SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for mozjs128-128.3.1-2.1.i686.rpm :

* Thu Oct 10 2024 Bjørn Lie - Update to version 128.3.1:
* CVE-2024-9680: Use-after-free in Animation timeline- Changes from version 128.3.0:
* CVE-2024-9392: Compromised content process can bypass site isolation
* CVE-2024-9393: Cross-origin access to PDF contents through multipart responses
* CVE-2024-9394: Cross-origin access to JSON contents through multipart responses
* CVE-2024-8900: Clipboard write permission bypass
* CVE-2024-9396: Potential memory corruption may occur when cloning certain objects
* CVE-2024-9397: Potential directory upload bypass via clickjacking
* CVE-2024-9398: External protocol handlers could be enumerated via popups
* CVE-2024-9399: Specially crafted WebTransport requests could lead to denial of service
* CVE-2024-9400: Potential memory corruption during JIT compilation
* CVE-2024-9401: Memory safety bugs fixed in Firefox 131, Firefox ESR 115.16, Firefox ESR 128.3, Thunderbird 131, and Thunderbird 128.3
* CVE-2024-9402: Memory safety bugs fixed in Firefox 131, Firefox ESR 128.3, Thunderbird 131, and Thunderbird 128.3
* Mon Sep 30 2024 Cliff Zhao - Add mozjs128-CVE-2024-45492.patch: Backporting 9bf0f2c1 from libexpat upstream, Detect integer overflow in function nextScaffoldPart. (CVE-2024-45492, bsc#1230038)
* Mon Sep 30 2024 Cliff Zhao - Add mozjs128-CVE-2024-45491.patch: Backporting 8e439a99 from libexpat upstream, Detect integer overflow in dtdCopy. (CVE-2024-45491, bsc#1230037)
* Mon Sep 30 2024 Cliff Zhao - Add mozjs128-CVE-2024-45490-part01-5c1a3164.patch: Backporting 5c1a3164 from libexpat upstream, Reject negative len for XML_ParseBuffer. CVE-2024-45490\'s fixes including 3 parts: 5c1a3164 for libexpat sources; c12f039b for libexpat tests; 2db23301 for libexpat docs; Because mozjs only embeds libexpat sources, so unnecessary to port prart02 and part03. (CVE-2024-45490, bsc#1230036)
* Wed Sep 25 2024 Bjørn Lie - Update to version 128.2.0: + CVE-2024-8385: WASM type confusion involving ArrayTypes + CVE-2024-8381: Type confusion when looking up a property name in a \"with\" block + CVE-2024-8382: Internal event interfaces were exposed to web content when browser EventHandler listener callbacks ran + CVE-2024-8383: Firefox did not ask before openings news: links in an external application + CVE-2024-8384: Garbage collection could mis-color cross-compartment objects in OOM conditions + CVE-2024-8386: SelectElements could be shown over another site if popups are allowed + CVE-2024-8387: Memory safety bugs fixed in Firefox 130, Firefox ESR 128.2, and Thunderbird 128.2- Drop 0001-Skip-failing-tests-on-ppc64-and-s390x.patch: Fixed upstream.
* Fri Aug 30 2024 Bjørn Lie - Initial build for openSUSE.
  
ICM