commit mozjs102 for openSUSE:Factory

Source-Sync Thu, 20 Oct 2022 02:10:13 -0700

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package mozjs102 for openSUSE:Factory 
checked in at 2022-10-20 11:09:53
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/mozjs102 (Old)
 and      /work/SRC/openSUSE:Factory/.mozjs102.new.2275 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


Package is "mozjs102"

Thu Oct 20 11:09:53 2022 rev:4 rq:1029967 version:102.4.0

Changes:
--------
--- /work/SRC/openSUSE:Factory/mozjs102/mozjs102.changes        2022-10-01 
17:42:21.329582582 +0200
+++ /work/SRC/openSUSE:Factory/.mozjs102.new.2275/mozjs102.changes      
2022-10-20 11:09:59.115809831 +0200
@@ -1,0 +2,12 @@
+Tue Oct 18 14:14:17 UTC 2022 - Bj??rn Lie <bjorn....@gmail.com>
+
+- Update to version 102.4.0:
+  + Various stability, functionality, and security fixes.
+  + CVE-2022-42927: Same-origin policy violation could have leaked
+    cross-origin URLs.
+  + CVE-2022-42928: Memory Corruption in JS Engine.
+  + CVE-2022-42929: Denial of Service via window.print.
+  + CVE-2022-42932: Memory safety bugs fixed in Firefox 106 and
+    Firefox ESR 102.4.
+
+-------------------------------------------------------------------
@@ -10,0 +23,12 @@
+  + CVE-2022-3266: Out of bounds read when decoding H264.
+  + CVE-2022-40959: Bypassing FeaturePolicy restrictions on
+    transient pages.
+  + CVE-2022-40960: Data-race when parsing non-UTF-8 URLs in
+    threads.
+  + CVE-2022-40958: Bypassing Secure Context restriction for
+    cookies with __Host and __Secure prefix.
+  + CVE-2022-40956: Content-Security-Policy base-uri bypass.
+  + CVE-2022-40957: Incoherent instruction cache when building WASM
+    on ARM64.
+  + CVE-2022-40962: Memory safety bugs fixed in Firefox 105 and
+    Firefox ESR 102.3.

Old:
----
  firefox-102.3.0esr.source.tar.xz
  firefox-102.3.0esr.source.tar.xz.asc

New:
----
  firefox-102.4.0esr.source.tar.xz
  firefox-102.4.0esr.source.tar.xz.asc

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ mozjs102.spec ++++++
--- /var/tmp/diff_new_pack.xMgWoN/_old  2022-10-20 11:10:05.131822019 +0200
+++ /var/tmp/diff_new_pack.xMgWoN/_new  2022-10-20 11:10:05.135822027 +0200
@@ -39,7 +39,7 @@
 %global big_endian 1
 %endif
 Name:           mozjs%{major}
-Version:        102.3.0
+Version:        102.4.0
 Release:        1%{?dist}
 Summary:        SpiderMonkey JavaScript library
 License:        MPL-2.0

++++++ firefox-102.3.0esr.source.tar.xz -> firefox-102.4.0esr.source.tar.xz 
++++++
/work/SRC/openSUSE:Factory/mozjs102/firefox-102.3.0esr.source.tar.xz 
/work/SRC/openSUSE:Factory/.mozjs102.new.2275/firefox-102.4.0esr.source.tar.xz 
differ: char 15, line 1

commit mozjs102 for openSUSE:Factory

Reply via email to