firefox140: update to 140.10
Mozilla Foundation Security Advisory 2026-32
Security Vulnerabilities fixed in Firefox ESR 140.10
Announced
April 21, 2026
Impact
high
Products
Firefox ESR
Fixed in
Firefox ESR 140.10
#CVE-2026-6746: Use-after-free in the DOM: Core & HTML component
Reporter
Evyatar Ben Asher, Keane Lucas, Nicholas Carlini, Newton Cheng, Daniel Freeman, Alex Gaynor, and Joel Weinberger using Claude from Anthropic
[278 lines not shown]
ldns drill: updated to 1.9.0
1.9.0
* Make ldns_calc_keytag() available for CDNSKEY RR
Thanks tgreenx and pnax
* Make ldns_key_rr2ds() available for CDNSKEY RR
Thanks tgreenx
* Make ldns_rr_compare_{ds,ds_dnskey}() available for
CDS and CDNSKEY RRs. Thanks tgreenx
* Make drill trace use IPv6 when used with -6
Thanks Paul Radford
* Unquoted "value" rdata for CAA records fail to validate.
Follows the long string unquoted syntax from RFC8659, section 4.1.1.
* ldns-read-zone -u fails if a type is the only type in a
window and the type modulo 256 is equal to zero.
* Intermittent build failure with multi-job
builds (make -j).
* Add ldns-verify-zone -s option. It checks all signature results,
[29 lines not shown]
mimalloc: updated to 3.3.1
3.3.1
various bug and security fixes
3.3.0
initial support for github (binary) releases, fix visiting of full pages during collection (performance), fix THP alignment (performance), fix arm64 cross-compilation on Windows, enable guard pages in debug mode, always use uncommitted areas between arenas (security), enable static overloading of malloc etc. on Windows with the static CRT
ansible-core: updated to 2.20.5
2.20.5
Minor Changes
- ansible-test - Generate ``dist_info`` when running tests.
- ansible-test - Replace the ``parallels`` managed macOS provider with a new ``mac`` provider.
- ansible-test - Switch managed macOS remotes from x86_64 to aarch64.
Bugfixes
- Fix ``validate_argspec`` when tags are defined on the play. The ``always`` tag is only added if the play has no tags.
- ``--start-at-task`` - fix starting at the requested task instead of starting at the next block or play. Play level tasks run first. (https://github.com/ansible/ansible/issues/86268)
- ansible-galaxy collection - Fix using the server configuration for ``validate_certs`` when downloading collections. (https://github.com/ansible/ansible/issues/86694)
- ansible_facts[os_*] - Contained wrong information, if ClearLinux parsing was tried before falling back to general os-release parsing
- templating - Fix traceback when using ``deepcopy`` on an imported template (https://github.com/ansible/ansible/issues/86723).
7-zip: updated to 26.00
7-Zip 26.00
improved code for ZIP, CPIO, RAR, UFD, QCOW, Compound.
7-Zip File Manager: improved sorting order of the file list. It uses file name as secondary sorting key.
7-Zip File Manager: improved Benchmark to support systems with more than 64 CPU threads.
the bug was fixed: 7-Zip could not correctly extract TAR archives containing sparse files.
some bugs were fixed.
py-redis: updated to 7.4.0
7.4.0
Bug Fixes
Fix AttributeError in cluster metrics recording when connection is None or ClusterNode object instance is used to extract the connection info
Fixing security concern in repr methods for ConnectionPools - passwords might leak in plain text logs
Refactored connection count and SCH metric collection
Experimental Features
-Refactored health check logic for MultiDBClient
redis: updated to 8.6.2
Redis 8.6.1 Released Mon 23 Feb 2026 10:00:00 IST
Upgrade urgency SECURITY: There is a security fix in the release
Security fixes
- A user can manipulate data read by a connection by injecting \r\n sequences into a Redis error reply
Bug fixes
- `HOTKEYS`: The `INFO` command may display module information, and the missing `HOTKEYS HELP` subcommand has been added
- Bug in RDB loading prevented hash table expansion, increasing load time
Redis 8.6 GA (8.6.0) Released Tue 10 Feb 2026 16:00:00 IST
This is the General Availability release of Redis 8.6 in Redis Open Source.
[10 lines not shown]
shells/yash: update to 2.61
# changes
* The `configure` script now accepts the `--disable-doc` option to
omit installing the manual pages.
* The `configure` script now has minimal cross compilation support.
Use the `--host=HOST` option to specify the cross-compilation
target.
* Fixed a bug where the `configure` script could produce false
positive results for function checks when an optimizing compiler
eliminates the test code. The `configure` script now uses the
`-fno-builtin` compiler option when compiling function check
programs.
* The `times` built-in now uses the `getrusage` function to obtain
resource usage statistics on systems where it is available, which
improves precision.
* Updated the sample initialization script (yashrc):
The script no longer suggests moving the history file from
[7 lines not shown]
devel/gitlogue: import package
A cinematic Git commit replay tool for the terminal, turning your Git history
into a living, animated story.
Watch commits unfold with realistic typing animations, syntax highlighting, and
file tree transitions, transforming code changes into a visual experience.
