commit mozjs102 for openSUSE:Factory

Source-Sync Fri, 20 Jan 2023 08:38:15 -0800

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package mozjs102 for openSUSE:Factory 
checked in at 2023-01-20 17:37:47
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/mozjs102 (Old)
 and      /work/SRC/openSUSE:Factory/.mozjs102.new.32243 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


Package is "mozjs102"

Fri Jan 20 17:37:47 2023 rev:7 rq:1059495 version:102.7.0

Changes:
--------
--- /work/SRC/openSUSE:Factory/mozjs102/mozjs102.changes        2022-12-15 
19:24:34.639841968 +0100
+++ /work/SRC/openSUSE:Factory/.mozjs102.new.32243/mozjs102.changes     
2023-01-20 17:37:54.576265491 +0100
@@ -1,0 +2,20 @@
+Tue Jan 17 13:35:58 UTC 2023 - BjÃ¸rn Lie <bjorn....@gmail.com>
+
+- Update to version 102.7.0:
+  + Various stability, functionality, and security fixes.
+  + CVE-2022-46871: libusrsctp library out of date.
+  + CVE-2023-23598: Arbitrary file read from GTK drag and drop on
+    Linux.
+  + CVE-2023-23599: Malicious command could be hidden in devtools
+    output on Windows.
+  + CVE-2023-23601: URL being dragged from cross-origin iframe into
+    same tab triggers navigation.
+  + CVE-2023-23602: Content Security Policy wasn't being correctly
+    applied to WebSockets in WebWorkers.
+  + CVE-2022-46877: Fullscreen notification bypass.
+  + CVE-2023-23603: Calls to <code>console.log</code> allowed
+    bypasing Content Security Policy via format directive.
+  + CVE-2023-23605: Memory safety bugs fixed in Firefox 109 and
+    Firefox ESR 102.7.
+
+-------------------------------------------------------------------

Old:
----
  firefox-102.6.0esr.source.tar.xz
  firefox-102.6.0esr.source.tar.xz.asc

New:
----
  firefox-102.7.0esr.source.tar.xz
  firefox-102.7.0esr.source.tar.xz.asc

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ mozjs102.spec ++++++
--- /var/tmp/diff_new_pack.Dui1ib/_old  2023-01-20 17:38:00.704299386 +0100
+++ /var/tmp/diff_new_pack.Dui1ib/_new  2023-01-20 17:38:00.708299408 +0100
@@ -1,7 +1,7 @@
 #
 # spec file
 #
-# Copyright (c) 2022 SUSE LLC
+# Copyright (c) 2023 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -39,7 +39,7 @@
 %global big_endian 1
 %endif
 Name:           mozjs%{major}
-Version:        102.6.0
+Version:        102.7.0
 Release:        1%{?dist}
 Summary:        SpiderMonkey JavaScript library
 License:        MPL-2.0

++++++ firefox-102.6.0esr.source.tar.xz -> firefox-102.7.0esr.source.tar.xz 
++++++
/work/SRC/openSUSE:Factory/mozjs102/firefox-102.6.0esr.source.tar.xz 
/work/SRC/openSUSE:Factory/.mozjs102.new.32243/firefox-102.7.0esr.source.tar.xz 
differ: char 15, line 1

commit mozjs102 for openSUSE:Factory

Reply via email to