author | Wolfgang Rosenauer <wr@rosenauer.org> |
Sat, 27 Oct 2012 10:52:27 +0200 | |
changeset 572 | edcb48108200 |
parent 535 | cba7622bad5d |
child 542 | 890521f49a09 |
child 562 | 9069817b5cac |
child 585 | 5a44d417c9b5 |
permissions | -rw-r--r-- |
535 | 1 |
------------------------------------------------------------------- |
2 |
Tue Sep 11 09:26:09 UTC 2012 - wr@rosenauer.org |
|
3 |
||
4 |
- update to 16.0b2 |
|
5 |
||
457 | 6 |
------------------------------------------------------------------- |
533 | 7 |
Sun Aug 26 13:48:04 UTC 2012 - wr@rosenauer.org |
491 | 8 |
|
533 | 9 |
- update to 15.0 (bnc#777588) |
10 |
* MFSA 2012-57/CVE-2012-1970 |
|
11 |
Miscellaneous memory safety hazards |
|
12 |
* MFSA 2012-58/CVE-2012-1972/CVE-2012-1973/CVE-2012-1974/CVE-2012-1975 |
|
13 |
CVE-2012-1976/CVE-2012-3956/CVE-2012-3957/CVE-2012-3958/CVE-2012-3959 |
|
14 |
CVE-2012-3960/CVE-2012-3961/CVE-2012-3962/CVE-2012-3963/CVE-2012-3964 |
|
15 |
Use-after-free issues found using Address Sanitizer |
|
16 |
* MFSA 2012-59/CVE-2012-1956 (bmo#756719) |
|
17 |
Location object can be shadowed using Object.defineProperty |
|
18 |
* MFSA 2012-60/CVE-2012-3965 (bmo#769108) |
|
19 |
Escalation of privilege through about:newtab |
|
20 |
* MFSA 2012-61/CVE-2012-3966 (bmo#775794, bmo#775793) |
|
21 |
Memory corruption with bitmap format images with negative height |
|
22 |
* MFSA 2012-62/CVE-2012-3967/CVE-2012-3968 |
|
23 |
WebGL use-after-free and memory corruption |
|
24 |
* MFSA 2012-63/CVE-2012-3969/CVE-2012-3970 |
|
25 |
SVG buffer overflow and use-after-free issues |
|
26 |
* MFSA 2012-64/CVE-2012-3971 |
|
27 |
Graphite 2 memory corruption |
|
28 |
* MFSA 2012-65/CVE-2012-3972 (bmo#746855) |
|
29 |
Out-of-bounds read in format-number in XSLT |
|
30 |
* MFSA 2012-66/CVE-2012-3973 (bmo#757128) |
|
31 |
HTTPMonitor extension allows for remote debugging without explicit |
|
32 |
activation |
|
33 |
* MFSA 2012-68/CVE-2012-3975 (bmo#770684) |
|
34 |
DOMParser loads linked resources in extensions when parsing |
|
35 |
text/html |
|
36 |
* MFSA 2012-69/CVE-2012-3976 (bmo#768568) |
|
37 |
Incorrect site SSL certificate data display |
|
38 |
* MFSA 2012-70/CVE-2012-3978 (bmo#770429) |
|
39 |
Location object security checks bypassed by chrome code |
|
40 |
* MFSA 2012-72/CVE-2012-3980 (bmo#771859) |
|
41 |
Web console eval capable of executing chrome-privileged code |
|
42 |
- fix HTML5 video crash with GStreamer enabled (bmo#761030) |
|
43 |
- fixed filelist |
|
462
2d86bdb4277f
14.0b6 (Aurora->Beta)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
457
diff
changeset
|
44 |
|
491 | 45 |
------------------------------------------------------------------- |
535 | 46 |
Fri Aug 17 13:09:49 UTC 2012 - dmueller@suse.com |
47 |
||
48 |
- fix build on ARM: |
|
49 |
* disable crashreporter, it does not build |
|
50 |
* reduce debuginfo during built to avoid running out of memory |
|
51 |
||
52 |
------------------------------------------------------------------- |
|
500 | 53 |
Sat Jul 14 19:33:44 UTC 2012 - wr@rosenauer.org |
491 | 54 |
|
500 | 55 |
- update to 14.0.1 (bnc#771583) |
56 |
* MFSA 2012-42/CVE-2012-1949/CVE-2012-1948 |
|
57 |
Miscellaneous memory safety hazards |
|
58 |
* MFSA 2012-43/CVE-2012-1950 |
|
59 |
Incorrect URL displayed in addressbar through drag and drop |
|
60 |
* MFSA 2012-44/CVE-2012-1951/CVE-2012-1954/CVE-2012-1953/CVE-2012-1952 |
|
61 |
Gecko memory corruption |
|
62 |
* MFSA 2012-45/CVE-2012-1955 (bmo#757376) |
|
63 |
Spoofing issue with location |
|
64 |
* MFSA 2012-46/CVE-2012-1966 (bmo#734076) |
|
65 |
XSS through data: URLs |
|
66 |
* MFSA 2012-47/CVE-2012-1957 (bmo#750096) |
|
67 |
Improper filtering of javascript in HTML feed-view |
|
68 |
* MFSA 2012-48/CVE-2012-1958 (bmo#750820) |
|
69 |
use-after-free in nsGlobalWindow::PageHidden |
|
70 |
* MFSA 2012-49/CVE-2012-1959 (bmo#754044, bmo#737559) |
|
71 |
Same-compartment Security Wrappers can be bypassed |
|
72 |
* MFSA 2012-50/CVE-2012-1960 (bmo#761014) |
|
73 |
Out of bounds read in QCMS |
|
74 |
* MFSA 2012-51/CVE-2012-1961 (bmo#761655) |
|
75 |
X-Frame-Options header ignored when duplicated |
|
76 |
* MFSA 2012-52/CVE-2012-1962 (bmo#764296) |
|
77 |
JSDependentString::undepend string conversion results in memory |
|
78 |
corruption |
|
79 |
* MFSA 2012-53/CVE-2012-1963 (bmo#767778) |
|
80 |
Content Security Policy 1.0 implementation errors cause data |
|
81 |
leakage |
|
82 |
* MFSA 2012-55/CVE-2012-1965 (bmo#758990) |
|
83 |
feed: URLs with an innerURI inherit security context of page |
|
84 |
* MFSA 2012-56/CVE-2012-1967 (bmo#758344) |
|
85 |
Code execution through javascript: URLs |
|
86 |
- license change from tri license to MPL-2.0 |
|
87 |
- require NSS 3.13.5 |
|
88 |
- PPC fixes: |
|
89 |
* reenabled mozilla-yarr-pcre.patch to fix build for PPC |
|
90 |
* add patches for bmo#750620 and bmo#746112 |
|
91 |
* fix xpcshell segfault on ppc |
|
92 |
- build plugin-container on every arch |
|
462
2d86bdb4277f
14.0b6 (Aurora->Beta)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
457
diff
changeset
|
93 |
|
2d86bdb4277f
14.0b6 (Aurora->Beta)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
457
diff
changeset
|
94 |
------------------------------------------------------------------- |
510
d7c8f4d57734
fix missing changelog entry
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
500
diff
changeset
|
95 |
Fri Jun 15 12:40:23 UTC 2012 - wr@rosenauer.org |
d7c8f4d57734
fix missing changelog entry
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
500
diff
changeset
|
96 |
|
d7c8f4d57734
fix missing changelog entry
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
500
diff
changeset
|
97 |
- update to 13.0.1 |
d7c8f4d57734
fix missing changelog entry
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
500
diff
changeset
|
98 |
* bugfix release |
d7c8f4d57734
fix missing changelog entry
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
500
diff
changeset
|
99 |
|
d7c8f4d57734
fix missing changelog entry
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
500
diff
changeset
|
100 |
------------------------------------------------------------------- |
462
2d86bdb4277f
14.0b6 (Aurora->Beta)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
457
diff
changeset
|
101 |
Sat Jun 2 09:16:34 UTC 2012 - wr@rosenauer.org |
457 | 102 |
|
462
2d86bdb4277f
14.0b6 (Aurora->Beta)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
457
diff
changeset
|
103 |
- update to 13.0 (bnc#765204) |
2d86bdb4277f
14.0b6 (Aurora->Beta)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
457
diff
changeset
|
104 |
* MFSA 2012-34/CVE-2012-1938/CVE-2012-1937/CVE-2011-3101 |
2d86bdb4277f
14.0b6 (Aurora->Beta)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
457
diff
changeset
|
105 |
Miscellaneous memory safety hazards |
2d86bdb4277f
14.0b6 (Aurora->Beta)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
457
diff
changeset
|
106 |
* MFSA 2012-36/CVE-2012-1944 (bmo#751422) |
2d86bdb4277f
14.0b6 (Aurora->Beta)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
457
diff
changeset
|
107 |
Content Security Policy inline-script bypass |
2d86bdb4277f
14.0b6 (Aurora->Beta)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
457
diff
changeset
|
108 |
* MFSA 2012-37/CVE-2012-1945 (bmo#670514) |
2d86bdb4277f
14.0b6 (Aurora->Beta)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
457
diff
changeset
|
109 |
Information disclosure though Windows file shares and shortcut |
2d86bdb4277f
14.0b6 (Aurora->Beta)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
457
diff
changeset
|
110 |
files |
2d86bdb4277f
14.0b6 (Aurora->Beta)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
457
diff
changeset
|
111 |
* MFSA 2012-38/CVE-2012-1946 (bmo#750109) |
2d86bdb4277f
14.0b6 (Aurora->Beta)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
457
diff
changeset
|
112 |
Use-after-free while replacing/inserting a node in a document |
2d86bdb4277f
14.0b6 (Aurora->Beta)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
457
diff
changeset
|
113 |
* MFSA 2012-40/CVE-2012-1947/CVE-2012-1940/CVE-2012-1941 |
2d86bdb4277f
14.0b6 (Aurora->Beta)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
457
diff
changeset
|
114 |
Buffer overflow and use-after-free issues found using Address |
2d86bdb4277f
14.0b6 (Aurora->Beta)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
457
diff
changeset
|
115 |
Sanitizer |
2d86bdb4277f
14.0b6 (Aurora->Beta)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
457
diff
changeset
|
116 |
- require NSS 3.13.4 |
2d86bdb4277f
14.0b6 (Aurora->Beta)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
457
diff
changeset
|
117 |
* MFSA 2012-39/CVE-2012-0441 (bmo#715073) |
2d86bdb4277f
14.0b6 (Aurora->Beta)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
457
diff
changeset
|
118 |
- reenabled crashreporter for Factory/12.2 |
2d86bdb4277f
14.0b6 (Aurora->Beta)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
457
diff
changeset
|
119 |
(fixed in mozilla-gcc47.patch) |
457 | 120 |
|
435
df9c4a6e84f8
update version/tree information for Aurora 14 cycle
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
410
diff
changeset
|
121 |
------------------------------------------------------------------- |
df9c4a6e84f8
update version/tree information for Aurora 14 cycle
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
410
diff
changeset
|
122 |
Sat Apr 21 10:03:42 UTC 2012 - wr@rosenauer.org |
df9c4a6e84f8
update version/tree information for Aurora 14 cycle
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
410
diff
changeset
|
123 |
|
df9c4a6e84f8
update version/tree information for Aurora 14 cycle
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
410
diff
changeset
|
124 |
- update to 12.0 (bnc#758408) |
df9c4a6e84f8
update version/tree information for Aurora 14 cycle
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
410
diff
changeset
|
125 |
* rebased patches |
df9c4a6e84f8
update version/tree information for Aurora 14 cycle
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
410
diff
changeset
|
126 |
* MFSA 2012-20/CVE-2012-0467/CVE-2012-0468 |
df9c4a6e84f8
update version/tree information for Aurora 14 cycle
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
410
diff
changeset
|
127 |
Miscellaneous memory safety hazards |
df9c4a6e84f8
update version/tree information for Aurora 14 cycle
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
410
diff
changeset
|
128 |
* MFSA 2012-22/CVE-2012-0469 (bmo#738985) |
df9c4a6e84f8
update version/tree information for Aurora 14 cycle
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
410
diff
changeset
|
129 |
use-after-free in IDBKeyRange |
df9c4a6e84f8
update version/tree information for Aurora 14 cycle
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
410
diff
changeset
|
130 |
* MFSA 2012-23/CVE-2012-0470 (bmo#734288) |
df9c4a6e84f8
update version/tree information for Aurora 14 cycle
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
410
diff
changeset
|
131 |
Invalid frees causes heap corruption in gfxImageSurface |
df9c4a6e84f8
update version/tree information for Aurora 14 cycle
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
410
diff
changeset
|
132 |
* MFSA 2012-24/CVE-2012-0471 (bmo#715319) |
df9c4a6e84f8
update version/tree information for Aurora 14 cycle
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
410
diff
changeset
|
133 |
Potential XSS via multibyte content processing errors |
df9c4a6e84f8
update version/tree information for Aurora 14 cycle
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
410
diff
changeset
|
134 |
* MFSA 2012-25/CVE-2012-0472 (bmo#744480) |
df9c4a6e84f8
update version/tree information for Aurora 14 cycle
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
410
diff
changeset
|
135 |
Potential memory corruption during font rendering using cairo-dwrite |
df9c4a6e84f8
update version/tree information for Aurora 14 cycle
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
410
diff
changeset
|
136 |
* MFSA 2012-26/CVE-2012-0473 (bmo#743475) |
df9c4a6e84f8
update version/tree information for Aurora 14 cycle
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
410
diff
changeset
|
137 |
WebGL.drawElements may read illegal video memory due to |
df9c4a6e84f8
update version/tree information for Aurora 14 cycle
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
410
diff
changeset
|
138 |
FindMaxUshortElement error |
df9c4a6e84f8
update version/tree information for Aurora 14 cycle
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
410
diff
changeset
|
139 |
* MFSA 2012-27/CVE-2012-0474 (bmo#687745, bmo#737307) |
df9c4a6e84f8
update version/tree information for Aurora 14 cycle
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
410
diff
changeset
|
140 |
Page load short-circuit can lead to XSS |
df9c4a6e84f8
update version/tree information for Aurora 14 cycle
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
410
diff
changeset
|
141 |
* MFSA 2012-28/CVE-2012-0475 (bmo#694576) |
df9c4a6e84f8
update version/tree information for Aurora 14 cycle
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
410
diff
changeset
|
142 |
Ambiguous IPv6 in Origin headers may bypass webserver access |
df9c4a6e84f8
update version/tree information for Aurora 14 cycle
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
410
diff
changeset
|
143 |
restrictions |
df9c4a6e84f8
update version/tree information for Aurora 14 cycle
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
410
diff
changeset
|
144 |
* MFSA 2012-29/CVE-2012-0477 (bmo#718573) |
df9c4a6e84f8
update version/tree information for Aurora 14 cycle
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
410
diff
changeset
|
145 |
Potential XSS through ISO-2022-KR/ISO-2022-CN decoding issues |
df9c4a6e84f8
update version/tree information for Aurora 14 cycle
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
410
diff
changeset
|
146 |
* MFSA 2012-30/CVE-2012-0478 (bmo#727547) |
df9c4a6e84f8
update version/tree information for Aurora 14 cycle
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
410
diff
changeset
|
147 |
Crash with WebGL content using textImage2D |
df9c4a6e84f8
update version/tree information for Aurora 14 cycle
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
410
diff
changeset
|
148 |
* MFSA 2012-31/CVE-2011-3062 (bmo#739925) |
df9c4a6e84f8
update version/tree information for Aurora 14 cycle
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
410
diff
changeset
|
149 |
Off-by-one error in OpenType Sanitizer |
df9c4a6e84f8
update version/tree information for Aurora 14 cycle
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
410
diff
changeset
|
150 |
* MFSA 2012-32/CVE-2011-1187 (bmo#624621) |
df9c4a6e84f8
update version/tree information for Aurora 14 cycle
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
410
diff
changeset
|
151 |
HTTP Redirections and remote content can be read by javascript errors |
df9c4a6e84f8
update version/tree information for Aurora 14 cycle
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
410
diff
changeset
|
152 |
* MFSA 2012-33/CVE-2012-0479 (bmo#714631) |
df9c4a6e84f8
update version/tree information for Aurora 14 cycle
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
410
diff
changeset
|
153 |
Potential site identity spoofing when loading RSS and Atom feeds |
df9c4a6e84f8
update version/tree information for Aurora 14 cycle
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
410
diff
changeset
|
154 |
- added mozilla-libnotify.patch to allow fallback from libnotify |
df9c4a6e84f8
update version/tree information for Aurora 14 cycle
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
410
diff
changeset
|
155 |
to xul based events if no notification-daemon is running |
df9c4a6e84f8
update version/tree information for Aurora 14 cycle
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
410
diff
changeset
|
156 |
- gcc 4.7 fixes |
df9c4a6e84f8
update version/tree information for Aurora 14 cycle
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
410
diff
changeset
|
157 |
* mozilla-gcc47.patch |
df9c4a6e84f8
update version/tree information for Aurora 14 cycle
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
410
diff
changeset
|
158 |
* disabled crashreporter temporarily for Factory |
df9c4a6e84f8
update version/tree information for Aurora 14 cycle
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
410
diff
changeset
|
159 |
|
404
5f3bccaf6d52
provide browser(npapi)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
387
diff
changeset
|
160 |
------------------------------------------------------------------- |
408 | 161 |
Fri Mar 9 21:49:05 UTC 2012 - wr@rosenauer.org |
404
5f3bccaf6d52
provide browser(npapi)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
387
diff
changeset
|
162 |
|
408 | 163 |
- update to version 11.0 (bnc#750044) |
410 | 164 |
* MFSA 2012-13/CVE-2012-0455 (bmo#704354) |
165 |
XSS with Drag and Drop and Javascript: URL |
|
166 |
* MFSA 2012-14/CVE-2012-0456/CVE-2012-0457 (bmo#711653, #720103) |
|
167 |
SVG issues found with Address Sanitizer |
|
168 |
* MFSA 2012-15/CVE-2012-0451 (bmo#717511) |
|
169 |
XSS with multiple Content Security Policy headers |
|
170 |
* MFSA 2012-16/CVE-2012-0458 |
|
171 |
Escalation of privilege with Javascript: URL as home page |
|
172 |
* MFSA 2012-17/CVE-2012-0459 (bmo#723446) |
|
173 |
Crash when accessing keyframe cssText after dynamic modification |
|
174 |
* MFSA 2012-18/CVE-2012-0460 (bmo#727303) |
|
175 |
window.fullScreen writeable by untrusted content |
|
176 |
* MFSA 2012-19/CVE-2012-0461/CVE-2012-0462/CVE-2012-0464/ |
|
177 |
CVE-2012-0463 |
|
178 |
Miscellaneous memory safety hazards |
|
404
5f3bccaf6d52
provide browser(npapi)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
387
diff
changeset
|
179 |
- fix build on ARM |
5f3bccaf6d52
provide browser(npapi)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
387
diff
changeset
|
180 |
- disable jemalloc on s390(x) |
5f3bccaf6d52
provide browser(npapi)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
387
diff
changeset
|
181 |
|
387 | 182 |
------------------------------------------------------------------- |
183 |
Thu Feb 16 08:51:42 UTC 2012 - wr@rosenauer.org |
|
184 |
||
185 |
- update to version 10.0.2 (bnc#747328) |
|
186 |
* CVE-2011-3026 (bmo#727401) |
|
187 |
libpng: integer overflow leading to heap-buffer overflow |
|
188 |
||
189 |
------------------------------------------------------------------- |
|
190 |
Thu Feb 9 10:20:49 UTC 2012 - wr@rosenauer.org |
|
191 |
||
192 |
- update to version 10.0.1 (bnc#746616) |
|
193 |
* MFSA 2012-10/CVE-2012-0452 (bmo#724284) |
|
194 |
use after free in nsXBLDocumentInfo::ReadPrototypeBindings |
|
195 |
||
378 | 196 |
------------------------------------------------------------------- |
197 |
Tue Feb 7 10:40:58 UTC 2012 - dvaleev@suse.com |
|
198 |
||
199 |
- Use YARR interpreter instead of PCRE on platforms where YARR JIT |
|
200 |
is not supported, since PCRE doesnt build (bmo#691898) |
|
387 | 201 |
- fix ppc64 build (bmo#703534) |
378 | 202 |
|
373 | 203 |
------------------------------------------------------------------- |
204 |
Mon Jan 30 09:43:21 UTC 2012 - wr@rosenauer.org |
|
205 |
||
375
d75cd0dac058
final 10.0 updates (changelog)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
373
diff
changeset
|
206 |
- update to version 10.0 (bnc#744275) |
d75cd0dac058
final 10.0 updates (changelog)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
373
diff
changeset
|
207 |
* MFSA 2012-01/CVE-2012-0442/CVE-2012-0443 |
d75cd0dac058
final 10.0 updates (changelog)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
373
diff
changeset
|
208 |
Miscellaneous memory safety hazards |
d75cd0dac058
final 10.0 updates (changelog)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
373
diff
changeset
|
209 |
* MFSA 2012-03/CVE-2012-0445 (bmo#701071) |
d75cd0dac058
final 10.0 updates (changelog)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
373
diff
changeset
|
210 |
<iframe> element exposed across domains via name attribute |
d75cd0dac058
final 10.0 updates (changelog)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
373
diff
changeset
|
211 |
* MFSA 2012-04/CVE-2011-3659 (bmo#708198) |
d75cd0dac058
final 10.0 updates (changelog)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
373
diff
changeset
|
212 |
Child nodes from nsDOMAttribute still accessible after removal |
d75cd0dac058
final 10.0 updates (changelog)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
373
diff
changeset
|
213 |
of nodes |
d75cd0dac058
final 10.0 updates (changelog)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
373
diff
changeset
|
214 |
* MFSA 2012-05/CVE-2012-0446 (bmo#705651) |
d75cd0dac058
final 10.0 updates (changelog)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
373
diff
changeset
|
215 |
Frame scripts calling into untrusted objects bypass security |
d75cd0dac058
final 10.0 updates (changelog)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
373
diff
changeset
|
216 |
checks |
d75cd0dac058
final 10.0 updates (changelog)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
373
diff
changeset
|
217 |
* MFSA 2012-06/CVE-2012-0447 (bmo#710079) |
d75cd0dac058
final 10.0 updates (changelog)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
373
diff
changeset
|
218 |
Uninitialized memory appended when encoding icon images may |
d75cd0dac058
final 10.0 updates (changelog)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
373
diff
changeset
|
219 |
cause information disclosure |
d75cd0dac058
final 10.0 updates (changelog)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
373
diff
changeset
|
220 |
* MFSA 2012-07/CVE-2012-0444 (bmo#719612) |
d75cd0dac058
final 10.0 updates (changelog)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
373
diff
changeset
|
221 |
Potential Memory Corruption When Decoding Ogg Vorbis files |
d75cd0dac058
final 10.0 updates (changelog)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
373
diff
changeset
|
222 |
* MFSA 2012-08/CVE-2012-0449 (bmo#701806, bmo#702466) |
d75cd0dac058
final 10.0 updates (changelog)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
373
diff
changeset
|
223 |
Crash with malformed embedded XSLT stylesheets |
d75cd0dac058
final 10.0 updates (changelog)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
373
diff
changeset
|
224 |
- removed obsolete ppc64 patch |
d75cd0dac058
final 10.0 updates (changelog)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
373
diff
changeset
|
225 |
- disable neon for ARM as it doesn't build correctly |
373 | 226 |
|
366 | 227 |
------------------------------------------------------------------- |
228 |
Fri Dec 23 17:02:01 UTC 2011 - wr@rosenauer.org |
|
229 |
||
230 |
- update to Firefox 9.0.1 |
|
231 |
* (strongparent) parentNode of element gets lost (bmo#335998) |
|
232 |
||
363
48596576f932
update to 9.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
355
diff
changeset
|
233 |
------------------------------------------------------------------- |
48596576f932
update to 9.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
355
diff
changeset
|
234 |
Sun Dec 18 09:28:02 UTC 2011 - wr@rosenauer.org |
48596576f932
update to 9.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
355
diff
changeset
|
235 |
|
48596576f932
update to 9.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
355
diff
changeset
|
236 |
- update to release 9.0 (bnc#737533) |
364
0f5c150b9dcd
merge changes from mozilla:Factory including full changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
363
diff
changeset
|
237 |
* MFSA 2011-53/CVE-2011-3660 |
0f5c150b9dcd
merge changes from mozilla:Factory including full changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
363
diff
changeset
|
238 |
Miscellaneous memory safety hazards (rv:9.0) |
0f5c150b9dcd
merge changes from mozilla:Factory including full changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
363
diff
changeset
|
239 |
* MFSA 2011-54/CVE-2011-3661 (bmo#691299) |
0f5c150b9dcd
merge changes from mozilla:Factory including full changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
363
diff
changeset
|
240 |
Potentially exploitable crash in the YARR regular expression |
0f5c150b9dcd
merge changes from mozilla:Factory including full changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
363
diff
changeset
|
241 |
library |
0f5c150b9dcd
merge changes from mozilla:Factory including full changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
363
diff
changeset
|
242 |
* MFSA 2011-55/CVE-2011-3658 (bmo#708186) |
0f5c150b9dcd
merge changes from mozilla:Factory including full changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
363
diff
changeset
|
243 |
nsSVGValue out-of-bounds access |
0f5c150b9dcd
merge changes from mozilla:Factory including full changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
363
diff
changeset
|
244 |
* MFSA 2011-56/CVE-2011-3663 (bmo#704482) |
0f5c150b9dcd
merge changes from mozilla:Factory including full changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
363
diff
changeset
|
245 |
Key detection without JavaScript via SVG animation |
0f5c150b9dcd
merge changes from mozilla:Factory including full changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
363
diff
changeset
|
246 |
* MFSA 2011-58/VE-2011-3665 (bmo#701259) |
0f5c150b9dcd
merge changes from mozilla:Factory including full changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
363
diff
changeset
|
247 |
Crash scaling <video> to extreme sizes |
363
48596576f932
update to 9.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
355
diff
changeset
|
248 |
|
355 | 249 |
------------------------------------------------------------------- |
250 |
Sat Nov 12 15:20:49 UTC 2011 - wr@rosenauer.org |
|
251 |
||
252 |
- fix ppc64 build |
|
253 |
||
350
9d46eaac2549
update to Firefox 8 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
337
diff
changeset
|
254 |
------------------------------------------------------------------- |
9d46eaac2549
update to Firefox 8 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
337
diff
changeset
|
255 |
Sun Nov 6 08:23:04 UTC 2011 - wr@rosenauer.org |
9d46eaac2549
update to Firefox 8 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
337
diff
changeset
|
256 |
|
9d46eaac2549
update to Firefox 8 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
337
diff
changeset
|
257 |
- update to release 8.0 (bnc#728520) |
354 | 258 |
* MFSA 2011-47/CVE-2011-3648 (bmo#690225) |
259 |
Potential XSS against sites using Shift-JIS |
|
260 |
* MFSA 2011-48/CVE-2011-3651/CVE-2011-3652/CVE-2011-3654 |
|
261 |
Miscellaneous memory safety hazards |
|
262 |
* MFSA 2011-49/CVE-2011-3650 (bmo#674776) |
|
263 |
Memory corruption while profiling using Firebug |
|
264 |
* MFSA 2011-52/CVE-2011-3655 (bmo#672182) |
|
265 |
Code execution via NoWaiverWrapper |
|
350
9d46eaac2549
update to Firefox 8 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
337
diff
changeset
|
266 |
- rebased patches |
9d46eaac2549
update to Firefox 8 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
337
diff
changeset
|
267 |
|
337 | 268 |
------------------------------------------------------------------- |
269 |
Fri Sep 30 10:59:54 UTC 2011 - wr@rosenauer.org |
|
270 |
||
271 |
- update to minor release 7.0.1 |
|
272 |
* fixed staged addon updates |
|
273 |
||
334 | 274 |
------------------------------------------------------------------- |
275 |
Fri Sep 23 11:36:04 UTC 2011 - wr@rosenauer.org |
|
276 |
||
277 |
- update to version 7.0 (bnc#720264) |
|
337 | 278 |
* MFSA 2011-36/CVE-2011-2995/CVE-2011-2996/CVE-2011-2997 |
279 |
Miscellaneous memory safety hazards |
|
280 |
* MFSA 2011-39/CVE-2011-3000 (bmo#655389) |
|
281 |
Defense against multiple Location headers due to CRLF Injection |
|
282 |
* MFSA 2011-40/CVE-2011-2372/CVE-2011-3001 |
|
283 |
Code installation through holding down Enter |
|
284 |
* MFSA 2011-41/CVE-2011-3002/CVE-2011-3003 (bmo#680840, bmo#682335) |
|
285 |
Potentially exploitable WebGL crashes |
|
286 |
* MFSA 2011-42/CVE-2011-3232 (bmo#653672) |
|
287 |
Potentially exploitable crash in the YARR regular expression |
|
288 |
library |
|
289 |
* MFSA 2011-43/CVE-2011-3004 (bmo#653926) |
|
290 |
loadSubScript unwraps XPCNativeWrapper scope parameter |
|
291 |
* MFSA 2011-44/CVE-2011-3005 (bmo#675747) |
|
292 |
Use after free reading OGG headers |
|
293 |
* MFSA 2011-45 |
|
294 |
Inferring keystrokes from motion data |
|
295 |
- removed obsolete mozilla-cairo-lcd.patch |
|
296 |
- rebased patches |
|
334 | 297 |
|
298 |
------------------------------------------------------------------- |
|
299 |
Tue Sep 20 11:54:28 UTC 2011 - wr@rosenauer.org |
|
300 |
||
301 |
- install xpt.py into SDK (mozilla-639554.patch) (bnc#639554) |
|
302 |
||
325
f5966ab369fb
manual forward merge xulrunner from firefox6 branch
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
diff
changeset
|
303 |
------------------------------------------------------------------- |
f5966ab369fb
manual forward merge xulrunner from firefox6 branch
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
diff
changeset
|
304 |
Wed Sep 14 13:07:39 UTC 2011 - wr@rosenauer.org |
f5966ab369fb
manual forward merge xulrunner from firefox6 branch
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
diff
changeset
|
305 |
|
f5966ab369fb
manual forward merge xulrunner from firefox6 branch
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
diff
changeset
|
306 |
- initial xulrunner package |
f5966ab369fb
manual forward merge xulrunner from firefox6 branch
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
diff
changeset
|
307 |