| author | Wolfgang Rosenauer <wr@rosenauer.org> |
| Thu, 12 Jun 2014 00:02:30 +0200 | |
| branch | esr24 |
| changeset 743 | d43937f702f4 |
| parent 728 | 6820714d53f4 |
| permissions | -rw-r--r-- |
| 728 | 1 |
------------------------------------------------------------------- |
2 |
Fri Apr 25 08:25:17 UTC 2014 - wr@rosenauer.org |
|
3 |
||
4 |
- update to xulrunner 24.5.0 (bnc#875378) |
|
5 |
||
6 |
------------------------------------------------------------------- |
|
7 |
Mon Mar 17 07:47:39 UTC 2014 - wr@rosenauer.org |
|
8 |
||
9 |
- update to version 24.4.0 (bnc#868603) |
|
10 |
* MFSA 2014-15/CVE-2014-1493/CVE-2014-1494 |
|
11 |
Miscellaneous memory safety hazards |
|
12 |
* MFSA 2014-17/CVE-2014-1497 (bmo#966311) |
|
13 |
Out of bounds read during WAV file decoding |
|
14 |
* MFSA 2014-26/CVE-2014-1508 (bmo#963198) |
|
15 |
Information disclosure through polygon rendering in MathML |
|
16 |
* MFSA 2014-27/CVE-2014-1509 (bmo#966021) |
|
17 |
Memory corruption in Cairo during PDF font rendering |
|
18 |
* MFSA 2014-28/CVE-2014-1505 (bmo#941887) |
|
19 |
SVG filters information disclosure through feDisplacementMap |
|
20 |
* MFSA 2014-29/CVE-2014-1510/CVE-2014-1511 (bmo#982906, bmo#982909) |
|
21 |
Privilege escalation using WebIDL-implemented APIs |
|
22 |
* MFSA 2014-30/CVE-2014-1512 (bmo#982957) |
|
23 |
Use-after-free in TypeObject |
|
24 |
* MFSA 2014-31/CVE-2014-1513 (bmo#982974) |
|
25 |
Out-of-bounds read/write through neutering ArrayBuffer objects |
|
26 |
* MFSA 2014-32/CVE-2014-1514 (bmo#983344) |
|
27 |
Out-of-bounds write through TypedArrayObject after neutering |
|
28 |
||
| 713 | 29 |
------------------------------------------------------------------- |
30 |
Fri Feb 28 11:02:40 UTC 2014 - pcerny@suse.com |
|
31 |
||
32 |
- Updated PowerPC 64 bit support |
|
33 |
(new patch: mozilla-ppc64le-skia.patch) |
|
34 |
||
35 |
------------------------------------------------------------------- |
|
36 |
Tue Feb 18 11:56:20 UTC 2014 - pcerny@suse.com |
|
37 |
||
38 |
- update to Firefox 24.3.0esr (bnc#861847) |
|
39 |
* MFSA 2014-01/CVE-2014-1477/CVE-2014-1478 |
|
40 |
(bmo#921470, bmo#937697, bmo#951366, bmo#953114, bmo#945939, |
|
41 |
bmo#950000, bmo#950438, bmo#925896, bmo#937132, bmo#936808, |
|
42 |
bmo#945334, bmo#944321, bmo#911707, bmo#938431, bmo#944278, |
|
43 |
bmo#922603, bmo#925308, bmo#950452, bmo#939472, bmo#944851, |
|
44 |
bmo#924348, bmo#942152, bmo#932162, bmo#942940, bmo#945585, |
|
45 |
bmo#946733, bmo#953373, bmo#867597, bmo#911845, bmo#916635) |
|
46 |
Miscellaneous memory safety hazards (rv:27.0 / rv:24.3) |
|
47 |
* MFSA 2014-02/CVE-2014-1479 |
|
48 |
(bmo#911864) |
|
49 |
Clone protected content with XBL scopes |
|
50 |
* MFSA 2014-04/CVE-2014-1482 |
|
51 |
(bmo#943803) |
|
52 |
Incorrect use of discarded images by RasterImage |
|
53 |
* MFSA 2014-08/CVE-2014-1486 |
|
54 |
(bmo#942164) |
|
55 |
Use-after-free with imgRequestProxy and image proccessing |
|
56 |
* MFSA 2014-09/CVE-2014-1487 |
|
57 |
(bmo#947592) |
|
58 |
Cross-origin information leak through web workers |
|
59 |
* MFSA 2014-12/CVE-2014-1490/CVE-2014-1491 |
|
60 |
(bmo#934545, bmo#930874, bmo#930857) |
|
61 |
NSS ticket handling issues |
|
62 |
* MFSA 2014-13/CVE-2014-1481 |
|
63 |
(bmo#936056) |
|
64 |
Inconsistent JavaScript handling of access to Window objects |
|
65 |
- require NSS 3.15.4 (bnc#859055) |
|
66 |
- rebasing, renaming and enabling PowerPC 64 LE patches |
|
67 |
- disabling translations (which seem to be broken to some extent) |
|
68 |
||
|
678
d0329e10d68c
prepare 24.1.0esr releases
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
670
diff
changeset
|
69 |
------------------------------------------------------------------- |
|
698
8066b2bdabfb
update xulrunner to 24.2.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
678
diff
changeset
|
70 |
Mon Jan 13 15:51:35 UTC 2014 - wr@rosenauer.org |
|
678
d0329e10d68c
prepare 24.1.0esr releases
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
670
diff
changeset
|
71 |
|
|
698
8066b2bdabfb
update xulrunner to 24.2.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
678
diff
changeset
|
72 |
- removed obsolete mozilla-use-recommended-freetype-include.patch |
|
678
d0329e10d68c
prepare 24.1.0esr releases
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
670
diff
changeset
|
73 |
|
|
670
0b1f7ee785d3
update xulrunner base to 24.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
595
diff
changeset
|
74 |
------------------------------------------------------------------- |
|
698
8066b2bdabfb
update xulrunner to 24.2.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
678
diff
changeset
|
75 |
Mon Jan 13 15:37:53 UTC 2014 - wr@rosenauer.org |
|
8066b2bdabfb
update xulrunner to 24.2.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
678
diff
changeset
|
76 |
|
|
8066b2bdabfb
update xulrunner to 24.2.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
678
diff
changeset
|
77 |
- update to Firefox 24.2.0esr (bnc#854367, bnc#854370) |
|
8066b2bdabfb
update xulrunner to 24.2.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
678
diff
changeset
|
78 |
* requires NSPR 4.10.2 and NSS 3.15.3.1 or higher |
|
8066b2bdabfb
update xulrunner to 24.2.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
678
diff
changeset
|
79 |
* MFSA 2013-104/CVE-2013-5609/CVE-2013-5610 |
|
8066b2bdabfb
update xulrunner to 24.2.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
678
diff
changeset
|
80 |
Miscellaneous memory safety hazards |
|
8066b2bdabfb
update xulrunner to 24.2.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
678
diff
changeset
|
81 |
* MFSA 2013-108/CVE-2013-5616 (bmo#938341) |
|
8066b2bdabfb
update xulrunner to 24.2.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
678
diff
changeset
|
82 |
Use-after-free in event listeners |
|
8066b2bdabfb
update xulrunner to 24.2.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
678
diff
changeset
|
83 |
* MFSA 2013-109/CVE-2013-5618 (bmo#926361) |
|
8066b2bdabfb
update xulrunner to 24.2.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
678
diff
changeset
|
84 |
Use-after-free during Table Editing |
|
8066b2bdabfb
update xulrunner to 24.2.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
678
diff
changeset
|
85 |
* MFSA 2013-111/CVE-2013-6671 (bmo#930281) |
|
8066b2bdabfb
update xulrunner to 24.2.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
678
diff
changeset
|
86 |
Segmentation violation when replacing ordered list elements |
|
8066b2bdabfb
update xulrunner to 24.2.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
678
diff
changeset
|
87 |
* MFSA 2013-113/CVE-2013-6673 (bmo#970380) |
|
8066b2bdabfb
update xulrunner to 24.2.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
678
diff
changeset
|
88 |
Trust settings for built-in roots ignored during EV certificate |
|
8066b2bdabfb
update xulrunner to 24.2.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
678
diff
changeset
|
89 |
validation |
|
8066b2bdabfb
update xulrunner to 24.2.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
678
diff
changeset
|
90 |
* MFSA 2013-114/CVE-2013-5613 (bmo#930381, bmo#932449) |
|
8066b2bdabfb
update xulrunner to 24.2.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
678
diff
changeset
|
91 |
Use-after-free in synthetic mouse movement |
|
8066b2bdabfb
update xulrunner to 24.2.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
678
diff
changeset
|
92 |
* MFSA 2013-115/CVE-2013-5615 (bmo#929261) |
|
8066b2bdabfb
update xulrunner to 24.2.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
678
diff
changeset
|
93 |
GetElementIC typed array stubs can be generated outside observed |
|
8066b2bdabfb
update xulrunner to 24.2.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
678
diff
changeset
|
94 |
typesets |
|
8066b2bdabfb
update xulrunner to 24.2.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
678
diff
changeset
|
95 |
* MFSA 2013-116/CVE-2013-6629/CVE-2013-6630 (bmo#891693) |
|
8066b2bdabfb
update xulrunner to 24.2.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
678
diff
changeset
|
96 |
JPEG information leak |
|
8066b2bdabfb
update xulrunner to 24.2.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
678
diff
changeset
|
97 |
* MFSA 2013-117 (bmo#946351) |
|
8066b2bdabfb
update xulrunner to 24.2.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
678
diff
changeset
|
98 |
Mis-issued ANSSI/DCSSI certificate |
|
8066b2bdabfb
update xulrunner to 24.2.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
678
diff
changeset
|
99 |
(fixed via NSS 3.15.3.1) |
|
8066b2bdabfb
update xulrunner to 24.2.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
678
diff
changeset
|
100 |
|
|
8066b2bdabfb
update xulrunner to 24.2.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
678
diff
changeset
|
101 |
- update to Firefox 24.1.0esr (bnc#847708) |
|
8066b2bdabfb
update xulrunner to 24.2.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
678
diff
changeset
|
102 |
* requires NSS 3.15.2 or above |
|
8066b2bdabfb
update xulrunner to 24.2.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
678
diff
changeset
|
103 |
* MFSA 2013-93/CVE-2013-5590/CVE-2013-5591/CVE-2013-5592 |
|
8066b2bdabfb
update xulrunner to 24.2.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
678
diff
changeset
|
104 |
Miscellaneous memory safety hazards |
|
8066b2bdabfb
update xulrunner to 24.2.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
678
diff
changeset
|
105 |
* MFSA 2013-94/CVE-2013-5593 (bmo#868327) |
|
8066b2bdabfb
update xulrunner to 24.2.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
678
diff
changeset
|
106 |
Spoofing addressbar through SELECT element |
|
8066b2bdabfb
update xulrunner to 24.2.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
678
diff
changeset
|
107 |
* MFSA 2013-95/CVE-2013-5604 (bmo#914017) |
|
8066b2bdabfb
update xulrunner to 24.2.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
678
diff
changeset
|
108 |
Access violation with XSLT and uninitialized data |
|
8066b2bdabfb
update xulrunner to 24.2.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
678
diff
changeset
|
109 |
* MFSA 2013-96/CVE-2013-5595 (bmo#916580) |
|
8066b2bdabfb
update xulrunner to 24.2.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
678
diff
changeset
|
110 |
Improperly initialized memory and overflows in some JavaScript |
|
8066b2bdabfb
update xulrunner to 24.2.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
678
diff
changeset
|
111 |
functions |
|
8066b2bdabfb
update xulrunner to 24.2.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
678
diff
changeset
|
112 |
* MFSA 2013-97/CVE-2013-5596 (bmo#910881) |
|
8066b2bdabfb
update xulrunner to 24.2.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
678
diff
changeset
|
113 |
Writing to cycle collected object during image decoding |
|
8066b2bdabfb
update xulrunner to 24.2.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
678
diff
changeset
|
114 |
* MFSA 2013-98/CVE-2013-5597 (bmo#918864) |
|
8066b2bdabfb
update xulrunner to 24.2.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
678
diff
changeset
|
115 |
Use-after-free when updating offline cache |
|
8066b2bdabfb
update xulrunner to 24.2.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
678
diff
changeset
|
116 |
* MFSA 2013-99/CVE-2013-5598 (bmo#920515) |
|
8066b2bdabfb
update xulrunner to 24.2.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
678
diff
changeset
|
117 |
Security bypass of PDF.js checks using iframes |
|
8066b2bdabfb
update xulrunner to 24.2.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
678
diff
changeset
|
118 |
* MFSA 2013-100/CVE-2013-5599/CVE-2013-5600/CVE-2013-5601 |
|
8066b2bdabfb
update xulrunner to 24.2.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
678
diff
changeset
|
119 |
(bmo#915210, bmo#915576, bmo#916685) |
|
8066b2bdabfb
update xulrunner to 24.2.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
678
diff
changeset
|
120 |
Miscellaneous use-after-free issues found through ASAN fuzzing |
|
8066b2bdabfb
update xulrunner to 24.2.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
678
diff
changeset
|
121 |
* MFSA 2013-101/CVE-2013-5602 (bmo#897678) |
|
8066b2bdabfb
update xulrunner to 24.2.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
678
diff
changeset
|
122 |
Memory corruption in workers |
|
8066b2bdabfb
update xulrunner to 24.2.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
678
diff
changeset
|
123 |
* MFSA 2013-102/CVE-2013-5603 (bmo#916404) |
|
8066b2bdabfb
update xulrunner to 24.2.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
678
diff
changeset
|
124 |
Use-after-free in HTML document templates |
|
670
0b1f7ee785d3
update xulrunner base to 24.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
595
diff
changeset
|
125 |
|
|
0b1f7ee785d3
update xulrunner base to 24.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
595
diff
changeset
|
126 |
- update to 24.0 (bnc#840485) |
|
0b1f7ee785d3
update xulrunner base to 24.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
595
diff
changeset
|
127 |
* MFSA 2013-76/CVE-2013-1718/CVE-2013-1719 |
|
0b1f7ee785d3
update xulrunner base to 24.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
595
diff
changeset
|
128 |
Miscellaneous memory safety hazards |
|
0b1f7ee785d3
update xulrunner base to 24.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
595
diff
changeset
|
129 |
* MFSA 2013-77/CVE-2013-1720 (bmo#888820) |
|
0b1f7ee785d3
update xulrunner base to 24.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
595
diff
changeset
|
130 |
Improper state in HTML5 Tree Builder with templates |
|
0b1f7ee785d3
update xulrunner base to 24.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
595
diff
changeset
|
131 |
* MFSA 2013-78/CVE-2013-1721 (bmo#890277) |
|
0b1f7ee785d3
update xulrunner base to 24.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
595
diff
changeset
|
132 |
Integer overflow in ANGLE library |
|
0b1f7ee785d3
update xulrunner base to 24.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
595
diff
changeset
|
133 |
* MFSA 2013-79/CVE-2013-1722 (bmo#893308) |
|
0b1f7ee785d3
update xulrunner base to 24.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
595
diff
changeset
|
134 |
Use-after-free in Animation Manager during stylesheet cloning |
|
0b1f7ee785d3
update xulrunner base to 24.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
595
diff
changeset
|
135 |
* MFSA 2013-80/CVE-2013-1723 (bmo#891292) |
|
0b1f7ee785d3
update xulrunner base to 24.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
595
diff
changeset
|
136 |
NativeKey continues handling key messages after widget is destroyed |
|
0b1f7ee785d3
update xulrunner base to 24.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
595
diff
changeset
|
137 |
* MFSA 2013-81/CVE-2013-1724 (bmo#894137) |
|
0b1f7ee785d3
update xulrunner base to 24.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
595
diff
changeset
|
138 |
Use-after-free with select element |
|
0b1f7ee785d3
update xulrunner base to 24.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
595
diff
changeset
|
139 |
* MFSA 2013-82/CVE-2013-1725 (bmo#876762) |
|
0b1f7ee785d3
update xulrunner base to 24.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
595
diff
changeset
|
140 |
Calling scope for new Javascript objects can lead to memory corruption |
|
0b1f7ee785d3
update xulrunner base to 24.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
595
diff
changeset
|
141 |
* MFSA 2013-85/CVE-2013-1728 (bmo#883686) |
|
0b1f7ee785d3
update xulrunner base to 24.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
595
diff
changeset
|
142 |
Uninitialized data in IonMonkey |
|
0b1f7ee785d3
update xulrunner base to 24.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
595
diff
changeset
|
143 |
* MFSA 2013-88/CVE-2013-1730 (bmo#851353) |
|
0b1f7ee785d3
update xulrunner base to 24.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
595
diff
changeset
|
144 |
Compartment mismatch re-attaching XBL-backed nodes |
|
0b1f7ee785d3
update xulrunner base to 24.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
595
diff
changeset
|
145 |
* MFSA 2013-89/CVE-2013-1732 (bmo#883514) |
|
0b1f7ee785d3
update xulrunner base to 24.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
595
diff
changeset
|
146 |
Buffer overflow with multi-column, lists, and floats |
|
0b1f7ee785d3
update xulrunner base to 24.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
595
diff
changeset
|
147 |
* MFSA 2013-90/CVE-2013-1735/CVE-2013-1736 (bmo#898871, bmo#906301) |
|
0b1f7ee785d3
update xulrunner base to 24.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
595
diff
changeset
|
148 |
Memory corruption involving scrolling |
|
0b1f7ee785d3
update xulrunner base to 24.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
595
diff
changeset
|
149 |
* MFSA 2013-91/CVE-2013-1737 (bmo#907727) |
|
0b1f7ee785d3
update xulrunner base to 24.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
595
diff
changeset
|
150 |
User-defined properties on DOM proxies get the wrong "this" object |
|
0b1f7ee785d3
update xulrunner base to 24.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
595
diff
changeset
|
151 |
* MFSA 2013-92/CVE-2013-1738 (bmo#887334, bmo#882897) |
|
0b1f7ee785d3
update xulrunner base to 24.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
595
diff
changeset
|
152 |
GC hazard with default compartments and frame chain restoration |
|
0b1f7ee785d3
update xulrunner base to 24.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
595
diff
changeset
|
153 |
- require NSPR 4.10 and NSS 3.15.1 |
|
0b1f7ee785d3
update xulrunner base to 24.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
595
diff
changeset
|
154 |
|
|
0b1f7ee785d3
update xulrunner base to 24.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
595
diff
changeset
|
155 |
------------------------------------------------------------------- |
|
698
8066b2bdabfb
update xulrunner to 24.2.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
678
diff
changeset
|
156 |
Sat Dec 14 17:42:53 UTC 2013 - hrvoje.senjan@gmail.com |
|
8066b2bdabfb
update xulrunner to 24.2.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
678
diff
changeset
|
157 |
|
|
8066b2bdabfb
update xulrunner to 24.2.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
678
diff
changeset
|
158 |
- Added mozilla-use-recommended-freetype-include.patch: |
|
8066b2bdabfb
update xulrunner to 24.2.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
678
diff
changeset
|
159 |
Freetype upstream recommends using their macros together with |
|
8066b2bdabfb
update xulrunner to 24.2.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
678
diff
changeset
|
160 |
ft2build include. Positive sideeffect is that this patch makes it |
|
8066b2bdabfb
update xulrunner to 24.2.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
678
diff
changeset
|
161 |
build with both freetype2 2.5.1, and older versions |
|
8066b2bdabfb
update xulrunner to 24.2.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
678
diff
changeset
|
162 |
|
|
8066b2bdabfb
update xulrunner to 24.2.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
678
diff
changeset
|
163 |
------------------------------------------------------------------- |
|
8066b2bdabfb
update xulrunner to 24.2.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
678
diff
changeset
|
164 |
Thu Dec 12 05:46:02 UTC 2013 - uweigand@de.ibm.com |
|
8066b2bdabfb
update xulrunner to 24.2.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
678
diff
changeset
|
165 |
|
|
8066b2bdabfb
update xulrunner to 24.2.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
678
diff
changeset
|
166 |
- Add xpcom patch and general support for ppc64le |
|
8066b2bdabfb
update xulrunner to 24.2.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
678
diff
changeset
|
167 |
- added patches: |
|
8066b2bdabfb
update xulrunner to 24.2.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
678
diff
changeset
|
168 |
* ppc64le-support.patch |
|
8066b2bdabfb
update xulrunner to 24.2.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
678
diff
changeset
|
169 |
* xpcom-ppc64le.patch |
|
8066b2bdabfb
update xulrunner to 24.2.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
678
diff
changeset
|
170 |
|
|
8066b2bdabfb
update xulrunner to 24.2.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
678
diff
changeset
|
171 |
------------------------------------------------------------------- |
|
8066b2bdabfb
update xulrunner to 24.2.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
678
diff
changeset
|
172 |
Tue Dec 10 10:01:45 UTC 2013 - dvaleev@suse.com |
|
8066b2bdabfb
update xulrunner to 24.2.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
678
diff
changeset
|
173 |
|
|
8066b2bdabfb
update xulrunner to 24.2.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
678
diff
changeset
|
174 |
- Add libffi patch for ppc64le |
|
8066b2bdabfb
update xulrunner to 24.2.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
678
diff
changeset
|
175 |
- added patches: |
|
8066b2bdabfb
update xulrunner to 24.2.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
678
diff
changeset
|
176 |
* libffi-ppc64le.patch |
|
8066b2bdabfb
update xulrunner to 24.2.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
678
diff
changeset
|
177 |
|
|
8066b2bdabfb
update xulrunner to 24.2.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
678
diff
changeset
|
178 |
------------------------------------------------------------------- |
|
8066b2bdabfb
update xulrunner to 24.2.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
678
diff
changeset
|
179 |
Wed Oct 30 10:03:20 UTC 2013 - schwab@suse.de |
|
8066b2bdabfb
update xulrunner to 24.2.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
678
diff
changeset
|
180 |
|
|
8066b2bdabfb
update xulrunner to 24.2.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
678
diff
changeset
|
181 |
- mozilla-aarch64.patch: Add support for aarch64 |
|
8066b2bdabfb
update xulrunner to 24.2.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
678
diff
changeset
|
182 |
|
|
8066b2bdabfb
update xulrunner to 24.2.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
678
diff
changeset
|
183 |
------------------------------------------------------------------- |
|
8066b2bdabfb
update xulrunner to 24.2.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
678
diff
changeset
|
184 |
Thu Oct 24 16:40:37 UTC 2013 - wr@rosenauer.org |
|
8066b2bdabfb
update xulrunner to 24.2.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
678
diff
changeset
|
185 |
|
|
8066b2bdabfb
update xulrunner to 24.2.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
678
diff
changeset
|
186 |
- update to 17.0.10esr (bnc#847708) |
|
8066b2bdabfb
update xulrunner to 24.2.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
678
diff
changeset
|
187 |
* require NSS 3.14.4 or above |
|
8066b2bdabfb
update xulrunner to 24.2.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
678
diff
changeset
|
188 |
* MFSA 2013-93/CVE-2013-5590/CVE-2013-5591/CVE-2013-5592 |
|
8066b2bdabfb
update xulrunner to 24.2.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
678
diff
changeset
|
189 |
Miscellaneous memory safety hazards |
|
8066b2bdabfb
update xulrunner to 24.2.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
678
diff
changeset
|
190 |
* MFSA 2013-95/CVE-2013-5604 (bmo#914017) |
|
8066b2bdabfb
update xulrunner to 24.2.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
678
diff
changeset
|
191 |
Access violation with XSLT and uninitialized data |
|
8066b2bdabfb
update xulrunner to 24.2.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
678
diff
changeset
|
192 |
* MFSA 2013-96/CVE-2013-5595 (bmo#916580) |
|
8066b2bdabfb
update xulrunner to 24.2.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
678
diff
changeset
|
193 |
Improperly initialized memory and overflows in some JavaScript |
|
8066b2bdabfb
update xulrunner to 24.2.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
678
diff
changeset
|
194 |
functions |
|
8066b2bdabfb
update xulrunner to 24.2.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
678
diff
changeset
|
195 |
* MFSA 2013-98/CVE-2013-5597 (bmo#918864) |
|
8066b2bdabfb
update xulrunner to 24.2.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
678
diff
changeset
|
196 |
Use-after-free when updating offline cache |
|
8066b2bdabfb
update xulrunner to 24.2.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
678
diff
changeset
|
197 |
* MFSA 2013-100/CVE-2013-5599/CVE-2013-5600/CVE-2013-5601 |
|
8066b2bdabfb
update xulrunner to 24.2.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
678
diff
changeset
|
198 |
(bmo#915210, bmo#915576, bmo#916685) |
|
8066b2bdabfb
update xulrunner to 24.2.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
678
diff
changeset
|
199 |
Miscellaneous use-after-free issues found through ASAN fuzzing |
|
8066b2bdabfb
update xulrunner to 24.2.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
678
diff
changeset
|
200 |
* MFSA 2013-101/CVE-2013-5602 (bmo#897678) |
|
8066b2bdabfb
update xulrunner to 24.2.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
678
diff
changeset
|
201 |
Memory corruption in workers |
|
8066b2bdabfb
update xulrunner to 24.2.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
678
diff
changeset
|
202 |
|
|
8066b2bdabfb
update xulrunner to 24.2.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
678
diff
changeset
|
203 |
------------------------------------------------------------------- |
|
8066b2bdabfb
update xulrunner to 24.2.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
678
diff
changeset
|
204 |
Thu Sep 12 10:06:08 UTC 2013 - wr@rosenauer.org |
|
8066b2bdabfb
update xulrunner to 24.2.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
678
diff
changeset
|
205 |
|
|
8066b2bdabfb
update xulrunner to 24.2.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
678
diff
changeset
|
206 |
- update to 17.0.9esr (bnc#840485) |
|
8066b2bdabfb
update xulrunner to 24.2.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
678
diff
changeset
|
207 |
* MFSA 2013-65/CVE-2013-1705 (bmo#882865) |
|
8066b2bdabfb
update xulrunner to 24.2.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
678
diff
changeset
|
208 |
Buffer underflow when generating CRMF requests |
|
8066b2bdabfb
update xulrunner to 24.2.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
678
diff
changeset
|
209 |
* MFSA 2013-76/CVE-2013-1718 |
|
8066b2bdabfb
update xulrunner to 24.2.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
678
diff
changeset
|
210 |
Miscellaneous memory safety hazards |
|
8066b2bdabfb
update xulrunner to 24.2.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
678
diff
changeset
|
211 |
* MFSA 2013-79/CVE-2013-1722 (bmo#893308) |
|
8066b2bdabfb
update xulrunner to 24.2.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
678
diff
changeset
|
212 |
Use-after-free in Animation Manager during stylesheet cloning |
|
8066b2bdabfb
update xulrunner to 24.2.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
678
diff
changeset
|
213 |
* MFSA 2013-82/CVE-2013-1725 (bmo#876762) |
|
8066b2bdabfb
update xulrunner to 24.2.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
678
diff
changeset
|
214 |
Calling scope for new Javascript objects can lead to memory corruption |
|
8066b2bdabfb
update xulrunner to 24.2.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
678
diff
changeset
|
215 |
* MFSA 2013-88/CVE-2013-1730 (bmo#851353) |
|
8066b2bdabfb
update xulrunner to 24.2.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
678
diff
changeset
|
216 |
Compartment mismatch re-attaching XBL-backed nodes |
|
8066b2bdabfb
update xulrunner to 24.2.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
678
diff
changeset
|
217 |
* MFSA 2013-89/CVE-2013-1732 (bmo#883514) |
|
8066b2bdabfb
update xulrunner to 24.2.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
678
diff
changeset
|
218 |
Buffer overflow with multi-column, lists, and floats |
|
8066b2bdabfb
update xulrunner to 24.2.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
678
diff
changeset
|
219 |
* MFSA 2013-90/CVE-2013-1735/CVE-2013-1736 (bmo#898871, bmo#906301) |
|
8066b2bdabfb
update xulrunner to 24.2.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
678
diff
changeset
|
220 |
Memory corruption involving scrolling |
|
8066b2bdabfb
update xulrunner to 24.2.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
678
diff
changeset
|
221 |
* MFSA 2013-91/CVE-2013-1737 (bmo#907727) |
|
8066b2bdabfb
update xulrunner to 24.2.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
678
diff
changeset
|
222 |
User-defined properties on DOM proxies get the wrong "this" object |
|
8066b2bdabfb
update xulrunner to 24.2.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
678
diff
changeset
|
223 |
|
|
8066b2bdabfb
update xulrunner to 24.2.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
678
diff
changeset
|
224 |
------------------------------------------------------------------- |
|
670
0b1f7ee785d3
update xulrunner base to 24.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
595
diff
changeset
|
225 |
Fri Aug 2 10:56:43 UTC 2013 - wr@rosenauer.org |
|
0b1f7ee785d3
update xulrunner base to 24.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
595
diff
changeset
|
226 |
|
|
0b1f7ee785d3
update xulrunner base to 24.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
595
diff
changeset
|
227 |
- update to 17.0.8esr (bnc#833389) |
|
0b1f7ee785d3
update xulrunner base to 24.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
595
diff
changeset
|
228 |
* MFSA 2013-63/CVE-2013-1701 |
|
0b1f7ee785d3
update xulrunner base to 24.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
595
diff
changeset
|
229 |
Miscellaneous memory safety hazards |
|
0b1f7ee785d3
update xulrunner base to 24.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
595
diff
changeset
|
230 |
* MFSA 2013-68/CVE-2013-1709 (bmo#838253) |
|
0b1f7ee785d3
update xulrunner base to 24.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
595
diff
changeset
|
231 |
Document URI misrepresentation and masquerading |
|
0b1f7ee785d3
update xulrunner base to 24.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
595
diff
changeset
|
232 |
* MFSA 2013-69/CVE-2013-1710 (bmo#871368) |
|
0b1f7ee785d3
update xulrunner base to 24.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
595
diff
changeset
|
233 |
CRMF requests allow for code execution and XSS attacks |
|
0b1f7ee785d3
update xulrunner base to 24.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
595
diff
changeset
|
234 |
* MFSA 2013-72/CVE-2013-1713 (bmo#887098) |
|
0b1f7ee785d3
update xulrunner base to 24.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
595
diff
changeset
|
235 |
Wrong principal used for validating URI for some Javascript |
|
0b1f7ee785d3
update xulrunner base to 24.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
595
diff
changeset
|
236 |
components |
|
0b1f7ee785d3
update xulrunner base to 24.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
595
diff
changeset
|
237 |
* MFSA 2013-73/CVE-2013-1714 (bmo#879787) |
|
0b1f7ee785d3
update xulrunner base to 24.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
595
diff
changeset
|
238 |
Same-origin bypass with web workers and XMLHttpRequest |
|
0b1f7ee785d3
update xulrunner base to 24.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
595
diff
changeset
|
239 |
* MFSA 2013-75/CVE-2013-1717 (bmo#406541, bmo#738397) |
|
0b1f7ee785d3
update xulrunner base to 24.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
595
diff
changeset
|
240 |
Local Java applets may read contents of local file system |
|
0b1f7ee785d3
update xulrunner base to 24.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
595
diff
changeset
|
241 |
|
|
0b1f7ee785d3
update xulrunner base to 24.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
595
diff
changeset
|
242 |
------------------------------------------------------------------- |
|
0b1f7ee785d3
update xulrunner base to 24.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
595
diff
changeset
|
243 |
Mon Jun 24 15:26:27 UTC 2013 - wr@rosenauer.org |
|
0b1f7ee785d3
update xulrunner base to 24.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
595
diff
changeset
|
244 |
|
|
0b1f7ee785d3
update xulrunner base to 24.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
595
diff
changeset
|
245 |
- update to 17.0.7esr (bnc#825935) |
|
0b1f7ee785d3
update xulrunner base to 24.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
595
diff
changeset
|
246 |
* MFSA 2013-49/CVE-2013-1682 |
|
0b1f7ee785d3
update xulrunner base to 24.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
595
diff
changeset
|
247 |
Miscellaneous memory safety hazards |
|
0b1f7ee785d3
update xulrunner base to 24.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
595
diff
changeset
|
248 |
* MFSA 2013-50/CVE-2013-1684/CVE-2013-1685/CVE-2013-1686 |
|
0b1f7ee785d3
update xulrunner base to 24.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
595
diff
changeset
|
249 |
Memory corruption found using Address Sanitizer |
|
0b1f7ee785d3
update xulrunner base to 24.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
595
diff
changeset
|
250 |
* MFSA 2013-51/CVE-2013-1687 (bmo#863933, bmo#866823) |
|
0b1f7ee785d3
update xulrunner base to 24.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
595
diff
changeset
|
251 |
Privileged content access and execution via XBL |
|
0b1f7ee785d3
update xulrunner base to 24.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
595
diff
changeset
|
252 |
* MFSA 2013-53/CVE-2013-1690 (bmo#857883) |
|
0b1f7ee785d3
update xulrunner base to 24.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
595
diff
changeset
|
253 |
Execution of unmapped memory through onreadystatechange event |
|
0b1f7ee785d3
update xulrunner base to 24.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
595
diff
changeset
|
254 |
* MFSA 2013-54/CVE-2013-1692 (bmo#866915) |
|
0b1f7ee785d3
update xulrunner base to 24.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
595
diff
changeset
|
255 |
Data in the body of XHR HEAD requests leads to CSRF attacks |
|
0b1f7ee785d3
update xulrunner base to 24.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
595
diff
changeset
|
256 |
* MFSA 2013-55/CVE-2013-1693 (bmo#711043) |
|
0b1f7ee785d3
update xulrunner base to 24.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
595
diff
changeset
|
257 |
SVG filters can lead to information disclosure |
|
0b1f7ee785d3
update xulrunner base to 24.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
595
diff
changeset
|
258 |
* MFSA 2013-56/CVE-2013-1694 (bmo#848535) |
|
0b1f7ee785d3
update xulrunner base to 24.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
595
diff
changeset
|
259 |
PreserveWrapper has inconsistent behavior |
|
0b1f7ee785d3
update xulrunner base to 24.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
595
diff
changeset
|
260 |
* MFSA 2013-59/CVE-2013-1697 (bmo#858101) |
|
0b1f7ee785d3
update xulrunner base to 24.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
595
diff
changeset
|
261 |
XrayWrappers can be bypassed to run user defined methods in a |
|
0b1f7ee785d3
update xulrunner base to 24.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
595
diff
changeset
|
262 |
privileged context |
|
0b1f7ee785d3
update xulrunner base to 24.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
595
diff
changeset
|
263 |
|
|
0b1f7ee785d3
update xulrunner base to 24.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
595
diff
changeset
|
264 |
------------------------------------------------------------------- |
|
0b1f7ee785d3
update xulrunner base to 24.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
595
diff
changeset
|
265 |
Tue Jun 4 16:24:51 UTC 2013 - dvaleev@suse.com |
|
0b1f7ee785d3
update xulrunner base to 24.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
595
diff
changeset
|
266 |
|
|
0b1f7ee785d3
update xulrunner base to 24.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
595
diff
changeset
|
267 |
- Fix build on powerpc (ppc-xpcshell.patch) |
|
0b1f7ee785d3
update xulrunner base to 24.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
595
diff
changeset
|
268 |
|
|
0b1f7ee785d3
update xulrunner base to 24.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
595
diff
changeset
|
269 |
------------------------------------------------------------------- |
|
0b1f7ee785d3
update xulrunner base to 24.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
595
diff
changeset
|
270 |
Fri May 10 17:27:23 UTC 2013 - wr@rosenauer.org |
|
0b1f7ee785d3
update xulrunner base to 24.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
595
diff
changeset
|
271 |
|
|
0b1f7ee785d3
update xulrunner base to 24.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
595
diff
changeset
|
272 |
- update to 17.0.6esr (bnc#819204) |
|
0b1f7ee785d3
update xulrunner base to 24.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
595
diff
changeset
|
273 |
* MFSA 2013-41/CVE-2013-0801/CVE-2013-1669 |
|
0b1f7ee785d3
update xulrunner base to 24.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
595
diff
changeset
|
274 |
Miscellaneous memory safety hazards |
|
0b1f7ee785d3
update xulrunner base to 24.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
595
diff
changeset
|
275 |
* MFSA 2013-42/CVE-2013-1670 (bmo#853709) |
|
0b1f7ee785d3
update xulrunner base to 24.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
595
diff
changeset
|
276 |
Privileged access for content level constructor |
|
0b1f7ee785d3
update xulrunner base to 24.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
595
diff
changeset
|
277 |
* MFSA 2013-46/CVE-2013-1674 (bmo#860971) |
|
0b1f7ee785d3
update xulrunner base to 24.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
595
diff
changeset
|
278 |
Use-after-free with video and onresize event |
|
0b1f7ee785d3
update xulrunner base to 24.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
595
diff
changeset
|
279 |
* MFSA 2013-47/CVE-2013-1675 (bmo#866825) |
|
0b1f7ee785d3
update xulrunner base to 24.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
595
diff
changeset
|
280 |
Uninitialized functions in DOMSVGZoomEvent |
|
0b1f7ee785d3
update xulrunner base to 24.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
595
diff
changeset
|
281 |
* MFSA 2013-48/CVE-2013-1676/CVE-2013-1677/CVE-2013-1678/ |
|
0b1f7ee785d3
update xulrunner base to 24.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
595
diff
changeset
|
282 |
CVE-2013-1679/CVE-2013-1680/CVE-2013-1681 |
|
0b1f7ee785d3
update xulrunner base to 24.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
595
diff
changeset
|
283 |
Memory corruption found using Address Sanitizer |
|
0b1f7ee785d3
update xulrunner base to 24.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
595
diff
changeset
|
284 |
|
|
0b1f7ee785d3
update xulrunner base to 24.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
595
diff
changeset
|
285 |
------------------------------------------------------------------- |
|
0b1f7ee785d3
update xulrunner base to 24.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
595
diff
changeset
|
286 |
Fri Mar 29 16:27:59 UTC 2013 - wr@rosenauer.org |
|
0b1f7ee785d3
update xulrunner base to 24.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
595
diff
changeset
|
287 |
|
|
0b1f7ee785d3
update xulrunner base to 24.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
595
diff
changeset
|
288 |
- update to 17.0.5esr (bnc#813026) |
|
0b1f7ee785d3
update xulrunner base to 24.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
595
diff
changeset
|
289 |
* requires NSPR 4.9.5 and NSS 3.14.3 |
|
0b1f7ee785d3
update xulrunner base to 24.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
595
diff
changeset
|
290 |
* MFSA 2013-30/CVE-2013-0788 |
|
0b1f7ee785d3
update xulrunner base to 24.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
595
diff
changeset
|
291 |
Miscellaneous memory safety hazards |
|
0b1f7ee785d3
update xulrunner base to 24.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
595
diff
changeset
|
292 |
* MFSA 2013-31/CVE-2013-0800 (bmo#825721) |
|
0b1f7ee785d3
update xulrunner base to 24.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
595
diff
changeset
|
293 |
Out-of-bounds write in Cairo library |
|
0b1f7ee785d3
update xulrunner base to 24.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
595
diff
changeset
|
294 |
* MFSA 2013-35/CVE-2013-0796 (bmo#827106) |
|
0b1f7ee785d3
update xulrunner base to 24.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
595
diff
changeset
|
295 |
WebGL crash with Mesa graphics driver on Linux |
|
0b1f7ee785d3
update xulrunner base to 24.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
595
diff
changeset
|
296 |
* MFSA 2013-36/CVE-2013-0795 (bmo#825697) |
|
0b1f7ee785d3
update xulrunner base to 24.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
595
diff
changeset
|
297 |
Bypass of SOW protections allows cloning of protected nodes |
|
0b1f7ee785d3
update xulrunner base to 24.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
595
diff
changeset
|
298 |
* MFSA 2013-37/CVE-2013-0794 (bmo#626775) |
|
0b1f7ee785d3
update xulrunner base to 24.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
595
diff
changeset
|
299 |
Bypass of tab-modal dialog origin disclosure |
|
0b1f7ee785d3
update xulrunner base to 24.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
595
diff
changeset
|
300 |
* MFSA 2013-38/CVE-2013-0793 (bmo#803870) |
|
0b1f7ee785d3
update xulrunner base to 24.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
595
diff
changeset
|
301 |
Cross-site scripting (XSS) using timed history navigations |
|
0b1f7ee785d3
update xulrunner base to 24.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
595
diff
changeset
|
302 |
|
|
0b1f7ee785d3
update xulrunner base to 24.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
595
diff
changeset
|
303 |
------------------------------------------------------------------- |
|
0b1f7ee785d3
update xulrunner base to 24.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
595
diff
changeset
|
304 |
Fri Mar 8 09:00:09 UTC 2013 - wr@rosenauer.org |
|
0b1f7ee785d3
update xulrunner base to 24.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
595
diff
changeset
|
305 |
|
|
0b1f7ee785d3
update xulrunner base to 24.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
595
diff
changeset
|
306 |
- update to 17.0.4esr (bnc#808243) |
|
0b1f7ee785d3
update xulrunner base to 24.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
595
diff
changeset
|
307 |
* MFSA 2013-29/CVE-2013-0787 (bmo#848644) |
|
0b1f7ee785d3
update xulrunner base to 24.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
595
diff
changeset
|
308 |
Use-after-free in HTML Editor |
|
0b1f7ee785d3
update xulrunner base to 24.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
595
diff
changeset
|
309 |
|
|
0b1f7ee785d3
update xulrunner base to 24.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
595
diff
changeset
|
310 |
------------------------------------------------------------------- |
|
0b1f7ee785d3
update xulrunner base to 24.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
595
diff
changeset
|
311 |
Sat Feb 16 17:38:21 UTC 2013 - wr@rosenauer.org |
|
0b1f7ee785d3
update xulrunner base to 24.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
595
diff
changeset
|
312 |
|
|
0b1f7ee785d3
update xulrunner base to 24.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
595
diff
changeset
|
313 |
- update to 17.0.3esr (bnc#804248) |
|
0b1f7ee785d3
update xulrunner base to 24.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
595
diff
changeset
|
314 |
* MFSA 2013-21/CVE-2013-0783 |
|
0b1f7ee785d3
update xulrunner base to 24.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
595
diff
changeset
|
315 |
Miscellaneous memory safety hazards |
|
0b1f7ee785d3
update xulrunner base to 24.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
595
diff
changeset
|
316 |
* MFSA 2013-24/CVE-2013-0773 (bmo#809652) |
|
0b1f7ee785d3
update xulrunner base to 24.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
595
diff
changeset
|
317 |
Web content bypass of COW and SOW security wrappers |
|
0b1f7ee785d3
update xulrunner base to 24.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
595
diff
changeset
|
318 |
* MFSA 2013-25/CVE-2013-0774 (bmo#827193) |
|
0b1f7ee785d3
update xulrunner base to 24.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
595
diff
changeset
|
319 |
Privacy leak in JavaScript Workers |
|
0b1f7ee785d3
update xulrunner base to 24.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
595
diff
changeset
|
320 |
* MFSA 2013-26/CVE-2013-0775 (bmo#831095) |
|
0b1f7ee785d3
update xulrunner base to 24.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
595
diff
changeset
|
321 |
Use-after-free in nsImageLoadingContent |
|
0b1f7ee785d3
update xulrunner base to 24.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
595
diff
changeset
|
322 |
* MFSA 2013-27/CVE-2013-0776 (bmo#796475) |
|
0b1f7ee785d3
update xulrunner base to 24.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
595
diff
changeset
|
323 |
Phishing on HTTPS connection through malicious proxy |
|
0b1f7ee785d3
update xulrunner base to 24.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
595
diff
changeset
|
324 |
* MFSA 2013-28/CVE-2013-0780/CVE-2013-0782 |
|
0b1f7ee785d3
update xulrunner base to 24.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
595
diff
changeset
|
325 |
Use-after-free, out of bounds read, and buffer overflow issues |
|
0b1f7ee785d3
update xulrunner base to 24.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
595
diff
changeset
|
326 |
found using Address Sanitizer |
|
0b1f7ee785d3
update xulrunner base to 24.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
595
diff
changeset
|
327 |
|
|
0b1f7ee785d3
update xulrunner base to 24.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
595
diff
changeset
|
328 |
------------------------------------------------------------------- |
|
0b1f7ee785d3
update xulrunner base to 24.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
595
diff
changeset
|
329 |
Sat Jan 5 14:46:06 UTC 2013 - wr@rosenauer.org |
|
0b1f7ee785d3
update xulrunner base to 24.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
595
diff
changeset
|
330 |
|
|
0b1f7ee785d3
update xulrunner base to 24.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
595
diff
changeset
|
331 |
- update to 17.0.2esr (bnc#796895) |
|
0b1f7ee785d3
update xulrunner base to 24.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
595
diff
changeset
|
332 |
* MFSA 2013-01/CVE-2013-0749/CVE-2013-0769/CVE-2013-0770 |
|
0b1f7ee785d3
update xulrunner base to 24.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
595
diff
changeset
|
333 |
Miscellaneous memory safety hazards |
|
0b1f7ee785d3
update xulrunner base to 24.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
595
diff
changeset
|
334 |
* MFSA 2013-02/CVE-2013-0760/CVE-2013-0762/CVE-2013-0766/CVE-2013-0767 |
|
0b1f7ee785d3
update xulrunner base to 24.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
595
diff
changeset
|
335 |
CVE-2013-0761/CVE-2013-0763/CVE-2013-0771/CVE-2012-5829 |
|
0b1f7ee785d3
update xulrunner base to 24.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
595
diff
changeset
|
336 |
Use-after-free and buffer overflow issues found using Address Sanitizer |
|
0b1f7ee785d3
update xulrunner base to 24.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
595
diff
changeset
|
337 |
* MFSA 2013-03/CVE-2013-0768 (bmo#815795) |
|
0b1f7ee785d3
update xulrunner base to 24.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
595
diff
changeset
|
338 |
Buffer Overflow in Canvas |
|
0b1f7ee785d3
update xulrunner base to 24.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
595
diff
changeset
|
339 |
* MFSA 2013-04/CVE-2012-0759 (bmo#802026) |
|
0b1f7ee785d3
update xulrunner base to 24.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
595
diff
changeset
|
340 |
URL spoofing in addressbar during page loads |
|
0b1f7ee785d3
update xulrunner base to 24.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
595
diff
changeset
|
341 |
* MFSA 2013-05/CVE-2013-0744 (bmo#814713) |
|
0b1f7ee785d3
update xulrunner base to 24.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
595
diff
changeset
|
342 |
Use-after-free when displaying table with many columns and column groups |
|
0b1f7ee785d3
update xulrunner base to 24.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
595
diff
changeset
|
343 |
* MFSA 2013-07/CVE-2013-0764 (bmo#804237) |
|
0b1f7ee785d3
update xulrunner base to 24.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
595
diff
changeset
|
344 |
Crash due to handling of SSL on threads |
|
0b1f7ee785d3
update xulrunner base to 24.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
595
diff
changeset
|
345 |
* MFSA 2013-08/CVE-2013-0745 (bmo#794158) |
|
0b1f7ee785d3
update xulrunner base to 24.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
595
diff
changeset
|
346 |
AutoWrapperChanger fails to keep objects alive during garbage collection |
|
0b1f7ee785d3
update xulrunner base to 24.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
595
diff
changeset
|
347 |
* MFSA 2013-09/CVE-2013-0746 (bmo#816842) |
|
0b1f7ee785d3
update xulrunner base to 24.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
595
diff
changeset
|
348 |
Compartment mismatch with quickstubs returned values |
|
0b1f7ee785d3
update xulrunner base to 24.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
595
diff
changeset
|
349 |
* MFSA 2013-10/CVE-2013-0747 (bmo#733305) |
|
0b1f7ee785d3
update xulrunner base to 24.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
595
diff
changeset
|
350 |
Event manipulation in plugin handler to bypass same-origin policy |
|
0b1f7ee785d3
update xulrunner base to 24.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
595
diff
changeset
|
351 |
* MFSA 2013-11/CVE-2013-0748 (bmo#806031) |
|
0b1f7ee785d3
update xulrunner base to 24.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
595
diff
changeset
|
352 |
Address space layout leaked in XBL objects |
|
0b1f7ee785d3
update xulrunner base to 24.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
595
diff
changeset
|
353 |
* MFSA 2013-12/CVE-2013-0750 (bmo#805121) |
|
0b1f7ee785d3
update xulrunner base to 24.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
595
diff
changeset
|
354 |
Buffer overflow in Javascript string concatenation |
|
0b1f7ee785d3
update xulrunner base to 24.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
595
diff
changeset
|
355 |
* MFSA 2013-13/CVE-2013-0752 (bmo#805024) |
|
0b1f7ee785d3
update xulrunner base to 24.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
595
diff
changeset
|
356 |
Memory corruption in XBL with XML bindings containing SVG |
|
0b1f7ee785d3
update xulrunner base to 24.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
595
diff
changeset
|
357 |
* MFSA 2013-14/CVE-2013-0757 (bmo#813901) |
|
0b1f7ee785d3
update xulrunner base to 24.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
595
diff
changeset
|
358 |
Chrome Object Wrapper (COW) bypass through changing prototype |
|
0b1f7ee785d3
update xulrunner base to 24.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
595
diff
changeset
|
359 |
* MFSA 2013-15/CVE-2013-0758 (bmo#813906) |
|
0b1f7ee785d3
update xulrunner base to 24.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
595
diff
changeset
|
360 |
Privilege escalation through plugin objects |
|
0b1f7ee785d3
update xulrunner base to 24.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
595
diff
changeset
|
361 |
* MFSA 2013-16/CVE-2013-0753 (bmo#814001) |
|
0b1f7ee785d3
update xulrunner base to 24.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
595
diff
changeset
|
362 |
Use-after-free in serializeToStream |
|
0b1f7ee785d3
update xulrunner base to 24.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
595
diff
changeset
|
363 |
* MFSA 2013-17/CVE-2013-0754 (bmo#814026) |
|
0b1f7ee785d3
update xulrunner base to 24.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
595
diff
changeset
|
364 |
Use-after-free in ListenerManager |
|
0b1f7ee785d3
update xulrunner base to 24.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
595
diff
changeset
|
365 |
* MFSA 2013-18/CVE-2013-0755 (bmo#814027) |
|
0b1f7ee785d3
update xulrunner base to 24.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
595
diff
changeset
|
366 |
Use-after-free in Vibrate |
|
0b1f7ee785d3
update xulrunner base to 24.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
595
diff
changeset
|
367 |
* MFSA 2013-19/CVE-2013-0756 (bmo#814029) |
|
0b1f7ee785d3
update xulrunner base to 24.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
595
diff
changeset
|
368 |
Use-after-free in Javascript Proxy objects |
|
0b1f7ee785d3
update xulrunner base to 24.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
595
diff
changeset
|
369 |
- requires NSS 3.14.1 (MFSA 2013-20, CVE-2013-0743) |
|
0b1f7ee785d3
update xulrunner base to 24.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
595
diff
changeset
|
370 |
- build on SLE11 |
|
0b1f7ee785d3
update xulrunner base to 24.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
595
diff
changeset
|
371 |
* mozilla-gcc43-enums.patch |
|
0b1f7ee785d3
update xulrunner base to 24.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
595
diff
changeset
|
372 |
* mozilla-gcc43-template_hacks.patch |
|
0b1f7ee785d3
update xulrunner base to 24.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
595
diff
changeset
|
373 |
* mozilla-gcc43-templates_instantiation.patch |
|
0b1f7ee785d3
update xulrunner base to 24.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
595
diff
changeset
|
374 |
|
| 595 | 375 |
------------------------------------------------------------------- |
376 |
Thu Nov 29 20:04:34 UTC 2012 - wr@rosenauer.org |
|
377 |
||
378 |
- update to 17.0.1 |
|
379 |
* regression/compatibility fixes |
|
380 |
||
| 535 | 381 |
------------------------------------------------------------------- |
|
585
5a44d417c9b5
prepare for Beta 18 phase
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
535
diff
changeset
|
382 |
Tue Nov 20 20:15:23 UTC 2012 - wr@rosenauer.org |
|
5a44d417c9b5
prepare for Beta 18 phase
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
535
diff
changeset
|
383 |
|
|
5a44d417c9b5
prepare for Beta 18 phase
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
535
diff
changeset
|
384 |
- update to 17.0 (bnc#790140) |
|
5a44d417c9b5
prepare for Beta 18 phase
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
535
diff
changeset
|
385 |
* MFSA 2012-91/CVE-2012-5842/CVE-2012-5843 |
|
5a44d417c9b5
prepare for Beta 18 phase
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
535
diff
changeset
|
386 |
Miscellaneous memory safety hazards |
|
5a44d417c9b5
prepare for Beta 18 phase
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
535
diff
changeset
|
387 |
* MFSA 2012-92/CVE-2012-4202 (bmo#758200) |
|
5a44d417c9b5
prepare for Beta 18 phase
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
535
diff
changeset
|
388 |
Buffer overflow while rendering GIF images |
|
5a44d417c9b5
prepare for Beta 18 phase
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
535
diff
changeset
|
389 |
* MFSA 2012-93/CVE-2012-4201 (bmo#747607) |
|
5a44d417c9b5
prepare for Beta 18 phase
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
535
diff
changeset
|
390 |
evalInSanbox location context incorrectly applied |
|
5a44d417c9b5
prepare for Beta 18 phase
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
535
diff
changeset
|
391 |
* MFSA 2012-94/CVE-2012-5836 (bmo#792857) |
|
5a44d417c9b5
prepare for Beta 18 phase
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
535
diff
changeset
|
392 |
Crash when combining SVG text on path with CSS |
|
5a44d417c9b5
prepare for Beta 18 phase
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
535
diff
changeset
|
393 |
* MFSA 2012-95/CVE-2012-4203 (bmo#765628) |
|
5a44d417c9b5
prepare for Beta 18 phase
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
535
diff
changeset
|
394 |
Javascript: URLs run in privileged context on New Tab page |
|
5a44d417c9b5
prepare for Beta 18 phase
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
535
diff
changeset
|
395 |
* MFSA 2012-96/CVE-2012-4204 (bmo#778603) |
|
5a44d417c9b5
prepare for Beta 18 phase
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
535
diff
changeset
|
396 |
Memory corruption in str_unescape |
|
5a44d417c9b5
prepare for Beta 18 phase
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
535
diff
changeset
|
397 |
* MFSA 2012-97/CVE-2012-4205 (bmo#779821) |
|
5a44d417c9b5
prepare for Beta 18 phase
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
535
diff
changeset
|
398 |
XMLHttpRequest inherits incorrect principal within sandbox |
|
5a44d417c9b5
prepare for Beta 18 phase
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
535
diff
changeset
|
399 |
* MFSA 2012-99/CVE-2012-4208 (bmo#798264) |
|
5a44d417c9b5
prepare for Beta 18 phase
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
535
diff
changeset
|
400 |
XrayWrappers exposes chrome-only properties when not in chrome |
|
5a44d417c9b5
prepare for Beta 18 phase
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
535
diff
changeset
|
401 |
compartment |
|
5a44d417c9b5
prepare for Beta 18 phase
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
535
diff
changeset
|
402 |
* MFSA 2012-100/CVE-2012-5841 (bmo#805807) |
|
5a44d417c9b5
prepare for Beta 18 phase
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
535
diff
changeset
|
403 |
Improper security filtering for cross-origin wrappers |
|
5a44d417c9b5
prepare for Beta 18 phase
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
535
diff
changeset
|
404 |
* MFSA 2012-101/CVE-2012-4207 (bmo#801681) |
|
5a44d417c9b5
prepare for Beta 18 phase
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
535
diff
changeset
|
405 |
Improper character decoding in HZ-GB-2312 charset |
|
5a44d417c9b5
prepare for Beta 18 phase
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
535
diff
changeset
|
406 |
* MFSA 2012-102/CVE-2012-5837 (bmo#800363) |
|
5a44d417c9b5
prepare for Beta 18 phase
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
535
diff
changeset
|
407 |
Script entered into Developer Toolbar runs with chrome privileges |
|
5a44d417c9b5
prepare for Beta 18 phase
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
535
diff
changeset
|
408 |
* MFSA 2012-103/CVE-2012-4209 (bmo#792405) |
|
5a44d417c9b5
prepare for Beta 18 phase
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
535
diff
changeset
|
409 |
Frames can shadow top.location |
|
5a44d417c9b5
prepare for Beta 18 phase
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
535
diff
changeset
|
410 |
* MFSA 2012-104/CVE-2012-4210 (bmo#796866) |
|
5a44d417c9b5
prepare for Beta 18 phase
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
535
diff
changeset
|
411 |
CSS and HTML injection through Style Inspector |
|
5a44d417c9b5
prepare for Beta 18 phase
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
535
diff
changeset
|
412 |
* MFSA 2012-105/CVE-2012-4214/CVE-2012-4215/CVE-2012-4216/ |
|
5a44d417c9b5
prepare for Beta 18 phase
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
535
diff
changeset
|
413 |
CVE-2012-5829/CVE-2012-5839/CVE-2012-5840/CVE-2012-4212/ |
|
5a44d417c9b5
prepare for Beta 18 phase
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
535
diff
changeset
|
414 |
CVE-2012-4213/CVE-2012-4217/CVE-2012-4218 |
|
5a44d417c9b5
prepare for Beta 18 phase
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
535
diff
changeset
|
415 |
Use-after-free and buffer overflow issues found using Address |
|
5a44d417c9b5
prepare for Beta 18 phase
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
535
diff
changeset
|
416 |
Sanitizer |
|
5a44d417c9b5
prepare for Beta 18 phase
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
535
diff
changeset
|
417 |
* MFSA 2012-106/CVE-2012-5830/CVE-2012-5833/CVE-2012-5835/CVE-2012-5838 |
|
5a44d417c9b5
prepare for Beta 18 phase
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
535
diff
changeset
|
418 |
Use-after-free, buffer overflow, and memory corruption issues |
|
5a44d417c9b5
prepare for Beta 18 phase
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
535
diff
changeset
|
419 |
found using Address Sanitizer |
|
5a44d417c9b5
prepare for Beta 18 phase
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
535
diff
changeset
|
420 |
- rebased patches |
|
5a44d417c9b5
prepare for Beta 18 phase
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
535
diff
changeset
|
421 |
- disabled WebRTC since build is broken (bmo#776877) |
|
5a44d417c9b5
prepare for Beta 18 phase
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
535
diff
changeset
|
422 |
|
|
5a44d417c9b5
prepare for Beta 18 phase
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
535
diff
changeset
|
423 |
------------------------------------------------------------------- |
|
5a44d417c9b5
prepare for Beta 18 phase
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
535
diff
changeset
|
424 |
Wed Oct 24 08:28:49 UTC 2012 - wr@rosenauer.org |
| 535 | 425 |
|
|
585
5a44d417c9b5
prepare for Beta 18 phase
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
535
diff
changeset
|
426 |
- update to 16.0.2 (bnc#786522) |
|
5a44d417c9b5
prepare for Beta 18 phase
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
535
diff
changeset
|
427 |
* MFSA 2012-90/CVE-2012-4194/CVE-2012-4195/CVE-2012-4196 |
|
5a44d417c9b5
prepare for Beta 18 phase
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
535
diff
changeset
|
428 |
(bmo#800666, bmo#793121, bmo#802557) |
|
5a44d417c9b5
prepare for Beta 18 phase
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
535
diff
changeset
|
429 |
Fixes for Location object issues |
|
5a44d417c9b5
prepare for Beta 18 phase
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
535
diff
changeset
|
430 |
|
|
5a44d417c9b5
prepare for Beta 18 phase
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
535
diff
changeset
|
431 |
------------------------------------------------------------------- |
|
5a44d417c9b5
prepare for Beta 18 phase
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
535
diff
changeset
|
432 |
Thu Oct 11 01:50:19 UTC 2012 - wr@rosenauer.org |
|
5a44d417c9b5
prepare for Beta 18 phase
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
535
diff
changeset
|
433 |
|
|
5a44d417c9b5
prepare for Beta 18 phase
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
535
diff
changeset
|
434 |
- update to 16.0.1 (bnc#783533) |
|
5a44d417c9b5
prepare for Beta 18 phase
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
535
diff
changeset
|
435 |
* MFSA 2012-88/CVE-2012-4191 (bmo#798045) |
|
5a44d417c9b5
prepare for Beta 18 phase
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
535
diff
changeset
|
436 |
Miscellaneous memory safety hazards |
|
5a44d417c9b5
prepare for Beta 18 phase
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
535
diff
changeset
|
437 |
* MFSA 2012-89/CVE-2012-4192/CVE-2012-4193 (bmo#799952, bmo#720619) |
|
5a44d417c9b5
prepare for Beta 18 phase
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
535
diff
changeset
|
438 |
defaultValue security checks not applied |
|
5a44d417c9b5
prepare for Beta 18 phase
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
535
diff
changeset
|
439 |
|
|
5a44d417c9b5
prepare for Beta 18 phase
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
535
diff
changeset
|
440 |
------------------------------------------------------------------- |
|
5a44d417c9b5
prepare for Beta 18 phase
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
535
diff
changeset
|
441 |
Sun Oct 7 21:41:01 UTC 2012 - wr@rosenauer.org |
|
5a44d417c9b5
prepare for Beta 18 phase
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
535
diff
changeset
|
442 |
|
|
5a44d417c9b5
prepare for Beta 18 phase
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
535
diff
changeset
|
443 |
- update to 16.0 (bnc#783533) |
|
5a44d417c9b5
prepare for Beta 18 phase
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
535
diff
changeset
|
444 |
* MFSA 2012-74/CVE-2012-3982/CVE-2012-3983 |
|
5a44d417c9b5
prepare for Beta 18 phase
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
535
diff
changeset
|
445 |
Miscellaneous memory safety hazards |
|
5a44d417c9b5
prepare for Beta 18 phase
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
535
diff
changeset
|
446 |
* MFSA 2012-75/CVE-2012-3984 (bmo#575294) |
|
5a44d417c9b5
prepare for Beta 18 phase
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
535
diff
changeset
|
447 |
select element persistance allows for attacks |
|
5a44d417c9b5
prepare for Beta 18 phase
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
535
diff
changeset
|
448 |
* MFSA 2012-76/CVE-2012-3985 (bmo#655649) |
|
5a44d417c9b5
prepare for Beta 18 phase
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
535
diff
changeset
|
449 |
Continued access to initial origin after setting document.domain |
|
5a44d417c9b5
prepare for Beta 18 phase
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
535
diff
changeset
|
450 |
* MFSA 2012-77/CVE-2012-3986 (bmo#775868) |
|
5a44d417c9b5
prepare for Beta 18 phase
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
535
diff
changeset
|
451 |
Some DOMWindowUtils methods bypass security checks |
|
5a44d417c9b5
prepare for Beta 18 phase
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
535
diff
changeset
|
452 |
* MFSA 2012-79/CVE-2012-3988 (bmo#725770) |
|
5a44d417c9b5
prepare for Beta 18 phase
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
535
diff
changeset
|
453 |
DOS and crash with full screen and history navigation |
|
5a44d417c9b5
prepare for Beta 18 phase
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
535
diff
changeset
|
454 |
* MFSA 2012-80/CVE-2012-3989 (bmo#783867) |
|
5a44d417c9b5
prepare for Beta 18 phase
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
535
diff
changeset
|
455 |
Crash with invalid cast when using instanceof operator |
|
5a44d417c9b5
prepare for Beta 18 phase
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
535
diff
changeset
|
456 |
* MFSA 2012-81/CVE-2012-3991 (bmo#783260) |
|
5a44d417c9b5
prepare for Beta 18 phase
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
535
diff
changeset
|
457 |
GetProperty function can bypass security checks |
|
5a44d417c9b5
prepare for Beta 18 phase
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
535
diff
changeset
|
458 |
* MFSA 2012-82/CVE-2012-3994 (bmo#765527) |
|
5a44d417c9b5
prepare for Beta 18 phase
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
535
diff
changeset
|
459 |
top object and location property accessible by plugins |
|
5a44d417c9b5
prepare for Beta 18 phase
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
535
diff
changeset
|
460 |
* MFSA 2012-83/CVE-2012-3993/CVE-2012-4184 (bmo#768101, bmo#780370) |
|
5a44d417c9b5
prepare for Beta 18 phase
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
535
diff
changeset
|
461 |
Chrome Object Wrapper (COW) does not disallow acces to privileged |
|
5a44d417c9b5
prepare for Beta 18 phase
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
535
diff
changeset
|
462 |
functions or properties |
|
5a44d417c9b5
prepare for Beta 18 phase
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
535
diff
changeset
|
463 |
* MFSA 2012-84/CVE-2012-3992 (bmo#775009) |
|
5a44d417c9b5
prepare for Beta 18 phase
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
535
diff
changeset
|
464 |
Spoofing and script injection through location.hash |
|
5a44d417c9b5
prepare for Beta 18 phase
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
535
diff
changeset
|
465 |
* MFSA 2012-85/CVE-2012-3995/CVE-2012-4179/CVE-2012-4180/ |
|
5a44d417c9b5
prepare for Beta 18 phase
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
535
diff
changeset
|
466 |
CVE-2012-4181/CVE-2012-4182/CVE-2012-4183 |
|
5a44d417c9b5
prepare for Beta 18 phase
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
535
diff
changeset
|
467 |
Use-after-free, buffer overflow, and out of bounds read issues |
|
5a44d417c9b5
prepare for Beta 18 phase
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
535
diff
changeset
|
468 |
found using Address Sanitizer |
|
5a44d417c9b5
prepare for Beta 18 phase
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
535
diff
changeset
|
469 |
* MFSA 2012-86/CVE-2012-4185/CVE-2012-4186/CVE-2012-4187/ |
|
5a44d417c9b5
prepare for Beta 18 phase
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
535
diff
changeset
|
470 |
CVE-2012-4188 |
|
5a44d417c9b5
prepare for Beta 18 phase
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
535
diff
changeset
|
471 |
Heap memory corruption issues found using Address Sanitizer |
|
5a44d417c9b5
prepare for Beta 18 phase
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
535
diff
changeset
|
472 |
* MFSA 2012-87/CVE-2012-3990 (bmo#787704) |
|
5a44d417c9b5
prepare for Beta 18 phase
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
535
diff
changeset
|
473 |
Use-after-free in the IME State Manager |
|
5a44d417c9b5
prepare for Beta 18 phase
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
535
diff
changeset
|
474 |
- requires NSPR 4.9.2 |
|
5a44d417c9b5
prepare for Beta 18 phase
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
535
diff
changeset
|
475 |
- removed upstreamed mozilla-crashreporter-restart-args.patch |
|
5a44d417c9b5
prepare for Beta 18 phase
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
535
diff
changeset
|
476 |
- updated translations-other with new languages |
| 535 | 477 |
|
| 457 | 478 |
------------------------------------------------------------------- |
| 533 | 479 |
Sun Aug 26 13:48:04 UTC 2012 - wr@rosenauer.org |
| 491 | 480 |
|
| 533 | 481 |
- update to 15.0 (bnc#777588) |
482 |
* MFSA 2012-57/CVE-2012-1970 |
|
483 |
Miscellaneous memory safety hazards |
|
484 |
* MFSA 2012-58/CVE-2012-1972/CVE-2012-1973/CVE-2012-1974/CVE-2012-1975 |
|
485 |
CVE-2012-1976/CVE-2012-3956/CVE-2012-3957/CVE-2012-3958/CVE-2012-3959 |
|
486 |
CVE-2012-3960/CVE-2012-3961/CVE-2012-3962/CVE-2012-3963/CVE-2012-3964 |
|
487 |
Use-after-free issues found using Address Sanitizer |
|
488 |
* MFSA 2012-59/CVE-2012-1956 (bmo#756719) |
|
489 |
Location object can be shadowed using Object.defineProperty |
|
490 |
* MFSA 2012-60/CVE-2012-3965 (bmo#769108) |
|
491 |
Escalation of privilege through about:newtab |
|
492 |
* MFSA 2012-61/CVE-2012-3966 (bmo#775794, bmo#775793) |
|
493 |
Memory corruption with bitmap format images with negative height |
|
494 |
* MFSA 2012-62/CVE-2012-3967/CVE-2012-3968 |
|
495 |
WebGL use-after-free and memory corruption |
|
496 |
* MFSA 2012-63/CVE-2012-3969/CVE-2012-3970 |
|
497 |
SVG buffer overflow and use-after-free issues |
|
498 |
* MFSA 2012-64/CVE-2012-3971 |
|
499 |
Graphite 2 memory corruption |
|
500 |
* MFSA 2012-65/CVE-2012-3972 (bmo#746855) |
|
501 |
Out-of-bounds read in format-number in XSLT |
|
502 |
* MFSA 2012-66/CVE-2012-3973 (bmo#757128) |
|
503 |
HTTPMonitor extension allows for remote debugging without explicit |
|
504 |
activation |
|
505 |
* MFSA 2012-68/CVE-2012-3975 (bmo#770684) |
|
506 |
DOMParser loads linked resources in extensions when parsing |
|
507 |
text/html |
|
508 |
* MFSA 2012-69/CVE-2012-3976 (bmo#768568) |
|
509 |
Incorrect site SSL certificate data display |
|
510 |
* MFSA 2012-70/CVE-2012-3978 (bmo#770429) |
|
511 |
Location object security checks bypassed by chrome code |
|
512 |
* MFSA 2012-72/CVE-2012-3980 (bmo#771859) |
|
513 |
Web console eval capable of executing chrome-privileged code |
|
514 |
- fix HTML5 video crash with GStreamer enabled (bmo#761030) |
|
515 |
- fixed filelist |
|
|
462
2d86bdb4277f
14.0b6 (Aurora->Beta)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
457
diff
changeset
|
516 |
|
| 491 | 517 |
------------------------------------------------------------------- |
| 535 | 518 |
Fri Aug 17 13:09:49 UTC 2012 - dmueller@suse.com |
519 |
||
520 |
- fix build on ARM: |
|
521 |
* disable crashreporter, it does not build |
|
522 |
* reduce debuginfo during built to avoid running out of memory |
|
523 |
||
524 |
------------------------------------------------------------------- |
|
| 500 | 525 |
Sat Jul 14 19:33:44 UTC 2012 - wr@rosenauer.org |
| 491 | 526 |
|
| 500 | 527 |
- update to 14.0.1 (bnc#771583) |
528 |
* MFSA 2012-42/CVE-2012-1949/CVE-2012-1948 |
|
529 |
Miscellaneous memory safety hazards |
|
530 |
* MFSA 2012-43/CVE-2012-1950 |
|
531 |
Incorrect URL displayed in addressbar through drag and drop |
|
532 |
* MFSA 2012-44/CVE-2012-1951/CVE-2012-1954/CVE-2012-1953/CVE-2012-1952 |
|
533 |
Gecko memory corruption |
|
534 |
* MFSA 2012-45/CVE-2012-1955 (bmo#757376) |
|
535 |
Spoofing issue with location |
|
536 |
* MFSA 2012-46/CVE-2012-1966 (bmo#734076) |
|
537 |
XSS through data: URLs |
|
538 |
* MFSA 2012-47/CVE-2012-1957 (bmo#750096) |
|
539 |
Improper filtering of javascript in HTML feed-view |
|
540 |
* MFSA 2012-48/CVE-2012-1958 (bmo#750820) |
|
541 |
use-after-free in nsGlobalWindow::PageHidden |
|
542 |
* MFSA 2012-49/CVE-2012-1959 (bmo#754044, bmo#737559) |
|
543 |
Same-compartment Security Wrappers can be bypassed |
|
544 |
* MFSA 2012-50/CVE-2012-1960 (bmo#761014) |
|
545 |
Out of bounds read in QCMS |
|
546 |
* MFSA 2012-51/CVE-2012-1961 (bmo#761655) |
|
547 |
X-Frame-Options header ignored when duplicated |
|
548 |
* MFSA 2012-52/CVE-2012-1962 (bmo#764296) |
|
549 |
JSDependentString::undepend string conversion results in memory |
|
550 |
corruption |
|
551 |
* MFSA 2012-53/CVE-2012-1963 (bmo#767778) |
|
552 |
Content Security Policy 1.0 implementation errors cause data |
|
553 |
leakage |
|
554 |
* MFSA 2012-55/CVE-2012-1965 (bmo#758990) |
|
555 |
feed: URLs with an innerURI inherit security context of page |
|
556 |
* MFSA 2012-56/CVE-2012-1967 (bmo#758344) |
|
557 |
Code execution through javascript: URLs |
|
558 |
- license change from tri license to MPL-2.0 |
|
559 |
- require NSS 3.13.5 |
|
560 |
- PPC fixes: |
|
561 |
* reenabled mozilla-yarr-pcre.patch to fix build for PPC |
|
562 |
* add patches for bmo#750620 and bmo#746112 |
|
563 |
* fix xpcshell segfault on ppc |
|
564 |
- build plugin-container on every arch |
|
|
462
2d86bdb4277f
14.0b6 (Aurora->Beta)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
457
diff
changeset
|
565 |
|
|
2d86bdb4277f
14.0b6 (Aurora->Beta)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
457
diff
changeset
|
566 |
------------------------------------------------------------------- |
|
510
d7c8f4d57734
fix missing changelog entry
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
500
diff
changeset
|
567 |
Fri Jun 15 12:40:23 UTC 2012 - wr@rosenauer.org |
|
d7c8f4d57734
fix missing changelog entry
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
500
diff
changeset
|
568 |
|
|
d7c8f4d57734
fix missing changelog entry
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
500
diff
changeset
|
569 |
- update to 13.0.1 |
|
d7c8f4d57734
fix missing changelog entry
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
500
diff
changeset
|
570 |
* bugfix release |
|
d7c8f4d57734
fix missing changelog entry
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
500
diff
changeset
|
571 |
|
|
d7c8f4d57734
fix missing changelog entry
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
500
diff
changeset
|
572 |
------------------------------------------------------------------- |
|
462
2d86bdb4277f
14.0b6 (Aurora->Beta)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
457
diff
changeset
|
573 |
Sat Jun 2 09:16:34 UTC 2012 - wr@rosenauer.org |
| 457 | 574 |
|
|
462
2d86bdb4277f
14.0b6 (Aurora->Beta)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
457
diff
changeset
|
575 |
- update to 13.0 (bnc#765204) |
|
2d86bdb4277f
14.0b6 (Aurora->Beta)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
457
diff
changeset
|
576 |
* MFSA 2012-34/CVE-2012-1938/CVE-2012-1937/CVE-2011-3101 |
|
2d86bdb4277f
14.0b6 (Aurora->Beta)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
457
diff
changeset
|
577 |
Miscellaneous memory safety hazards |
|
2d86bdb4277f
14.0b6 (Aurora->Beta)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
457
diff
changeset
|
578 |
* MFSA 2012-36/CVE-2012-1944 (bmo#751422) |
|
2d86bdb4277f
14.0b6 (Aurora->Beta)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
457
diff
changeset
|
579 |
Content Security Policy inline-script bypass |
|
2d86bdb4277f
14.0b6 (Aurora->Beta)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
457
diff
changeset
|
580 |
* MFSA 2012-37/CVE-2012-1945 (bmo#670514) |
|
2d86bdb4277f
14.0b6 (Aurora->Beta)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
457
diff
changeset
|
581 |
Information disclosure though Windows file shares and shortcut |
|
2d86bdb4277f
14.0b6 (Aurora->Beta)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
457
diff
changeset
|
582 |
files |
|
2d86bdb4277f
14.0b6 (Aurora->Beta)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
457
diff
changeset
|
583 |
* MFSA 2012-38/CVE-2012-1946 (bmo#750109) |
|
2d86bdb4277f
14.0b6 (Aurora->Beta)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
457
diff
changeset
|
584 |
Use-after-free while replacing/inserting a node in a document |
|
2d86bdb4277f
14.0b6 (Aurora->Beta)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
457
diff
changeset
|
585 |
* MFSA 2012-40/CVE-2012-1947/CVE-2012-1940/CVE-2012-1941 |
|
2d86bdb4277f
14.0b6 (Aurora->Beta)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
457
diff
changeset
|
586 |
Buffer overflow and use-after-free issues found using Address |
|
2d86bdb4277f
14.0b6 (Aurora->Beta)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
457
diff
changeset
|
587 |
Sanitizer |
|
2d86bdb4277f
14.0b6 (Aurora->Beta)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
457
diff
changeset
|
588 |
- require NSS 3.13.4 |
|
2d86bdb4277f
14.0b6 (Aurora->Beta)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
457
diff
changeset
|
589 |
* MFSA 2012-39/CVE-2012-0441 (bmo#715073) |
|
2d86bdb4277f
14.0b6 (Aurora->Beta)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
457
diff
changeset
|
590 |
- reenabled crashreporter for Factory/12.2 |
|
2d86bdb4277f
14.0b6 (Aurora->Beta)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
457
diff
changeset
|
591 |
(fixed in mozilla-gcc47.patch) |
| 457 | 592 |
|
|
435
df9c4a6e84f8
update version/tree information for Aurora 14 cycle
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
410
diff
changeset
|
593 |
------------------------------------------------------------------- |
|
df9c4a6e84f8
update version/tree information for Aurora 14 cycle
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
410
diff
changeset
|
594 |
Sat Apr 21 10:03:42 UTC 2012 - wr@rosenauer.org |
|
df9c4a6e84f8
update version/tree information for Aurora 14 cycle
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
410
diff
changeset
|
595 |
|
|
df9c4a6e84f8
update version/tree information for Aurora 14 cycle
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
410
diff
changeset
|
596 |
- update to 12.0 (bnc#758408) |
|
df9c4a6e84f8
update version/tree information for Aurora 14 cycle
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
410
diff
changeset
|
597 |
* rebased patches |
|
df9c4a6e84f8
update version/tree information for Aurora 14 cycle
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
410
diff
changeset
|
598 |
* MFSA 2012-20/CVE-2012-0467/CVE-2012-0468 |
|
df9c4a6e84f8
update version/tree information for Aurora 14 cycle
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
410
diff
changeset
|
599 |
Miscellaneous memory safety hazards |
|
df9c4a6e84f8
update version/tree information for Aurora 14 cycle
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
410
diff
changeset
|
600 |
* MFSA 2012-22/CVE-2012-0469 (bmo#738985) |
|
df9c4a6e84f8
update version/tree information for Aurora 14 cycle
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
410
diff
changeset
|
601 |
use-after-free in IDBKeyRange |
|
df9c4a6e84f8
update version/tree information for Aurora 14 cycle
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
410
diff
changeset
|
602 |
* MFSA 2012-23/CVE-2012-0470 (bmo#734288) |
|
df9c4a6e84f8
update version/tree information for Aurora 14 cycle
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
410
diff
changeset
|
603 |
Invalid frees causes heap corruption in gfxImageSurface |
|
df9c4a6e84f8
update version/tree information for Aurora 14 cycle
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
410
diff
changeset
|
604 |
* MFSA 2012-24/CVE-2012-0471 (bmo#715319) |
|
df9c4a6e84f8
update version/tree information for Aurora 14 cycle
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
410
diff
changeset
|
605 |
Potential XSS via multibyte content processing errors |
|
df9c4a6e84f8
update version/tree information for Aurora 14 cycle
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
410
diff
changeset
|
606 |
* MFSA 2012-25/CVE-2012-0472 (bmo#744480) |
|
df9c4a6e84f8
update version/tree information for Aurora 14 cycle
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
410
diff
changeset
|
607 |
Potential memory corruption during font rendering using cairo-dwrite |
|
df9c4a6e84f8
update version/tree information for Aurora 14 cycle
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
410
diff
changeset
|
608 |
* MFSA 2012-26/CVE-2012-0473 (bmo#743475) |
|
df9c4a6e84f8
update version/tree information for Aurora 14 cycle
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
410
diff
changeset
|
609 |
WebGL.drawElements may read illegal video memory due to |
|
df9c4a6e84f8
update version/tree information for Aurora 14 cycle
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
410
diff
changeset
|
610 |
FindMaxUshortElement error |
|
df9c4a6e84f8
update version/tree information for Aurora 14 cycle
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
410
diff
changeset
|
611 |
* MFSA 2012-27/CVE-2012-0474 (bmo#687745, bmo#737307) |
|
df9c4a6e84f8
update version/tree information for Aurora 14 cycle
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
410
diff
changeset
|
612 |
Page load short-circuit can lead to XSS |
|
df9c4a6e84f8
update version/tree information for Aurora 14 cycle
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
410
diff
changeset
|
613 |
* MFSA 2012-28/CVE-2012-0475 (bmo#694576) |
|
df9c4a6e84f8
update version/tree information for Aurora 14 cycle
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
410
diff
changeset
|
614 |
Ambiguous IPv6 in Origin headers may bypass webserver access |
|
df9c4a6e84f8
update version/tree information for Aurora 14 cycle
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
410
diff
changeset
|
615 |
restrictions |
|
df9c4a6e84f8
update version/tree information for Aurora 14 cycle
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
410
diff
changeset
|
616 |
* MFSA 2012-29/CVE-2012-0477 (bmo#718573) |
|
df9c4a6e84f8
update version/tree information for Aurora 14 cycle
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
410
diff
changeset
|
617 |
Potential XSS through ISO-2022-KR/ISO-2022-CN decoding issues |
|
df9c4a6e84f8
update version/tree information for Aurora 14 cycle
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
410
diff
changeset
|
618 |
* MFSA 2012-30/CVE-2012-0478 (bmo#727547) |
|
df9c4a6e84f8
update version/tree information for Aurora 14 cycle
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
410
diff
changeset
|
619 |
Crash with WebGL content using textImage2D |
|
df9c4a6e84f8
update version/tree information for Aurora 14 cycle
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
410
diff
changeset
|
620 |
* MFSA 2012-31/CVE-2011-3062 (bmo#739925) |
|
df9c4a6e84f8
update version/tree information for Aurora 14 cycle
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
410
diff
changeset
|
621 |
Off-by-one error in OpenType Sanitizer |
|
df9c4a6e84f8
update version/tree information for Aurora 14 cycle
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
410
diff
changeset
|
622 |
* MFSA 2012-32/CVE-2011-1187 (bmo#624621) |
|
df9c4a6e84f8
update version/tree information for Aurora 14 cycle
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
410
diff
changeset
|
623 |
HTTP Redirections and remote content can be read by javascript errors |
|
df9c4a6e84f8
update version/tree information for Aurora 14 cycle
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
410
diff
changeset
|
624 |
* MFSA 2012-33/CVE-2012-0479 (bmo#714631) |
|
df9c4a6e84f8
update version/tree information for Aurora 14 cycle
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
410
diff
changeset
|
625 |
Potential site identity spoofing when loading RSS and Atom feeds |
|
df9c4a6e84f8
update version/tree information for Aurora 14 cycle
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
410
diff
changeset
|
626 |
- added mozilla-libnotify.patch to allow fallback from libnotify |
|
df9c4a6e84f8
update version/tree information for Aurora 14 cycle
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
410
diff
changeset
|
627 |
to xul based events if no notification-daemon is running |
|
df9c4a6e84f8
update version/tree information for Aurora 14 cycle
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
410
diff
changeset
|
628 |
- gcc 4.7 fixes |
|
df9c4a6e84f8
update version/tree information for Aurora 14 cycle
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
410
diff
changeset
|
629 |
* mozilla-gcc47.patch |
|
df9c4a6e84f8
update version/tree information for Aurora 14 cycle
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
410
diff
changeset
|
630 |
* disabled crashreporter temporarily for Factory |
|
df9c4a6e84f8
update version/tree information for Aurora 14 cycle
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
410
diff
changeset
|
631 |
|
|
404
5f3bccaf6d52
provide browser(npapi)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
387
diff
changeset
|
632 |
------------------------------------------------------------------- |
| 408 | 633 |
Fri Mar 9 21:49:05 UTC 2012 - wr@rosenauer.org |
|
404
5f3bccaf6d52
provide browser(npapi)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
387
diff
changeset
|
634 |
|
| 408 | 635 |
- update to version 11.0 (bnc#750044) |
| 410 | 636 |
* MFSA 2012-13/CVE-2012-0455 (bmo#704354) |
637 |
XSS with Drag and Drop and Javascript: URL |
|
638 |
* MFSA 2012-14/CVE-2012-0456/CVE-2012-0457 (bmo#711653, #720103) |
|
639 |
SVG issues found with Address Sanitizer |
|
640 |
* MFSA 2012-15/CVE-2012-0451 (bmo#717511) |
|
641 |
XSS with multiple Content Security Policy headers |
|
642 |
* MFSA 2012-16/CVE-2012-0458 |
|
643 |
Escalation of privilege with Javascript: URL as home page |
|
644 |
* MFSA 2012-17/CVE-2012-0459 (bmo#723446) |
|
645 |
Crash when accessing keyframe cssText after dynamic modification |
|
646 |
* MFSA 2012-18/CVE-2012-0460 (bmo#727303) |
|
647 |
window.fullScreen writeable by untrusted content |
|
648 |
* MFSA 2012-19/CVE-2012-0461/CVE-2012-0462/CVE-2012-0464/ |
|
649 |
CVE-2012-0463 |
|
650 |
Miscellaneous memory safety hazards |
|
|
404
5f3bccaf6d52
provide browser(npapi)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
387
diff
changeset
|
651 |
- fix build on ARM |
|
5f3bccaf6d52
provide browser(npapi)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
387
diff
changeset
|
652 |
- disable jemalloc on s390(x) |
|
5f3bccaf6d52
provide browser(npapi)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
387
diff
changeset
|
653 |
|
| 387 | 654 |
------------------------------------------------------------------- |
655 |
Thu Feb 16 08:51:42 UTC 2012 - wr@rosenauer.org |
|
656 |
||
657 |
- update to version 10.0.2 (bnc#747328) |
|
658 |
* CVE-2011-3026 (bmo#727401) |
|
659 |
libpng: integer overflow leading to heap-buffer overflow |
|
660 |
||
661 |
------------------------------------------------------------------- |
|
662 |
Thu Feb 9 10:20:49 UTC 2012 - wr@rosenauer.org |
|
663 |
||
664 |
- update to version 10.0.1 (bnc#746616) |
|
665 |
* MFSA 2012-10/CVE-2012-0452 (bmo#724284) |
|
666 |
use after free in nsXBLDocumentInfo::ReadPrototypeBindings |
|
667 |
||
| 378 | 668 |
------------------------------------------------------------------- |
669 |
Tue Feb 7 10:40:58 UTC 2012 - dvaleev@suse.com |
|
670 |
||
671 |
- Use YARR interpreter instead of PCRE on platforms where YARR JIT |
|
672 |
is not supported, since PCRE doesnt build (bmo#691898) |
|
| 387 | 673 |
- fix ppc64 build (bmo#703534) |
| 378 | 674 |
|
| 373 | 675 |
------------------------------------------------------------------- |
676 |
Mon Jan 30 09:43:21 UTC 2012 - wr@rosenauer.org |
|
677 |
||
|
375
d75cd0dac058
final 10.0 updates (changelog)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
373
diff
changeset
|
678 |
- update to version 10.0 (bnc#744275) |
|
d75cd0dac058
final 10.0 updates (changelog)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
373
diff
changeset
|
679 |
* MFSA 2012-01/CVE-2012-0442/CVE-2012-0443 |
|
d75cd0dac058
final 10.0 updates (changelog)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
373
diff
changeset
|
680 |
Miscellaneous memory safety hazards |
|
d75cd0dac058
final 10.0 updates (changelog)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
373
diff
changeset
|
681 |
* MFSA 2012-03/CVE-2012-0445 (bmo#701071) |
|
d75cd0dac058
final 10.0 updates (changelog)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
373
diff
changeset
|
682 |
<iframe> element exposed across domains via name attribute |
|
d75cd0dac058
final 10.0 updates (changelog)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
373
diff
changeset
|
683 |
* MFSA 2012-04/CVE-2011-3659 (bmo#708198) |
|
d75cd0dac058
final 10.0 updates (changelog)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
373
diff
changeset
|
684 |
Child nodes from nsDOMAttribute still accessible after removal |
|
d75cd0dac058
final 10.0 updates (changelog)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
373
diff
changeset
|
685 |
of nodes |
|
d75cd0dac058
final 10.0 updates (changelog)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
373
diff
changeset
|
686 |
* MFSA 2012-05/CVE-2012-0446 (bmo#705651) |
|
d75cd0dac058
final 10.0 updates (changelog)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
373
diff
changeset
|
687 |
Frame scripts calling into untrusted objects bypass security |
|
d75cd0dac058
final 10.0 updates (changelog)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
373
diff
changeset
|
688 |
checks |
|
d75cd0dac058
final 10.0 updates (changelog)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
373
diff
changeset
|
689 |
* MFSA 2012-06/CVE-2012-0447 (bmo#710079) |
|
d75cd0dac058
final 10.0 updates (changelog)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
373
diff
changeset
|
690 |
Uninitialized memory appended when encoding icon images may |
|
d75cd0dac058
final 10.0 updates (changelog)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
373
diff
changeset
|
691 |
cause information disclosure |
|
d75cd0dac058
final 10.0 updates (changelog)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
373
diff
changeset
|
692 |
* MFSA 2012-07/CVE-2012-0444 (bmo#719612) |
|
d75cd0dac058
final 10.0 updates (changelog)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
373
diff
changeset
|
693 |
Potential Memory Corruption When Decoding Ogg Vorbis files |
|
d75cd0dac058
final 10.0 updates (changelog)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
373
diff
changeset
|
694 |
* MFSA 2012-08/CVE-2012-0449 (bmo#701806, bmo#702466) |
|
d75cd0dac058
final 10.0 updates (changelog)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
373
diff
changeset
|
695 |
Crash with malformed embedded XSLT stylesheets |
|
d75cd0dac058
final 10.0 updates (changelog)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
373
diff
changeset
|
696 |
- removed obsolete ppc64 patch |
|
d75cd0dac058
final 10.0 updates (changelog)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
373
diff
changeset
|
697 |
- disable neon for ARM as it doesn't build correctly |
| 373 | 698 |
|
| 366 | 699 |
------------------------------------------------------------------- |
700 |
Fri Dec 23 17:02:01 UTC 2011 - wr@rosenauer.org |
|
701 |
||
702 |
- update to Firefox 9.0.1 |
|
703 |
* (strongparent) parentNode of element gets lost (bmo#335998) |
|
704 |
||
|
363
48596576f932
update to 9.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
355
diff
changeset
|
705 |
------------------------------------------------------------------- |
|
48596576f932
update to 9.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
355
diff
changeset
|
706 |
Sun Dec 18 09:28:02 UTC 2011 - wr@rosenauer.org |
|
48596576f932
update to 9.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
355
diff
changeset
|
707 |
|
|
48596576f932
update to 9.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
355
diff
changeset
|
708 |
- update to release 9.0 (bnc#737533) |
|
364
0f5c150b9dcd
merge changes from mozilla:Factory including full changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
363
diff
changeset
|
709 |
* MFSA 2011-53/CVE-2011-3660 |
|
0f5c150b9dcd
merge changes from mozilla:Factory including full changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
363
diff
changeset
|
710 |
Miscellaneous memory safety hazards (rv:9.0) |
|
0f5c150b9dcd
merge changes from mozilla:Factory including full changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
363
diff
changeset
|
711 |
* MFSA 2011-54/CVE-2011-3661 (bmo#691299) |
|
0f5c150b9dcd
merge changes from mozilla:Factory including full changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
363
diff
changeset
|
712 |
Potentially exploitable crash in the YARR regular expression |
|
0f5c150b9dcd
merge changes from mozilla:Factory including full changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
363
diff
changeset
|
713 |
library |
|
0f5c150b9dcd
merge changes from mozilla:Factory including full changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
363
diff
changeset
|
714 |
* MFSA 2011-55/CVE-2011-3658 (bmo#708186) |
|
0f5c150b9dcd
merge changes from mozilla:Factory including full changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
363
diff
changeset
|
715 |
nsSVGValue out-of-bounds access |
|
0f5c150b9dcd
merge changes from mozilla:Factory including full changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
363
diff
changeset
|
716 |
* MFSA 2011-56/CVE-2011-3663 (bmo#704482) |
|
0f5c150b9dcd
merge changes from mozilla:Factory including full changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
363
diff
changeset
|
717 |
Key detection without JavaScript via SVG animation |
|
0f5c150b9dcd
merge changes from mozilla:Factory including full changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
363
diff
changeset
|
718 |
* MFSA 2011-58/VE-2011-3665 (bmo#701259) |
|
0f5c150b9dcd
merge changes from mozilla:Factory including full changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
363
diff
changeset
|
719 |
Crash scaling <video> to extreme sizes |
|
363
48596576f932
update to 9.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
355
diff
changeset
|
720 |
|
| 355 | 721 |
------------------------------------------------------------------- |
722 |
Sat Nov 12 15:20:49 UTC 2011 - wr@rosenauer.org |
|
723 |
||
724 |
- fix ppc64 build |
|
725 |
||
|
350
9d46eaac2549
update to Firefox 8 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
337
diff
changeset
|
726 |
------------------------------------------------------------------- |
|
9d46eaac2549
update to Firefox 8 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
337
diff
changeset
|
727 |
Sun Nov 6 08:23:04 UTC 2011 - wr@rosenauer.org |
|
9d46eaac2549
update to Firefox 8 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
337
diff
changeset
|
728 |
|
|
9d46eaac2549
update to Firefox 8 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
337
diff
changeset
|
729 |
- update to release 8.0 (bnc#728520) |
| 354 | 730 |
* MFSA 2011-47/CVE-2011-3648 (bmo#690225) |
731 |
Potential XSS against sites using Shift-JIS |
|
732 |
* MFSA 2011-48/CVE-2011-3651/CVE-2011-3652/CVE-2011-3654 |
|
733 |
Miscellaneous memory safety hazards |
|
734 |
* MFSA 2011-49/CVE-2011-3650 (bmo#674776) |
|
735 |
Memory corruption while profiling using Firebug |
|
736 |
* MFSA 2011-52/CVE-2011-3655 (bmo#672182) |
|
737 |
Code execution via NoWaiverWrapper |
|
|
350
9d46eaac2549
update to Firefox 8 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
337
diff
changeset
|
738 |
- rebased patches |
|
9d46eaac2549
update to Firefox 8 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
337
diff
changeset
|
739 |
|
| 337 | 740 |
------------------------------------------------------------------- |
741 |
Fri Sep 30 10:59:54 UTC 2011 - wr@rosenauer.org |
|
742 |
||
743 |
- update to minor release 7.0.1 |
|
744 |
* fixed staged addon updates |
|
745 |
||
| 334 | 746 |
------------------------------------------------------------------- |
747 |
Fri Sep 23 11:36:04 UTC 2011 - wr@rosenauer.org |
|
748 |
||
749 |
- update to version 7.0 (bnc#720264) |
|
| 337 | 750 |
* MFSA 2011-36/CVE-2011-2995/CVE-2011-2996/CVE-2011-2997 |
751 |
Miscellaneous memory safety hazards |
|
752 |
* MFSA 2011-39/CVE-2011-3000 (bmo#655389) |
|
753 |
Defense against multiple Location headers due to CRLF Injection |
|
754 |
* MFSA 2011-40/CVE-2011-2372/CVE-2011-3001 |
|
755 |
Code installation through holding down Enter |
|
756 |
* MFSA 2011-41/CVE-2011-3002/CVE-2011-3003 (bmo#680840, bmo#682335) |
|
757 |
Potentially exploitable WebGL crashes |
|
758 |
* MFSA 2011-42/CVE-2011-3232 (bmo#653672) |
|
759 |
Potentially exploitable crash in the YARR regular expression |
|
760 |
library |
|
761 |
* MFSA 2011-43/CVE-2011-3004 (bmo#653926) |
|
762 |
loadSubScript unwraps XPCNativeWrapper scope parameter |
|
763 |
* MFSA 2011-44/CVE-2011-3005 (bmo#675747) |
|
764 |
Use after free reading OGG headers |
|
765 |
* MFSA 2011-45 |
|
766 |
Inferring keystrokes from motion data |
|
767 |
- removed obsolete mozilla-cairo-lcd.patch |
|
768 |
- rebased patches |
|
| 334 | 769 |
|
770 |
------------------------------------------------------------------- |
|
771 |
Tue Sep 20 11:54:28 UTC 2011 - wr@rosenauer.org |
|
772 |
||
773 |
- install xpt.py into SDK (mozilla-639554.patch) (bnc#639554) |
|
774 |
||
|
325
f5966ab369fb
manual forward merge xulrunner from firefox6 branch
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
diff
changeset
|
775 |
------------------------------------------------------------------- |
|
f5966ab369fb
manual forward merge xulrunner from firefox6 branch
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
diff
changeset
|
776 |
Wed Sep 14 13:07:39 UTC 2011 - wr@rosenauer.org |
|
f5966ab369fb
manual forward merge xulrunner from firefox6 branch
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
diff
changeset
|
777 |
|
|
f5966ab369fb
manual forward merge xulrunner from firefox6 branch
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
diff
changeset
|
778 |
- initial xulrunner package |
|
f5966ab369fb
manual forward merge xulrunner from firefox6 branch
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
diff
changeset
|
779 |