commit firefox-esr for openSUSE:Factory

Source-Sync Tue, 16 Sep 2025 09:23:54 -0700

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package firefox-esr for openSUSE:Factory 
checked in at 2025-09-16 18:19:49
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/firefox-esr (Old)
 and      /work/SRC/openSUSE:Factory/.firefox-esr.new.1977 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


Package is "firefox-esr"

Tue Sep 16 18:19:49 2025 rev:18 rq:1305194 version:140.3.0

Changes:
--------
--- /work/SRC/openSUSE:Factory/firefox-esr/MozillaFirefox.changes       
2025-09-05 21:44:42.524172461 +0200
+++ /work/SRC/openSUSE:Factory/.firefox-esr.new.1977/MozillaFirefox.changes     
2025-09-16 18:20:52.881367751 +0200
@@ -1,0 +2,27 @@
+Tue Sep 16 13:02:47 UTC 2025 - Manfred Hollstein <manfre...@gmx.net>
+
+- Firefox Extended Support Release 140.3.0 ESR
+  * Fixed: Various security fixes.
+- Mozilla Firefox ESR 140.3.0
+  https://www.mozilla.org/security/advisories/mfsa2025-75
+  MFSA 2025-75 (boo#1249391)
+  * CVE-2025-10527 (bmo#1984825)
+    Sandbox escape due to use-after-free in the Graphics:
+    Canvas2D component
+  * CVE-2025-10528 (bmo#1986185)
+    Sandbox escape due to undefined behavior, invalid pointer in
+    the Graphics: Canvas2D component
+  * CVE-2025-10529 (bmo#1970490)
+    Same-origin policy bypass in the Layout component
+  * CVE-2025-10532 (bmo#1979502)
+    Incorrect boundary conditions in the JavaScript: GC component
+  * CVE-2025-10533 (bmo#1980788)
+    Integer overflow in the SVG component
+  * CVE-2025-10536 (bmo#1981502)
+    Information disclosure in the Networking: Cache component
+  * CVE-2025-10537 (bmo#1938220, bmo#1980730, bmo#1981280,
+    bmo#1981283, bmo#1984505, bmo#1985067)
+    Memory safety bugs fixed in Firefox ESR 140.3, Thunderbird
+    ESR 140.3, Firefox 143 and Thunderbird 143
+
+-------------------------------------------------------------------
firefox-esr.changes: same change

Old:
----
  firefox-140.2.0esr.source.tar.xz
  firefox-140.2.0esr.source.tar.xz.asc
  l10n-140.2.0esr.tar.xz

New:
----
  firefox-140.3.0esr.source.tar.xz
  firefox-140.3.0esr.source.tar.xz.asc
  l10n-140.3.0esr.tar.xz

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ firefox-esr.spec ++++++
--- /var/tmp/diff_new_pack.pc2KFy/_old  2025-09-16 18:21:02.377767385 +0200
+++ /var/tmp/diff_new_pack.pc2KFy/_new  2025-09-16 18:21:02.377767385 +0200
@@ -41,8 +41,8 @@
 # major 69
 # mainver %%major.99
 %define major          140
-%define mainver        %major.2.0
-%define orig_version   140.2.0
+%define mainver        %major.3.0
+%define orig_version   140.3.0
 %define orig_suffix    esr
 %define update_channel esr
 %define branding       1

++++++ MozillaFirefox.changes.txt ++++++
--- /var/tmp/diff_new_pack.pc2KFy/_old  2025-09-16 18:21:02.493772267 +0200
+++ /var/tmp/diff_new_pack.pc2KFy/_new  2025-09-16 18:21:02.497772436 +0200
@@ -1,4 +1,31 @@
 -------------------------------------------------------------------
+Tue Sep 16 13:02:47 UTC 2025 - Manfred Hollstein <manfre...@gmx.net>
+
+- Firefox Extended Support Release 140.3.0 ESR
+  * Fixed: Various security fixes.
+- Mozilla Firefox ESR 140.3.0
+  https://www.mozilla.org/security/advisories/mfsa2025-75
+  MFSA 2025-75 (boo#1249391)
+  * CVE-2025-10527 (bmo#1984825)
+    Sandbox escape due to use-after-free in the Graphics:
+    Canvas2D component
+  * CVE-2025-10528 (bmo#1986185)
+    Sandbox escape due to undefined behavior, invalid pointer in
+    the Graphics: Canvas2D component
+  * CVE-2025-10529 (bmo#1970490)
+    Same-origin policy bypass in the Layout component
+  * CVE-2025-10532 (bmo#1979502)
+    Incorrect boundary conditions in the JavaScript: GC component
+  * CVE-2025-10533 (bmo#1980788)
+    Integer overflow in the SVG component
+  * CVE-2025-10536 (bmo#1981502)
+    Information disclosure in the Networking: Cache component
+  * CVE-2025-10537 (bmo#1938220, bmo#1980730, bmo#1981280,
+    bmo#1981283, bmo#1984505, bmo#1985067)
+    Memory safety bugs fixed in Firefox ESR 140.3, Thunderbird
+    ESR 140.3, Firefox 143 and Thunderbird 143
+
+-------------------------------------------------------------------
 Fri Sep  5 09:34:40 UTC 2025 - Manfred Hollstein <manfre...@gmx.net>
 
 - Update MozillaFirefox.desktop from a fresh Factory/Tumbleweed

++++++ firefox-140.2.0esr.source.tar.xz -> firefox-140.3.0esr.source.tar.xz 
++++++
/work/SRC/openSUSE:Factory/firefox-esr/firefox-140.2.0esr.source.tar.xz 
/work/SRC/openSUSE:Factory/.firefox-esr.new.1977/firefox-140.3.0esr.source.tar.xz
 differ: char 15, line 1

++++++ firefox-esr.changes.txt ++++++
--- /var/tmp/diff_new_pack.pc2KFy/_old  2025-09-16 18:21:02.625777822 +0200
+++ /var/tmp/diff_new_pack.pc2KFy/_new  2025-09-16 18:21:02.629777991 +0200
@@ -1,4 +1,31 @@
 -------------------------------------------------------------------
+Tue Sep 16 13:02:47 UTC 2025 - Manfred Hollstein <manfre...@gmx.net>
+
+- Firefox Extended Support Release 140.3.0 ESR
+  * Fixed: Various security fixes.
+- Mozilla Firefox ESR 140.3.0
+  https://www.mozilla.org/security/advisories/mfsa2025-75
+  MFSA 2025-75 (boo#1249391)
+  * CVE-2025-10527 (bmo#1984825)
+    Sandbox escape due to use-after-free in the Graphics:
+    Canvas2D component
+  * CVE-2025-10528 (bmo#1986185)
+    Sandbox escape due to undefined behavior, invalid pointer in
+    the Graphics: Canvas2D component
+  * CVE-2025-10529 (bmo#1970490)
+    Same-origin policy bypass in the Layout component
+  * CVE-2025-10532 (bmo#1979502)
+    Incorrect boundary conditions in the JavaScript: GC component
+  * CVE-2025-10533 (bmo#1980788)
+    Integer overflow in the SVG component
+  * CVE-2025-10536 (bmo#1981502)
+    Information disclosure in the Networking: Cache component
+  * CVE-2025-10537 (bmo#1938220, bmo#1980730, bmo#1981280,
+    bmo#1981283, bmo#1984505, bmo#1985067)
+    Memory safety bugs fixed in Firefox ESR 140.3, Thunderbird
+    ESR 140.3, Firefox 143 and Thunderbird 143
+
+-------------------------------------------------------------------
 Fri Sep  5 09:34:40 UTC 2025 - Manfred Hollstein <manfre...@gmx.net>
 
 - Update MozillaFirefox.desktop from a fresh Factory/Tumbleweed

++++++ l10n-140.2.0esr.tar.xz -> l10n-140.3.0esr.tar.xz ++++++
/work/SRC/openSUSE:Factory/firefox-esr/l10n-140.2.0esr.tar.xz 
/work/SRC/openSUSE:Factory/.firefox-esr.new.1977/l10n-140.3.0esr.tar.xz differ: 
char 15, line 1

++++++ tar_stamps ++++++
--- /var/tmp/diff_new_pack.pc2KFy/_old  2025-09-16 18:21:02.865787923 +0200
+++ /var/tmp/diff_new_pack.pc2KFy/_new  2025-09-16 18:21:02.869788091 +0200
@@ -1,11 +1,11 @@
 PRODUCT="firefox"
 CHANNEL="esr140"
-VERSION="140.2.0"
+VERSION="140.3.0"
 VERSION_SUFFIX="esr"
-PREV_VERSION="140.1.0"
+PREV_VERSION="140.2.0"
 PREV_VERSION_SUFFIX="esr"
 #SKIP_LOCALES="" # Uncomment to skip l10n and compare-locales-generation
 RELEASE_REPO="https://hg.mozilla.org/releases/mozilla-esr140";
-RELEASE_TAG="a511f36cca85d35bd9989b4a3902556b664d9e13"
-RELEASE_TIMESTAMP="20250811125930"
+RELEASE_TAG="21285e5fdf030ee5df4e371b921ba4d985477aff"
+RELEASE_TIMESTAMP="20250908182512"

commit firefox-esr for openSUSE:Factory

Reply via email to