Hello community, here is the log from the commit of package mozjs68 for openSUSE:Factory checked in at 2020-09-09 17:46:02 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/mozjs68 (Old) and /work/SRC/openSUSE:Factory/.mozjs68.new.3399 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "mozjs68" Wed Sep 9 17:46:02 2020 rev:9 rq:832496 version:68.12.0 Changes: -------- --- /work/SRC/openSUSE:Factory/mozjs68/mozjs68.changes 2020-09-03 01:11:51.644421115 +0200 +++ /work/SRC/openSUSE:Factory/.mozjs68.new.3399/mozjs68.changes 2020-09-09 17:46:27.930403349 +0200 @@ -1,0 +2,33 @@ +Fri Sep 4 19:20:27 UTC 2020 - Bjørn Lie <bjorn....@gmail.com> + +- Update to version 68.12.0esr: + * CVE-2020-15663: Downgrade attack on the Mozilla Maintenance + Service could have resulted in escalation of privilege. + * CVE-2020-15664: Attacker-induced prompt for extension + installation. + * CVE-2020-15669: Use-After-Free when aborting an operation. +- Changes from version 68.11.0esr: + * CVE-2020-15659: Memory safety bugs fixed in Firefox 79 and + Firefox ESR 68.11. + * CVE-2020-15649: Exfiltrating local files through malicious file + picker application. + * CVE-2020-15650: Overwriting local files through malicious file + picker application. + * CVE-2020-6463: Use-after-free in ANGLE + gl::Texture::onUnbindAsSamplerTexture. + * CVE-2020-6514: WebRTC data channel leaks internal address to + peer. + * CVE-2020-15652: Potential leak of redirect targets when loading + scripts in a worker. +- Changes from version 68.10.0esr: + * CVE-2020-12421: Add-On updates did not respect the same + certificate trust rules as software updates. + * CVE-2020-12420: Use-After-Free when trying to connect to a STUN + server. + * CVE-2020-12419: Use-after-free in nsGlobalWindowInner. + * CVE-2020-12418: Information disclosure due to manipulated URL + object. + * CVE-2020-12417: Memory corruption due to missing sign-extension + for ValueTags on ARM64. + +------------------------------------------------------------------- Old: ---- firefox-68.9.0esr.source.tar.xz New: ---- firefox-68.12.0esr.source.tar.xz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ mozjs68.spec ++++++ --- /var/tmp/diff_new_pack.W2VVsT/_old 2020-09-09 17:46:37.626411226 +0200 +++ /var/tmp/diff_new_pack.W2VVsT/_new 2020-09-09 17:46:37.626411226 +0200 @@ -18,7 +18,7 @@ %global major 68 Name: mozjs%{major} -Version: 68.9.0 +Version: 68.12.0 Release: 0 Summary: MozJS, or SpiderMonkey, is Mozilla's JavaScript engine written in C and C++ License: MPL-2.0 ++++++ firefox-68.9.0esr.source.tar.xz -> firefox-68.12.0esr.source.tar.xz ++++++ /work/SRC/openSUSE:Factory/mozjs68/firefox-68.9.0esr.source.tar.xz /work/SRC/openSUSE:Factory/.mozjs68.new.3399/firefox-68.12.0esr.source.tar.xz differ: char 15, line 1