|
1 ------------------------------------------------------------------- |
|
2 Fri Aug 7 09:24:56 UTC 2015 - wr@rosenauer.org |
|
3 |
|
4 - security update to Firefox 38.1.1 (bnc#940918) |
|
5 * MFSA 2015-78/CVE-2015-4495 (bmo#1179262, bmo#1178058) |
|
6 Same origin violation and local file stealing via PDF reader |
|
7 |
1 ------------------------------------------------------------------- |
8 ------------------------------------------------------------------- |
2 Sun Jun 28 07:11:18 UTC 2015 - wr@rosenauer.org |
9 Sun Jun 28 07:11:18 UTC 2015 - wr@rosenauer.org |
3 |
10 |
4 - renamed package to firefox-esr for ESR 38 cycle |
11 - renamed package to firefox-esr for ESR 38 cycle |
5 |
12 |
6 ------------------------------------------------------------------- |
13 ------------------------------------------------------------------- |
7 Sat Jun 27 21:19:48 UTC 2015 - wr@rosenauer.org |
14 Sat Jun 27 21:19:48 UTC 2015 - wr@rosenauer.org |
8 |
15 |
9 - update to Firefox 38.1.0 (bnc#935979) |
16 - update to Firefox 38.1.0 (bnc#935979) |
|
17 * MFSA 2015-59/CVE-2015-2724/CVE-2015-2725 |
|
18 Miscellaneous memory safety hazards |
|
19 * MFSA 2015-60/CVE-2015-2727 (bmo#1163422) |
|
20 Local files or privileged URLs in pages can be opened into new tabs |
|
21 * MFSA 2015-61/CVE-2015-2728 (bmo#1142210) |
|
22 Type confusion in Indexed Database Manager |
|
23 * MFSA 2015-62/CVE-2015-2729 (bmo#1122218) |
|
24 Out-of-bound read while computing an oscillator rendering range in Web Audio |
|
25 * MFSA 2015-63/CVE-2015-2731 (bmo#1149891) |
|
26 Use-after-free in Content Policy due to microtask execution error |
|
27 * MFSA 2015-64/CVE-2015-2730 (bmo#1125025) |
|
28 ECDSA signature validation fails to handle some signatures correctly |
|
29 (this fix is shipped by NSS 3.19.1 externally) |
|
30 * MFSA 2015-65/CVE-2015-2722/CVE-2015-2733 (bmo#1166924, bmo#1169867) |
|
31 Use-after-free in workers while using XMLHttpRequest |
|
32 * MFSA 2015-66/CVE-2015-2734/CVE-2015-2735/CVE-2015-2736/CVE-2015-2737 |
|
33 CVE-2015-2738/CVE-2015-2739/CVE-2015-2740 |
|
34 Vulnerabilities found through code inspection |
|
35 * MFSA 2015-67/CVE-2015-2741 (bmo#1147497) |
|
36 Key pinning is ignored when overridable errors are encountered |
|
37 * MFSA 2015-69/CVE-2015-2743 (bmo#1163109) |
|
38 Privilege escalation in PDF.js |
|
39 * MFSA 2015-70/CVE-2015-4000 (bmo#1138554) |
|
40 NSS accepts export-length DHE keys with regular DHE cipher suites |
|
41 (this fix is shipped by NSS 3.19.1 externally) |
|
42 * MFSA 2015-71/CVE-2015-2721 (bmo#1086145) |
|
43 NSS incorrectly permits skipping of ServerKeyExchange |
|
44 (this fix is shipped by NSS 3.19.1 externally) |
10 - requires NSS 3.19.2 |
45 - requires NSS 3.19.2 |
11 |
46 |
12 ------------------------------------------------------------------- |
47 ------------------------------------------------------------------- |
13 Thu Jun 18 10:30:18 UTC 2015 - schwab@suse.de |
48 Thu Jun 18 10:30:18 UTC 2015 - schwab@suse.de |
14 |
49 |