– Update to 140.0.7339.185 * CVE-2025-10585: Type Confusion in V8 * CVE-2025-10500: Use after free in Dawn * CVE-2025-10501: Use after free in WebRTC * CVE-2025-10502: Heap buffer overflow in ANGLE
Comment
Archive for September, 2025
108 results.
The update for libxslt announced in DSA 5979-1 introduced a regression while back porting the upstream deterministic generate-id implementation, which makes the generated IDs may remain in a non-deterministic order.
dpkg could be made to consume disk space if it opened a specially crafted file.
Rebase to 2.7.2
New upstream release fixing the following security weaknesses (CVE-2025-8114, CVE-2025-8277)
Several security issues were fixed in the Linux kernel.
Several security issues were fixed in pip.
fix Out of bounds read for cookie path (CVE-2025-9086)
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.
GNU C Library could be made to crash or run programs if it received specially crafted input.
podman-tui release 1.8.0
prometheus-podman-exporter v1.18.1
Several vulnerabilities have been discovered in the FFmpeg multimedia framework, which could result in denial of service or potentially the execution of arbitrary code if malformed files/streams are processed.
New upstream release fixing the following security weaknesses (CVE-2025-8114, CVE-2025-8277)
Fix Out of bounds read for cookie path (CVE-2025-9086) Fix predictable WebSocket mask (CVE-2025-10148)
This update for Jetty, a Java servlet engine and web server, addresses a protocol-level vulnerability in HTTP/2 support also referred to as “MadeYouReset”.
This update for Jetty, a Java servlet engine and web server, addresses a protocol-level vulnerability in HTTP/2 support also referred to as “MadeYouReset”.
The system could be made to crash or run programs as an administrator.
The system could be made to crash or run programs as an administrator.
The system could be made to crash or run programs as an administrator.
The system could be made to crash or run programs as an administrator.
Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure. Google is aware that an exploit for CVE-2025-10585 exists in the wild.
Mutiple vulnerabilities in the Viridian interface [XSA-472, CVE-2025-27466, CVE-2025-58142, CVE-2025-58143] Arm issues with page refcounting [XSA-473, CVE-2025-58144, CVE-2025-58145]
Rebase to 2.7.2
Update to 2.79.0
Update to 2.79.0
Several security issues were fixed in OpenJPEG.
Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, sandbox escape, information disclosure or bypass of the same-origin policy.