASE_REPO="https://hg.mozilla.org/releases/mozilla-esr140";
-RELEASE_TAG="0c53463d0e61c036c08be46403e896e174f2182e"
-RELEASE_TIMESTAMP="20250714132824"
+RELEASE_TAG="a511f36cca85d35bd9989b4a3902556b664d9e13"
+RELEASE_TIMESTAMP="20250811125930"

commit firefox-esr for openSUSE:Factory

Reply via email to