|
1 ------------------------------------------------------------------- |
|
2 Mon Aug 10 16:40:17 UTC 2015 - wr@rosenauer.org |
|
3 |
|
4 - update to xulrunner 38.2.0esr (bnc#940806) |
|
5 * MFSA 2015-79/CVE-2015-4473 |
|
6 Miscellaneous memory safety hazards |
|
7 * MFSA 2015-80/CVE-2015-4475 (bmo#1175396) |
|
8 Out-of-bounds read with malformed MP3 file |
|
9 * MFSA 2015-82/CVE-2015-4478 (bmo#1105914) |
|
10 Redefinition of non-configurable JavaScript object properties |
|
11 * MFSA 2015-83/CVE-2015-4479/CVE-2015-4480/CVE-2015-4493 |
|
12 Overflow issues in libstagefright |
|
13 * MFSA 2015-84/CVE-2015-4481 (bmo1171518) |
|
14 Arbitrary file overwriting through Mozilla Maintenance Service |
|
15 with hard links (only affected Windows) |
|
16 * MFSA 2015-85/CVE-2015-4482 (bmo#1184500) |
|
17 Out-of-bounds write with Updater and malicious MAR file |
|
18 (does not affect openSUSE RPM packages which do not ship the |
|
19 updater) |
|
20 * MFSA 2015-87/CVE-2015-4484 (bmo#1171540) |
|
21 Crash when using shared memory in JavaScript |
|
22 * MFSA 2015-88/CVE-2015-4491 (bmo#1184009) |
|
23 Heap overflow in gdk-pixbuf when scaling bitmap images |
|
24 * MFSA 2015-89/CVE-2015-4485/CVE-2015-4486 (bmo#1177948, bmo#1178148) |
|
25 Buffer overflows on Libvpx when decoding WebM video |
|
26 * MFSA 2015-90/CVE-2015-4487/CVE-2015-4488/CVE-2015-4489 |
|
27 Vulnerabilities found through code inspection |
|
28 * MFSA 2015-92/CVE-2015-4492 (bmo#1185820) |
|
29 Use-after-free in XMLHttpRequest with shared workers |
|
30 - rebased all patches |
|
31 - dropped obsolete patches: |
|
32 * mozilla-sle11.patch |
|
33 * mozilla-ppc.patch |
|
34 * mozilla-nullptr-gcc45.patch |
|
35 * mozilla-libproxy-compat.patch |
|
36 * mozilla-fix-compilation-gcc5-bmo-1021171.patch |
|
37 * mozilla-fix-compilation-gcc5-bmo-1153109.patch |
|
38 * mozilla-aarch64-bmo-810631.patch |
|
39 - added platform specific patches from Firefox package: |
|
40 * mozilla-skia-be-le.patch |
|
41 * mozilla-bmo1005535.patch |
|
42 * mozilla-add-glibcxx_use_cxx11_abi.patch |
|
43 * mozilla-arm64-libjpeg-turbo.patch |
|
44 * mozilla-shared-nss-db.patch |
|
45 |
|
46 ------------------------------------------------------------------- |
|
47 Sat Jun 27 15:26:00 UTC 2015 - wr@rosenauer.org |
|
48 |
|
49 - update to 31.8.0 (bnc#935979) |
|
50 * MFSA 2015-59/CVE-2015-2724 |
|
51 Miscellaneous memory safety hazards |
|
52 * MFSA 2015-61/CVE-2015-2728 (bmo#1142210) |
|
53 Type confusion in Indexed Database Manager |
|
54 * MFSA 2015-64/CVE-2015-2730 (bmo#1125025) |
|
55 ECDSA signature validation fails to handle some signatures correctly |
|
56 (this fix is shipped by NSS 3.19.1 externally) |
|
57 * MFSA 2015-65/CVE-2015-2722/CVE-2015-2733 (bmo#1166924, bmo#1169867) |
|
58 Use-after-free in workers while using XMLHttpRequest |
|
59 * MFSA 2015-66/CVE-2015-2734/CVE-2015-2735/CVE-2015-2736/CVE-2015-2737 |
|
60 CVE-2015-2738/CVE-2015-2739/CVE-2015-2740 |
|
61 Vulnerabilities found through code inspection |
|
62 * MFSA 2015-69/CVE-2015-2743 (bmo#1163109) |
|
63 Privilege escalation in PDF.js |
|
64 * MFSA 2015-70/CVE-2015-4000 (bmo#1138554) |
|
65 NSS accepts export-length DHE keys with regular DHE cipher suites |
|
66 (this fix is shipped by NSS 3.19.1 externally) |
|
67 * MFSA 2015-71/CVE-2015-2721 (bmo#1086145) |
|
68 NSS incorrectly permits skipping of ServerKeyExchange |
|
69 (this fix is shipped by NSS 3.19.1 externally) |
|
70 - requires NSS 3.19.2 |
|
71 |
|
72 -------------------------------------------------------------------- |
|
73 Sun Jun 21 09:39:51 UTC 2015 - antoine.belvire@laposte.net |
|
74 |
|
75 - Fix compilation with GCC5 (bmo#1153109, bmo#1021171) |
|
76 * add mozilla-fix-compilation-gcc5-bmo-1153109.patch |
|
77 * add mozilla-fix-compilation-gcc5-bmo-1021171.patch |
|
78 |
|
79 ------------------------------------------------------------------- |
|
80 Wed May 6 07:49:53 UTC 2015 - wr@rosenauer.org |
|
81 |
|
82 - update to 31.7.0 (bnc#930622) |
|
83 * MFSA 2015-46/CVE-2015-2708 |
|
84 Miscellaneous memory safety hazards |
|
85 * MFSA 2015-47/VE-2015-0797 (bmo#1080995) |
|
86 Buffer overflow parsing H.264 video with Linux Gstreamer |
|
87 * MFSA 2015-48/CVE-2015-2710 (bmo#1149542) |
|
88 Buffer overflow with SVG content and CSS |
|
89 * MFSA 2015-51/CVE-2015-2713 (bmo#1153478) |
|
90 Use-after-free during text processing with vertical text enabled |
|
91 * MFSA 2015-54/CVE-2015-2716 (bmo#1140537) |
|
92 Buffer overflow when parsing compressed XML |
|
93 * MFSA 2015-57/CVE-2011-3079 (bmo#1087565) |
|
94 Privilege escalation through IPC channel messages |
|
95 - strip baselibs.conf to reflect the current set of packages |
|
96 |
|
97 ------------------------------------------------------------------- |
|
98 Mon Mar 30 07:56:19 UTC 2015 - wr@rosenauer.org |
|
99 |
|
100 - update to 31.6.0 (bnc#925368) |
|
101 * MFSA 2015-30/CVE-2015-0815 |
|
102 Miscellaneous memory safety hazards |
|
103 * MFSA 2015-31/CVE-2015-0813 (bmo#1106596)) |
|
104 Use-after-free when using the Fluendo MP3 GStreamer plugin |
|
105 * MFSA 2015-33/CVE-2015-0816 (bmo#1144991) |
|
106 resource:// documents can load privileged pages |
|
107 * MFSA-2015-37/CVE-2015-0807 (bmo#1111834) |
|
108 CORS requests should not follow 30x redirections after preflight |
|
109 * MFSA-2015-40/CVE-2015-0801 (bmo#1146339) |
|
110 Same-origin bypass through anchor navigation |
|
111 |
|
112 ------------------------------------------------------------------- |
|
113 Thu Feb 19 22:56:55 UTC 2015 - wr@rosenauer.org |
|
114 |
|
115 - update to 31.5.0 (bnc#917597) |
|
116 * MFSA 2015-11/CVE-2015-0836 |
|
117 Miscellaneous memory safety hazards |
|
118 * MFSA 2015-12/CVE-2015-0833 (bmo#945192) |
|
119 Invoking Mozilla updater will load locally stored DLL files |
|
120 (Windows only) |
|
121 * MFSA 2015-16/CVE-2015-0831 (bmo#1130514) |
|
122 Use-after-free in IndexedDB |
|
123 * MFSA 2015-19/CVE-2015-0827 (bmo#1117304) |
|
124 Out-of-bounds read and write while rendering SVG content |
|
125 * MFSA 2015-24/CVE-2015-0822 (bmo#1110557) |
|
126 Reading of local files through manipulation of form autocomplete |
|
127 |
|
128 ------------------------------------------------------------------- |
|
129 Sat Jan 10 17:33:51 UTC 2015 - wr@rosenauer.org |
|
130 |
|
131 - update to 31.4.0 (bnc#910669) |
|
132 * MFSA 2015-01/CVE-2014-8634/CVE-2014-8635 |
|
133 Miscellaneous memory safety hazards |
|
134 * MFSA 2015-03/CVE-2014-8638 (bmo#1080987) |
|
135 sendBeacon requests lack an Origin header |
|
136 * MFSA 2015-04/CVE-2014-8639 (bmo#1095859) |
|
137 Cookie injection through Proxy Authenticate responses |
|
138 * MFSA 2015-06/CVE-2014-8641 (bmo#1108455) |
|
139 Read-after-free in WebRTC |
|
140 |
|
141 ------------------------------------------------------------------- |
|
142 Wed Dec 31 16:01:40 UTC 2014 - dimstar@opensuse.org |
|
143 |
|
144 - Do not require mozilla-js-32bit from xulrunner-32bit: since we |
|
145 have shared_js currently set to 0, mozilla-js(-32bit) is not |
|
146 being built. |
|
147 |
|
148 ------------------------------------------------------------------- |
|
149 Sun Nov 30 12:15:59 UTC 2014 - wr@rosenauer.org |
|
150 |
|
151 - update to 31.3.0 (bnc#908009) |
|
152 * MFSA 2014-83/CVE-2014-1587 |
|
153 Miscellaneous memory safety hazards |
|
154 * MFSA 2014-85/CVE-2014-1590 (bmo#1087633) |
|
155 XMLHttpRequest crashes with some input streams |
|
156 * MFSA 2014-87/CVE-2014-1592 (bmo#1088635) |
|
157 Use-after-free during HTML5 parsing |
|
158 * MFSA 2014-88/CVE-2014-1593 (bmo#1085175) |
|
159 Buffer overflow while parsing media content |
|
160 * MFSA 2014-89/CVE-2014-1594 (bmo#1074280) |
|
161 Bad casting from the BasicThebesLayer to BasicContainerLayer |
|
162 - readded mozilla-pkgconfig.patch |
|
163 |
|
164 ------------------------------------------------------------------- |
|
165 Thu Nov 13 08:37:50 UTC 2014 - guillaume@opensuse.org |
|
166 |
|
167 - Fix %arm build (fix CFLAGS) |
|
168 - Disable elf-hack for aarch64 |
|
169 |
|
170 ------------------------------------------------------------------- |
|
171 Sat Nov 1 13:08:20 UTC 2014 - wr@rosenauer.org |
|
172 |
|
173 - update to 31.2.0 |
|
174 - synchronize patchset with firefox-esr |
|
175 - removed add-plugins.sh in favor of using a pref to use myspell |
|
176 |
1 ------------------------------------------------------------------- |
177 ------------------------------------------------------------------- |
2 Wed Sep 18 14:39:34 UTC 2013 - wr@rosenauer.org |
178 Wed Sep 18 14:39:34 UTC 2013 - wr@rosenauer.org |
3 |
179 |
4 - update to 24.0 (bnc#840485) |
180 - update to 24.0 (bnc#840485) |
5 * MFSA 2013-76/CVE-2013-1718/CVE-2013-1719 |
181 * MFSA 2013-76/CVE-2013-1718/CVE-2013-1719 |