[cyber] I: p10/branch packages: +2 (19079)

Sat, 16 May 2026 17:22:23 -0700 

        2 UPDATED packages

chromium - An open source web browser developed by Google               [2363M]
* Sat May 09 2026 Andrey Cherepanov <cas@altlinux> 139.0.7258.138-alt0.p10.1
- Backported new version to p10 branch with security fixes.
- Supported extension manifest v2.
- Packaged popular extensions.
* Wed Aug 20 2025 Andrew A. Vasilyev <andy@altlinux> 139.0.7258.138-alt1
- New version (139.0.7258.138).
- Fixes:
  + CVE-2025-9132: Out of bounds write in V8
* Wed Aug 13 2025 Andrew A. Vasilyev <andy@altlinux> 139.0.7258.127-alt1
- New version (139.0.7258.127).
- Fixes:
  + CVE-2025-8879: Heap buffer overflow in libaom
  + CVE-2025-8880: Race in V8
  + CVE-2025-8901: Out of bounds write in ANGLE
  + CVE-2025-8881: Inappropriate implementation in File Picker
  + CVE-2025-8882: Use after free in Aura
* Wed Aug 06 2025 Andrew A. Vasilyev <andy@altlinux> 139.0.7258.66-alt1
- New version (139.0.7258.66).
- Some vaapi flags were renamed to accelerated video in chromium 131.
- Fixes:
  + CVE-2025-8576: Use after free in Extensions.
  + CVE-2025-8577: Inappropriate implementation in Picture In Picture.
  + CVE-2025-8578: Use after free in Cast.
  + CVE-2025-8579: Inappropriate implementation in Gemini Live in Chrome.
  + CVE-2025-8580: Inappropriate implementation in Filesystems.
  + CVE-2025-8581: Inappropriate implementation in Extensions.
  + CVE-2025-8582: Insufficient validation of untrusted input in DOM.
  + CVE-2025-8583: Inappropriate implementation in Permissions.
* Thu Jul 31 2025 Andrew A. Vasilyev <andy@altlinux> 138.0.7204.183-alt1
- New version (138.0.7204.183).
- Fixes:
  + CVE-2025-8292: Use after free in Media Stream.
* Wed Jul 23 2025 Andrew A. Vasilyev <andy@altlinux> 138.0.7204.168-alt1
- New version (138.0.7204.168).
- Security fixes:
  + CVE-2025-8010: Type Confusion in V8
  + CVE-2025-8011: Type Confusion in V8
* Tue Jul 15 2025 Andrew A. Vasilyev <andy@altlinux> 138.0.7204.157-alt1
- New version (138.0.7204.157).
- Security fixes:
  + CVE-2025-7656: Integer overflow in V8.
  + CVE-2025-6558: Incorrect validation of untrusted input in ANGLE and GPU.
  + CVE-2025-7657: Use after free in WebRTC.
* Wed Jul 09 2025 Andrew A. Vasilyev <andy@altlinux> 138.0.7204.100-alt1
- New version (138.0.7204.100).
* Tue Jul 01 2025 Andrew A. Vasilyev <andy@altlinux> 138.0.7204.96-alt1
- New version (138.0.7204.96).
- Build with llvm20.1.
- Security fixes:
  + CVE-2025-6554: Type Confusion in V8
* Wed Jun 25 2025 Andrew A. Vasilyev <andy@altlinux> 138.0.7204.49-alt1
- New version (138.0.7204.49).
- Security fixes:
  + CVE-2025-6555: Use after free in Animation
  + CVE-2025-6556: Insufficient policy enforcement in Loader
  + CVE-2025-6557: Insufficient data validation in DevTools
* Wed Jun 18 2025 Andrew A. Vasilyev <andy@altlinux> 137.0.7151.119-alt1
- New version (137.0.7151.119).
- Security fixes:
  + CVE-2025-6191: Integer overflow in V8
  + CVE-2025-6192: Use after free in Profiler
* Wed Jun 11 2025 Andrew A. Vasilyev <andy@altlinux> 137.0.7151.103-alt1
- New version (137.0.7151.103).
- Security fixes:
  + CVE-2025-5958: Use after free in Media
  + CVE-2025-5959: Type Confusion in V8
* Tue Jun 03 2025 Andrew A. Vasilyev <andy@altlinux> 137.0.7151.68-alt1
- New version (137.0.7151.68).
- Security fixes:
  + CVE-2025-5419: Out of bounds read and write in V8
  + CVE-2025-5068: Use after free in Blink
* Wed May 28 2025 Andrew A. Vasilyev <andy@altlinux> 137.0.7151.55-alt1
- New version (137.0.7151.55).
- Security fixes:
  + CVE-2025-5063: Use after free in Compositing
  + CVE-2025-5280: Out of bounds write in V8
  + CVE-2025-5064: Inappropriate implementation in Background Fetch API
  + CVE-2025-5065: Inappropriate implementation in FileSystemAccess API
  + CVE-2025-5066: Inappropriate implementation in Messages
  + CVE-2025-5281: Inappropriate implementation in BFCache
  + CVE-2025-5283: Use after free in libvpx
  + CVE-2025-5067: Inappropriate implementation in Tab Strip
- Enable FontationsFontBackend by default.
* Thu May 15 2025 Andrew A. Vasilyev <andy@altlinux> 136.0.7103.113-alt1
- New version (136.0.7103.113).
- Security fixes:
  + CVE-2025-4664: Insufficient policy enforcement in Loader
  + CVE-2025-4609: Incorrect handle provided in unspecified
    circumstances in Mojo
* Wed May 07 2025 Andrew A. Vasilyev <andy@altlinux> 136.0.7103.92-alt1
- New version (136.0.7103.92).
- Security fixes:
  + CVE-2025-4372: Use after free in WebAudio
* Wed Apr 30 2025 Andrew A. Vasilyev <andy@altlinux> 136.0.7103.59-alt1
- New version (136.0.7103.59).
- Security fixes:
  + CVE-2025-4096: Heap buffer overflow in HTML
  + CVE-2025-4050: Out of bounds memory access in DevTools
  + CVE-2025-4051: Insufficient data validation in DevTools
  + CVE-2025-4052: Inappropriate implementation in DevTools
* Wed Apr 23 2025 Andrew A. Vasilyev <andy@altlinux> 135.0.7049.114-alt1
- New version (135.0.7049.114).
* Fri Apr 18 2025 Andrey Cherepanov <cas@altlinux> 135.0.7049.95-alt0.p11.1
- Backport new version with security fixes to p11 branch.
- Filter themes from LGBT authors.
* Wed Apr 16 2025 Andrew A. Vasilyev <andy@altlinux> 135.0.7049.95-alt1
- New version (135.0.7049.95).
- Security fixes:
  + CVE-2025-3619: Heap buffer overflow in Codecs.
  + CVE-2025-3620: Use after free in USB.
* Wed Apr 09 2025 Andrew A. Vasilyev <andy@altlinux> 135.0.7049.84-alt1
- New version (135.0.7049.84).
- Security fixes:
  + CVE-2025-3066: Use after free in Site Isolation
* Wed Apr 02 2025 Andrew A. Vasilyev <andy@altlinux> 135.0.7049.52-alt1
- New version (135.0.7049.52).
- Security fixes:
  + CVE-2025-3066: Use after free in Navigations
  + CVE-2025-3067: Inappropriate implementation in Custom Tabs
  + CVE-2025-3068: Inappropriate implementation in Intents
  + CVE-2025-3069: Inappropriate implementation in Extensions
  + CVE-2025-3070: Insufficient validation of untrusted input in Extensions
  + CVE-2025-3071: Inappropriate implementation in Navigations
  + CVE-2025-3072: Inappropriate implementation in Custom Tabs
  + CVE-2025-3073: Inappropriate implementation in Autofill
  + CVE-2025-3074: Inappropriate implementation in Downloads
* Sun Mar 23 2025 Andrey Cherepanov <cas@altlinux> 134.0.6998.88-alt0.p11.2
- Added support GOST TLS by patches from chromium-gost.
* Sat Mar 22 2025 Andrew A. Vasilyev <andy@altlinux> 134.0.6998.165-alt1
- New version (134.0.6998.165).
* Thu Mar 20 2025 Andrew A. Vasilyev <andy@altlinux> 134.0.6998.117-alt1
- New version (134.0.6998.117).
- Enable HW video encode, drop workarounds for ancient mesa bugs (thnx 
OpenMandriva).
- Security fixes:
  + Critical CVE-2025-2476: Use after free in Lens
* Tue Mar 11 2025 Andrew A. Vasilyev <andy@altlinux> 134.0.6998.88-alt1
- New version (134.0.6998.88).
- Security fixes:
  + CVE-2025-1920: Type Confusion in V8
  + CVE-2025-2135: Type Confusion in V8
  + CVE-TBD: Out of bounds write in GPU
  + CVE-2025-2136: Use after free in Inspector
  + CVE-2025-2137: Out of bounds read in V8
* Wed Mar 05 2025 Andrew A. Vasilyev <andy@altlinux> 134.0.6998.35-alt1
- New version (134.0.6998.35).
- Security fixes:
  + CVE-2025-1914: Out of bounds read in V8
  + CVE-2025-1915: Improper Limitation of a Pathname to a Restricted Directory 
in DevTools
  + CVE-2025-1916: Use after free in Profiles
  + CVE-2025-1917: Inappropriate Implementation in Browser UI
  + CVE-2025-1918: Out of bounds read in PDFium
  + CVE-2025-1919: Out of bounds read in Media
  + CVE-2025-1921: Inappropriate Implementation in Media Stream
  + CVE-2025-1922: Inappropriate Implementation in Selection
  + CVE-2025-1923: Inappropriate Implementation in Permission Prompts
* Sat Mar 01 2025 Andrew A. Vasilyev <andy@altlinux> 133.0.6943.141-alt1
- New version (133.0.6943.141).
* Wed Feb 19 2025 Andrew A. Vasilyev <andy@altlinux> 133.0.6943.126-alt1
- New version (133.0.6943.126).
- Security fixes:
  + CVE-2025-0999: Heap buffer overflow in V8
  + CVE-2025-1426: Heap buffer overflow in GPU
  + CVE-2025-1006: Use after free in Network
* Thu Feb 13 2025 Andrew A. Vasilyev <andy@altlinux> 133.0.6943.98-alt1
- New version (133.0.6943.98).
- Security fixes:
  + CVE-2025-0995: Use after free in V8
  + CVE-2025-0996: Inappropriate implementation in Browser UI
  + CVE-2025-0997: Use after free in Navigation
  + CVE-2025-0998: Out of bounds memory access in V8
* Wed Feb 05 2025 Andrew A. Vasilyev <andy@altlinux> 133.0.6943.53-alt1
- New version (133.0.6943.53).
- Security fixes:
  + CVE-2025-0444: Use after free in Skia.
  + CVE-2025-0445: Use after free in V8.
  + CVE-2025-0451: Inappropriate implementation in Extensions API.
* Wed Jan 29 2025 Andrew A. Vasilyev <andy@altlinux> 132.0.6834.159-alt1
- New version (132.0.6834.159).
- Change startup options (Closes: #52826).
- Security fixes:
  + CVE-2025-0762: Use after free in DevTools
* Thu Jan 23 2025 Andrew A. Vasilyev <andy@altlinux> 132.0.6834.110-alt1
- New version (132.0.6834.110).
- Security fixes:
  + CVE-2025-0611: Object corruption in V8.
  + CVE-2025-0612: Out of bounds memory access in V8.
* Wed Jan 15 2025 Andrew A. Vasilyev <andy@altlinux> 132.0.6834.83-alt1
- New version (132.0.6834.83).
- Security fixes:
  + CVE-2025-0434: Out of bounds memory access in V8
  + CVE-2025-0435: Inappropriate implementation in Navigation
  + CVE-2025-0436: Integer overflow in Skia
  + CVE-2025-0437: Out of bounds read in Metrics
  + CVE-2025-0438: Stack buffer overflow in Tracing
  + CVE-2025-0439: Race in Frames
  + CVE-2025-0440: Inappropriate implementation in Fullscreen
  + CVE-2025-0441: Inappropriate implementation in Fenced Frames
  + CVE-2025-0442: Inappropriate implementation in Payments
  + CVE-2025-0443: Insufficient data validation in Extensions
  + CVE-2025-0446: Inappropriate implementation in Extensions
  + CVE-2025-0447: Inappropriate implementation in Navigation
  + CVE-2025-0448: Inappropriate implementation in Compositing
* Thu Jan 09 2025 Andrew A. Vasilyev <andy@altlinux> 131.0.6778.264-alt1
- New version (131.0.6778.264).
- Security fixes:
  + CVE-2025-0291: Type Confusion in V8
* Fri Dec 20 2024 Andrew A. Vasilyev <andy@altlinux> 131.0.6778.204-alt1
- New version (131.0.6778.204).
- Security fixes:
  + CVE-2024-12692: Type Confusion in V8
  + CVE-2024-12693: Out of bounds memory access in V8
  + CVE-2024-12694: Use after free in Compositing
  + CVE-2024-12695: Out of bounds write in V8
  + CVE-2024-12381: Type Confusion in V8
  + CVE-2024-12382: Use after free in Translate
  + CVE-2024-12053: Type Confusion in V8
  + CVE-2024-11395: Type Confusion in V8
  + CVE-2024-11110: Inappropriate implementation in Blink.
  + CVE-2024-11111: Inappropriate implementation in Autofill.
  + CVE-2024-11113: Use after free in Accessibility.
  + CVE-2024-11116: Inappropriate implementation in Paint.
  + CVE-2024-11117: Inappropriate implementation in FileSystem.
  + CVE-2024-10826: Use after free in Family Experiences
  + CVE-2024-10827: Use after free in Serial
  + CVE-2024-10487: Out of bounds write in Dawn
  + CVE-2024-10488: Use after free in WebRTC
* Mon Dec 16 2024 Andrey Cherepanov <cas@altlinux> 130.0.6723.69-alt1
- New version (130.0.6723.69).
- Build with llvm19.1 and libcxx, not libstdc++ (thanks andy@).
- Build only for x86_64.
- Security fixes:
  + CVE-2024-10229: Inappropriate implementation in Extensions
  + CVE-2024-10230: Type Confusion in V8
  + CVE-2024-10231: Type Confusion in V8
  + CVE-2024-9954: Use after free in AI
  + CVE-2024-9955: Use after free in Web Authentication
  + CVE-2024-9956: Inappropriate implementation in Web Authentication
  + CVE-2024-9957: Use after free in UI
  + CVE-2024-9958: Inappropriate implementation in PictureInPicture
  + CVE-2024-9959: Use after free in DevTools
  + CVE-2024-9960: Use after free in Dawn
  + CVE-2024-9961: Use after free in Parcel Tracking
  + CVE-2024-9962: Inappropriate implementation in Permissions
  + CVE-2024-9963: Insufficient data validation in Downloads
  + CVE-2024-9964: Inappropriate implementation in Payments
  + CVE-2024-9965: Insufficient data validation in DevTools
  + CVE-2024-9966: Inappropriate implementation in Navigations
  + CVE-2024-9602: Type Confusion in V8
  + CVE-2024-9603: Type Confusion in V8
  + CVE-2024-7025: Integer overflow in Layout
  + CVE-2024-9369: Insufficient data validation in Mojo
  + CVE-2024-9370: Inappropriate implementation in V8
  + CVE-2024-9120: Use after free in Dawn
  + CVE-2024-9121: Inappropriate implementation in V8
  + CVE-2024-9122: Type Confusion in V8
  + CVE-2024-9123: Integer overflow in Skia
  + CVE-2024-8904: Type Confusion in V8
  + CVE-2024-8905: Inappropriate implementation in V8
  + CVE-2024-8906: Incorrect security UI in Downloads
  + CVE-2024-8907: Insufficient data validation in Omnibox
  + CVE-2024-8908: Inappropriate implementation in Autofill
  + CVE-2024-8909: Inappropriate implementation in UI
  + CVE-2024-8636: Heap buffer overflow in Skia
  + CVE-2024-8637: Use after free in Media Router
  + CVE-2024-8638: Type Confusion in V8
  + CVE-2024-8639: Use after free in Autofill
  + CVE-2024-8362: Use after free in WebAudio
  + CVE-2024-7970: Out of bounds write in V8
  + CVE-2024-7969: Type Confusion in V8
  + CVE-2024-8193: Heap buffer overflow in Skia
  + CVE-2024-8194: Type Confusion in V8
  + CVE-2024-8198: Heap buffer overflow in Skia
  + CVE-2024-7964: Use after free in Passwords
  + CVE-2024-7965: Inappropriate implementation in V8
  + CVE-2024-7966: Out of bounds memory access in Skia
  + CVE-2024-7967: Heap buffer overflow in Fonts
  + CVE-2024-7968: Use after free in Autofill
  + CVE-2024-7969: Type Confusion in V8
  + CVE-2024-7971: Type confusion in V8
  + CVE-2024-7972: Inappropriate implementation in V8
  + CVE-2024-7973: Heap buffer overflow in PDFium
  + CVE-2024-7974: Insufficient data validation in V8 API
  + CVE-2024-7975: Inappropriate implementation in Permissions
  + CVE-2024-7976: Inappropriate implementation in FedCM
  + CVE-2024-7977: Insufficient data validation in Installer
  + CVE-2024-7978: Insufficient policy enforcement in Data Transfer
  + CVE-2024-7979: Insufficient data validation in Installer
  + CVE-2024-7980: Insufficient data validation in Installer
  + CVE-2024-7981: Inappropriate implementation in Views
  + CVE-2024-8033: Inappropriate implementation in WebApp Installs
  + CVE-2024-8034: Inappropriate implementation in Custom Tabs
  + CVE-2024-8035: Inappropriate implementation in Extensions
  + CVE-2024-7532: Out of bounds memory access in ANGLE
  + CVE-2024-7533: Use after free in Sharing
  + CVE-2024-7550: Type Confusion in V8
  + CVE-2024-7534: Heap buffer overflow in Layout
  + CVE-2024-7535: Inappropriate implementation in V8
  + CVE-2024-7536: Use after free in WebAudio
  + CVE-2024-6988: Use after free in Downloads
  + CVE-2024-6989: Use after free in Loader
  + CVE-2024-6991: Use after free in Dawn
  + CVE-2024-6992: Out of bounds memory access in ANGLE
  + CVE-2024-6993: Inappropriate implementation in Canvas
  + CVE-2024-6994: Heap buffer overflow in Layout
  + CVE-2024-6995: Inappropriate implementation in Fullscreen
  + CVE-2024-6996: Race in Frames
  + CVE-2024-6997: Use after free in Tabs
  + CVE-2024-6998: Use after free in User Education
  + CVE-2024-6999: Inappropriate implementation in FedCM
  + CVE-2024-7000: Use after free in CSS. Reported by Anonymous
  + CVE-2024-7001: Inappropriate implementation in HTML
  + CVE-2024-7003: Inappropriate implementation in FedCM
  + CVE-2024-7004: Insufficient validation of untrusted input in Safe Browsing
  + CVE-2024-7005: Insufficient validation of untrusted input in Safe Browsing
  + CVE-2024-6990: Uninitialized Use in Dawn
  + CVE-2024-7255: Out of bounds read in WebTransport
  + CVE-2024-7256: Insufficient data validation in Dawn
* Thu Aug 22 2024 Andrey Cherepanov <cas@altlinux> 128.0.6613.84-alt1
- New version (128.0.6613.84).
- Security fixes:
  + CVE-2024-7964: Use after free in Passwords.
  + CVE-2024-7965: Inappropriate implementation in V8.
  + CVE-2024-7966: Out of bounds memory access in Skia.
  + CVE-2024-7967: Heap buffer overflow in Fonts.
  + CVE-2024-7968: Use after free in Autofill.
  + CVE-2024-7969: Type Confusion in V8.
  + CVE-2024-7971: Type confusion in V8.
  + CVE-2024-7972: Inappropriate implementation in V8.
  + CVE-2024-7973: Heap buffer overflow in PDFium.
  + CVE-2024-7974: Insufficient data validation in V8 API.
  + CVE-2024-7975: Inappropriate implementation in Permissions.
  + CVE-2024-7976: Inappropriate implementation in FedCM.
  + CVE-2024-7977: Insufficient data validation in Installer.
  + CVE-2024-7978: Insufficient policy enforcement in Data Transfer.
  + CVE-2024-7979: Insufficient data validation in Installer.
  + CVE-2024-7980: Insufficient data validation in Installer.
  + CVE-2024-7981: Inappropriate implementation in Views.
  + CVE-2024-8033: Inappropriate implementation in WebApp Installs.
  + CVE-2024-8034: Inappropriate implementation in Custom Tabs.
  + CVE-2024-8035: Inappropriate implementation in Extensions.
* Wed Aug 14 2024 Andrey Cherepanov <cas@altlinux> 127.0.6533.119-alt1
- New version (127.0.6533.119).
- Security fixes:
  + CVE-2024-7532: Out of bounds memory access in ANGLE.
  + CVE-2024-7533: Use after free in Sharing.
  + CVE-2024-7550: Type Confusion in V8.
  + CVE-2024-7534: Heap buffer overflow in Layout.
  + CVE-2024-7535: Inappropriate implementation in V8.
  + CVE-2024-7536: Use after free in WebAudio.
  + CVE-2024-6990: Uninitialized Use in Dawn.
  + CVE-2024-7255: Out of bounds read in WebTransport.
  + CVE-2024-7256: Insufficient data validation in Dawn.
* Thu Jul 25 2024 Andrey Cherepanov <cas@altlinux> 127.0.6533.72-alt1
- New version (127.0.6533.72).
- Security fixes:
  + CVE-2024-6988: Use after free in Downloads.
  + CVE-2024-6989: Use after free in Loader.
  + CVE-2024-6991: Use after free in Dawn.
  + CVE-2024-6994: Heap buffer overflow in Layout.
  + CVE-2024-6995: Inappropriate implementation in Fullscreen.
  + CVE-2024-6996: Race in Frames.
  + CVE-2024-6997: Use after free in Tabs.
  + CVE-2024-6998: Use after free in User Education.
  + CVE-2024-6999: Inappropriate implementation in FedCM.
  + CVE-2024-7000: Use after free in CSS.
  + CVE-2024-7001: Inappropriate implementation in HTML.
  + CVE-2024-7003: Inappropriate implementation in FedCM.
  + CVE-2024-7004: Insufficient validation of untrusted input in Safe Browsing.
  + CVE-2024-7005: Insufficient validation of untrusted input in Safe Browsing.
* Sat Jul 20 2024 Andrey Cherepanov <cas@altlinux> 126.0.6478.182-alt0.p10.1

curl - Gets a file from a FTP, GOPHER or HTTP server
* Wed May 13 2026 Roman Efimenkov <trogjan@altlinux> 8.12.0-alt2
- Applied upstream patch (fixes: CVE-2026-3783).
* Wed Feb 05 2025 Anton Farygin <rider@altlinux> 8.12.0-alt1

Total 19079 source packages.
_______________________________________________
Sisyphus-cybertalk mailing list
[email protected]
https://lists.altlinux.org/mailman/listinfo/sisyphus-cybertalk

Reply via email to