Index index by Group index by Distribution index by Vendor index by creation date index by Name Mirrors Help Search

libmozjs-128-0-128.4.0-1.1 RPM for s390x

From OpenSuSE Ports Tumbleweed for s390x

Name: libmozjs-128-0 Distribution: openSUSE:Factory:zSystems
Version: 128.4.0 Vendor: openSUSE
Release: 1.1 Build date: Mon Nov 4 11:37:43 2024
Group: System/Libraries Build host: reproducible
Size: 17135210 Source RPM: mozjs128-128.4.0-1.1.src.rpm
Packager: https://bugs.opensuse.org
Url: https://developer.mozilla.org/en-US/docs/Mozilla/Projects/SpiderMonkey
Summary: JavaScript's library
JavaScript is the Netscape-developed object scripting language used in millions
of web pages and server applications worldwide. Netscape's JavaScript is a
superset of the ECMA-262 Edition 3 (ECMAScript) standard scripting language,
with only mild differences from the published standard.

This package contains the JavaScript's library.

Provides

Requires

License

MPL-2.0

Changelog

* Mon Nov 04 2024 Bjørn Lie <bjorn.lie@gmail.com>
  - Update to version 128.4.0:
    + CVE-2024-10458: Permission leak via embed or object elements
    + CVE-2024-10459: Use-after-free in layout with accessibility
    + CVE-2024-10460: Confusing display of origin for external
      protocol handler prompt
    + CVE-2024-10461: XSS due to Content-Disposition being ignored in
      multipart/x-mixed-replace response
    + CVE-2024-10462: Origin of permission prompt could be spoofed by
      long URL
    + CVE-2024-10463: Cross origin video frame leak
    + CVE-2024-10464: History interface could have been used to cause
      a Denial of Service condition in the browser
    + CVE-2024-10465: Clipboard "paste" button persisted across tabs
    + CVE-2024-10466: DOM push subscription message could hang
      Firefox
    + CVE-2024-10467: Memory safety bugs fixed in Firefox 132,
      Thunderbird 132, Firefox ESR 128.4, and Thunderbird 128.4
* Thu Oct 10 2024 Bjørn Lie <bjorn.lie@gmail.com>
  - Update to version 128.3.1:
    * CVE-2024-9680: Use-after-free in Animation timeline
  - Changes from version 128.3.0:
    * CVE-2024-9392: Compromised content process can bypass site
      isolation
    * CVE-2024-9393: Cross-origin access to PDF contents through
      multipart responses
    * CVE-2024-9394: Cross-origin access to JSON contents through
      multipart responses
    * CVE-2024-8900: Clipboard write permission bypass
    * CVE-2024-9396: Potential memory corruption may occur when
      cloning certain objects
    * CVE-2024-9397: Potential directory upload bypass via
      clickjacking
    * CVE-2024-9398: External protocol handlers could be enumerated
      via popups
    * CVE-2024-9399: Specially crafted WebTransport requests could
      lead to denial of service
    * CVE-2024-9400: Potential memory corruption during JIT
      compilation
    * CVE-2024-9401: Memory safety bugs fixed in Firefox 131, Firefox
      ESR 115.16, Firefox ESR 128.3, Thunderbird 131, and Thunderbird
      128.3
    * CVE-2024-9402: Memory safety bugs fixed in Firefox 131, Firefox
      ESR 128.3, Thunderbird 131, and Thunderbird 128.3
* Mon Sep 30 2024 Cliff Zhao <qzhao@suse.com>
  - Add mozjs128-CVE-2024-45492.patch:
    Backporting 9bf0f2c1 from libexpat upstream, Detect integer
    overflow in function nextScaffoldPart.
    (CVE-2024-45492, bsc#1230038)
* Mon Sep 30 2024 Cliff Zhao <qzhao@suse.com>
  - Add mozjs128-CVE-2024-45491.patch:
    Backporting 8e439a99 from libexpat upstream, Detect integer
    overflow in dtdCopy.
    (CVE-2024-45491, bsc#1230037)
* Mon Sep 30 2024 Cliff Zhao <qzhao@suse.com>
  - Add mozjs128-CVE-2024-45490-part01-5c1a3164.patch:
    Backporting 5c1a3164 from libexpat upstream, Reject negative len
    for XML_ParseBuffer.
    CVE-2024-45490's fixes including 3 parts: 5c1a3164 for libexpat
    sources; c12f039b for libexpat tests; 2db23301 for libexpat docs;
    Because mozjs only embeds libexpat sources, so unnecessary to
    port prart02 and part03.
    (CVE-2024-45490, bsc#1230036)
* Wed Sep 25 2024 Bjørn Lie <bjorn.lie@gmail.com>
  - Update to version 128.2.0:
    + CVE-2024-8385: WASM type confusion involving ArrayTypes
    + CVE-2024-8381: Type confusion when looking up a property name
      in a "with" block
    + CVE-2024-8382: Internal event interfaces were exposed to web
      content when browser EventHandler listener callbacks ran
    + CVE-2024-8383: Firefox did not ask before openings news: links
      in an external application
    + CVE-2024-8384: Garbage collection could mis-color
      cross-compartment objects in OOM conditions
    + CVE-2024-8386: SelectElements could be shown over another site
      if popups are allowed
    + CVE-2024-8387: Memory safety bugs fixed in Firefox 130,
      Firefox ESR 128.2, and Thunderbird 128.2
  - Drop 0001-Skip-failing-tests-on-ppc64-and-s390x.patch: Fixed
    upstream.
* Fri Aug 30 2024 Bjørn Lie <bjorn.lie@gmail.com>
  - Initial build for openSUSE.

Files

/usr/lib64/libmozjs-128.so.0
/usr/lib64/libmozjs-128.so.0.0.0
/usr/share/licenses/libmozjs-128-0
/usr/share/licenses/libmozjs-128-0/LICENSE


Generated by rpm2html 1.8.1

Fabrice Bellet, Thu Nov 7 00:51:36 2024