Группа :: Сети/WWW
Пакет: yandex-browser-stable
навигация по пакетам
Главная Изменения Спек Патчи Sources Загрузить Gear Bugs and FR Repocop
5 сентября 2023 yabro <yabro at altlinux.org> 23.7.4.983-alt1
- Browser updated to 23.7.4.983
- Browser updated to 23.7.1.1216
+ Critical CVE-2023-2721: Use after free in Navigation.
+ High CVE-2023-2722: Use after free in Autofill UI.
+ High CVE-2023-2723: Use after free in DevTools.
+ High CVE-2023-2724: Type Confusion in V8.
+ High CVE-2023-2725: Use after free in Guest View.
+ High CVE-2023-2929: Out of bounds write in Swiftshader.
+ High CVE-2023-2930: Use after free in Extensions.
+ High CVE-2023-2931: Use after free in PDF.
+ High CVE-2023-2932: Use after free in PDF.
+ High CVE-2023-2933: Use after free in PDF.
+ High CVE-2023-2934: Out of bounds memory access in Mojo.
+ High CVE-2023-2935: Type Confusion in V8.
+ High CVE-2023-2936: Type Confusion in V8.
+ High CVE-2023-3079: Type Confusion in V8.
+ High CVE-2023-3420: Type Confusion in V8.
+ High CVE-2023-3421: Use after free in Media.
+ High CVE-2023-3422: Use after free in Guest View.
+ High CVE-2023-3598: Out of bounds read and write in ANGLE.
+ Medium CVE-2023-2459: Inappropriate implementation in Prompts.
+ Medium CVE-2023-2460: Insufficient validation of untrusted input in Extensions.
+ Medium CVE-2023-2461: Use after free in OS Inputs.
+ Medium CVE-2023-2462: Inappropriate implementation in Prompts.
+ Medium CVE-2023-2463: Inappropriate implementation in Full Screen Mode.
+ Medium CVE-2023-2464: Inappropriate implementation in PictureInPicture.
+ Medium CVE-2023-2465: Inappropriate implementation in CORS.
+ Medium CVE-2023-2726: Inappropriate implementation in WebApp Installs.
+ Medium CVE-2023-2937: Inappropriate implementation in Picture In Picture.
+ Medium CVE-2023-2938: Inappropriate implementation in Picture In Picture.
+ Medium CVE-2023-2939: Insufficient data validation in Installer.
+ Medium CVE-2023-2940: Inappropriate implementation in Downloads.
+ Low CVE-2023-2466: Inappropriate implementation in Prompts.
+ Low CVE-2023-2467: Inappropriate implementation in Prompts.
+ Low CVE-2023-2468: Inappropriate implementation in PictureInPicture.
+ Low CVE-2023-2941: Inappropriate implementation in Extensions API.
- Browser updated to 23.5.1.793
+ Critical CVE-2023-3214: Use after free in Autofill payments
+ High CVE-2023-3215: Use after free in WebRTC
+ High CVE-2023-3216: Type Confusion in V8
+ High CVE-2023-3217: Use after free in WebXR
- Browser updated to 23.5.1.753
- Browser updated to 23.5.1.659
+ High CVE-2023-2133: Out of bounds memory access in Service Worker API.
+ High CVE-2023-2134: Out of bounds memory access in Service Worker API.
+ High CVE-2023-2135: Use after free in DevTools.
+ High CVE-2023-2136: Integer overflow in Skia.
+ Medium CVE-2023-2137: Heap buffer overflow in sqlite.
+ High CVE-2023-2033: Type Confusion in V8.
+ High CVE-2023-1810: Heap buffer overflow in Visuals.
+ High CVE-2023-1811: Use after free in Frames.
+ Medium CVE-2023-1812: Out of bounds memory access in DOM Bindings.
+ Medium CVE-2023-1813: Inappropriate implementation in Extensions.
+ Medium CVE-2023-1814: Insufficient validation of untrusted input in Safe Browsing.
+ Medium CVE-2023-1815: Use after free in Networking APIs.
+ Medium CVE-2023-1816: Incorrect security UI in Picture In Picture.
+ Medium CVE-2023-1817: Insufficient policy enforcement in Intents.
+ Medium CVE-2023-1818: Use after free in Vulkan.
+ Medium CVE-2023-1819: Out of bounds read in Accessibility.
+ Medium CVE-2023-1820: Heap buffer overflow in Browser History.
+ Low CVE-2023-1821: Inappropriate implementation in WebShare.
+ Low CVE-2023-1822: Incorrect security UI in Navigation.
+ Low CVE-2023-1823: Inappropriate implementation in FedCM.
+ High CVE-2023-1528: Use after free in Passwords.
+ High CVE-2023-1529: Out of bounds memory access in WebHID.
+ High CVE-2023-1530: Use after free in PDF.
+ High CVE-2023-1531: Use after free in ANGLE.
+ High CVE-2023-1532: Out of bounds read in GPU Video.
+ High CVE-2023-1533: Use after free in WebProtect.
+ High CVE-2023-1534: Out of bounds read in ANGLE.
+ High CVE-2023-1213: Use after free in Swiftshader.
+ High CVE-2023-1214: Type Confusion in V8.
+ High CVE-2023-1215: Type Confusion in CSS.
+ High CVE-2023-1216: Use after free in DevTools.
+ High CVE-2023-1217: Stack buffer overflow in Crash reporting.
+ High CVE-2023-1218: Use after free in WebRTC.
+ High CVE-2023-1219: Heap buffer overflow in Metrics.
+ High CVE-2023-1220: Heap buffer overflow in UMA.
+ Medium CVE-2023-1221: Insufficient policy enforcement in Extensions API.
+ Medium CVE-2023-1222: Heap buffer overflow in Web Audio API.
+ Medium CVE-2023-1223: Insufficient policy enforcement in Autofill.
+ Medium CVE-2023-1224: Insufficient policy enforcement in Web Payments API.
+ Medium CVE-2023-1225: Insufficient policy enforcement in Navigation.
+ Medium CVE-2023-1226: Insufficient policy enforcement in Web Payments API.
+ Medium CVE-2023-1227: Use after free in Core.
+ Medium CVE-2023-1228: Insufficient policy enforcement in Intents.
+ Medium CVE-2023-1229: Inappropriate implementation in Permission prompts.
+ Medium CVE-2023-1230: Inappropriate implementation in WebApp Installs.
+ Medium CVE-2023-1231: Inappropriate implementation in Autofill.
+ Low CVE-2023-1232: Insufficient policy enforcement in Resource Timing.
+ Low CVE-2023-1233: Insufficient policy enforcement in Resource Timing.
+ Low CVE-2023-1234: Inappropriate implementation in Intents.
+ Low CVE-2023-1235: Type Confusion in DevTools.
+ Low CVE-2023-1236: Inappropriate implementation in Internals.
- Browser updated to 23.3.1.946
+ Critical CVE-2023-2033: Type confusion in V8
- Browser updated to 23.3.1.929
- Fix installation of partner data
- Browser updated to 23.3.1
+ Critical CVE-2023-0941: Use after free in Prompts.
+ High CVE-2023-0927: Use after free in Web Payments API.
+ High CVE-2023-0928: Use after free in SwiftShader.
+ High CVE-2023-0929: Use after free in Vulkan.
+ High CVE-2023-0930: Heap buffer overflow in Video.
+ High CVE-2023-0931: Use after free in Video.
+ High CVE-2023-0932: Use after free in WebRTC.
+ Medium CVE-2023-0933: Integer overflow in PDF.
+ High CVE-2023-0696: Type Confusion in V8.
+ High CVE-2023-0697: Inappropriate implementation in Full screen mode.
+ High CVE-2023-0698: Out of bounds read in WebRTC.
+ Medium CVE-2023-0699: Use after free in GPU.
+ Medium CVE-2023-0700: Inappropriate implementation in Download.
+ Medium CVE-2023-0701: Heap buffer overflow in WebUI.
+ Medium CVE-2023-0702: Type Confusion in Data Transfer.
+ Medium CVE-2023-0703: Type Confusion in DevTools.
+ Low CVE-2023-0704: Insufficient policy enforcement in DevTools.
+ Low CVE-2023-0705: Integer overflow in Core.
+ High CVE-2023-0471: Use after free in WebTransport.
+ High CVE-2023-0472: Use after free in WebRTC.
+ Medium CVE-2023-0473: Type Confusion in ServiceWorker API.
+ Medium CVE-2023-0474: Use after free in GuestView.
+ High CVE-2023-0128: Use after free in Overview Mode.
+ High CVE-2023-0129: Heap buffer overflow in Network Service.
+ Medium CVE-2023-0130: Inappropriate implementation in Fullscreen API.
+ Medium CVE-2023-0131: Inappropriate implementation in iframe Sandbox.
+ Medium CVE-2023-0132: Inappropriate implementation in Permission prompts.
+ Medium CVE-2023-0133: Inappropriate implementation in Permission prompts.
+ Medium CVE-2023-0134: Use after free in Cart.
+ Medium CVE-2023-0135: Use after free in Cart.
+ Medium CVE-2023-0136: Inappropriate implementation in Fullscreen API.
+ Medium CVE-2023-0137: Heap buffer overflow in Platform Apps.
+ Low CVE-2023-0138: Heap buffer overflow in libphonenumber.
+ Low CVE-2023-0139: Insufficient validation of untrusted input in Downloads.
+ Low CVE-2023-0140: Inappropriate implementation in File System API.
+ Low CVE-2023-0141: Insufficient policy enforcement in CORS. - Set provides webclient (closes: #43564)
- browser updated to 23.1.2
+ High CVE-2022-4436: Use after free in Blink Media.
+ High CVE-2022-4437: Use after free in Mojo IPC.
+ High CVE-2022-4438: Use after free in Blink Frames.
+ High CVE-2022-4439: Use after free in Aura.
+ Medium CVE-2022-4440: Use after free in Profiles.
+ High CVE-2022-4262: Type Confusion in V8.
+ High CVE-2022-4174: Type Confusion in V8.
+ High CVE-2022-4175: Use after free in Camera Capture.
+ High CVE-2022-4176: Out of bounds write in Lacros Graphics.
+ High CVE-2022-4177: Use after free in Extensions.
+ High CVE-2022-4178: Use after free in Mojo.
+ High CVE-2022-4179: Use after free in Audio.
+ High CVE-2022-4180: Use after free in Mojo.
+ High CVE-2022-4181: Use after free in Forms.
+ Medium CVE-2022-4182: Inappropriate implementation in Fenced Frames.
+ Medium CVE-2022-4183: Insufficient policy enforcement in Popup Blocker.
+ Medium CVE-2022-4184: Insufficient policy enforcement in Autofill.
+ Medium CVE-2022-4185: Inappropriate implementation in Navigation.
+ Medium CVE-2022-4186: Insufficient validation of untrusted input in Downloads.
+ Medium CVE-2022-4187: Insufficient policy enforcement in DevTools.
+ Medium CVE-2022-4188: Insufficient validation of untrusted input in CORS.
+ Medium CVE-2022-4189: Insufficient policy enforcement in DevTools.
+ Medium CVE-2022-4190: Insufficient data validation in Directory.
+ Medium CVE-2022-4191: Use after free in Sign-In.
+ Medium CVE-2022-4192: Use after free in Live Caption.
+ Medium CVE-2022-4193: Insufficient policy enforcement in File System API.
+ Medium CVE-2022-4194: Use after free in Accessibility.
+ Medium CVE-2022-4195: Insufficient policy enforcement in Safe Browsing.
+ High CVE-2022-4135: Heap buffer overflow in GPU.
+ High CVE-2022-3885: Use after free in V8.
+ High CVE-2022-3886: Use after free in Speech Recognition.
+ High CVE-2022-3887: Use after free in Web Workers.
+ High CVE-2022-3888: Use after free in WebCodecs.
+ High CVE-2022-3889: Type Confusion in V8.
+ High CVE-2022-3890: Heap buffer overflow in Crashpad.
+ High CVE-2022-3723: Type Confusion in V8.
+ High CVE-2022-3652: Type Confusion in V8.
+ High CVE-2022-3653: Heap buffer overflow in Vulkan.
+ High CVE-2022-3654: Use after free in Layout.
+ Medium CVE-2022-3655: Heap buffer overflow in Media Galleries.
+ Medium CVE-2022-3656: Insufficient data validation in File System.
+ Medium CVE-2022-3657: Use after free in Extensions.
+ Medium CVE-2022-3658: Use after free in Feedback service on Chrome OS.
+ Medium CVE-2022-3659: Use after free in Accessibility.
+ Medium CVE-2022-3660: Inappropriate implementation in Full screen mode.
+ Low CVE-2022-3661: Insufficient data validation in Extensions.
- NMU: supported proxy settings from environment variables (ALT #44983)
- NMU: FTBFS fix: required libwayland-client
- browser updated to 22.11.0
- browser updated to 22.9.3
- removed comment at yandex-browser.appdata.xml (closes: 43673)
- removed built-in xdg-utils deps from the package
- added font with emoji support dependency
- initial build for ALT