diff -r 0d861c33ec70 -r 86fa73db98e5 MozillaFirefox/MozillaFirefox.changes --- a/MozillaFirefox/MozillaFirefox.changes Sun Mar 22 14:02:18 2015 +0100 +++ b/MozillaFirefox/MozillaFirefox.changes Tue Apr 07 14:55:00 2015 +0200 @@ -1,12 +1,67 @@ ------------------------------------------------------------------- -Sun Mar 22 13:00:28 UTC 2015 - wr@rosenauer.org - -- update to Firefox 37.0b7 -- removed obsolete patch +Fri Apr 3 08:27:24 UTC 2015 - wr@rosenauer.org + +- update to Firefox 37.0.1 (bnc#926166) + * MFSA 2015-43/CVE-2015-0798 (bmo#1147597) (Android only) + Loading privileged content through Reader mode + * MFSA 2015-44/CVE-2015-0799 (bmo#1148328) + Certificate verification bypass through the HTTP/2 Alt-Svc header + +------------------------------------------------------------------- +Sat Mar 28 09:46:48 UTC 2015 - wr@rosenauer.org + +- update to Firefox 37.0 (bnc#925368) + * Heartbeat user rating system + * Yandex set as default search provider for the Turkish locale + * Bing search now uses HTTPS for secure searching + * Improved protection against site impersonation via OneCRL + centralized certificate revocation + * Opportunistically encrypt HTTP traffic where the server supports + HTTP/2 AltSvc + * some more behaviour changes for TLS + security fixes: + * MFSA 2015-30/CVE-2015-0814/CVE-2015-0815 + Miscellaneous memory safety hazards + * MFSA 2015-31/CVE-2015-0813 (bmo#1106596)) + Use-after-free when using the Fluendo MP3 GStreamer plugin + * MFSA 2015-32/CVE-2015-0812 (bmo#1128126) + Add-on lightweight theme installation approval bypassed through + MITM attack + * MFSA 2015-33/CVE-2015-0816 (bmo#1144991) + resource:// documents can load privileged pages + * MFSA-2015-34/CVE-2015-0811 (bmo#1132468) + Out of bounds read in QCMS library + * MFSA-2015-35/CVE-2015-0810 (bmo#1125013) + Cursor clickjacking with flash and images (OS X only) + * MFSA-2015-36/CVE-2015-0808 (bmo#1109552) + Incorrect memory management for simple-type arrays in WebRTC + * MFSA-2015-37/CVE-2015-0807 (bmo#1111834) + CORS requests should not follow 30x redirections after preflight + * MFSA-2015-38/CVE-2015-0805/CVE-2015-0806 (bmo#1135511, bmo#1099437) + Memory corruption crashes in Off Main Thread Compositing + * MFSA-2015-39/CVE-2015-0803/CVE-2015-0804 (bmo#1134560) + Use-after-free due to type confusion flaws + * MFSA-2015-40/CVE-2015-0801 (bmo#1146339) + Same-origin bypass through anchor navigation + * MFSA-2015-41/CVE-2015-0800/CVE-2012-2808 + PRNG weakness allows for DNS poisoning on Android (only) + * MFSA-2015-42/CVE-2015-0802 (bmo#1124898) + Windows can retain access to privileged content on navigation + to unprivileged pages +- removed obsolete patches * mozilla-bmo1088588.patch + * mozilla-bmo1108834.patch - requires NSPR 4.10.8 ------------------------------------------------------------------- +Tue Mar 24 15:35:24 UTC 2015 - dvaleev@suse.com + +- Fix builds with skia on Power + mozilla-skia-be-le.patch (patch from #bmo1136958) + mozilla-bmo1108834.patch + mozilla-bmo1005535.patch + +------------------------------------------------------------------- Sat Mar 21 09:03:12 UTC 2015 - wr@rosenauer.org - update to Firefox 36.0.4 (bnc#923534)