ALT-BU-2025-11337-2

Branch sisyphus update bulletin.

Package foldy updated to version 5.0-alt1 for branch sisyphus in task 391712.

При попытке удалить папку изнутри, ломается IU приложения foldy

Package chromium updated to version 140.0.7339.80-alt1 for branch sisyphus in task 393938.

Уязвимость обработчика JavaScript-сценариев V8 браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю выполнить произвольный код или вызвать отказ в обслуживании

Severity: HIGH (8.8)Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Severity: CRITICAL (10.0)Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

References:

CVE-2025-9864

Уязвимость компонента Extensions (Расширения) браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю обойти ограничения безопасности

Severity: HIGH (8.8)Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Severity: CRITICAL (10.0)Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

References:

CVE-2025-9866

Уязвимость компонента Downloads (Загрузки) браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю проводить спуфинг-атаки

Severity: MEDIUM (5.4)Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

Severity: MEDIUM (6.4)Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N

References:

CVE-2025-9867

Уязвимость панели инструментов браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю проводить спуфинг-атаки

Severity: MEDIUM (5.4)Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

Severity: MEDIUM (6.4)Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N

References:

CVE-2025-9865

Уязвимость компонента Downloads браузера Google Chrome, позволяющая нарушителю выполнить подмену домена

Severity: MEDIUM (5.4)Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L

Severity: MEDIUM (6.4)Vector: AV:N/AC:L/Au:N/C:P/I:N/A:P

References:

CVE-2025-12908

Уязвимость набора инструментов для веб-разработки DevTools браузера Google Chrome, позволяющая нарушителю выполнить произвольный код

Severity: HIGH (8.8)Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Severity: CRITICAL (10.0)Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

References:

CVE-2025-12907

Уязвимость компонента Downloads браузера Google Chrome, позволяющая нарушителю обойти существующие ограничения безопасности

Severity: MEDIUM (5.4)Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L

Severity: MEDIUM (6.4)Vector: AV:N/AC:L/Au:N/C:P/I:N/A:P

References:

CVE-2025-12905

Уязвимость компонента Devtools браузера Google Chrome, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

Severity: MEDIUM (5.3)Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Severity: MEDIUM (5.0)Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

References:

CVE-2025-12909

Уязвимость технологии Passkeys браузера Google Chrome, позволяющая нарушителю получить доступ к конфиденциальной информации

Severity: MEDIUM (6.2)Vector: AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Severity: MEDIUM (4.9)Vector: AV:L/AC:L/Au:N/C:C/I:N/A:N

References:

CVE-2025-12910

Уязвимость браузера Google Chrome, связанная с недостатком в механизме подтверждения источника, позволяющая нарушителю подменить пользовательский интерфейс

Severity: MEDIUM (5.4)Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L

Severity: MEDIUM (6.4)Vector: AV:N/AC:L/Au:N/C:P/I:N/A:P

References:

CVE-2025-12906

Уязвимость браузера Google Chrome, связанная с ошибками представления информации пользовательским интерфейсом, позволяющая нарушителю подменить пользовательский интерфейс

Severity: MEDIUM (4.3)Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Severity: MEDIUM (5.0)Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N

References:

CVE-2025-12911

Уязвимость компонента Compositing браузера Google Chrome, позволяющая нарушителю подменить пользовательский интерфейс

Severity: MEDIUM (4.3)Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

Severity: MEDIUM (5.0)Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

References:

CVE-2025-13107

Inappropriate implementation in Downloads in Google Chrome on Windows prior to 140.0.7339.80 allowed a remote attacker to bypass Mark of the Web via a crafted HTML page. (Chromium security severity: Low)

Severity: MEDIUM (5.4)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L

References:

Inappropriate implementation in Permissions in Google Chrome prior to 140.0.7339.80 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)

Severity: MEDIUM (5.4)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L

References:

Insufficient validation of untrusted input in Devtools in Google Chrome prior to 140.0.7339.80 allowed a remote attacker to execute arbitrary code via user action in Devtools. (Chromium security severity: Low)

Severity: HIGH (8.8)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Insufficient validation of untrusted input in Downloads in Google Chrome on Android prior to 140.0.7339.80 allowed a remote attacker to perform domain spoofing via a crafted HTML page. (Chromium security severity: Low)

Severity: MEDIUM (5.4)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L

References:

Insufficient policy enforcement in Devtools in Google Chrome prior to 140.0.7339.80 allowed a remote attacker to leak cross-origin data via Devtools. (Chromium security severity: Low)

Severity: MEDIUM (5.3)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

References:

Inappropriate implementation in Passkeys in Google Chrome prior to 140.0.7339.80 allowed a local attacker to obtain potentially sensitive information via debug logs. (Chromium security severity: Low)

Severity: MEDIUM (6.2)Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

References:

Inappropriate implementation in Permissions in Google Chrome prior to 140.0.7339.80 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)

Severity: MEDIUM (4.3)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

References:

Inappropriate implementation in Compositing in Google Chrome prior to 140.0.7339.80 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)

Severity: MEDIUM (4.3)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

References:

Rejected reason: This CVE ID was assigned in error to a vulnerability that was both introduced and fixed before the code landed in the Stable channel of Chrome, and has been withdrawn.

Inappropriate implementation in Toolbar in Google Chrome on Android prior to 140.0.7339.80 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform domain spoofing via a crafted HTML page. (Chromium security severity: Medium)

Severity: MEDIUM (5.4)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

References:

Inappropriate implementation in Extensions in Google Chrome prior to 140.0.7339.80 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Medium)

Severity: HIGH (8.8)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Inappropriate implementation in Downloads in Google Chrome on Android prior to 140.0.7339.80 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)

Severity: MEDIUM (5.4)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

References:

Package qt-creator updated to version 17.0.1-alt1 for branch sisyphus in task 387885.

New version

Package qt6-tools updated to version 6.9.2-alt2 for branch sisyphus in task 393990.

Верните qdoc для Qt6

Version: 2.1.2

Branch sisyphus update on 2025-09-05

ALT-BU-2025-11337-2

ALT-PU-2025-10460-6

Closed bugs

Bug #55479

ALT-PU-2025-11247-2

Closed vulnerabilities

BDU:2025-11125

BDU:2025-11126

BDU:2025-11127

BDU:2025-11128

BDU:2025-14027

BDU:2025-14028

BDU:2025-14029

BDU:2025-14030

BDU:2025-14031

BDU:2025-14032

BDU:2025-14033

BDU:2025-14878

CVE-2025-12905

CVE-2025-12906

CVE-2025-12907

CVE-2025-12908

CVE-2025-12909

CVE-2025-12910

CVE-2025-12911

CVE-2025-13107

CVE-2025-9864

CVE-2025-9865

CVE-2025-9866

CVE-2025-9867

ALT-PU-2025-11283-3

Closed bugs

Bug #54840

ALT-PU-2025-11285-1

Closed bugs

Bug #55857