--- a/MozillaFirefox/MozillaFirefox.changes Sun Mar 16 18:25:23 2014 +0100
+++ b/MozillaFirefox/MozillaFirefox.changes Tue Mar 18 22:50:41 2014 +0100
@@ -1,9 +1,38 @@
-------------------------------------------------------------------
Sun Mar 16 13:39:15 UTC 2014 - wr@rosenauer.org
-- update to Firefox 28.0 (bnc#)
+- update to Firefox 28.0 (bnc#868603)
+ * MFSA 2014-15/CVE-2014-1493/CVE-2014-1494
+ Miscellaneous memory safety hazards
+ * MFSA 2014-17/CVE-2014-1497 (bmo#966311)
+ Out of bounds read during WAV file decoding
+ * MFSA 2014-18/CVE-2014-1498 (bmo#935618)
+ crypto.generateCRMFRequest does not validate type of key
+ * MFSA 2014-19/CVE-2014-1499 (bmo#961512)
+ Spoofing attack on WebRTC permission prompt
+ * MFSA 2014-20/CVE-2014-1500 (bmo#956524)
+ onbeforeunload and Javascript navigation DOS
+ * MFSA 2014-22/CVE-2014-1502 (bmo#972622)
+ WebGL content injection from one domain to rendering in another
+ * MFSA 2014-23/CVE-2014-1504 (bmo#911547)
+ Content Security Policy for data: documents not preserved by
+ session restore
+ * MFSA 2014-26/CVE-2014-1508 (bmo#963198)
+ Information disclosure through polygon rendering in MathML
+ * MFSA 2014-27/CVE-2014-1509 (bmo#966021)
+ Memory corruption in Cairo during PDF font rendering
+ * MFSA 2014-28/CVE-2014-1505 (bmo#941887)
+ SVG filters information disclosure through feDisplacementMap
+ * MFSA 2014-29/CVE-2014-1510/CVE-2014-1511 (bmo#982906, bmo#982909)
+ Privilege escalation using WebIDL-implemented APIs
+ * MFSA 2014-30/CVE-2014-1512 (bmo#982957)
+ Use-after-free in TypeObject
+ * MFSA 2014-31/CVE-2014-1513 (bmo#982974)
+ Out-of-bounds read/write through neutering ArrayBuffer objects
+ * MFSA 2014-32/CVE-2014-1514 (bmo#983344)
+ Out-of-bounds write through TypedArrayObject after neutering
- requires NSPR 4.10.3 and NSS 3.15.5
-- new build dependency:
+- new build dependency (and recommends):
* libpulse
- update of PowerPC 64 patches (bmo#976648) (pcerny@suse.com)
- rebased patches