Mercurial Mercurial > hg > mozilla / diff
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
MozillaFirefox/MozillaFirefox.changes
changeset 845 a704b2a17e39
parent 844 86fa73db98e5
child 850 a2bdff616a0e 
--- a/MozillaFirefox/MozillaFirefox.changes	Sun Mar 22 14:02:18 2015 +0100
+++ b/MozillaFirefox/MozillaFirefox.changes	Wed Apr 08 00:59:13 2015 +0200
@@ -1,12 +1,73 @@
 -------------------------------------------------------------------
-Sun Mar 22 13:00:28 UTC 2015 - wr@rosenauer.org
-
-- update to Firefox 37.0b7
-- removed obsolete patch
+Tue Apr  7 22:57:36 UTC 2015 - wr@rosenauer.org
+
+- update to Firefox 38.0b2
+- requires NSS 3.18
+
+-------------------------------------------------------------------
+Fri Apr  3 08:27:24 UTC 2015 - wr@rosenauer.org
+
+- update to Firefox 37.0.1 (bnc#926166)
+  * MFSA 2015-43/CVE-2015-0798 (bmo#1147597) (Android only)
+    Loading privileged content through Reader mode
+  * MFSA 2015-44/CVE-2015-0799 (bmo#1148328)
+    Certificate verification bypass through the HTTP/2 Alt-Svc header
+
+-------------------------------------------------------------------
+Sat Mar 28 09:46:48 UTC 2015 - wr@rosenauer.org
+
+- update to Firefox 37.0 (bnc#925368)
+  * Heartbeat user rating system
+  * Yandex set as default search provider for the Turkish locale
+  * Bing search now uses HTTPS for secure searching
+  * Improved protection against site impersonation via OneCRL
+    centralized certificate revocation
+  * Opportunistically encrypt HTTP traffic where the server supports
+    HTTP/2 AltSvc
+  * some more behaviour changes for TLS
+  security fixes:
+  * MFSA 2015-30/CVE-2015-0814/CVE-2015-0815
+    Miscellaneous memory safety hazards
+  * MFSA 2015-31/CVE-2015-0813 (bmo#1106596))
+    Use-after-free when using the Fluendo MP3 GStreamer plugin
+  * MFSA 2015-32/CVE-2015-0812 (bmo#1128126)
+    Add-on lightweight theme installation approval bypassed through
+    MITM attack
+  * MFSA 2015-33/CVE-2015-0816 (bmo#1144991)
+    resource:// documents can load privileged pages
+  * MFSA-2015-34/CVE-2015-0811 (bmo#1132468)
+    Out of bounds read in QCMS library
+  * MFSA-2015-35/CVE-2015-0810 (bmo#1125013)
+    Cursor clickjacking with flash and images (OS X only)
+  * MFSA-2015-36/CVE-2015-0808 (bmo#1109552)
+    Incorrect memory management for simple-type arrays in WebRTC
+  * MFSA-2015-37/CVE-2015-0807 (bmo#1111834)
+    CORS requests should not follow 30x redirections after preflight
+  * MFSA-2015-38/CVE-2015-0805/CVE-2015-0806 (bmo#1135511, bmo#1099437)
+    Memory corruption crashes in Off Main Thread Compositing
+  * MFSA-2015-39/CVE-2015-0803/CVE-2015-0804 (bmo#1134560)
+    Use-after-free due to type confusion flaws
+  * MFSA-2015-40/CVE-2015-0801 (bmo#1146339)
+    Same-origin bypass through anchor navigation
+  * MFSA-2015-41/CVE-2015-0800/CVE-2012-2808
+    PRNG weakness allows for DNS poisoning on Android (only)
+  * MFSA-2015-42/CVE-2015-0802 (bmo#1124898)
+    Windows can retain access to privileged content on navigation
+    to unprivileged pages
+- removed obsolete patches
   * mozilla-bmo1088588.patch
+  * mozilla-bmo1108834.patch
 - requires NSPR 4.10.8
 
 -------------------------------------------------------------------
+Tue Mar 24 15:35:24 UTC 2015 - dvaleev@suse.com
+
+- Fix builds with skia on Power
+  mozilla-skia-be-le.patch (patch from #bmo1136958)
+  mozilla-bmo1108834.patch
+  mozilla-bmo1005535.patch
+
+-------------------------------------------------------------------
 Sat Mar 21 09:03:12 UTC 2015 - wr@rosenauer.org
 
 - update to Firefox 36.0.4 (bnc#923534)
mozilla