Explore top 10 tips to secure your open-source projects now. Read More
×
Rebuild with pregenerated cbindgen. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-bca38111fc 2025-04-30 01:59:13.913534+00:00 -------------------------------------------------------------------------------- Name : icecat Product : Fedora 40 Version : 115.22.0 Release : 2.rh1.fc40 URL : Summary : GNU version of Firefox browser Description : GNU IceCat is the GNU version of the Firefox ESR browser. Extensions included to this version of IceCat: * LibreJS GNU LibreJS aims to address the JavaScript problem described in the article "The JavaScript Trap" of Richard Stallman. * JShelter: Mitigates potential threats from JavaScript, including fingerprinting, tracking, and data collection. Slightly modifies the results of API calls, differently on different domains, so that the cross-site fingerprint is not stable. Applies security counter-measures that are likely not to break web pages. Allows fine-grained control over the restrictions and counter-measures applied to each domain. * A set of companion extensions for LibreJS by Nathan Nichols are pre-installed, and provide workarounds to use some services at USPS, RSF.org, SumOfUs.org, pay.gov, McDonalds, goteo.org and Google Docs without using nonfree JavaScript. * A series of configuration changes and tweaks were applied to ensure that IceCat does not initiate network connections that the user has not explicitly requested. This implies not downloading feeds, updates, blacklists or any other similar data needed during startup. -------------------------------------------------------------------------------- Update Information: Rebuild with pregenerated cbindgen -------------------------------------------------------------------------------- ChangeLog: * Sun Apr 20 2025 Antonio Trande - 2:115.22.0-2.rh1 - Upload regenerated built-in cbindgen * Fri Apr 4 2025 AntonioTrande - 2:115.22.0-1.rh1 - Release 115.22.0 * Tue Mar 4 2025 Antonio Trande - 2:115.21.0-1.rh1 - Release 115.21.0 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2357926 - CVE-2025-3416 icecat: rust-openssl Use-After-Free in `Md::fetch` and `Cipher::fetch` [fedora-40] https://bugzilla.redhat.com/show_bug.cgi?id=2357926 [ 2 ] Bug #2357938 - CVE-2025-3416 icecat: rust-openssl Use-After-Free in `Md::fetch` and `Cipher::fetch` [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2357938 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-bca38111fc' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Rebuild with pregenerated cbindgen. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-883816b756 2025-04-30 01:36:38.945450+00:00 -------------------------------------------------------------------------------- Name : icecat Product : Fedora 41 Version : 115.22.0 Release : 2.rh1.fc41 URL : Summary : GNU version of Firefox browser Description : GNU IceCat is the GNU version of the Firefox ESR browser. Extensions included to this version of IceCat: * LibreJS GNU LibreJS aims to address the JavaScript problem described in the article "The JavaScript Trap" of Richard Stallman. * JShelter: Mitigates potential threats from JavaScript, including fingerprinting, tracking, and data collection. Slightly modifies the results of API calls, differently on different domains, so that the cross-site fingerprint is not stable. Applies security counter-measures that are likely not to break web pages. Allows fine-grained control over the restrictions and counter-measures applied to each domain. * A set of companion extensions for LibreJS by Nathan Nichols are pre-installed, and provide workarounds to use some services at USPS, RSF.org, SumOfUs.org, pay.gov, McDonalds, goteo.org and Google Docs without using nonfree JavaScript. * A series of configuration changes and tweaks were applied to ensure that IceCat does not initiate network connections that the user has not explicitly requested. This implies not downloading feeds, updates, blacklists or any other similar data needed during startup. -------------------------------------------------------------------------------- Update Information: Rebuild with pregenerated cbindgen -------------------------------------------------------------------------------- ChangeLog: * Sun Apr 20 2025 Antonio Trande - 2:115.22.0-2.rh1 - Upload regenerated built-incbindgen -------------------------------------------------------------------------------- References: [ 1 ] Bug #2357926 - CVE-2025-3416 icecat: rust-openssl Use-After-Free in `Md::fetch` and `Cipher::fetch` [fedora-40] https://bugzilla.redhat.com/show_bug.cgi?id=2357926 [ 2 ] Bug #2357938 - CVE-2025-3416 icecat: rust-openssl Use-After-Free in `Md::fetch` and `Cipher::fetch` [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2357938 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-883816b756' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Rebuild with pregenerated cbindgen. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-17f64d2c4d 2025-04-29 20:37:25.511152+00:00 -------------------------------------------------------------------------------- Name : icecat Product : Fedora 42 Version : 115.22.0 Release : 2.rh1.fc42 URL : Summary : GNU version of Firefox browser Description : GNU IceCat is the GNU version of the Firefox ESR browser. Extensions included to this version of IceCat: * LibreJS GNU LibreJS aims to address the JavaScript problem described in the article "The JavaScript Trap" of Richard Stallman. * JShelter: Mitigates potential threats from JavaScript, including fingerprinting, tracking, and data collection. Slightly modifies the results of API calls, differently on different domains, so that the cross-site fingerprint is not stable. Applies security counter-measures that are likely not to break web pages. Allows fine-grained control over the restrictions and counter-measures applied to each domain. * A set of companion extensions for LibreJS by Nathan Nichols are pre-installed, and provide workarounds to use some services at USPS, RSF.org, SumOfUs.org, pay.gov, McDonalds, goteo.org and Google Docs without using nonfree JavaScript. * A series of configuration changes and tweaks were applied to ensure that IceCat does not initiate network connections that the user has not explicitly requested. This implies not downloading feeds, updates, blacklists or any other similar data needed during startup. -------------------------------------------------------------------------------- Update Information: Rebuild with pregenerated cbindgen -------------------------------------------------------------------------------- ChangeLog: * Sun Apr 20 2025 Antonio Trande - 2:115.22.0-2.rh1 - Upload regenerated built-incbindgen -------------------------------------------------------------------------------- References: [ 1 ] Bug #2357926 - CVE-2025-3416 icecat: rust-openssl Use-After-Free in `Md::fetch` and `Cipher::fetch` [fedora-40] https://bugzilla.redhat.com/show_bug.cgi?id=2357926 [ 2 ] Bug #2357938 - CVE-2025-3416 icecat: rust-openssl Use-After-Free in `Md::fetch` and `Cipher::fetch` [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2357938 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-17f64d2c4d' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Fix CVE-2024-11693 CVE-2024-11697 CVE-2024-11692. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2024-ff0115e6ac 2024-12-19 04:06:20.748106+00:00 -------------------------------------------------------------------------------- Name : icecat Product : Fedora 41 Version : 115.18.0 Release : 2.rh2.fc41 URL : Summary : GNU version of Firefox browser Description : GNU IceCat is the GNU version of the Firefox ESR browser. Extensions included to this version of IceCat: * LibreJS GNU LibreJS aims to address the JavaScript problem described in the article "The JavaScript Trap" of Richard Stallman. * JShelter: Mitigates potential threats from JavaScript, including fingerprinting, tracking, and data collection. Slightly modifies the results of API calls, differently on different domains, so that the cross-site fingerprint is not stable. Applies security counter-measures that are likely not to break web pages. Allows fine-grained control over the restrictions and counter-measures applied to each domain. * A set of companion extensions for LibreJS by Nathan Nichols are pre-installed, and provide workarounds to use some services at USPS, RSF.org, SumOfUs.org, pay.gov, McDonalds, goteo.org and Google Docs without using nonfree JavaScript. * A series of configuration changes and tweaks were applied to ensure that IceCat does not initiate network connections that the user has not explicitly requested. This implies not downloading feeds, updates, blacklists or any other similar data needed during startup. -------------------------------------------------------------------------------- Update Information: Fix CVE-2024-11693 CVE-2024-11697 CVE-2024-11692 -------------------------------------------------------------------------------- ChangeLog: * Sun Dec 8 2024 Antonio Trande - 2:115.18.0-2.rh2 - Fix CVE-2024-11693 CVE-2024-11697CVE-2024-11692 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-ff0115e6ac' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Fix CVE-2024-11693 CVE-2024-11697 CVE-2024-11692. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2024-7f67755963 2024-12-19 03:59:44.539063+00:00 -------------------------------------------------------------------------------- Name : icecat Product : Fedora 40 Version : 115.18.0 Release : 2.rh2.fc40 URL : Summary : GNU version of Firefox browser Description : GNU IceCat is the GNU version of the Firefox ESR browser. Extensions included to this version of IceCat: * LibreJS GNU LibreJS aims to address the JavaScript problem described in the article "The JavaScript Trap" of Richard Stallman. * JShelter: Mitigates potential threats from JavaScript, including fingerprinting, tracking, and data collection. Slightly modifies the results of API calls, differently on different domains, so that the cross-site fingerprint is not stable. Applies security counter-measures that are likely not to break web pages. Allows fine-grained control over the restrictions and counter-measures applied to each domain. * A set of companion extensions for LibreJS by Nathan Nichols are pre-installed, and provide workarounds to use some services at USPS, RSF.org, SumOfUs.org, pay.gov, McDonalds, goteo.org and Google Docs without using nonfree JavaScript. * A series of configuration changes and tweaks were applied to ensure that IceCat does not initiate network connections that the user has not explicitly requested. This implies not downloading feeds, updates, blacklists or any other similar data needed during startup. -------------------------------------------------------------------------------- Update Information: Fix CVE-2024-11693 CVE-2024-11697 CVE-2024-11692 -------------------------------------------------------------------------------- ChangeLog: * Sun Dec 8 2024 Antonio Trande - 2:115.18.0-2.rh2 - Fix CVE-2024-11693 CVE-2024-11697CVE-2024-11692 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-7f67755963' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
- Release 115.3.1. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2023-035866b576 2023-11-03 18:20:20.952309 -------------------------------------------------------------------------------- Name : icecat Product : Fedora 39 Version : 115.3.1 Release : 7.rh2.fc39 URL : http://www.gnu.org/software/gnuzilla/ Summary : GNU version of Firefox browser Description : GNU IceCat is the GNU version of the Firefox ESR browser. Extensions included to this version of IceCat: * LibreJS GNU LibreJS aims to address the JavaScript problem described in the article "The JavaScript Trap" of Richard Stallman. * HTTPS Everywhere HTTPS Everywhere is an extension that encrypts your communications with many major websites, making your browsing more secure. * A set of companion extensions for LibreJS by Nathan Nichols are pre-installed, and provide workarounds to use some services at USPS, RSF.org, SumOfUs.org, pay.gov, McDonalds, goteo.org and Google Docs without using nonfree JavaScript. * A series of configuration changes and tweaks were applied to ensure that IceCat does not initiate network connections that the user has not explicitly requested. This implies not downloading feeds, updates, blacklists or any other similar data needed during startup. -------------------------------------------------------------------------------- Update Information: - Release 115.3.1 -------------------------------------------------------------------------------- ChangeLog: * Mon Oct 2 2023 Antonio Trande - 2:115.3.1-7.rh2 - Add missing installed files * Sun Oct 1 2023 Antonio Trande - 2:115.3.1-6.rh2 - Exclude manpage temporarily * Sun Oct 1 2023 Antonio Trande - 2:115.3.1-5.rh2 - Upload new source archive rh2 * Sat Sep 30 2023 Antonio Trande - 2:115.3.1-4.rh1 - Fix icecatview.html file * Sat Sep 30 2023 Antonio Trande - 2:115.3.1-3.rh1 - Fix filesfor processing MOZBUILD * Fri Sep 29 2023 Antonio Trande - 2:115.3.1-2.rh1 - Release 115.3.1 rh1| Fix clang path * Fri Sep 29 2023 Antonio Trande - 2:115.3.1-1.rh1 - Release 115.3.1 rh1| Epoch 2 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2208177 - CVE-2023-26117 icecat: angularjs: Regular expression denial of service via the $resource service [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2208177 [ 2 ] Bug #2208185 - CVE-2023-26116 icecat: angularjs: Regular Expression Denial of Service via angular.copy() [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2208185 [ 3 ] Bug #2208195 - CVE-2023-26118 icecat: angularjs: Regular Expression Denial of Service via the element [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2208195 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2023-035866b576' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list --
- Release 115.3.1. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2023-7342330743 2023-10-18 01:45:22.977713 -------------------------------------------------------------------------------- Name : icecat Product : Fedora 38 Version : 115.3.1 Release : 7.rh2.fc38 URL : Summary : GNU version of Firefox browser Description : GNU IceCat is the GNU version of the Firefox ESR browser. Extensions included to this version of IceCat: * LibreJS GNU LibreJS aims to address the JavaScript problem described in the article "The JavaScript Trap" of Richard Stallman. * HTTPS Everywhere HTTPS Everywhere is an extension that encrypts your communications with many major websites, making your browsing more secure. * A set of companion extensions for LibreJS by Nathan Nichols are pre-installed, and provide workarounds to use some services at USPS, RSF.org, SumOfUs.org, pay.gov, McDonalds, goteo.org and Google Docs without using nonfree JavaScript. * A series of configuration changes and tweaks were applied to ensure that IceCat does not initiate network connections that the user has not explicitly requested. This implies not downloading feeds, updates, blacklists or any other similar data needed during startup. -------------------------------------------------------------------------------- Update Information: - Release 115.3.1 -------------------------------------------------------------------------------- ChangeLog: * Mon Oct 2 2023 Antonio Trande - 2:115.3.1-7.rh2 - Add missing installed files * Sun Oct 1 2023 Antonio Trande - 2:115.3.1-6.rh2 - Exclude manpage temporarily * Sun Oct 1 2023 Antonio Trande - 2:115.3.1-5.rh2 - Upload new source archive rh2 * Sat Sep 30 2023 Antonio Trande - 2:115.3.1-4.rh1 - Fix icecatview.html file * Sat Sep 30 2023 Antonio Trande - 2:115.3.1-3.rh1 - Fix files for processing MOZBUILD * Fri Sep29 2023 Antonio Trande - 2:115.3.1-2.rh1 - Release 115.3.1 rh1| Fix clang path * Fri Sep 29 2023 Antonio Trande - 2:115.3.1-1.rh1 - Release 115.3.1 rh1| Epoch 2 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2208177 - CVE-2023-26117 icecat: angularjs: Regular expression denial of service via the $resource service [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2208177 [ 2 ] Bug #2208185 - CVE-2023-26116 icecat: angularjs: Regular Expression Denial of Service via angular.copy() [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2208185 [ 3 ] Bug #2208195 - CVE-2023-26118 icecat: angularjs: Regular Expression Denial of Service via the element [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2208195 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2023-7342330743' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list --
This update provides the latest release of Firefox, with many bug fixes including critical security issues. It also includes updates to gcc and annobin which were necessary to build Firefox, with the following fixes: * fix up promoted SUBREG handling (#2045160, PR rtl-optimization/104839) * fix up check for asm goto (PR rtl-optimization/104777) * Upstream bugs. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2022-42ea499a7d 2022-03-17 18:37:10.061250 --------------------------------------------------------------------------------Name : icecat Product : Fedora 36 Version : 91.7.0 Release : 1.rh1.fc36 URL : Summary : GNU version of Firefox browser Description : GNU IceCat is the GNU version of the Firefox ESR browser. Extensions included to this version of IceCat: * LibreJS GNU LibreJS aims to address the JavaScript problem described in the article "The JavaScript Trap" of Richard Stallman. * HTTPS Everywhere HTTPS Everywhere is an extension that encrypts your communications with many major websites, making your browsing more secure. * ViewTube Watch videos from video sharing websites with extra options. * A set of companion extensions for LibreJS by Nathan Nichols are pre-installed, and provide workarounds to use some services at USPS, RSF.org, SumOfUs.org, pay.gov, McDonalds, goteo.org and Google Docs without using nonfree JavaScript. * A series of configuration changes and tweaks were applied to ensure that IceCat does not initiate network connections that the user has not explicitly requested. This implies not downloading feeds, updates, blacklists or any other similar data needed during startup. --------------------------------------------------------------------------------Update Information: This update provides the latest release of Firefox, with many bug fixes including critical security issues. It also includes updates to gccand annobin which were necessary to build Firefox, with the following fixes: * fix up promoted SUBREG handling (#2045160, PR rtl-optimization/104839) * fix up check for asm goto (PR rtl-optimization/104777) * Upstream bugs () fixed: 70077, 79493, 80270, 84519, 87496, 88134, 90148, 91384, 96526, 99297, 99555, 99585, 100400, 100407, 100541, 100757, 101325, 101636, 101983, 102276, 102429, 103037, 103302, 103443, 103521, 103836, 103845, 103856, 103984, 104061, 104121, 104131, 104132, 104133, 104154, 104208, 104381, 104430, 104434, 104489, 104529, 104533, 104540, 104550, 104552, 104558, 104573, 104589, 104601, 104602, 104618, 104619, 104627, 104633, 104637, 104644, 104648, 104656, 104659, 104664, 104667, 104674, 104675, 104676, 104677, 104679, 104681, 104682, 104686, 104687, 104698, 104700, 104704, 104715, 104716, 104721, 104724, 104725, 104726, 104727, 104728, 104730, 104732, 104736, 104748, 104757, 104758, 104761, 104775, 104779, 104781, 104782, 104784, 104791, 104794, 104797, 104807, 104825, 104838 --------------------------------------------------------------------------------ChangeLog: * Tue Mar 8 2022 Antonio Trande - 91.7.0-1.rh1 - Release 91.7.0 * Sun Mar 6 2022 Antonio Trande - 91.6.1-1.rh1 - Release 91.6.1 * Fri Feb 18 2022 Antonio Trande - 91.6.0-2.rh1 - Patched for GCC-12 * Tue Feb 15 2022 Antonio Trande - 91.6.0-1.rh1 - Release 91.6.0 * Sat Feb 5 2022 Jiri Vanek - 91.5.0-4.rh1 - Rebuilt for java-17-openjdk as system jdk * Tue Jan 25 2022 Parag Nemade - 91.5.0-3.rh1 - Update hunspell directory path F36 Change https://fedoraproject.org/wiki/Changes/Hunspell_dictionary_dir_change * Thu Jan 20 2022 Fedora Release Engineering - 91.5.0-2.rh1 - Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild --------------------------------------------------------------------------------References: [ 1 ] Bug #2045160 - Cython: FTBFS in Fedora rawhide/f36 ppc64le https://bugzilla.redhat.com/show_bug.cgi?id=2045160 [ 2 ] Bug #2045380 -firefox: FTBFS in Fedora rawhide/f36 https://bugzilla.redhat.com/show_bug.cgi?id=2045380 [ 3 ] Bug #2045404 - game-music-emu: FTBFS in Fedora rawhide/f36 https://bugzilla.redhat.com/show_bug.cgi?id=2045404 [ 4 ] Bug #2056613 - gcc-12.0.1-0.8.fc36 gives wrong -Wdangling-pointer warnings related to `for(;;)` https://bugzilla.redhat.com/show_bug.cgi?id=2056613 [ 5 ] Bug #2057193 - f36 composes still have firefox 96, f34 f35 have firefox 97 https://bugzilla.redhat.com/show_bug.cgi?id=2057193 [ 6 ] Bug #2057492 - internal compiler error by kstars build with gcc-12.0.1-0.8.fc37.ppc64le https://bugzilla.redhat.com/show_bug.cgi?id=2057492 [ 7 ] Bug #2060755 - Firefox: GCC 12 linking error https://bugzilla.redhat.com/show_bug.cgi?id=2060755 [ 8 ] Bug #2063961 - Fedora ARM - Firefox fails to open on aarch64 Workstation https://bugzilla.redhat.com/show_bug.cgi?id=2063961 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2022-42ea499a7d' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Get the latest Linux and open source security news straight to your inbox.