1 ------------------------------------------------------------------- |
1 ------------------------------------------------------------------- |
2 Sun Sep 13 21:13:35 UTC 2015 - wr@rosenauer.org |
2 Sat Sep 19 20:23:29 UTC 2015 - wr@rosenauer.org |
3 |
3 |
4 - update to Firefox 41.0b9 |
4 - update to Firefox 41.0 (bnc#947003) |
|
5 * MFSA 2015-96/CVE-2015-4500/CVE-2015-4501 |
|
6 Miscellaneous memory safety hazards |
|
7 * MFSA 2015-97/CVE-2015-4503 (bmo#994337) |
|
8 Memory leak in mozTCPSocket to servers |
|
9 * MFSA 2015-98/CVE-2015-4504 (bmo#1132467) |
|
10 Out of bounds read in QCMS library with ICC V4 profile attributes |
|
11 * MFSA 2015-99/CVE-2015-4476 (bmo#1162372) (Android only) |
|
12 Site attribute spoofing on Android by pasting URL with unknown scheme |
|
13 * MFSA 2015-100/CVE-2015-4505 (bmo#1177861) (Windows only) |
|
14 Arbitrary file manipulation by local user through Mozilla updater |
|
15 * MFSA 2015-101/CVE-2015-4506 (bmo#1192226) |
|
16 Buffer overflow in libvpx while parsing vp9 format video |
|
17 * MFSA 2015-102/CVE-2015-4507 (bmo#1192401) |
|
18 Crash when using debugger with SavedStacks in JavaScript |
|
19 * MFSA 2015-103/CVE-2015-4508 (bmo#1195976) |
|
20 URL spoofing in reader mode |
|
21 * MFSA 2015-104/CVE-2015-4510 (bmo#1200004) |
|
22 Use-after-free with shared workers and IndexedDB |
|
23 * MFSA 2015-105/CVE-2015-4511 (bmo#1200148) |
|
24 Buffer overflow while decoding WebM video |
|
25 * MFSA 2015-106/CVE-2015-4509 (bmo#1198435) |
|
26 Use-after-free while manipulating HTML media content |
|
27 * MFSA 2015-107/CVE-2015-4512 (bmo#1170390) |
|
28 Out-of-bounds read during 2D canvas display on Linux 16-bit |
|
29 color depth systems |
|
30 * MFSA 2015-108/CVE-2015-4502 (bmo#1105045) |
|
31 Scripted proxies can access inner window |
|
32 * MFSA 2015-109/CVE-2015-4516 (bmo#904886) |
|
33 JavaScript immutable property enforcement can be bypassed |
|
34 * MFSA 2015-110/CVE-2015-4519 (bmo#1189814) |
|
35 Dragging and dropping images exposes final URL after redirects |
|
36 * MFSA 2015-111/CVE-2015-4520 (bmo#1200856, bmo#1200869) |
|
37 Errors in the handling of CORS preflight request headers |
|
38 * MFSA 2015-112/CVE-2015-4517/CVE-2015-4521/CVE-2015-4522/ |
|
39 CVE-2015-7174/CVE-2015-7175/CVE-2015-7176/CVE-2015-7177/ |
|
40 CVE-2015-7180 |
|
41 Vulnerabilities found through code inspection |
|
42 * MFSA 2015-113/CVE-2015-7178/CVE-2015-7179 (bmo#1189860, |
|
43 bmo#1190526) (Windows only) |
|
44 Memory safety errors in libGLES in the ANGLE graphics library |
|
45 * MFSA 2015-114 (bmo#1167498, bmo#1153672) (Windows only) |
|
46 Information disclosure via the High Resolution Time API |
5 - rebased patches |
47 - rebased patches |
6 - removed obsolete patches |
48 - removed obsolete patches |
7 * mozilla-arm64-libjpeg-turbo.patch |
49 * mozilla-arm64-libjpeg-turbo.patch |
|
50 |
|
51 ------------------------------------------------------------------ |
|
52 Thu Aug 27 06:03:51 UTC 2015 - wr@rosenauer.org |
|
53 |
|
54 - update to Firefox 40.0.3 (bnc#943550) |
|
55 * Disable the asynchronous plugin initialization (bmo#1198590) |
|
56 * Fix a segmentation fault in the GStreamer support (bmo#1145230) |
|
57 * Fix a regression with some Japanese fonts used in the <input> |
|
58 field (bmo#1194055) |
|
59 * On some sites, the selection in a select combox box using the |
|
60 mouse could be broken (bmo#1194733) |
|
61 security fixes |
|
62 * MFSA 2015-94/CVE-2015-4497 (bmo#1164766, bmo#1175278) |
|
63 Use-after-free when resizing canvas element during restyling |
|
64 * MFSA 2015-95/CVE-2015-4498 (bmo#1042699) |
|
65 Add-on notification bypass through data URLs |
8 |
66 |
9 ------------------------------------------------------------------- |
67 ------------------------------------------------------------------- |
10 Fri Aug 7 07:49:49 UTC 2015 - wr@rosenauer.org |
68 Fri Aug 7 07:49:49 UTC 2015 - wr@rosenauer.org |
11 |
69 |
12 - update to Firefox 40.0 (bnc#940806) |
70 - update to Firefox 40.0 (bnc#940806) |