diff options
| author | Ian Eure <ian@retrospec.tv> | 2024-11-30 10:32:42 -0800 |
|---|---|---|
| committer | Hilton Chain <hako@ultrarare.space> | 2024-12-02 07:42:22 +0800 |
| commit | 41fd9cfc65e0284173c9cb45117f8b47bd88874d (patch) | |
| tree | e6383e897fe44efab9c8c5791776fa17e351e297 | |
| parent | 395abb86a61e9ea9ed49a25e4ba3f44ac80cebb4 (diff) | |
| download | guix-41fd9cfc65e0284173c9cb45117f8b47bd88874d.tar.gz guix-41fd9cfc65e0284173c9cb45117f8b47bd88874d.zip | |
gnu: librewolf: Update to 133.0-1 [security fixes].
New upstream version. Fixes CVEs:
CVE-2024-11691: Out-of-bounds write in Apple GPU drivers via WebGL
CVE-2024-11700: Potential Tapjacking Exploit for Intent Confirmation
on Android
CVE-2024-11692: Select list elements could be shown over another site
CVE-2024-11701: Misleading Address Bar State During Navigation
Interruption
CVE-2024-11702: Inadequate Clipboard Protection in Private Browsing
Mode on Android
CVE-2024-11693: Download Protections were bypassed by .library-ms
files on Windows
CVE-2024-11694: CSP Bypass and XSS Exposure via Web Compatibility
Shims
CVE-2024-11695: URL Bar Spoofing via Manipulated Punycode and
Whitespace Characters
CVE-2024-11703: Password access without authentication via PIN bypass
on Android
CVE-2024-11696: Unhandled Exception in Add-on Signature Verification
CVE-2024-11697: Improper Keypress Handling in Executable File
Confirmation Dialog
CVE-2024-11704: Potential Double-Free Vulnerability in PKCS#7
Decryption Handling
CVE-2024-11698: Fullscreen Lock-Up When Modal Dialog Interrupts
Transition on macOS
CVE-2024-11705: Null Pointer Dereference in NSC_DeriveKey
CVE-2024-11706: Null Pointer Dereference in PKCS#12 Utility
CVE-2024-11708: Data race with PlaybackParams
CVE-2024-11699: Memory safety bugs fixed in Firefox 133, Firefox ESR
128.5, and Thunderbird 128.5
* gnu/packages/librewolf.scm (librewolf): Update to 133.0-1.
Change-Id: I611505daf4d4f0940405190471f443d99102c2b9
Signed-off-by: Hilton Chain <hako@ultrarare.space>
| -rw-r--r-- | gnu/packages/librewolf.scm | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/gnu/packages/librewolf.scm b/gnu/packages/librewolf.scm index ad387b1cac..5d432cfad8 100644 --- a/gnu/packages/librewolf.scm +++ b/gnu/packages/librewolf.scm @@ -199,17 +199,17 @@ ;; Update this id with every update to its release date. ;; It's used for cache validation and therefore can lead to strange bugs. ;; ex: date '+%Y%m%d%H%M%S' -(define %librewolf-build-id "20241119164012") +(define %librewolf-build-id "20241130102406") (define-public librewolf (package (name "librewolf") - (version "132.0.2-1") + (version "133.0-1") (source (make-librewolf-source #:version version - #:firefox-hash "1s8h4sf78i5ybzv5pvdpx09fb04gdly7pzgivh8kzqdlyij1g7ij" - #:librewolf-hash "0qyi0w92vj5yqljrkzcif2jiz3ispyglg4awywyiqd874i0p8c7c")) + #:firefox-hash "0q6cqfnwc2x09frdvsndmhck8ixrnbl281j9rqw5w8bd7fd2qas9" + #:librewolf-hash "1xf7gx3xm3c7dhch9gwpb0xp11lcyim1nrbm8sjljxdcs7iq9jy4")) (build-system gnu-build-system) (arguments (list |