1 ------------------------------------------------------------------- |
1 ------------------------------------------------------------------- |
2 Tue Jun 23 06:12:45 UTC 2015 - wr@rosenauer.org |
2 Wed Jul 1 06:43:02 UTC 2015 - wr@rosenauer.org |
3 |
3 |
4 - update to Firefox 39.0 |
4 - update to Firefox 39.0 (bnc#935979) |
5 * Share Hello URLs with social networks |
5 * Share Hello URLs with social networks |
6 * Support for 'switch' role in ARIA 1.1 (web accessibility) |
6 * Support for 'switch' role in ARIA 1.1 (web accessibility) |
7 * SafeBrowsing malware detection lookups enabled for downloads |
7 * SafeBrowsing malware detection lookups enabled for downloads |
8 (Mac OS X and Linux) |
8 (Mac OS X and Linux) |
9 * Support for new Unicode 8.0 skin tone emoji |
9 * Support for new Unicode 8.0 skin tone emoji |
10 * Removed support for insecure SSLv3 for network communications |
10 * Removed support for insecure SSLv3 for network communications |
11 * Disable use of RC4 except for temporarily whitelisted hosts |
11 * Disable use of RC4 except for temporarily whitelisted hosts |
12 * NPAPI Plug-in performance improved via asynchronous initialization |
12 * NPAPI Plug-in performance improved via asynchronous initialization |
|
13 security fixes: |
|
14 * MFSA 2015-59/CVE-2015-2724/CVE-2015-2725/CVE-2015-2726 |
|
15 Miscellaneous memory safety hazards |
|
16 * MFSA 2015-60/CVE-2015-2727 (bmo#1163422) |
|
17 Local files or privileged URLs in pages can be opened into new tabs |
|
18 * MFSA 2015-61/CVE-2015-2728 (bmo#1142210) |
|
19 Type confusion in Indexed Database Manager |
|
20 * MFSA 2015-62/CVE-2015-2729 (bmo#1122218) |
|
21 Out-of-bound read while computing an oscillator rendering range in Web Audio |
|
22 * MFSA 2015-63/CVE-2015-2731 (bmo#1149891) |
|
23 Use-after-free in Content Policy due to microtask execution error |
|
24 * MFSA 2015-64/CVE-2015-2730 (bmo#1125025) |
|
25 ECDSA signature validation fails to handle some signatures correctly |
|
26 (this fix is shipped by NSS 3.19.1 externally) |
|
27 * MFSA 2015-65/CVE-2015-2722/CVE-2015-2733 (bmo#1166924, bmo#1169867) |
|
28 Use-after-free in workers while using XMLHttpRequest |
|
29 * MFSA 2015-66/CVE-2015-2734/CVE-2015-2735/CVE-2015-2736/CVE-2015-2737 |
|
30 CVE-2015-2738/CVE-2015-2739/CVE-2015-2740 |
|
31 Vulnerabilities found through code inspection |
|
32 * MFSA 2015-67/CVE-2015-2741 (bmo#1147497) |
|
33 Key pinning is ignored when overridable errors are encountered |
|
34 * MFSA 2015-68/CVE-2015-2742 (bmo#1138669) |
|
35 OS X crash reports may contain entered key press information |
|
36 (not relevant under Linux) |
|
37 * MFSA 2015-69/CVE-2015-2743 (bmo#1163109) |
|
38 Privilege escalation in PDF.js |
|
39 * MFSA 2015-70/CVE-2015-4000 (bmo#1138554) |
|
40 NSS accepts export-length DHE keys with regular DHE cipher suites |
|
41 (this fix is shipped by NSS 3.19.1 externally) |
|
42 * MFSA 2015-71/CVE-2015-2721 (bmo#1086145) |
|
43 NSS incorrectly permits skipping of ServerKeyExchange |
|
44 (this fix is shipped by NSS 3.19.1 externally) |
13 - dropped mozilla-prefer_plugin_pref.patch as this feature is |
45 - dropped mozilla-prefer_plugin_pref.patch as this feature is |
14 likely not worth maintaining further |
46 likely not worth maintaining further |
15 - rebased patches |
47 - rebased patches |
16 - require NSS 3.19.2 |
48 - require NSS 3.19.2 |
17 |
49 |