Branch sisyphus update bulletin.

Package libcamera updated to version 0.5.2-alt1 for branch sisyphus in task 392703.

libcamera: собрана с googletest

Package kernel-image-rk3588 updated to version 6.12.42-alt1 for branch sisyphus in task 392704.

падает прога на ядре 6.12.41

Package palemoon updated to version 33.8.1.2-alt1 for branch sisyphus in task 392712.

Published: 2025-07-22

BDU:2025-08995

Уязвимость браузеров Mozilla Firefox, Firefox ESR и почтового клиента Thunderbird, связанная с выходом операции за границы буфера в памяти, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации

Severity: MEDIUM (5.0) Vector: AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L

Severity: MEDIUM (5.1) Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P

References:

Published: 2025-07-22

BDU:2025-09457

Уязвимость браузеров Mozilla Firefox, Firefox ESR и почтового клиента Thunderbird, связанная с неверным управлением генерацией кода, позволяющая нарушителю оказать воздействие на конфиденциальность и целостность защищаемой информации

Severity: HIGH (8.1) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

Severity: CRITICAL (9.4) Vector: AV:N/AC:L/Au:N/C:C/I:C/A:N

References:

Published: 2025-07-22
Modified: 2025-07-28

CVE-2025-8028

On arm64, a WASM `br_table` instruction with a lot of entries could lead to the label being too far from the instruction causing truncation and incorrect computation of the branch address. This vulnerability affects Firefox < 141, Firefox ESR < 115.26, Firefox ESR < 128.13, Firefox ESR < 140.1, Thunderbird < 141, Thunderbird < 128.13, and Thunderbird < 140.1.

Severity: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Published: 2025-07-22
Modified: 2025-09-09

CVE-2025-8029

Thunderbird executed `javascript:` URLs when used in `object` and `embed` tags. This vulnerability affects Firefox < 141, Firefox ESR < 128.13, Firefox ESR < 140.1, Thunderbird < 141, Thunderbird < 128.13, and Thunderbird < 140.1.

Severity: HIGH (8.1) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

References:

Published: 2025-07-22
Modified: 2025-08-15

CVE-2025-8031

The `username:password` part was not correctly stripped from URLs in CSP reports potentially leaking HTTP Basic Authentication credentials. This vulnerability affects Firefox < 141, Firefox ESR < 128.13, Firefox ESR < 140.1, Thunderbird < 141, Thunderbird < 128.13, and Thunderbird < 140.1.

Severity: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Published: 2025-07-22
Modified: 2025-07-28

CVE-2025-8037

Setting a nameless cookie with an equals sign in the value shadowed other cookies. Even if the nameless cookie was set over HTTP and the shadowed cookie included the `Secure` attribute. This vulnerability affects Firefox < 141, Firefox ESR < 140.1, Thunderbird < 141, and Thunderbird < 140.1.

Severity: CRITICAL (9.1) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

References:

Package python3-module-PyQt5-sip updated to version 12.17.0-alt1 for branch sisyphus in task 392717.

Ошибка Python при запуске приложения QGIS

Version: 2.1.2

Branch sisyphus update on 2025-08-18

ALT-BU-2025-10552-1

ALT-PU-2025-10536-1

Closed bugs

Bug #55286

ALT-PU-2025-10538-1

Closed bugs

Bug #55552

ALT-PU-2025-10540-2

Closed vulnerabilities

BDU:2025-08995

BDU:2025-09457

CVE-2025-8028

CVE-2025-8029

CVE-2025-8031

CVE-2025-8037

ALT-PU-2025-10544-1

Closed bugs

Bug #55628