GNU bug report logs - #71832
[PATCH v5 0/3] [SECURITY] Add nss-rapid; update Librewolf to 128.0.3-1

Previous Next

Package: guix-patches;

Reported by: Ian Eure <ian <at> retrospec.tv>

Date: Sat, 29 Jun 2024 03:58:01 UTC

Severity: normal

Tags: patch

Done: Vagrant Cascadian <vagrant <at> debian.org>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: Ian Eure <ian <at> retrospec.tv>
To: 71832 <at> debbugs.gnu.org
Cc: Ian Eure <ian <at> retrospec.tv>, guix-security <at> gnu.org
Subject: [bug#71832] [PATCH v6 0/3] [SECURITY] Update LibreWolf to 129.0.1-1; add nss-rapid
Date: Sat, 17 Aug 2024 12:32:37 -0700

vs. the previous versions of this patch series, v6:

- Updates LibreWolf to 129.0.1-1, the latest upstream.
- Updates nss-rapid, to version 3.103, the latest upstream.
- Adds the skr locale to all-mozilla-locales.
- Backs out improvements not directly related to updating the browser version, to make review easier.

In addition to the CVEs fixed in 128.0, this includes fixes for[1]:

    CVE-2024-7518: Fullscreen notification dialog can be obscured by document content
    CVE-2024-7519: Out of bounds memory access in graphics shared memory handling
    CVE-2024-7520: Type confusion in WebAssembly
    CVE-2024-7521: Incomplete WebAssembly exception handing
    CVE-2024-7522: Out of bounds read in editor component
    CVE-2024-7523: Document content could partially obscure security prompts
    CVE-2024-7524: CSP strict-dynamic bypass using web-compatibility shims
    CVE-2024-7525: Missing permission check when creating a StreamFilter
    CVE-2024-7526: Uninitialized memory used by WebGL
    CVE-2024-7527: Use-after-free in JavaScript garbage collection
    CVE-2024-7528: Use-after-free in IndexedDB
    CVE-2024-7529: Document content could partially obscure security prompts
    CVE-2024-7530: Use-after-free in JavaScript code coverage collection
    CVE-2024-7531: PK11_Encrypt using CKM_CHACHA20 can reveal plaintext on Intel Sandy Bridge

[1]: https://www.mozilla.org/en-US/security/advisories/mfsa2024-33/

Ian Eure (3):
  gnu: gnuzilla: Add skr to all-mozilla-locales.
  gnu: Add nss-rapid.
  gnu: librewolf: Update to 129.0.1-1.

 gnu/packages/gnuzilla.scm  |  1 +
 gnu/packages/librewolf.scm | 12 +++----
 gnu/packages/nss.scm       | 67 ++++++++++++++++++++++++++++++++++++++
 3 files changed, 74 insertions(+), 6 deletions(-)

--
2.45.2
This bug report was last modified 276 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.