diff -r 17bc5a064ab4 -r a2caa2a2494f MozillaFirefox/MozillaFirefox.changes --- a/MozillaFirefox/MozillaFirefox.changes Mon Apr 10 23:42:16 2023 +0200 +++ b/MozillaFirefox/MozillaFirefox.changes Tue May 09 23:09:18 2023 +0200 @@ -1,4 +1,99 @@ ------------------------------------------------------------------- +Sun May 7 19:47:00 UTC 2023 - Aaron Puchert + +- Fix i586 build by reducing debug info to -g1. (boo#1210168) + +------------------------------------------------------------------- +Tue Apr 25 16:01:07 UTC 2023 - Andreas Stieger + +- Mozilla Firefox 112.0.2 + * Fix a high memory usage issue with animated images in minimized + (or completely covered) windows, especially when using animated + themes (bmo#1828587) + * Fix an issue where Linux users with bitmap fonts installed may + have had entire sections of text invisible to them on some + sites (bmo#1827950) + +------------------------------------------------------------------- +Fri Apr 21 09:48:25 UTC 2023 - Manfred Hollstein + +- Include Leap 15.5 in check for which python version is required. + +------------------------------------------------------------------- +Thu Apr 20 13:24:13 UTC 2023 - Andreas Stieger + +- Mozilla Firefox 112.0.1 + * Fix a bug where cookie dates appear to be set in the far + future after updating Firefox. This may have caused cookies to + be unintentionally purged (bmo#1827669) + +------------------------------------------------------------------- +Mon Apr 10 21:58:19 UTC 2023 - Wolfgang Rosenauer + +- Mozilla Firefox 112.0 + * https://www.mozilla.org/en-US/firefox/112.0/releasenotes/ + MFSA 2023-13 (bsc#1210212) + * CVE-2023-29531 (bmo#1794292) + Out-of-bound memory access in WebGL on macOS + * CVE-2023-29532 (bmo#1806394) + Mozilla Maintenance Service Write-lock bypass + * CVE-2023-29533 (bmo#1798219, bmo#1814597) + Fullscreen notification obscured + * CVE-2023-29534 (bmo#1816007, bmo#1816059, bmo#1821155, bmo#1821576, + bmo#1821906, bmo#1822298, bmo#1822305) + Fullscreen notification could have been obscured on Firefox + for Android + * MFSA-TMP-2023-0001 (bmo#1819244) + Double-free in libwebp + * CVE-2023-29535 (bmo#1820543) + Potential Memory Corruption following Garbage Collector compaction + * CVE-2023-29536 (bmo#1821959) + Invalid free from JavaScript code + * CVE-2023-29537 (bmo#1823365, bmo#1824200, bmo#1825569) + Data Races in font initialization code + * CVE-2023-29538 (bmo#1685403) + Directory information could have been leaked to WebExtensions + * CVE-2023-29539 (bmo#1784348) + Content-Disposition filename truncation leads to Reflected + File Download + * CVE-2023-29540 (bmo#1790542) + Iframe sandbox bypass using redirects and sourceMappingUrls + * CVE-2023-29541 (bmo#1810191) + Files with malicious extensions could have been downloaded + unsafely on Linux + * CVE-2023-29542 (bmo#1810793, bmo#1815062) + Bypass of file download extension restrictions + * CVE-2023-29543 (bmo#1816158) + Use-after-free in debugging APIs + * CVE-2023-29544 (bmo#1818781) + Memory Corruption in garbage collector + * CVE-2023-29545 (bmo#1823077) + Windows Save As dialog resolved environment variables + * CVE-2023-29546 (bmo#1780842) + Screen recording in Private Browsing included address bar on + Android + * CVE-2023-29547 (bmo#1783536) + Secure document cookie could be spoofed with insecure cookie + * CVE-2023-29548 (bmo#1822754) + Incorrect optimization result on ARM64 + * CVE-2023-29549 (bmo#1823042) + Javascript's bind function may have failed + * CVE-2023-29550 (bmo#1720594, bmo#1751945, bmo#1812498, bmo#1814217, + bmo#1818357, bmo#1818762, bmo#1819493, bmo#1820389, bmo#1820602, + bmo#1821448, bmo#1822413, bmo#1824828) + Memory safety bugs fixed in Firefox 112 and Firefox ESR 102.10 + * CVE-2023-29551 (bmo#1763625, bmo#1814314, bmo#1815798, bmo#1815890, + bmo#1819239, bmo#1819465, bmo#1819486, bmo#1819492, bmo#1819957, + bmo#1820514, bmo#1820776, bmo#1821838, bmo#1822175, bmo#1823547) + Memory safety bugs fixed in Firefox 112 +- requires + * NSS 3.89 + * Python >= 3.7 (for build) +- removed obsolete mozilla-bmo1807652.patch +- Fix Icons displayed incorrectly on GNOME/wayland via WMCLASS + in desktop file + +------------------------------------------------------------------- Mon Mar 27 15:17:17 UTC 2023 - Wolfgang Rosenauer - Mozilla Firefox 111.0.1 (boo#1209688)