|
1 ------------------------------------------------------------------- |
|
2 Wed Jun 14 07:08:29 UTC 2017 - wr@rosenauer.org |
|
3 |
|
4 - update to Firefox 52.2esr (boo#1043960) |
|
5 MFSA 2017-16 |
|
6 * CVE-2017-5472 (bmo#1365602) |
|
7 Use-after-free using destroyed node when regenerating trees |
|
8 * CVE-2017-7749 (bmo#1355039) |
|
9 Use-after-free during docshell reloading |
|
10 * CVE-2017-7750 (bmo#1356558) |
|
11 Use-after-free with track elements |
|
12 * CVE-2017-7751 (bmo#1363396) |
|
13 Use-after-free with content viewer listeners |
|
14 * CVE-2017-7752 (bmo#1359547) |
|
15 Use-after-free with IME input |
|
16 * CVE-2017-7754 (bmo#1357090) |
|
17 Out-of-bounds read in WebGL with ImageInfo object |
|
18 * CVE-2017-7755 (bmo#1361326) |
|
19 Privilege escalation through Firefox Installer with same |
|
20 directory DLL files (Windows only) |
|
21 * CVE-2017-7756 (bmo#1366595) |
|
22 Use-after-free and use-after-scope logging XHR header errors |
|
23 * CVE-2017-7757 (bmo#1356824) |
|
24 Use-after-free in IndexedDB |
|
25 * CVE-2017-7778, CVE-2017-7778, CVE-2017-7771, CVE-2017-7772, |
|
26 CVE-2017-7773, CVE-2017-7774, CVE-2017-7775, CVE-2017-7776, |
|
27 CVE-2017-7777 |
|
28 Vulnerabilities in the Graphite 2 library |
|
29 * CVE-2017-7758 (bmo#1368490) |
|
30 Out-of-bounds read in Opus encoder |
|
31 * CVE-2017-7760 (bmo#1348645) |
|
32 File manipulation and privilege escalation via callback parameter |
|
33 in Mozilla Windows Updater and Maintenance Service (Windows only) |
|
34 * CVE-2017-7761 (bmo#1215648) |
|
35 File deletion and privilege escalation through Mozilla Maintenance |
|
36 Service helper.exe application (Windows only) |
|
37 * CVE-2017-7764 (bmo#1364283) |
|
38 Domain spoofing with combination of Canadian Syllabics and other |
|
39 unicode blocks |
|
40 * CVE-2017-7765 (bmo#1273265) |
|
41 Mark of the Web bypass when saving executable files (Windows only) |
|
42 * CVE-2017-7766 (bmo#1342742) |
|
43 File execution and privilege escalation through updater.ini, |
|
44 Mozilla Windows Updater, and Mozilla Maintenance Service |
|
45 (Windows only) |
|
46 * CVE-2017-7767 (bmo#1336964) |
|
47 Privilege escalation and arbitrary file overwrites through Mozilla |
|
48 Windows Updater and Mozilla Maintenance Service (Windows only) |
|
49 * CVE-2017-7768 (bmo#1336979) |
|
50 32 byte arbitrary file read through Mozilla Maintenance Service |
|
51 (Windows only) |
|
52 * CVE-2017-5470 |
|
53 Memory safety bugs fixed in Firefox 54 and Firefox ESR 52.2 |
|
54 - requires NSS 3.28.5 |
|
55 |
1 ------------------------------------------------------------------- |
56 ------------------------------------------------------------------- |
2 Tue May 23 14:00:40 UTC 2017 - wr@rosenauer.org |
57 Tue May 23 14:00:40 UTC 2017 - wr@rosenauer.org |
3 |
58 |
4 - remove -fno-inline-small-functions and explicitely optimize with |
59 - remove -fno-inline-small-functions and explicitely optimize with |
5 -O2 for openSUSE > 13.2/Leap 42 to work with gcc7 (boo#1040105) |
60 -O2 for openSUSE > 13.2/Leap 42 to work with gcc7 (boo#1040105) |