tribes/guix
1
0
Fork 0
mirror of https://git.savannah.gnu.org/git/guix.git synced 2026-04-06 13:10:33 +02:00
Code Activity

gnu: librewolf: Update to 149.0-1 [security-fixes].

Browse Source 
* gnu/packages/librewolf.scm (librewolf): Update to 149.0-1.

Contains fixes for:
CVE-2026-4684: Race condition, use-after-free in the Graphics: WebRender component
CVE-2026-4685: Incorrect boundary conditions in the Graphics: Canvas2D component
CVE-2026-4686: Incorrect boundary conditions in the Graphics: Canvas2D component
CVE-2026-4687: Sandbox escape due to incorrect boundary conditions in the Telemetry component
CVE-2026-4688: Sandbox escape due to use-after-free in the Disability Access APIs component
CVE-2026-4689: Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component
CVE-2026-4690: Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component
CVE-2026-4691: Use-after-free in the CSS Parsing and Computation component
CVE-2026-4692: Sandbox escape in the Responsive Design Mode component
CVE-2026-4693: Incorrect boundary conditions in the Audio/Video: Playback component
CVE-2026-4694: Incorrect boundary conditions, integer overflow in the Graphics component
CVE-2026-4695: Incorrect boundary conditions in the Audio/Video: Web Codecs component
CVE-2026-4696: Use-after-free in the Layout: Text and Fonts component
CVE-2026-4697: Incorrect boundary conditions in the Audio/Video: Web Codecs component
CVE-2026-4698: JIT miscompilation in the JavaScript Engine: JIT component
CVE-2026-4699: Incorrect boundary conditions in the Layout: Text and Fonts component
CVE-2026-4700: Mitigation bypass in the Networking: HTTP component
CVE-2026-4701: Use-after-free in the JavaScript Engine component
CVE-2026-4722: Privilege escalation in the IPC component
CVE-2026-4702: JIT miscompilation in the JavaScript Engine component
CVE-2026-4723: Use-after-free in the JavaScript Engine component
CVE-2026-4724: Undefined behavior in the Audio/Video component
CVE-2026-4704: Denial-of-service in the WebRTC: Signaling component
CVE-2026-4705: Undefined behavior in the WebRTC: Signaling component
CVE-2026-4706: Incorrect boundary conditions in the Graphics: Canvas2D component
CVE-2026-4707: Incorrect boundary conditions in the Graphics: Canvas2D component
CVE-2026-4708: Incorrect boundary conditions in the Graphics component
CVE-2026-4709: Incorrect boundary conditions in the Audio/Video: GMP component
CVE-2026-4710: Incorrect boundary conditions in the Audio/Video component
CVE-2026-4711: Use-after-free in the Widget: Cocoa component
CVE-2026-4725: Sandbox escape due to use-after-free in the Graphics: Canvas2D component
CVE-2026-4712: Information disclosure in the Widget: Cocoa component
CVE-2026-4713: Incorrect boundary conditions in the Graphics component
CVE-2026-4714: Incorrect boundary conditions in the Audio/Video component
CVE-2026-4715: Uninitialized memory in the Graphics: Canvas2D component
CVE-2026-4716: Incorrect boundary conditions, uninitialized memory in the JavaScript Engine component
CVE-2026-4717: Privilege escalation in the Netmonitor component
CVE-2026-4726: Denial-of-service in the XML component
CVE-2025-59375: Denial-of-service in the XML component
CVE-2026-4727: Denial-of-service in the Libraries component in NSS
CVE-2026-4728: Spoofing issue in the Privacy: Anti-Tracking component
CVE-2026-4718: Undefined behavior in the WebRTC: Signaling component
CVE-2026-4719: Incorrect boundary conditions in the Graphics: Text component
CVE-2026-4720: Memory safety bugs fixed in Firefox ESR 140.9, Thunderbird ESR 140.9, Firefox 149 and Thunderbird 149
CVE-2026-4729: Memory safety bugs fixed in Firefox 149 and Thunderbird 149
CVE-2026-4721: Memory safety bugs fixed in Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird ESR 140.9, Firefox 149 and
hunderbird 149

Change-Id: I40e76bf852087d71f8df869103c846032e8552c9
Signed-off-by: Ian Eure <ian@retrospec.tv>
This commit is contained in:
moksh
2026-03-26 14:57:45 +05:30
committed by Ian Eure
parent 23fb319fdd
commit 21946173a0
1 changed files with 5 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
gnu/packages/librewolf.scm
View File

@@ -238,23 +238,23 @@
;;; but since in Guix only the latest packaged Rust is officially supported,
;;; it is a tradeoff worth making.
;;; 0: https://firefox-source-docs.mozilla.org/writing-rust-code/update-policy.html
(define rust-librewolf rust-1.92)
(define rust-librewolf rust-1.93)
;; Update this id with every update to its release date.
;; It's used for cache validation and therefore can lead to strange bugs.
;; ex: date '+%Y%m%d%H%M%S'
;; or: (format-time-string "%Y%m%d%H%M%S")
(define %librewolf-build-id "20260319204056")
(define %librewolf-build-id "20260326135749")
(define-public librewolf
(package
(name "librewolf")
(version "148.0.2-3")
(version "149.0-1")
(source
(make-librewolf-source
#:version version
#:firefox-hash "142f4k4ykcm65kbvj60p472103r4k79v9fdsfljdav2rbr6qxjx6"
#:librewolf-hash "193yh89chifcvqn03h9xs39g0pdiiamzb4wjf8f7qczgc23b7y8w"
#:firefox-hash "12jb930qhqhpzjpn5smms7g4n6y40zvxcrg8w42696wxk7pgsqdq"
#:librewolf-hash "0igv0fr0vl2nf5rlgnidfz2a3gh55bsqwcray0jg7x2kl6qnkzwm"
#:l10n firefox-l10n))
(build-system gnu-build-system)
(arguments