Mercurial Mercurial > hg > mozilla / comparison
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
xulrunner/xulrunner.changes
branchfirefox24
changeset 670 0b1f7ee785d3
parent 595 31f273919032
child 678 d0329e10d68c
child 796 c9d29e45a974
child 876 e893bdc9bf06
child 879 3b986c9dbc5f
equal deleted inserted replaced
669:4b65b5cfd428 670:0b1f7ee785d3 
       
     1 -------------------------------------------------------------------
 
       
     2 Wed Sep 18 14:39:34 UTC 2013 - wr@rosenauer.org
 
       
     3 
       
     4 - update to 24.0 (bnc#840485)
 
       
     5   * MFSA 2013-76/CVE-2013-1718/CVE-2013-1719
 
       
     6     Miscellaneous memory safety hazards
 
       
     7   * MFSA 2013-77/CVE-2013-1720 (bmo#888820)
 
       
     8     Improper state in HTML5 Tree Builder with templates
 
       
     9   * MFSA 2013-78/CVE-2013-1721 (bmo#890277)
 
       
    10     Integer overflow in ANGLE library
 
       
    11   * MFSA 2013-79/CVE-2013-1722 (bmo#893308)
 
       
    12     Use-after-free in Animation Manager during stylesheet cloning
 
       
    13   * MFSA 2013-80/CVE-2013-1723 (bmo#891292)
 
       
    14     NativeKey continues handling key messages after widget is destroyed
 
       
    15   * MFSA 2013-81/CVE-2013-1724 (bmo#894137)
 
       
    16     Use-after-free with select element
 
       
    17   * MFSA 2013-82/CVE-2013-1725 (bmo#876762)
 
       
    18     Calling scope for new Javascript objects can lead to memory corruption
 
       
    19   * MFSA 2013-85/CVE-2013-1728 (bmo#883686)
 
       
    20     Uninitialized data in IonMonkey
 
       
    21   * MFSA 2013-88/CVE-2013-1730 (bmo#851353)
 
       
    22     Compartment mismatch re-attaching XBL-backed nodes
 
       
    23   * MFSA 2013-89/CVE-2013-1732 (bmo#883514)
 
       
    24     Buffer overflow with multi-column, lists, and floats
 
       
    25   * MFSA 2013-90/CVE-2013-1735/CVE-2013-1736 (bmo#898871, bmo#906301)
 
       
    26     Memory corruption involving scrolling
 
       
    27   * MFSA 2013-91/CVE-2013-1737 (bmo#907727)
 
       
    28     User-defined properties on DOM proxies get the wrong "this" object
 
       
    29   * MFSA 2013-92/CVE-2013-1738 (bmo#887334, bmo#882897)
 
       
    30     GC hazard with default compartments and frame chain restoration
 
       
    31 - require NSPR 4.10 and NSS 3.15.1
 
       
    32 
       
    33 -------------------------------------------------------------------
 
       
    34 Fri Aug  2 10:56:43 UTC 2013 - wr@rosenauer.org
 
       
    35 
       
    36 - update to 17.0.8esr (bnc#833389)
 
       
    37   * MFSA 2013-63/CVE-2013-1701
 
       
    38     Miscellaneous memory safety hazards
 
       
    39   * MFSA 2013-68/CVE-2013-1709 (bmo#838253)
 
       
    40     Document URI misrepresentation and masquerading
 
       
    41   * MFSA 2013-69/CVE-2013-1710 (bmo#871368)
 
       
    42     CRMF requests allow for code execution and XSS attacks
 
       
    43   * MFSA 2013-72/CVE-2013-1713 (bmo#887098)
 
       
    44     Wrong principal used for validating URI for some Javascript
 
       
    45     components
 
       
    46   * MFSA 2013-73/CVE-2013-1714 (bmo#879787)
 
       
    47     Same-origin bypass with web workers and XMLHttpRequest
 
       
    48   * MFSA 2013-75/CVE-2013-1717 (bmo#406541, bmo#738397)
 
       
    49     Local Java applets may read contents of local file system
 
       
    50 
       
    51 -------------------------------------------------------------------
 
       
    52 Mon Jun 24 15:26:27 UTC 2013 - wr@rosenauer.org
 
       
    53 
       
    54 - update to 17.0.7esr (bnc#825935)
 
       
    55   * MFSA 2013-49/CVE-2013-1682
 
       
    56     Miscellaneous memory safety hazards
 
       
    57   * MFSA 2013-50/CVE-2013-1684/CVE-2013-1685/CVE-2013-1686
 
       
    58     Memory corruption found using Address Sanitizer
 
       
    59   * MFSA 2013-51/CVE-2013-1687 (bmo#863933, bmo#866823)
 
       
    60     Privileged content access and execution via XBL
 
       
    61   * MFSA 2013-53/CVE-2013-1690 (bmo#857883)
 
       
    62     Execution of unmapped memory through onreadystatechange event
 
       
    63   * MFSA 2013-54/CVE-2013-1692 (bmo#866915)
 
       
    64     Data in the body of XHR HEAD requests leads to CSRF attacks
 
       
    65   * MFSA 2013-55/CVE-2013-1693 (bmo#711043)
 
       
    66     SVG filters can lead to information disclosure
 
       
    67   * MFSA 2013-56/CVE-2013-1694 (bmo#848535)
 
       
    68     PreserveWrapper has inconsistent behavior
 
       
    69   * MFSA 2013-59/CVE-2013-1697 (bmo#858101)
 
       
    70     XrayWrappers can be bypassed to run user defined methods in a
 
       
    71     privileged context
 
       
    72 
       
    73 -------------------------------------------------------------------
 
       
    74 Tue Jun  4 16:24:51 UTC 2013 - dvaleev@suse.com
 
       
    75 
       
    76 - Fix build on powerpc (ppc-xpcshell.patch)
 
       
    77 
       
    78 -------------------------------------------------------------------
 
       
    79 Fri May 10 17:27:23 UTC 2013 - wr@rosenauer.org
 
       
    80 
       
    81 - update to 17.0.6esr (bnc#819204)
 
       
    82   * MFSA 2013-41/CVE-2013-0801/CVE-2013-1669
 
       
    83     Miscellaneous memory safety hazards
 
       
    84   * MFSA 2013-42/CVE-2013-1670 (bmo#853709)
 
       
    85     Privileged access for content level constructor
 
       
    86   * MFSA 2013-46/CVE-2013-1674 (bmo#860971)
 
       
    87     Use-after-free with video and onresize event
 
       
    88   * MFSA 2013-47/CVE-2013-1675 (bmo#866825)
 
       
    89     Uninitialized functions in DOMSVGZoomEvent
 
       
    90   * MFSA 2013-48/CVE-2013-1676/CVE-2013-1677/CVE-2013-1678/
 
       
    91     CVE-2013-1679/CVE-2013-1680/CVE-2013-1681
 
       
    92     Memory corruption found using Address Sanitizer
 
       
    93 
       
    94 -------------------------------------------------------------------
 
       
    95 Fri Mar 29 16:27:59 UTC 2013 - wr@rosenauer.org
 
       
    96 
       
    97 - update to 17.0.5esr (bnc#813026)
 
       
    98   * requires NSPR 4.9.5 and NSS 3.14.3
 
       
    99   * MFSA 2013-30/CVE-2013-0788
 
       
   100     Miscellaneous memory safety hazards
 
       
   101   * MFSA 2013-31/CVE-2013-0800 (bmo#825721)
 
       
   102     Out-of-bounds write in Cairo library
 
       
   103   * MFSA 2013-35/CVE-2013-0796 (bmo#827106)
 
       
   104     WebGL crash with Mesa graphics driver on Linux
 
       
   105   * MFSA 2013-36/CVE-2013-0795 (bmo#825697)
 
       
   106     Bypass of SOW protections allows cloning of protected nodes
 
       
   107   * MFSA 2013-37/CVE-2013-0794 (bmo#626775)
 
       
   108     Bypass of tab-modal dialog origin disclosure
 
       
   109   * MFSA 2013-38/CVE-2013-0793 (bmo#803870)
 
       
   110     Cross-site scripting (XSS) using timed history navigations
 
       
   111 
       
   112 -------------------------------------------------------------------
 
       
   113 Fri Mar  8 09:00:09 UTC 2013 - wr@rosenauer.org
 
       
   114 
       
   115 - update to 17.0.4esr (bnc#808243)
 
       
   116   * MFSA 2013-29/CVE-2013-0787 (bmo#848644)
 
       
   117     Use-after-free in HTML Editor
 
       
   118 
       
   119 -------------------------------------------------------------------
 
       
   120 Sat Feb 16 17:38:21 UTC 2013 - wr@rosenauer.org
 
       
   121 
       
   122 - update to 17.0.3esr (bnc#804248)
 
       
   123   * MFSA 2013-21/CVE-2013-0783
 
       
   124     Miscellaneous memory safety hazards
 
       
   125   * MFSA 2013-24/CVE-2013-0773 (bmo#809652)
 
       
   126     Web content bypass of COW and SOW security wrappers
 
       
   127   * MFSA 2013-25/CVE-2013-0774 (bmo#827193)
 
       
   128     Privacy leak in JavaScript Workers
 
       
   129   * MFSA 2013-26/CVE-2013-0775 (bmo#831095)
 
       
   130     Use-after-free in nsImageLoadingContent
 
       
   131   * MFSA 2013-27/CVE-2013-0776 (bmo#796475)
 
       
   132     Phishing on HTTPS connection through malicious proxy
 
       
   133   * MFSA 2013-28/CVE-2013-0780/CVE-2013-0782
 
       
   134     Use-after-free, out of bounds read, and buffer overflow issues
 
       
   135     found using Address Sanitizer
 
       
   136 
       
   137 -------------------------------------------------------------------
 
       
   138 Sat Jan  5 14:46:06 UTC 2013 - wr@rosenauer.org
 
       
   139 
       
   140 - update to 17.0.2esr (bnc#796895)
 
       
   141   * MFSA 2013-01/CVE-2013-0749/CVE-2013-0769/CVE-2013-0770
 
       
   142     Miscellaneous memory safety hazards
 
       
   143   * MFSA 2013-02/CVE-2013-0760/CVE-2013-0762/CVE-2013-0766/CVE-2013-0767
 
       
   144     CVE-2013-0761/CVE-2013-0763/CVE-2013-0771/CVE-2012-5829
 
       
   145     Use-after-free and buffer overflow issues found using Address Sanitizer
 
       
   146   * MFSA 2013-03/CVE-2013-0768 (bmo#815795)
 
       
   147     Buffer Overflow in Canvas
 
       
   148   * MFSA 2013-04/CVE-2012-0759 (bmo#802026)
 
       
   149     URL spoofing in addressbar during page loads
 
       
   150   * MFSA 2013-05/CVE-2013-0744 (bmo#814713)
 
       
   151     Use-after-free when displaying table with many columns and column groups
 
       
   152   * MFSA 2013-07/CVE-2013-0764 (bmo#804237)
 
       
   153     Crash due to handling of SSL on threads
 
       
   154   * MFSA 2013-08/CVE-2013-0745 (bmo#794158)
 
       
   155     AutoWrapperChanger fails to keep objects alive during garbage collection
 
       
   156   * MFSA 2013-09/CVE-2013-0746 (bmo#816842)
 
       
   157     Compartment mismatch with quickstubs returned values
 
       
   158   * MFSA 2013-10/CVE-2013-0747 (bmo#733305)
 
       
   159     Event manipulation in plugin handler to bypass same-origin policy
 
       
   160   * MFSA 2013-11/CVE-2013-0748 (bmo#806031)
 
       
   161     Address space layout leaked in XBL objects
 
       
   162   * MFSA 2013-12/CVE-2013-0750 (bmo#805121)
 
       
   163     Buffer overflow in Javascript string concatenation
 
       
   164   * MFSA 2013-13/CVE-2013-0752 (bmo#805024)
 
       
   165     Memory corruption in XBL with XML bindings containing SVG
 
       
   166   * MFSA 2013-14/CVE-2013-0757 (bmo#813901)
 
       
   167     Chrome Object Wrapper (COW) bypass through changing prototype
 
       
   168   * MFSA 2013-15/CVE-2013-0758 (bmo#813906)
 
       
   169     Privilege escalation through plugin objects
 
       
   170   * MFSA 2013-16/CVE-2013-0753 (bmo#814001)
 
       
   171     Use-after-free in serializeToStream
 
       
   172   * MFSA 2013-17/CVE-2013-0754 (bmo#814026)
 
       
   173     Use-after-free in ListenerManager
 
       
   174   * MFSA 2013-18/CVE-2013-0755 (bmo#814027)
 
       
   175     Use-after-free in Vibrate
 
       
   176   * MFSA 2013-19/CVE-2013-0756 (bmo#814029)
 
       
   177     Use-after-free in Javascript Proxy objects
 
       
   178 - requires NSS 3.14.1 (MFSA 2013-20, CVE-2013-0743)
 
       
   179 - build on SLE11
 
       
   180   * mozilla-gcc43-enums.patch
 
       
   181   * mozilla-gcc43-template_hacks.patch
 
       
   182   * mozilla-gcc43-templates_instantiation.patch
 
       
   183 
     1 -------------------------------------------------------------------
 
   184 -------------------------------------------------------------------
 
     2 Thu Nov 29 20:04:34 UTC 2012 - wr@rosenauer.org
 
   185 Thu Nov 29 20:04:34 UTC 2012 - wr@rosenauer.org
 
     3 
   186 
     4 - update to 17.0.1
 
   187 - update to 17.0.1
 
     5   * regression/compatibility fixes
 
   188   * regression/compatibility fixes
mozilla