1 ------------------------------------------------------------------- |
1 ------------------------------------------------------------------- |
2 Sun Sep 13 21:13:35 UTC 2015 - wr@rosenauer.org |
2 Sat Oct 31 19:50:03 UTC 2015 - wr@rosenauer.org |
3 |
3 |
4 - update to Firefox 41.0b9 |
4 - update to Firefox 42.0 (bnc#952810) |
|
5 * Private Browsing with Tracking Protection blocks certain Web |
|
6 elements that could be used to record your behavior across sites |
|
7 * Control Center that contains site security and privacy controls |
|
8 * Login Manager improvements |
|
9 * WebRTC improvements |
|
10 * Indicator added to tabs that play audio with one-click muting |
|
11 * Media Source Extension for HTML5 video available for all sites |
|
12 - requires NSPR 4.10.10 and NSS 3.19.4 |
|
13 - removed obsolete patches |
|
14 * mozilla-arm-disable-edsp.patch |
|
15 * mozilla-icu-strncat.patch |
|
16 * mozilla-skia-be-le.patch |
|
17 * toolkit-download-folder.patch |
|
18 - fixed build with enable-libproxy (bmo#1220399) |
|
19 * mozilla-libproxy.patch |
|
20 |
|
21 ------------------------------------------------------------------- |
|
22 Thu Oct 15 08:25:54 UTC 2015 - wr@rosenauer.org |
|
23 |
|
24 - update to Firefox 41.0.2 (bnc#950686) |
|
25 * MFSA 2015-115/CVE-2015-7184 (bmo#1208339, bmo#1212669) |
|
26 Cross-origin restriction bypass using Fetch |
|
27 - added explicit appdata provides (bnc#949983) |
|
28 |
|
29 ------------------------------------------------------------------- |
|
30 Sun Oct 4 09:20:56 UTC 2015 - wr@rosenauer.org |
|
31 |
|
32 - do not build with --enable-stdcxx-compat |
|
33 (this starts to fail build on various toolchain combinations |
|
34 and is not required for openSUSE builds in general |
|
35 |
|
36 ------------------------------------------------------------------- |
|
37 Thu Oct 1 09:49:57 UTC 2015 - wr@rosenauer.org |
|
38 |
|
39 - update to Firefox 41.0.1 |
|
40 * Fix a startup crash related to Yandex toolbar and Adblock Plus |
|
41 (bmo#1209124) |
|
42 * Fix potential hangs with Flash plugins (bmo#1185639) |
|
43 * Fix a regression in the bookmark creation (bmo#1206376) |
|
44 * Fix a startup crash with some Intel Media Accelerator 3150 |
|
45 graphic cards (bmo#1207665) |
|
46 * Fix a graphic crash, occurring occasionally on Facebook (bmo#1178601) |
|
47 |
|
48 ------------------------------------------------------------------- |
|
49 Sat Sep 19 20:23:29 UTC 2015 - wr@rosenauer.org |
|
50 |
|
51 - update to Firefox 41.0 (bnc#947003) |
|
52 * MFSA 2015-96/CVE-2015-4500/CVE-2015-4501 |
|
53 Miscellaneous memory safety hazards |
|
54 * MFSA 2015-97/CVE-2015-4503 (bmo#994337) |
|
55 Memory leak in mozTCPSocket to servers |
|
56 * MFSA 2015-98/CVE-2015-4504 (bmo#1132467) |
|
57 Out of bounds read in QCMS library with ICC V4 profile attributes |
|
58 * MFSA 2015-99/CVE-2015-4476 (bmo#1162372) (Android only) |
|
59 Site attribute spoofing on Android by pasting URL with unknown scheme |
|
60 * MFSA 2015-100/CVE-2015-4505 (bmo#1177861) (Windows only) |
|
61 Arbitrary file manipulation by local user through Mozilla updater |
|
62 * MFSA 2015-101/CVE-2015-4506 (bmo#1192226) |
|
63 Buffer overflow in libvpx while parsing vp9 format video |
|
64 * MFSA 2015-102/CVE-2015-4507 (bmo#1192401) |
|
65 Crash when using debugger with SavedStacks in JavaScript |
|
66 * MFSA 2015-103/CVE-2015-4508 (bmo#1195976) |
|
67 URL spoofing in reader mode |
|
68 * MFSA 2015-104/CVE-2015-4510 (bmo#1200004) |
|
69 Use-after-free with shared workers and IndexedDB |
|
70 * MFSA 2015-105/CVE-2015-4511 (bmo#1200148) |
|
71 Buffer overflow while decoding WebM video |
|
72 * MFSA 2015-106/CVE-2015-4509 (bmo#1198435) |
|
73 Use-after-free while manipulating HTML media content |
|
74 * MFSA 2015-107/CVE-2015-4512 (bmo#1170390) |
|
75 Out-of-bounds read during 2D canvas display on Linux 16-bit |
|
76 color depth systems |
|
77 * MFSA 2015-108/CVE-2015-4502 (bmo#1105045) |
|
78 Scripted proxies can access inner window |
|
79 * MFSA 2015-109/CVE-2015-4516 (bmo#904886) |
|
80 JavaScript immutable property enforcement can be bypassed |
|
81 * MFSA 2015-110/CVE-2015-4519 (bmo#1189814) |
|
82 Dragging and dropping images exposes final URL after redirects |
|
83 * MFSA 2015-111/CVE-2015-4520 (bmo#1200856, bmo#1200869) |
|
84 Errors in the handling of CORS preflight request headers |
|
85 * MFSA 2015-112/CVE-2015-4517/CVE-2015-4521/CVE-2015-4522/ |
|
86 CVE-2015-7174/CVE-2015-7175/CVE-2015-7176/CVE-2015-7177/ |
|
87 CVE-2015-7180 |
|
88 Vulnerabilities found through code inspection |
|
89 * MFSA 2015-113/CVE-2015-7178/CVE-2015-7179 (bmo#1189860, |
|
90 bmo#1190526) (Windows only) |
|
91 Memory safety errors in libGLES in the ANGLE graphics library |
|
92 * MFSA 2015-114 (bmo#1167498, bmo#1153672) (Windows only) |
|
93 Information disclosure via the High Resolution Time API |
5 - rebased patches |
94 - rebased patches |
6 - removed obsolete patches |
95 - removed obsolete patches |
7 * mozilla-arm64-libjpeg-turbo.patch |
96 * mozilla-arm64-libjpeg-turbo.patch |
|
97 |
|
98 ------------------------------------------------------------------ |
|
99 Thu Aug 27 06:03:51 UTC 2015 - wr@rosenauer.org |
|
100 |
|
101 - update to Firefox 40.0.3 (bnc#943550) |
|
102 * Disable the asynchronous plugin initialization (bmo#1198590) |
|
103 * Fix a segmentation fault in the GStreamer support (bmo#1145230) |
|
104 * Fix a regression with some Japanese fonts used in the <input> |
|
105 field (bmo#1194055) |
|
106 * On some sites, the selection in a select combox box using the |
|
107 mouse could be broken (bmo#1194733) |
|
108 security fixes |
|
109 * MFSA 2015-94/CVE-2015-4497 (bmo#1164766, bmo#1175278) |
|
110 Use-after-free when resizing canvas element during restyling |
|
111 * MFSA 2015-95/CVE-2015-4498 (bmo#1042699) |
|
112 Add-on notification bypass through data URLs |
8 |
113 |
9 ------------------------------------------------------------------- |
114 ------------------------------------------------------------------- |
10 Fri Aug 7 07:49:49 UTC 2015 - wr@rosenauer.org |
115 Fri Aug 7 07:49:49 UTC 2015 - wr@rosenauer.org |
11 |
116 |
12 - update to Firefox 40.0 (bnc#940806) |
117 - update to Firefox 40.0 (bnc#940806) |