|
1 ------------------------------------------------------------------- |
|
2 Wed Sep 4 15:38:40 UTC 2019 - Wolfgang Rosenauer <wr@rosenauer.org> |
|
3 |
|
4 - added a bunch of patches mainly for big endian platforms |
|
5 * mozilla-bmo1504834-part1.patch |
|
6 * mozilla-bmo1504834-part2.patch |
|
7 * mozilla-bmo1504834-part3.patch |
|
8 * mozilla-bmo1511604.patch |
|
9 * mozilla-bmo1554971.patch |
|
10 * mozilla-bmo1573381.patch |
|
11 * mozilla-nestegg-big-endian.patch |
|
12 |
1 ------------------------------------------------------------------- |
13 ------------------------------------------------------------------- |
2 Fri Aug 30 20:49:11 UTC 2019 - Wolfgang Rosenauer <wr@rosenauer.org> |
14 Fri Aug 30 20:49:11 UTC 2019 - Wolfgang Rosenauer <wr@rosenauer.org> |
3 |
15 |
4 - Mozilla Firefox 68.1.0 |
16 - Mozilla Firefox 68.1.0 |
|
17 MFSA 2019-26 |
|
18 * CVE-2019-11751 (bmo#1572838; Windows only) |
|
19 Malicious code execution through command line parameters |
|
20 * CVE-2019-11746 (bmo#1564449) |
|
21 Use-after-free while manipulating video |
|
22 * CVE-2019-11744 (bmo#1562033) |
|
23 XSS by breaking out of title and textarea elements using innerHTML |
|
24 * CVE-2019-11742 (bmo#1559715) |
|
25 Same-origin policy violation with SVG filters and canvas to steal |
|
26 cross-origin images |
|
27 * CVE-2019-11736 (bmo#1551913, bmo#1552206; Windows only)) |
|
28 File manipulation and privilege escalation in Mozilla Maintenance Service |
|
29 * CVE-2019-11753 (bmo#1574980; Windows only) |
|
30 Privilege escalation with Mozilla Maintenance Service in custom |
|
31 Firefox installation location |
|
32 * CVE-2019-11752 (bmo#1501152) |
|
33 Use-after-free while extracting a key value in IndexedDB |
|
34 * CVE-2019-9812 (bmo#1538008, bmo#1538015) |
|
35 Sandbox escape through Firefox Sync |
|
36 * CVE-2019-11743 (bmo#1560495) |
|
37 Cross-origin access to unload event attributes |
|
38 * CVE-2019-11748 (bmo#1564588) |
|
39 Persistence of WebRTC permissions in a third party context |
|
40 * CVE-2019-11749 (bmo#1565374) |
|
41 Camera information available without prompting using getUserMedia |
|
42 * CVE-2019-11750 (bmo#1568397) |
|
43 Type confusion in Spidermonkey |
|
44 * CVE-2019-11738 (bmo#1452037) |
|
45 Content security policy bypass through hash-based sources in directives |
|
46 * CVE-2019-11747 (bmo#1564481) |
|
47 'Forget about this site' removes sites from pre-loaded HSTS list |
|
48 * CVE-2019-11735i (bmo#1561404,bmo#1561484,bmo#1568047,bmo#1561912, |
|
49 bmo#1565744,bmo#1568858,bmo#1570358) |
|
50 Memory safety bugs fixed in Firefox 69 and Firefox ESR 68.1 |
|
51 * CVE-2019-11740 (bmo#1563133,bmo#1573160) |
|
52 Memory safety bugs fixed in Firefox 69, Firefox ESR 68.1, and Firefox ESR 60.9 |
|
53 - switched package to ESR branch |
5 - added mozilla-bmo1568145.patch to make builds reproducible |
54 - added mozilla-bmo1568145.patch to make builds reproducible |
6 - removed upstreamed patch mozilla-gcc-internal-compiler-error.patch |
55 - removed upstreamed patch mozilla-gcc-internal-compiler-error.patch |
7 |
56 |
8 ------------------------------------------------------------------- |
57 ------------------------------------------------------------------- |
9 Sun Aug 18 17:29:25 UTC 2019 - Andreas Stieger <andreas.stieger@gmx.de> |
58 Sun Aug 18 17:29:25 UTC 2019 - Andreas Stieger <andreas.stieger@gmx.de> |