|
1 ------------------------------------------------------------------- |
|
2 Fri Jan 20 13:57:56 UTC 2017 - wr@rosenauer.org |
|
3 |
|
4 - update to Firefox 51.0b14 (boo#) |
|
5 * requires NSPR >= 4.13.1, NSS >= 3.28.1 |
|
6 - removed obsolete patches |
|
7 * mozilla-flex_buffer_overrun.patch |
|
8 |
1 ------------------------------------------------------------------- |
9 ------------------------------------------------------------------- |
2 Mon Dec 12 21:18:41 UTC 2016 - wr@rosenauer.org |
10 Mon Dec 12 21:18:41 UTC 2016 - wr@rosenauer.org |
3 |
11 |
4 - update to Firefox 50.1.0 (boo#) |
12 - update to Firefox 50.1.0 (boo#1015422) |
|
13 * MFSA 2016-94 |
|
14 CVE-2016-9894: Buffer overflow in SkiaGL (bmo#1306628) |
|
15 CVE-2016-9899: Use-after-free while manipulating DOM events and |
|
16 audio elements (bmo#1317409) |
|
17 CVE-2016-9895: CSP bypass using marquee tag (bmo#1312272) |
|
18 CVE-2016-9896: Use-after-free with WebVR (bmo#1315543) |
|
19 CVE-2016-9897: Memory corruption in libGLES (bmo#1301381) |
|
20 CVE-2016-9898: Use-after-free in Editor while manipulating |
|
21 DOM subtrees (bmo#1314442) |
|
22 CVE-2016-9900: Restricted external resources can be loaded by |
|
23 SVG images through data URLs (bmo#1319122) |
|
24 CVE-2016-9904: Cross-origin information leak in shared atoms |
|
25 (bmo#1317936) |
|
26 CVE-2016-9901: Data from Pocket server improperly sanitized |
|
27 before execution (bmo#1320057) |
|
28 CVE-2016-9902: Pocket extension does not validate the origin |
|
29 of events (bmo#1320039) |
|
30 CVE-2016-9903: XSS injection vulnerability in add-ons SDK |
|
31 (bmo#1315435) |
|
32 CVE-2016-9080: Memory safety bugs fixed in Firefox 50.1 |
|
33 CVE-2016-9893: Memory safety bugs fixed in Firefox 50.1 and |
|
34 Firefox ESR 45.6 |
5 |
35 |
6 ------------------------------------------------------------------- |
36 ------------------------------------------------------------------- |
7 Fri Dec 9 17:57:22 UTC 2016 - cgrobertson@novell.com |
37 Fri Dec 9 17:57:22 UTC 2016 - cgrobertson@novell.com |
8 |
38 |
9 - added patch mozilla-aarch64-startup-crash.patch (bsc#1011922) |
39 - added patch mozilla-aarch64-startup-crash.patch (bsc#1011922) |