amaharaneko/guix-mirrors
1
1
Fork 0
mirror of https://codeberg.org/guix/guix.git synced 2025-10-02 02:15:12 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

gnu: librewolf: Update to 133.0-1 [security fixes].

Browse source 
New upstream version.  Fixes CVEs:

CVE-2024-11691: Out-of-bounds write in Apple GPU drivers via WebGL
CVE-2024-11700: Potential Tapjacking Exploit for Intent Confirmation
                on Android
CVE-2024-11692: Select list elements could be shown over another site
CVE-2024-11701: Misleading Address Bar State During Navigation
                Interruption
CVE-2024-11702: Inadequate Clipboard Protection in Private Browsing
                Mode on Android
CVE-2024-11693: Download Protections were bypassed by .library-ms
                files on Windows
CVE-2024-11694: CSP Bypass and XSS Exposure via Web Compatibility
                Shims
CVE-2024-11695: URL Bar Spoofing via Manipulated Punycode and
                Whitespace Characters
CVE-2024-11703: Password access without authentication via PIN bypass
                on Android
CVE-2024-11696: Unhandled Exception in Add-on Signature Verification
CVE-2024-11697: Improper Keypress Handling in Executable File
                Confirmation Dialog
CVE-2024-11704: Potential Double-Free Vulnerability in PKCS#7
                Decryption Handling
CVE-2024-11698: Fullscreen Lock-Up When Modal Dialog Interrupts
                Transition on macOS
CVE-2024-11705: Null Pointer Dereference in NSC_DeriveKey
CVE-2024-11706: Null Pointer Dereference in PKCS#12 Utility
CVE-2024-11708: Data race with PlaybackParams
CVE-2024-11699: Memory safety bugs fixed in Firefox 133, Firefox ESR
                128.5, and Thunderbird 128.5

* gnu/packages/librewolf.scm (librewolf): Update to 133.0-1.

Change-Id: I611505daf4d4f0940405190471f443d99102c2b9
Signed-off-by: Hilton Chain <hako@ultrarare.space>
This commit is contained in:
Ian Eure 2024-11-30 10:32:42 -08:00 committed by Hilton Chain
parent 395abb86a6
commit 41fd9cfc65
No known key found for this signature in database
GPG key ID: ACC66D09CA528292
1 changed files with 4 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

8
gnu/packages/librewolf.scm
View file

@ -199,17 +199,17 @@
;; Update this id with every update to its release date.
;; It's used for cache validation and therefore can lead to strange bugs.
;; ex: date '+%Y%m%d%H%M%S'
(define %librewolf-build-id "20241119164012")
(define %librewolf-build-id "20241130102406")
(define-public librewolf
(package
(name "librewolf")
(version "132.0.2-1")
(version "133.0-1")
(source
(make-librewolf-source
#:version version
#:firefox-hash "1s8h4sf78i5ybzv5pvdpx09fb04gdly7pzgivh8kzqdlyij1g7ij"
#:librewolf-hash "0qyi0w92vj5yqljrkzcif2jiz3ispyglg4awywyiqd874i0p8c7c"))
#:firefox-hash "0q6cqfnwc2x09frdvsndmhck8ixrnbl281j9rqw5w8bd7fd2qas9"
#:librewolf-hash "1xf7gx3xm3c7dhch9gwpb0xp11lcyim1nrbm8sjljxdcs7iq9jy4"))
(build-system gnu-build-system)
(arguments
(list