commit mozjs68 for openSUSE:Factory

root Wed, 09 Sep 2020 08:47:33 -0700

Hello community,

here is the log from the commit of package mozjs68 for openSUSE:Factory checked 
in at 2020-09-09 17:46:02
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/mozjs68 (Old)
 and      /work/SRC/openSUSE:Factory/.mozjs68.new.3399 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


Package is "mozjs68"

Wed Sep  9 17:46:02 2020 rev:9 rq:832496 version:68.12.0

Changes:
--------
--- /work/SRC/openSUSE:Factory/mozjs68/mozjs68.changes  2020-09-03 
01:11:51.644421115 +0200
+++ /work/SRC/openSUSE:Factory/.mozjs68.new.3399/mozjs68.changes        
2020-09-09 17:46:27.930403349 +0200
@@ -1,0 +2,33 @@
+Fri Sep  4 19:20:27 UTC 2020 - Bjørn Lie <bjorn....@gmail.com>
+
+- Update to version 68.12.0esr:
+  * CVE-2020-15663: Downgrade attack on the Mozilla Maintenance
+    Service could have resulted in escalation of privilege.
+  * CVE-2020-15664: Attacker-induced prompt for extension
+    installation.
+  * CVE-2020-15669: Use-After-Free when aborting an operation.
+- Changes from version 68.11.0esr:
+  * CVE-2020-15659: Memory safety bugs fixed in Firefox 79 and
+    Firefox ESR 68.11.
+  * CVE-2020-15649: Exfiltrating local files through malicious file
+    picker application.
+  * CVE-2020-15650: Overwriting local files through malicious file
+    picker application.
+  * CVE-2020-6463: Use-after-free in ANGLE
+    gl::Texture::onUnbindAsSamplerTexture.
+  * CVE-2020-6514: WebRTC data channel leaks internal address to
+    peer.
+  * CVE-2020-15652: Potential leak of redirect targets when loading
+    scripts in a worker.
+- Changes from version 68.10.0esr:
+  * CVE-2020-12421: Add-On updates did not respect the same
+    certificate trust rules as software updates.
+  * CVE-2020-12420: Use-After-Free when trying to connect to a STUN
+    server.
+  * CVE-2020-12419: Use-after-free in nsGlobalWindowInner.
+  * CVE-2020-12418: Information disclosure due to manipulated URL
+    object.
+  * CVE-2020-12417: Memory corruption due to missing sign-extension
+    for ValueTags on ARM64.
+
+-------------------------------------------------------------------

Old:
----
  firefox-68.9.0esr.source.tar.xz

New:
----
  firefox-68.12.0esr.source.tar.xz

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ mozjs68.spec ++++++
--- /var/tmp/diff_new_pack.W2VVsT/_old  2020-09-09 17:46:37.626411226 +0200
+++ /var/tmp/diff_new_pack.W2VVsT/_new  2020-09-09 17:46:37.626411226 +0200
@@ -18,7 +18,7 @@
 
 %global major   68
 Name:           mozjs%{major}
-Version:        68.9.0
+Version:        68.12.0
 Release:        0
 Summary:        MozJS, or SpiderMonkey, is Mozilla's JavaScript engine written 
in C and C++
 License:        MPL-2.0

++++++ firefox-68.9.0esr.source.tar.xz -> firefox-68.12.0esr.source.tar.xz 
++++++
/work/SRC/openSUSE:Factory/mozjs68/firefox-68.9.0esr.source.tar.xz 
/work/SRC/openSUSE:Factory/.mozjs68.new.3399/firefox-68.12.0esr.source.tar.xz 
differ: char 15, line 1

commit mozjs68 for openSUSE:Factory

Reply via email to