|
1 ------------------------------------------------------------------- |
|
2 Thu Mar 9 12:30:14 UTC 2017 - wr@rosenauer.org |
|
3 |
|
4 - reenable ALSA support which was removed by default upstream |
|
5 |
1 ------------------------------------------------------------------- |
6 ------------------------------------------------------------------- |
2 Sat Mar 4 16:57:45 UTC 2017 - wr@rosenauer.org |
7 Sat Mar 4 16:57:45 UTC 2017 - wr@rosenauer.org |
3 |
8 |
4 - update to Firefox 52.0 |
9 - update to Firefox 52.0 (boo#1028391) |
5 * requires NSS >= 3.28.3 |
10 * requires NSS >= 3.28.3 |
6 * Pages containing insecure password fields now display a warning |
11 * Pages containing insecure password fields now display a warning |
7 directly within username and password fields. |
12 directly within username and password fields. |
8 * Windows 8 touch screen support for multiprocess Firefox |
|
9 * Send and open a tab from one device to another with Sync |
13 * Send and open a tab from one device to another with Sync |
10 * Removed NPAPI support for plugins other than Flash. Silverlight, |
14 * Removed NPAPI support for plugins other than Flash. Silverlight, |
11 Java, Acrobat and the like are no longer supported. |
15 Java, Acrobat and the like are no longer supported. |
12 * Removed Battery Status API to reduce fingerprinting of users by |
16 * Removed Battery Status API to reduce fingerprinting of users by |
13 trackers |
17 trackers |
|
18 * MFSA 2017-05 |
|
19 CVE-2017-5400: asm.js JIT-spray bypass of ASLR and DEP |
|
20 (bmo#1334933) |
|
21 CVE-2017-5401: Memory Corruption when handling ErrorResult |
|
22 (bmo#1328861) |
|
23 CVE-2017-5402: Use-after-free working with events in FontFace |
|
24 objects (bmo#1334876) |
|
25 CVE-2017-5403: Use-after-free using addRange to add range to an |
|
26 incorrect root object (bmo#1340186) |
|
27 CVE-2017-5404: Use-after-free working with ranges in selections |
|
28 (bmo#1340138) |
|
29 CVE-2017-5406: Segmentation fault in Skia with canvas operations |
|
30 (bmo#1306890) |
|
31 CVE-2017-5407: Pixel and history stealing via floating-point |
|
32 timing side channel with SVG filters (bmo#1336622) |
|
33 CVE-2017-5410: Memory corruption during JavaScript garbage |
|
34 collection incremental sweeping (bmo#1330687) |
|
35 CVE-2017-5408: Cross-origin reading of video captions in violation |
|
36 of CORS (bmo#1313711) |
|
37 CVE-2017-5412: Buffer overflow read in SVG filters (bmo#1328323) |
|
38 CVE-2017-5413: Segmentation fault during bidirectional operations |
|
39 (bmo#1337504) |
|
40 CVE-2017-5414: File picker can choose incorrect default directory |
|
41 (bmo#1319370) |
|
42 CVE-2017-5415: Addressbar spoofing through blob URL (bmo#1321719) |
|
43 CVE-2017-5416: Null dereference crash in HttpChannel (bmo#1328121) |
|
44 CVE-2017-5417: Addressbar spoofing by draging and dropping URLs |
|
45 (bmo#791597) |
|
46 CVE-2017-5426: Gecko Media Plugin sandbox is not started if |
|
47 seccomp-bpf filter is running (bmo#1257361) |
|
48 CVE-2017-5427: Non-existent chrome.manifest file loaded during |
|
49 startup (bmo#1295542) |
|
50 CVE-2017-5418: Out of bounds read when parsing HTTP digest |
|
51 authorization responses (bmo#1338876) |
|
52 CVE-2017-5419: Repeated authentication prompts lead to DOS |
|
53 attack (bmo#1312243) |
|
54 CVE-2017-5420: Javascript: URLs can obfuscate addressbar |
|
55 location (bmo#1284395) |
|
56 CVE-2017-5405: FTP response codes can cause use of |
|
57 uninitialized values for ports (bmo#1336699) |
|
58 CVE-2017-5421: Print preview spoofing (bmo#1301876) |
|
59 CVE-2017-5422: DOS attack by using view-source: protocol |
|
60 repeatedly in one hyperlink (bmo#1295002) |
|
61 CVE-2017-5399: Memory safety bugs fixed in Firefox 52 |
|
62 CVE-2017-5398: Memory safety bugs fixed in Firefox 52 and |
|
63 Firefox ESR 45.8 |
14 - removed obsolete patches |
64 - removed obsolete patches |
15 * mozilla-binutils-visibility.patch |
65 * mozilla-binutils-visibility.patch |
16 * mozilla-check_return.patch |
66 * mozilla-check_return.patch |
17 * mozilla-disable-skia-be.patch |
67 * mozilla-disable-skia-be.patch |
18 * mozilla-skia-overflow.patch |
68 * mozilla-skia-overflow.patch |