1 -------------------------------------------------------------------

     2 Mon Aug 10 16:40:17 UTC 2015 - wr@rosenauer.org

     3 

     4 - update to xulrunner 38.2.0esr (bnc#940806)

     5   * MFSA 2015-79/CVE-2015-4473

     6     Miscellaneous memory safety hazards

     7   * MFSA 2015-80/CVE-2015-4475 (bmo#1175396)

     8     Out-of-bounds read with malformed MP3 file

     9   * MFSA 2015-82/CVE-2015-4478 (bmo#1105914)

    10     Redefinition of non-configurable JavaScript object properties

    11   * MFSA 2015-83/CVE-2015-4479/CVE-2015-4480/CVE-2015-4493

    12     Overflow issues in libstagefright

    13   * MFSA 2015-84/CVE-2015-4481 (bmo1171518)

    14     Arbitrary file overwriting through Mozilla Maintenance Service

    15     with hard links (only affected Windows)

    16   * MFSA 2015-85/CVE-2015-4482 (bmo#1184500)

    17     Out-of-bounds write with Updater and malicious MAR file

    18     (does not affect openSUSE RPM packages which do not ship the

    19      updater)

    20   * MFSA 2015-87/CVE-2015-4484 (bmo#1171540)

    21     Crash when using shared memory in JavaScript

    22   * MFSA 2015-88/CVE-2015-4491 (bmo#1184009)

    23     Heap overflow in gdk-pixbuf when scaling bitmap images

    24   * MFSA 2015-89/CVE-2015-4485/CVE-2015-4486 (bmo#1177948, bmo#1178148)

    25     Buffer overflows on Libvpx when decoding WebM video

    26   * MFSA 2015-90/CVE-2015-4487/CVE-2015-4488/CVE-2015-4489

    27     Vulnerabilities found through code inspection

    28   * MFSA 2015-92/CVE-2015-4492 (bmo#1185820)

    29     Use-after-free in XMLHttpRequest with shared workers

    30 - rebased all patches

    31 - dropped obsolete patches:

    32   * mozilla-sle11.patch

    33   * mozilla-ppc.patch

    34   * mozilla-nullptr-gcc45.patch

    35   * mozilla-libproxy-compat.patch

    36   * mozilla-fix-compilation-gcc5-bmo-1021171.patch

    37   * mozilla-fix-compilation-gcc5-bmo-1153109.patch

    38   * mozilla-aarch64-bmo-810631.patch

    39 - added platform specific patches from Firefox package:

    40   * mozilla-skia-be-le.patch

    41   * mozilla-bmo1005535.patch

    42   * mozilla-add-glibcxx_use_cxx11_abi.patch

    43   * mozilla-arm64-libjpeg-turbo.patch

    44   * mozilla-shared-nss-db.patch

    45 

    50   * MFSA 2015-59/CVE-2015-2724

    51     Miscellaneous memory safety hazards

    52   * MFSA 2015-61/CVE-2015-2728 (bmo#1142210)

    53     Type confusion in Indexed Database Manager

    54   * MFSA 2015-64/CVE-2015-2730 (bmo#1125025)

    55     ECDSA signature validation fails to handle some signatures correctly

    56     (this fix is shipped by NSS 3.19.1 externally)

    57   * MFSA 2015-65/CVE-2015-2722/CVE-2015-2733 (bmo#1166924, bmo#1169867)

    58     Use-after-free in workers while using XMLHttpRequest

    59   * MFSA 2015-66/CVE-2015-2734/CVE-2015-2735/CVE-2015-2736/CVE-2015-2737

    60     CVE-2015-2738/CVE-2015-2739/CVE-2015-2740

    61     Vulnerabilities found through code inspection

    62   * MFSA 2015-69/CVE-2015-2743 (bmo#1163109)

    63     Privilege escalation in PDF.js

    64   * MFSA 2015-70/CVE-2015-4000 (bmo#1138554)

    65     NSS accepts export-length DHE keys with regular DHE cipher suites

    66     (this fix is shipped by NSS 3.19.1 externally)

    67   * MFSA 2015-71/CVE-2015-2721 (bmo#1086145)

    68     NSS incorrectly permits skipping of ServerKeyExchange

    69     (this fix is shipped by NSS 3.19.1 externally)

    71 

    72 --------------------------------------------------------------------

    73 Sun Jun 21 09:39:51 UTC 2015 - antoine.belvire@laposte.net

    74 

    75 - Fix compilation with GCC5 (bmo#1153109, bmo#1021171)

    76   * add mozilla-fix-compilation-gcc5-bmo-1153109.patch

    77   * add mozilla-fix-compilation-gcc5-bmo-1021171.patch