commit mozjs102 for openSUSE:Factory

Source-Sync Thu, 16 Feb 2023 07:55:39 -0800

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package mozjs102 for openSUSE:Factory 
checked in at 2023-02-16 16:55:04
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/mozjs102 (Old)
 and      /work/SRC/openSUSE:Factory/.mozjs102.new.22824 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


Package is "mozjs102"

Thu Feb 16 16:55:04 2023 rev:8 rq:1065878 version:102.8.0

Changes:
--------
--- /work/SRC/openSUSE:Factory/mozjs102/mozjs102.changes        2023-01-20 
17:37:54.576265491 +0100
+++ /work/SRC/openSUSE:Factory/.mozjs102.new.22824/mozjs102.changes     
2023-02-16 16:55:17.202563323 +0100
@@ -1,0 +2,30 @@
+Tue Feb 14 22:30:07 UTC 2023 - BjÃ¸rn Lie <bjorn....@gmail.com>
+
+- Update to version 102.8.0:
+  + Various security fixes.
+  + CVE-2023-25728: Content security policy leak in violation
+    reports using iframes.
+  + CVE-2023-25730: Screen hijack via browser fullscreen mode.
+  + CVE-2023-25743: Fullscreen notification not shown in Firefox
+    Focus.
+  + CVE-2023-0767: Arbitrary memory write via PKCS 12 in NSS.
+  + CVE-2023-25735: Potential use-after-free from compartment
+    mismatch in SpiderMonkey.
+  + CVE-2023-25737: Invalid downcast in
+    SVGUtils::SetupStrokeGeometry.
+  + CVE-2023-25738: Printing on Windows could potentially crash
+    Firefox with some device drivers.
+  + CVE-2023-25739: Use-after-free in
+    mozilla::dom::ScriptLoadContext::~ScriptLoadContext.
+  + CVE-2023-25729: Extensions could have opened external schemes
+    without user knowledge.
+  + CVE-2023-25732: Out of bounds memory write from
+    EncodeInputStream.
+  + CVE-2023-25734: Opening local .url files could cause unexpected
+    network loads.
+  + CVE-2023-25742: Web Crypto ImportKey crashes tab.
+  + CVE-2023-25744: Memory safety bugs fixed in Firefox 110 and
+    Firefox ESR 102.8.
+  + CVE-2023-25746: Memory safety bugs fixed in Firefox ESR 102.8.
+
+-------------------------------------------------------------------

Old:
----
  firefox-102.7.0esr.source.tar.xz
  firefox-102.7.0esr.source.tar.xz.asc

New:
----
  firefox-102.8.0esr.source.tar.xz
  firefox-102.8.0esr.source.tar.xz.asc

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ mozjs102.spec ++++++
--- /var/tmp/diff_new_pack.aTl4t5/_old  2023-02-16 16:55:23.854590209 +0100
+++ /var/tmp/diff_new_pack.aTl4t5/_new  2023-02-16 16:55:23.854590209 +0100
@@ -39,7 +39,7 @@
 %global big_endian 1
 %endif
 Name:           mozjs%{major}
-Version:        102.7.0
+Version:        102.8.0
 Release:        1%{?dist}
 Summary:        SpiderMonkey JavaScript library
 License:        MPL-2.0

++++++ firefox-102.7.0esr.source.tar.xz -> firefox-102.8.0esr.source.tar.xz 
++++++
/work/SRC/openSUSE:Factory/mozjs102/firefox-102.7.0esr.source.tar.xz 
/work/SRC/openSUSE:Factory/.mozjs102.new.22824/firefox-102.8.0esr.source.tar.xz 
differ: char 15, line 1

commit mozjs102 for openSUSE:Factory

Reply via email to