|
1 ------------------------------------------------------------------- |
|
2 Mon Jul 8 13:30:35 UTC 2019 - Wolfgang Rosenauer <wr@rosenauer.org> |
|
3 |
|
4 - Mozilla Firefox 68.0 |
|
5 * Dark mode in reader view |
|
6 * Improved extension security and discovery |
|
7 * Cryptomining and fingerprinting protections are added to strict |
|
8 content blocking settings in Privacy & Security preferences |
|
9 * Camera and microphone access now require an HTTPS connection |
|
10 MFSA 2019-21 (bsc#1140868) |
|
11 * CVE-2019-9811 (bmo#1538007, bmo#1539598, bmo#1563327) |
|
12 Sandbox escape via installation of malicious languagepack |
|
13 * CVE-2019-11711 (bmo#1552541) |
|
14 Script injection within domain through inner window reuse |
|
15 * CVE-2019-11712 (bmo#1543804) |
|
16 Cross-origin POST requests can be made with NPAPI plugins by |
|
17 following 308 redirects |
|
18 * CVE-2019-11713 (bmo#1528481) |
|
19 Use-after-free with HTTP/2 cached stream |
|
20 * CVE-2019-11714 (bmo#1542593) |
|
21 NeckoChild can trigger crash when accessed off of main thread |
|
22 * CVE-2019-11729 (bmo#1515342) |
|
23 Empty or malformed p256-ECDH public keys may trigger a segmentation fault |
|
24 * CVE-2019-11715 (bmo#1555523) |
|
25 HTML parsing error can contribute to content XSS |
|
26 * CVE-2019-11716 (bmo#1552632) |
|
27 globalThis not enumerable until accessed |
|
28 * CVE-2019-11717 (bmo#1548306) |
|
29 Caret character improperly escaped in origins |
|
30 * CVE-2019-11718 (bmo#1408349) |
|
31 Activity Stream writes unsanitized content to innerHTML |
|
32 * CVE-2019-11719 (bmo#1540541) |
|
33 Out-of-bounds read when importing curve25519 private key |
|
34 * CVE-2019-11720 (bmo#1556230) |
|
35 Character encoding XSS vulnerability |
|
36 * CVE-2019-11721 (bmo#1256009) |
|
37 Domain spoofing through unicode latin 'kra' character |
|
38 * CVE-2019-11730 (bmo#1558299) |
|
39 Same-origin policy treats all files in a directory as having the |
|
40 same-origin |
|
41 * CVE-2019-11723 (bmo#1528335) |
|
42 Cookie leakage during add-on fetching across private browsing boundaries |
|
43 * CVE-2019-11724 (bmo#1512511) |
|
44 Retired site input.mozilla.org has remote troubleshooting permissions |
|
45 * CVE-2019-11725 (bmo#1483510) |
|
46 Websocket resources bypass safebrowsing protections |
|
47 * CVE-2019-11727 (bmo#1552208) |
|
48 PKCS#1 v1.5 signatures can be used for TLS 1.3 |
|
49 * CVE-2019-11728 (bmo#1552993) |
|
50 Port scanning through Alt-Svc header |
|
51 * CVE-2019-11710 (bmo#1549768, bmo#1548611, bmo#1533842, bmo#1537692, |
|
52 bmo#1540590, bmo#1551907, bmo#1510345, bmo#1535482, bmo#1535848, |
|
53 bmo#1547472, bmo#1547760, bmo#1507696, bmo#1544180) |
|
54 Memory safety bugs fixed in Firefox 68 |
|
55 * CVE-2019-11709 (bmo#1547266, bmo#1540759, bmo#1548822, bmo#1550498 |
|
56 bmo#1515052, bmo#1539219, bmo#1547757, bmo#1550498, bmo#1533522) |
|
57 Memory safety bugs fixed in Firefox 68 and Firefox ESR 60.8 |
|
58 - requires |
|
59 * NSS 3.44.1 |
|
60 * rust/cargo 1.34 |
|
61 * rust-cbindgen 0.8.7 |
|
62 - rebased patches |
|
63 * mozilla-aarch64-startup-crash.patch |
|
64 * mozilla-kde.patch |
|
65 * mozilla-nongnome-proxies.patch |
|
66 * firefox-kde.patch |
|
67 - use new create-tar.sh and add tar_stamps for package definitions |
|
68 - added patches imported from SLE flavour |
|
69 * mozilla-gcc-internal-compiler-error.patch |
|
70 * mozilla-bmo1005535.patch |
|
71 * mozilla-ppc-altivec_static_inline.patch |
|
72 * mozilla-reduce-rust-debuginfo.patch |
|
73 * mozilla-s390-bigendian.patch |
|
74 * mozilla-s390-context.patch |
|
75 |
1 ------------------------------------------------------------------- |
76 ------------------------------------------------------------------- |
2 Mon Jul 2 14:15:17 UTC 2019 - Martin Liška <mliska@suse.cz> |
77 Mon Jul 2 14:15:17 UTC 2019 - Martin Liška <mliska@suse.cz> |
3 |
78 |
4 - Enable PGO for x86_64. |
79 - Enable PGO for x86_64. |
5 |
80 |