tag:github.com,2008:https://github.com/CompilerProgramming/ChakraCore/releases 2020-12-08T19:23:46Z tag:github.com,2008:Repository/1026250556/v1.11.24 2020-12-08T19:23:46Z <p>[MERGE <a class="issue-link js-issue-link" href="https://github.com/chakra-core/ChakraCore/pull/6531">chakra-core#6531</a> <a class="user-mention notranslate" href="https://github.com/MikeHolman">@MikeHolman</a>] December 2020 Security Update</p> <p>Merge pull request <a class="issue-link js-issue-link" href="https://github.com/chakra-core/ChakraCore/pull/6531">chakra-core#6531</a> from MikeHolman:servicing/2012</p> <p>December 2020 Security Update that addresses the following issue in ChakraCore:</p> <p><a title="CVE-2020-17131" href="https://github.com/advisories/GHSA-qwwg-gc55-qqrv">CVE-2020-17131</a></p> MikeHolman tag:github.com,2008:Repository/1026250556/v1.11.23 2020-11-10T20:01:00Z <p>[MERGE <a class="issue-link js-issue-link" href="https://github.com/chakra-core/ChakraCore/pull/6528">chakra-core#6528</a> <a class="user-mention notranslate" href="https://github.com/akroshg">@akroshg</a>] ChakraCore Servicing update for 202…</p> <p>…0.11B</p> <p>Merge pull request <a class="issue-link js-issue-link" href="https://github.com/chakra-core/ChakraCore/pull/6528">chakra-core#6528</a> from akroshg:servicing_2011</p> <p>Fixing - <br />[<a title="CVE-2020-17054" href="https://github.com/advisories/GHSA-88cw-3m6x-49f7">CVE-2020-17054</a>] <br />[<a title="CVE-2020-17048" href="https://github.com/advisories/GHSA-vpc2-7xmf-ppmf">CVE-2020-17048</a>]</p> akroshg tag:github.com,2008:Repository/1026250556/v1.11.22 2020-09-08T19:46:52Z <p>[MERGE <a class="issue-link js-issue-link" href="https://github.com/chakra-core/ChakraCore/pull/6500">chakra-core#6500</a> <a class="user-mention notranslate" href="https://github.com/boingoing">@boingoing</a>] ChakraCore Servicing update for 2…</p> <p>…020.09B</p> <p>Merge pull request <a class="issue-link js-issue-link" href="https://github.com/chakra-core/ChakraCore/pull/6500">chakra-core#6500</a> from boingoing:servicing/2009</p> <p>[<a title="CVE-2020-0878" href="https://github.com/advisories/GHSA-6j33-6rqj-fh2m">CVE-2020-0878</a>] <br />[<a title="CVE-2020-1180" href="https://github.com/advisories/GHSA-wc43-7wj6-4ggr">CVE-2020-1180</a>] <br />[<a title="CVE-2020-1057" href="https://github.com/advisories/GHSA-9f8c-f7h4-xghf">CVE-2020-1057</a>] <br />[<a title="CVE-2020-1172" href="https://github.com/advisories/GHSA-xxfr-jrgh-x392">CVE-2020-1172</a>]</p> boingoing tag:github.com,2008:Repository/1026250556/v1.11.21 2020-08-11T20:04:31Z <p>[MERGE <a class="issue-link js-issue-link" href="https://github.com/chakra-core/ChakraCore/pull/6491">chakra-core#6491</a> <a class="user-mention notranslate" href="https://github.com/akroshg">@akroshg</a>] ChakraCore Servicing update for 202…</p> <p>…0.08B</p> <p>Merge pull request <a class="issue-link js-issue-link" href="https://github.com/chakra-core/ChakraCore/pull/6491">chakra-core#6491</a> from akroshg:servicing_2008</p> <p>[<a title="CVE-2020-1555" href="https://github.com/advisories/GHSA-424x-wf7g-f967">CVE-2020-1555</a>]</p> akroshg tag:github.com,2008:Repository/1026250556/v1.11.20 2020-06-09T23:44:17Z <p>[MERGE <a class="issue-link js-issue-link" href="https://github.com/chakra-core/ChakraCore/pull/6464">chakra-core#6464</a> <a class="user-mention notranslate" href="https://github.com/rajeshpeter">@rajeshpeter</a>] ChakraCore Servicing Update for…</p> <p>… 2020.06B</p> <p>Merge pull request <a class="issue-link js-issue-link" href="https://github.com/chakra-core/ChakraCore/pull/6464">chakra-core#6464</a> from rajeshpeter:servicing/2006</p> <p><a title="CVE-2020-1219" href="https://github.com/advisories/GHSA-j59c-78x8-r8jf">CVE-2020-1219</a>] <br />Js::PathTypeHandlerBase::SetPrototype should protect against the case where the instance's type is changed as a side-effect of calling newPrototype-&gt;GetInternalProperty. Intl.js should not refer directly to the global Intl property, as this may have been modified by the user in such a way that Intl initialization has side-effects. Created an Intl property on the interface object whose value is the built-in Intl object and refer to that in Intl.js instead.</p> <p>[<a title="CVE-2020-1073" href="https://github.com/advisories/GHSA-g3m9-qrfj-xw4g">CVE-2020-1073</a>] <br />Non-optimized StFld that may change the object's type may be undetected in the loop prepass, resulting in bad AdjustObjType downstream. If the dead store pass detects a final type that's live across a non-optimized StFld, mark the StFld to use a helper that will return true if the object's type is changed, and bail out if the helper returns true. Also ensures there is no type transition live across InitClassMember.</p> rajeshpeter tag:github.com,2008:Repository/1026250556/v1.11.19 2020-05-12T21:39:27Z <p>[MERGE <a class="issue-link js-issue-link" href="https://github.com/chakra-core/ChakraCore/pull/6447">chakra-core#6447</a> <a class="user-mention notranslate" href="https://github.com/rajeshpeter">@rajeshpeter</a>] ChakraCore Servicing Update for…</p> <p>… 2020.05B</p> <p>Merge pull request <a class="issue-link js-issue-link" href="https://github.com/chakra-core/ChakraCore/pull/6447">chakra-core#6447</a> from rajeshpeter:servicing/2005</p> <p>**Changes to address the following issues:** <br />**[<a title="CVE-2020-1037" href="https://github.com/advisories/GHSA-8xv4-c7rq-j577">CVE-2020-1037</a>]** <br />Ensure JIT bails out when there is an object marked as temporary during an implicit call, to prevent objects stored on the stack to be used outside of the function. This is done by preventing removal of the Bailout instruction for that case during the DeadStore pass of GlobOpt.</p> <p>**[<a title="CVE-2020-1065" href="https://github.com/advisories/GHSA-9hjg-j983-mqcc">CVE-2020-1065</a>]** <br />A previous MSRC fix removes the body scope of an enclosing function when a nested function is declared in the param scope of that enclosing function. This an result in us calculating incorrect envIndex for any symbols captured from enclosing scopes if this skipped body scope appears in the frameDisplay being passed to the nested function. This fix addresses the issue by marking the parameter scope also as mustInstantiate = true so we end up computing the correct envIndex. This problem and the fix only triggers when the enclosing function's param and body scopes are merged so the param and body scopes will never appear together in the scope stack and as such will not mess up the envIndex.</p> rajeshpeter tag:github.com,2008:Repository/1026250556/v1.11.18 2020-04-14T20:28:09Z <p>[MERGE <a class="issue-link js-issue-link" href="https://github.com/chakra-core/ChakraCore/pull/6420">chakra-core#6420</a> <a class="user-mention notranslate" href="https://github.com/boingoing">@boingoing</a>] ChakraCore Servicing Update for 2…</p> <p>…020.04B</p> <p>Merge pull request <a class="issue-link js-issue-link" href="https://github.com/chakra-core/ChakraCore/pull/6420">chakra-core#6420</a> from boingoing:servicing_2004_b</p> <p>ChakraCore Servicing Update for 2020.04B</p> <p>Changes to address the following issues:</p> <p>[<a title="CVE-2020-0970" href="https://github.com/advisories/GHSA-233h-59m2-qqf2">CVE-2020-0970</a>] <br />[<a title="CVE-2020-0969" href="https://github.com/advisories/GHSA-jr84-p554-62pm">CVE-2020-0969</a>]</p> boingoing tag:github.com,2008:Repository/1026250556/v1.11.17 2020-03-10T18:50:19Z <p>[MERGE <a class="issue-link js-issue-link" href="https://github.com/chakra-core/ChakraCore/pull/6386">chakra-core#6386</a> <a class="user-mention notranslate" href="https://github.com/pleath">@pleath</a>] Update version to 1.11.17</p> <p>Merge pull request <a class="issue-link js-issue-link" href="https://github.com/chakra-core/ChakraCore/pull/6386">chakra-core#6386</a> from pleath:version1.11.17</p> pleath tag:github.com,2008:Repository/1026250556/v1.11.16 2020-02-11T20:55:46Z <p>[MERGE <a class="issue-link js-issue-link" href="https://github.com/chakra-core/ChakraCore/pull/6375">chakra-core#6375</a> <a class="user-mention notranslate" href="https://github.com/akroshg">@akroshg</a>] ChakraCore servicing fixes for Feb …</p> <p>…release</p> <p>Merge pull request <a class="issue-link js-issue-link" href="https://github.com/chakra-core/ChakraCore/pull/6375">chakra-core#6375</a> from akroshg:servicing/2002</p> <p>Fixes following CVEs <br />[<a title="CVE-2020-0710" href="https://github.com/advisories/GHSA-67xp-4726-4978">CVE-2020-0710</a>] <br />[<a title="CVE-2020-0711" href="https://github.com/advisories/GHSA-63fw-7jgf-5hwv">CVE-2020-0711</a>] <br />[<a title="CVE-2020-0712" href="https://github.com/advisories/GHSA-w6qf-35f2-j6h7">CVE-2020-0712</a>] <br />[<a title="CVE-2020-0713" href="https://github.com/advisories/GHSA-g6mc-8679-ghx9">CVE-2020-0713</a>] <br />[<a title="CVE-2020-0767" href="https://github.com/advisories/GHSA-fhc8-h6hr-h9mq">CVE-2020-0767</a>]</p> akroshg tag:github.com,2008:Repository/1026250556/v1.11.15 2019-11-12T22:21:10Z boingoing