Mailinglist Archive: opensuse-factory (439 mails)

< Previous Next >
[opensuse-factory] Leap 15.1 Build 442.2 released!

Please note that this mail was generated by a script.
The described changes are computed based on the x86_64 DVD.
The full online repo contains too many changes to be listed here.

Please check the known defects of this snapshot before upgrading:

When you reply to discuss some issues, make sure to change the subject.
Please use the test plan at
to record your testing efforts and use bugzilla to report bugs.

Packages changed:
MozillaFirefox (60.5.1 -> 60.6.1)

=== Details ===

==== MozillaFirefox ====
Version update (60.5.1 -> 60.6.1)
Subpackages: MozillaFirefox-translations-common

- Mozilla Firefox 60.6.1esr
MFSA 2019-10 (bsc#1130262)
* CVE-2019-9810 (bmo#1537924)
IonMonkey MArraySlice has incorrect alias information
* CVE-2019-9813 (bmo#1538006)
Ionmonkey type confusion with __proto__ mutations
- Mozilla Firefox 60.6.0esr
MFSA 2019-08 (bsc#1129821)
* CVE-2019-9790 bmo#1525145
Use-after-free when removing in-use DOM elements
* CVE-2019-9791 bmo#1530958
Type inference is incorrect for constructors entered through on-stack
replacement with IonMonkey
* CVE-2019-9792 bmo#1532599
IonMonkey leaks JS_OPTIMIZED_OUT magic value to script
* CVE-2019-9793 bmo#1528829
Improper bounds checks when Spectre mitigations are disabled
* CVE-2019-9794 bmo#1530103
Command line arguments not discarded during execution
* CVE-2019-9795 bmo#1514682
Type-confusion in IonMonkey JIT compiler
* CVE-2019-9796 bmo#1531277
Use-after-free with SMIL animation controller
* CVE-2018-18506 bmo#1503393
Proxy Auto-Configuration file can define localhost access to be proxied
* CVE-2019-9788 bmo#1518001 bmo#1521304 bmo#1521214 bmo#1506665 bmo#1516834
bmo#1518774 bmo#1524755 bmo#1523362 bmo#1524214 bmo#1529203
Memory safety bugs fixed in Firefox 66 and Firefox ESR 60.6
- Mozilla Firefox 60.5.2esr:
* Fix a frequent crash when reading various Reuters news articles

==== xfce4-session ====
Subpackages: libxfsm-4_6-0 xfce4-session-lang

- Remove a hunk from xinitrd. Upstream already sets
XDG_CURRENT_DESKTOP with commit 4daf68eb
- Use autosetup for simpler quilt setup
refresh add-light-locker-support.patch

To unsubscribe, e-mail: opensuse-factory+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse-factory+owner@xxxxxxxxxxxx

< Previous Next >
This Thread
  • No further messages