--- a/MozillaFirefox/MozillaFirefox.changes Fri Aug 07 09:43:50 2015 +0200
+++ b/MozillaFirefox/MozillaFirefox.changes Sat Aug 22 09:07:05 2015 +0200
@@ -1,7 +1,51 @@
-------------------------------------------------------------------
-Fri Jul 31 17:10:11 UTC 2015 - wr@rosenauer.org
-
-- update to Firefox 40.0b9
+Fri Aug 7 07:49:49 UTC 2015 - wr@rosenauer.org
+
+- update to Firefox 40.0 (bnc#940806)
+ * Added protection against unwanted software downloads
+ * Suggested Tiles show sites of interest, based on categories
+ from your recent browsing history
+ * Hello allows adding a link to conversations to provide context
+ on what the conversation will be about
+ * New style for add-on manager based on the in-content
+ preferences style
+ * Improved scrolling, graphics, and video playback performance
+ with off main thread compositing (GNU/Linux only)
+ * Graphic blocklist mechanism improved: Firefox version ranges
+ can be specified, limiting the number of devices blocked
+ security fixes:
+ * MFSA 2015-79/CVE-2015-4473/CVE-2015-4474
+ Miscellaneous memory safety hazards
+ * MFSA 2015-80/CVE-2015-4475 (bmo#1175396)
+ Out-of-bounds read with malformed MP3 file
+ * MFSA 2015-81/CVE-2015-4477 (bmo#1179484)
+ Use-after-free in MediaStream playback
+ * MFSA 2015-82/CVE-2015-4478 (bmo#1105914)
+ Redefinition of non-configurable JavaScript object properties
+ * MFSA 2015-83/CVE-2015-4479/CVE-2015-4480/CVE-2015-4493
+ Overflow issues in libstagefright
+ * MFSA 2015-84/CVE-2015-4481 (bmo1171518)
+ Arbitrary file overwriting through Mozilla Maintenance Service
+ with hard links (only affected Windows)
+ * MFSA 2015-85/CVE-2015-4482 (bmo#1184500)
+ Out-of-bounds write with Updater and malicious MAR file
+ (does not affect openSUSE RPM packages which do not ship the
+ updater)
+ * MFSA 2015-86/CVE-2015-4483 (bmo#1148732)
+ Feed protocol with POST bypasses mixed content protections
+ * MFSA 2015-87/CVE-2015-4484 (bmo#1171540)
+ Crash when using shared memory in JavaScript
+ * MFSA 2015-88/CVE-2015-4491 (bmo#1184009)
+ Heap overflow in gdk-pixbuf when scaling bitmap images
+ * MFSA 2015-89/CVE-2015-4485/CVE-2015-4486 (bmo#1177948, bmo#1178148)
+ Buffer overflows on Libvpx when decoding WebM video
+ * MFSA 2015-90/CVE-2015-4487/CVE-2015-4488/CVE-2015-4489
+ Vulnerabilities found through code inspection
+ * MFSA 2015-91/CVE-2015-4490 (bmo#1086999)
+ Mozilla Content Security Policy allows for asterisk wildcards
+ in violation of CSP specification
+ * MFSA 2015-92/CVE-2015-4492 (bmo#1185820)
+ Use-after-free in XMLHttpRequest with shared workers
- added mozilla-no-stdcxx-check.patch
- removed obsolete patches
* mozilla-add-glibcxx_use_cxx11_abi.patch