|
1 ------------------------------------------------------------------- |
|
2 Fri Apr 9 16:53:57 CEST 2010 - wr@rosenauer.org |
|
3 |
|
4 - update to 3.6.4pre (Lorentz) |
|
5 |
|
6 ------------------------------------------------------------------- |
|
7 Thu Apr 1 11:15:38 UTC 2010 - wr@rosenauer.org |
|
8 |
|
9 - security update to 3.6.3 |
|
10 * MFSA 2010-25/CVE-2010-1121 (bmo#555109) |
|
11 Re-use of freed object due to scope confusion |
|
12 |
|
13 ------------------------------------------------------------------- |
|
14 Thu Mar 18 06:43:33 CET 2010 - wr@rosenauer.org |
|
15 |
|
16 - security update to version 3.6.2 (bnc#586567) |
|
17 * MFSA 2010-08/CVE-2010-1028 |
|
18 WOFF heap corruption due to integer overflow |
|
19 * MFSA 2010-09/CVE-2010-0164 (bmo#547143) |
|
20 Deleted frame reuse in multipart/x-mixed-replace image |
|
21 * MFSA 2010-10/CVE-2010-0170 (bmo#541530) |
|
22 XSS via plugins and unprotected Location object |
|
23 * MFSA 2010-11/CVE-2010-0165/CVE-2010-0166/CVE-2010-0167 |
|
24 Crashes with evidence of memory corruption |
|
25 * MFSA 2010-12/CVE-2010-0171 (bmo#531364) |
|
26 XSS using addEventListener and setTimeout on a wrapped object |
|
27 * MFSA 2010-13/CVE-2010-0168 (bmo#540642) |
|
28 Content policy bypass with image preloading |
|
29 * MFSA 2010-14/CVE-2010-0169 (bmo#535806) |
|
30 Browser chrome defacement via cached XUL stylesheets |
|
31 * MFSA 2010-15/CVE-2010-0172 (bmo#537862) |
|
32 Asynchronous Auth Prompt attaches to wrong window |
|
33 * MFSA 2010-16/CVE-2010-0173/CVE-2010-0174 |
|
34 Crashes with evidence of memory corruption |
|
35 * MFSA 2010-18/CVE-2010-0176 (bmo#538308) |
|
36 Dangling pointer vulnerability in nsTreeContentView |
|
37 * MFSA 2010-19/CVE-2010-0177 (bmo#538310) |
|
38 Dangling pointer vulnerability in nsPluginArray |
|
39 * MFSA 2010-20/CVE-2010-0178 (bmo#546909) |
|
40 Chrome privilege escalation via forced URL drag and drop |
|
41 * MFSA 2010-22/CVE-2009-3555 (bmo#545755) |
|
42 Update NSS to support TLS renegotiation indication |
|
43 * MFSA 2010-23/CVE-2010-0181 (bmo#452093) |
|
44 Image src redirect to mailto: URL opens email editor |
|
45 * MFSA 2010-24/CVE-2010-0182 (bmo#490790) |
|
46 XMLDocument::load() doesn't check nsIContentPolicy |
|
47 |
1 ------------------------------------------------------------------- |
48 ------------------------------------------------------------------- |
2 Mon Jan 18 09:42:50 CET 2010 - wr@rosenauer.org |
49 Mon Jan 18 09:42:50 CET 2010 - wr@rosenauer.org |
3 |
50 |
4 - update to 3.6rc2 (already named 3.6.0) |
51 - update to 3.6rc2 (already named 3.6.0) |
|
52 - removed obsolete orbit-devel build requirement |
5 |
53 |
6 ------------------------------------------------------------------- |
54 ------------------------------------------------------------------- |
7 Wed Jan 6 17:15:40 CET 2010 - wr@rosenauer.org |
55 Wed Jan 6 17:15:40 CET 2010 - wr@rosenauer.org |
8 |
56 |
9 - major update to 3.6rc1 |
57 - major update to 3.6rc1 |