guix-commits
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

03/04: gnu: librewolf: Update to 133.0-1 [security fixes].

From: guix-commits
Subject: 03/04: gnu: librewolf: Update to 133.0-1 [security fixes].
Date: Sun, 1 Dec 2024 19:00:12 -0500 (EST) 
hako pushed a commit to branch master
in repository guix.

commit 41fd9cfc65e0284173c9cb45117f8b47bd88874d
Author: Ian Eure <ian@retrospec.tv>
AuthorDate: Sat Nov 30 10:32:42 2024 -0800

    gnu: librewolf: Update to 133.0-1 [security fixes].
    
    New upstream version.  Fixes CVEs:
    
    CVE-2024-11691: Out-of-bounds write in Apple GPU drivers via WebGL
    CVE-2024-11700: Potential Tapjacking Exploit for Intent Confirmation
                    on Android
    CVE-2024-11692: Select list elements could be shown over another site
    CVE-2024-11701: Misleading Address Bar State During Navigation
                    Interruption
    CVE-2024-11702: Inadequate Clipboard Protection in Private Browsing
                    Mode on Android
    CVE-2024-11693: Download Protections were bypassed by .library-ms
                    files on Windows
    CVE-2024-11694: CSP Bypass and XSS Exposure via Web Compatibility
                    Shims
    CVE-2024-11695: URL Bar Spoofing via Manipulated Punycode and
                    Whitespace Characters
    CVE-2024-11703: Password access without authentication via PIN bypass
                    on Android
    CVE-2024-11696: Unhandled Exception in Add-on Signature Verification
    CVE-2024-11697: Improper Keypress Handling in Executable File
                    Confirmation Dialog
    CVE-2024-11704: Potential Double-Free Vulnerability in PKCS#7
                    Decryption Handling
    CVE-2024-11698: Fullscreen Lock-Up When Modal Dialog Interrupts
                    Transition on macOS
    CVE-2024-11705: Null Pointer Dereference in NSC_DeriveKey
    CVE-2024-11706: Null Pointer Dereference in PKCS#12 Utility
    CVE-2024-11708: Data race with PlaybackParams
    CVE-2024-11699: Memory safety bugs fixed in Firefox 133, Firefox ESR
                    128.5, and Thunderbird 128.5
    
    * gnu/packages/librewolf.scm (librewolf): Update to 133.0-1.
    
    Change-Id: I611505daf4d4f0940405190471f443d99102c2b9
    Signed-off-by: Hilton Chain <hako@ultrarare.space>
---
 gnu/packages/librewolf.scm | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/gnu/packages/librewolf.scm b/gnu/packages/librewolf.scm
index ad387b1cac..5d432cfad8 100644
--- a/gnu/packages/librewolf.scm
+++ b/gnu/packages/librewolf.scm
@@ -199,17 +199,17 @@
 ;; Update this id with every update to its release date.
 ;; It's used for cache validation and therefore can lead to strange bugs.
 ;; ex: date '+%Y%m%d%H%M%S'
-(define %librewolf-build-id "20241119164012")
+(define %librewolf-build-id "20241130102406")
 
 (define-public librewolf
   (package
     (name "librewolf")
-    (version "132.0.2-1")
+    (version "133.0-1")
     (source
      (make-librewolf-source
       #:version version
-      #:firefox-hash "1s8h4sf78i5ybzv5pvdpx09fb04gdly7pzgivh8kzqdlyij1g7ij"
-      #:librewolf-hash "0qyi0w92vj5yqljrkzcif2jiz3ispyglg4awywyiqd874i0p8c7c"))
+      #:firefox-hash "0q6cqfnwc2x09frdvsndmhck8ixrnbl281j9rqw5w8bd7fd2qas9"
+      #:librewolf-hash "1xf7gx3xm3c7dhch9gwpb0xp11lcyim1nrbm8sjljxdcs7iq9jy4"))
     (build-system gnu-build-system)
     (arguments
      (list
reply via email to
[Prev in Thread] Current Thread [Next in Thread]