1 ------------------------------------------------------------------- |
1 ------------------------------------------------------------------- |
2 Fri Jul 31 17:10:11 UTC 2015 - wr@rosenauer.org |
2 Fri Aug 7 07:49:49 UTC 2015 - wr@rosenauer.org |
3 |
3 |
4 - update to Firefox 40.0b9 |
4 - update to Firefox 40.0 (bnc#940806) |
|
5 * Added protection against unwanted software downloads |
|
6 * Suggested Tiles show sites of interest, based on categories |
|
7 from your recent browsing history |
|
8 * Hello allows adding a link to conversations to provide context |
|
9 on what the conversation will be about |
|
10 * New style for add-on manager based on the in-content |
|
11 preferences style |
|
12 * Improved scrolling, graphics, and video playback performance |
|
13 with off main thread compositing (GNU/Linux only) |
|
14 * Graphic blocklist mechanism improved: Firefox version ranges |
|
15 can be specified, limiting the number of devices blocked |
|
16 security fixes: |
|
17 * MFSA 2015-79/CVE-2015-4473/CVE-2015-4474 |
|
18 Miscellaneous memory safety hazards |
|
19 * MFSA 2015-80/CVE-2015-4475 (bmo#1175396) |
|
20 Out-of-bounds read with malformed MP3 file |
|
21 * MFSA 2015-81/CVE-2015-4477 (bmo#1179484) |
|
22 Use-after-free in MediaStream playback |
|
23 * MFSA 2015-82/CVE-2015-4478 (bmo#1105914) |
|
24 Redefinition of non-configurable JavaScript object properties |
|
25 * MFSA 2015-83/CVE-2015-4479/CVE-2015-4480/CVE-2015-4493 |
|
26 Overflow issues in libstagefright |
|
27 * MFSA 2015-84/CVE-2015-4481 (bmo1171518) |
|
28 Arbitrary file overwriting through Mozilla Maintenance Service |
|
29 with hard links (only affected Windows) |
|
30 * MFSA 2015-85/CVE-2015-4482 (bmo#1184500) |
|
31 Out-of-bounds write with Updater and malicious MAR file |
|
32 (does not affect openSUSE RPM packages which do not ship the |
|
33 updater) |
|
34 * MFSA 2015-86/CVE-2015-4483 (bmo#1148732) |
|
35 Feed protocol with POST bypasses mixed content protections |
|
36 * MFSA 2015-87/CVE-2015-4484 (bmo#1171540) |
|
37 Crash when using shared memory in JavaScript |
|
38 * MFSA 2015-88/CVE-2015-4491 (bmo#1184009) |
|
39 Heap overflow in gdk-pixbuf when scaling bitmap images |
|
40 * MFSA 2015-89/CVE-2015-4485/CVE-2015-4486 (bmo#1177948, bmo#1178148) |
|
41 Buffer overflows on Libvpx when decoding WebM video |
|
42 * MFSA 2015-90/CVE-2015-4487/CVE-2015-4488/CVE-2015-4489 |
|
43 Vulnerabilities found through code inspection |
|
44 * MFSA 2015-91/CVE-2015-4490 (bmo#1086999) |
|
45 Mozilla Content Security Policy allows for asterisk wildcards |
|
46 in violation of CSP specification |
|
47 * MFSA 2015-92/CVE-2015-4492 (bmo#1185820) |
|
48 Use-after-free in XMLHttpRequest with shared workers |
5 - added mozilla-no-stdcxx-check.patch |
49 - added mozilla-no-stdcxx-check.patch |
6 - removed obsolete patches |
50 - removed obsolete patches |
7 * mozilla-add-glibcxx_use_cxx11_abi.patch |
51 * mozilla-add-glibcxx_use_cxx11_abi.patch |
8 * firefox-multilocale-chrome.patch |
52 * firefox-multilocale-chrome.patch |
9 - rebased patches |
53 - rebased patches |