|
1 ------------------------------------------------------------------- |
|
2 Mon Mar 5 07:15:57 UTC 2012 - wr@rosenauer.org |
|
3 |
|
4 - update to 10.0.3esr (bnc#750044) |
|
5 * added mozilla-system-nss.patch (bmo#710268) |
|
6 - package renamed to xulrunner-esr |
|
7 * conflict with xulrunner |
|
8 - require updated minimal NSPR and NSS versions |
|
9 - explicitely build-require X libs |
|
10 |
|
11 ------------------------------------------------------------------- |
|
12 Thu Feb 16 08:51:42 UTC 2012 - wr@rosenauer.org |
|
13 |
|
14 - update to version 10.0.2 (bnc#747328) |
|
15 * CVE-2011-3026 (bmo#727401) |
|
16 libpng: integer overflow leading to heap-buffer overflow |
|
17 |
|
18 ------------------------------------------------------------------- |
|
19 Thu Feb 9 10:20:49 UTC 2012 - wr@rosenauer.org |
|
20 |
|
21 - update to version 10.0.1 (bnc#746616) |
|
22 * MFSA 2012-10/CVE-2012-0452 (bmo#724284) |
|
23 use after free in nsXBLDocumentInfo::ReadPrototypeBindings |
|
24 |
|
25 ------------------------------------------------------------------- |
|
26 Tue Feb 7 10:40:58 UTC 2012 - dvaleev@suse.com |
|
27 |
|
28 - Use YARR interpreter instead of PCRE on platforms where YARR JIT |
|
29 is not supported, since PCRE doesnt build (bmo#691898) |
|
30 - fix ppc64 build (bmo#703534) |
|
31 |
|
32 ------------------------------------------------------------------- |
|
33 Mon Jan 30 09:43:21 UTC 2012 - wr@rosenauer.org |
|
34 |
|
35 - update to version 10.0 (bnc#744275) |
|
36 * MFSA 2012-01/CVE-2012-0442/CVE-2012-0443 |
|
37 Miscellaneous memory safety hazards |
|
38 * MFSA 2012-03/CVE-2012-0445 (bmo#701071) |
|
39 <iframe> element exposed across domains via name attribute |
|
40 * MFSA 2012-04/CVE-2011-3659 (bmo#708198) |
|
41 Child nodes from nsDOMAttribute still accessible after removal |
|
42 of nodes |
|
43 * MFSA 2012-05/CVE-2012-0446 (bmo#705651) |
|
44 Frame scripts calling into untrusted objects bypass security |
|
45 checks |
|
46 * MFSA 2012-06/CVE-2012-0447 (bmo#710079) |
|
47 Uninitialized memory appended when encoding icon images may |
|
48 cause information disclosure |
|
49 * MFSA 2012-07/CVE-2012-0444 (bmo#719612) |
|
50 Potential Memory Corruption When Decoding Ogg Vorbis files |
|
51 * MFSA 2012-08/CVE-2012-0449 (bmo#701806, bmo#702466) |
|
52 Crash with malformed embedded XSLT stylesheets |
|
53 - removed obsolete ppc64 patch |
|
54 - disable neon for ARM as it doesn't build correctly |
|
55 |
|
56 ------------------------------------------------------------------- |
|
57 Fri Dec 23 17:02:01 UTC 2011 - wr@rosenauer.org |
|
58 |
|
59 - update to Firefox 9.0.1 |
|
60 * (strongparent) parentNode of element gets lost (bmo#335998) |
|
61 |
|
62 ------------------------------------------------------------------- |
|
63 Sun Dec 18 09:28:02 UTC 2011 - wr@rosenauer.org |
|
64 |
|
65 - update to release 9.0 (bnc#737533) |
|
66 * MFSA 2011-53/CVE-2011-3660 |
|
67 Miscellaneous memory safety hazards (rv:9.0) |
|
68 * MFSA 2011-54/CVE-2011-3661 (bmo#691299) |
|
69 Potentially exploitable crash in the YARR regular expression |
|
70 library |
|
71 * MFSA 2011-55/CVE-2011-3658 (bmo#708186) |
|
72 nsSVGValue out-of-bounds access |
|
73 * MFSA 2011-56/CVE-2011-3663 (bmo#704482) |
|
74 Key detection without JavaScript via SVG animation |
|
75 * MFSA 2011-58/VE-2011-3665 (bmo#701259) |
|
76 Crash scaling <video> to extreme sizes |
|
77 |
|
78 ------------------------------------------------------------------- |
|
79 Sat Nov 12 15:20:49 UTC 2011 - wr@rosenauer.org |
|
80 |
|
81 - fix ppc64 build |
|
82 |
|
83 ------------------------------------------------------------------- |
|
84 Sun Nov 6 08:23:04 UTC 2011 - wr@rosenauer.org |
|
85 |
|
86 - update to release 8.0 (bnc#728520) |
|
87 * MFSA 2011-47/CVE-2011-3648 (bmo#690225) |
|
88 Potential XSS against sites using Shift-JIS |
|
89 * MFSA 2011-48/CVE-2011-3651/CVE-2011-3652/CVE-2011-3654 |
|
90 Miscellaneous memory safety hazards |
|
91 * MFSA 2011-49/CVE-2011-3650 (bmo#674776) |
|
92 Memory corruption while profiling using Firebug |
|
93 * MFSA 2011-52/CVE-2011-3655 (bmo#672182) |
|
94 Code execution via NoWaiverWrapper |
|
95 - rebased patches |
|
96 |
|
97 ------------------------------------------------------------------- |
|
98 Fri Sep 30 10:59:54 UTC 2011 - wr@rosenauer.org |
|
99 |
|
100 - update to minor release 7.0.1 |
|
101 * fixed staged addon updates |
|
102 |
|
103 ------------------------------------------------------------------- |
|
104 Fri Sep 23 11:36:04 UTC 2011 - wr@rosenauer.org |
|
105 |
|
106 - update to version 7.0 (bnc#720264) |
|
107 * MFSA 2011-36/CVE-2011-2995/CVE-2011-2996/CVE-2011-2997 |
|
108 Miscellaneous memory safety hazards |
|
109 * MFSA 2011-39/CVE-2011-3000 (bmo#655389) |
|
110 Defense against multiple Location headers due to CRLF Injection |
|
111 * MFSA 2011-40/CVE-2011-2372/CVE-2011-3001 |
|
112 Code installation through holding down Enter |
|
113 * MFSA 2011-41/CVE-2011-3002/CVE-2011-3003 (bmo#680840, bmo#682335) |
|
114 Potentially exploitable WebGL crashes |
|
115 * MFSA 2011-42/CVE-2011-3232 (bmo#653672) |
|
116 Potentially exploitable crash in the YARR regular expression |
|
117 library |
|
118 * MFSA 2011-43/CVE-2011-3004 (bmo#653926) |
|
119 loadSubScript unwraps XPCNativeWrapper scope parameter |
|
120 * MFSA 2011-44/CVE-2011-3005 (bmo#675747) |
|
121 Use after free reading OGG headers |
|
122 * MFSA 2011-45 |
|
123 Inferring keystrokes from motion data |
|
124 - removed obsolete mozilla-cairo-lcd.patch |
|
125 - rebased patches |
|
126 |
|
127 ------------------------------------------------------------------- |
|
128 Tue Sep 20 11:54:28 UTC 2011 - wr@rosenauer.org |
|
129 |
|
130 - install xpt.py into SDK (mozilla-639554.patch) (bnc#639554) |
|
131 |
|
132 ------------------------------------------------------------------- |
|
133 Wed Sep 14 13:07:39 UTC 2011 - wr@rosenauer.org |
|
134 |
|
135 - initial xulrunner package |
|
136 |