-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-b7cb89ddd3 2025-08-31 01:07:52.461295+00:00 -------------------------------------------------------------------------------- Name : cef Product : Fedora 42 Version : 139.0.26^chromium139.0.7258.127 Release : 1.fc42 URL : https://bitbucket.org/chromiumembedded/cef Summary : Chromium Embedded Framework Description : CEF is an embeddable build of Chromium, powered by WebKit (Blink). -------------------------------------------------------------------------------- Update Information: CVE-2025-8010: Type Confusion in V8 CVE-2025-8011: Type Confusion in V8 CVE-2025-8576: Use after free in Extensions CVE-2025-8578: Use after free in Cast CVE-2025-8579: Inappropriate implementation in Gemini Live in Chrome CVE-2025-8580: Inappropriate implementation in Filesystems CVE-2025-8581: Inappropriate implementation in Extensions CVE-2025-8582: Insufficient validation of untrusted input in DOM CVE-2025-8583: Inappropriate implementation in Permissions CVE-2025-8879: Heap buffer overflow in libaom CVE-2025-8880: Race in V8 CVE-2025-8901: Out of bounds write in ANGLE CVE-2025-8881: Inappropriate implementation in File Picker CVE-2025-8882: Use after free in Aura -------------------------------------------------------------------------------- ChangeLog: * Thu Aug 21 2025 Asahi Lina <lina@xxxxxxxxxxxxx> - 139.0.26^chromium139.0.7258.127-1 - Update to cef-139.0.26+g9d80e0d * Thu Aug 14 2025 Than Ngo <than@xxxxxxxxxx> - 139.0.20^chromium139.0.7258.127-1 - Updated to 139.0.7258.127 (rhbz#2381869) - * CVE-2025-8879: Heap buffer overflow in libaom - * CVE-2025-8880: Race in V8 - * CVE-2025-8901: Out of bounds write in ANGLE - * CVE-2025-8881: Inappropriate implementation in File Picker - * CVE-2025-8882: Use after free in Aura * Thu Aug 14 2025 Than Ngo <than@xxxxxxxxxx> - 139.0.20^chromium139.0.7258.66-1 - Updated to 139.0.7258.66 - Asahi Lina: Update to cef-139.0.20+g60bd77d - * CVE-2025-8576: Use after free in Extensions - * CVE-2025-8578: Use after free in Cast - * CVE-2025-8579: Inappropriate implementation in Gemini Live in Chrome - * CVE-2025-8580: Inappropriate implementation in Filesystems - * CVE-2025-8581: Inappropriate implementation in Extensions - * CVE-2025-8582: Insufficient validation of untrusted input in DOM - * CVE-2025-8583: Inappropriate implementation in Permissions * Thu Aug 14 2025 Than Ngo <than@xxxxxxxxxx> - 138.0.25^chromium138.0.7204.183-1 - Update to 138.0.7204.183 - * CVE-2025-8292: Use after free in Media Stream * Thu Aug 14 2025 Than Ngo <than@xxxxxxxxxx> - 138.0.25^chromium138.0.7204.168-1 - Update to 138.0.7204.168 - * CVE-2025-8010: Type Confusion in V8 - * CVE-2025-8011: Type Confusion in V8 * Thu Aug 14 2025 Tom Stellard <tstellar@xxxxxxxxxx> - 138.0.25^chromium138.0.7204.157-4 - Backport fix for build failure with clang-21 * Thu Jul 24 2025 Dominik Mierzejewski <dominik@xxxxxxxxxxxxxx> - 138.0.25^chromium138.0.7204.157-3 - drop unused yasm build dependency * Wed Jul 23 2025 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 138.0.25^chromium138.0.7204.157-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #2389708 - cef-139.0.28 is available https://bugzilla.redhat.com/show_bug.cgi?id=2389708 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-b7cb89ddd3' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- package-announce@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to package-announce-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/package-announce@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
