diff -r a9aa543a508a -r edb0ebe8cccc MozillaFirefox/MozillaFirefox.changes --- a/MozillaFirefox/MozillaFirefox.changes Sat Aug 22 08:33:39 2020 +0200 +++ b/MozillaFirefox/MozillaFirefox.changes Tue Aug 25 21:27:22 2020 +0200 @@ -1,4 +1,46 @@ ------------------------------------------------------------------- +Sat Aug 22 06:52:01 UTC 2020 - Wolfgang Rosenauer + +- Mozilla Firefox 80.0 + MFSA 2020-36 (bsc#1175686) + * CVE-2020-15663 (bmo#1643199) + Downgrade attack on the Mozilla Maintenance Service could + have resulted in escalation of privilege + * CVE-2020-15664 (bmo#1658214) + Attacker-induced prompt for extension installation + * CVE-2020-12401 (bmo#1631573) + Timing-attack on ECDSA signature generation + * CVE-2020-6829 (bmo#1631583) + P-384 and P-521 vulnerable to an electro-magnetic side + channel attack on signature generation + * CVE-2020-12400 (bmo#1623116) + P-384 and P-521 vulnerable to a side channel attack on + modular inversion + * CVE-2020-15665 (bmo#1651636) + Address bar not reset when choosing to stay on a page after + the beforeunload dialog is shown + * CVE-2020-15666 (bmo#1450853) + MediaError message property leaks cross-origin response + status + * CVE-2020-15667 (bmo#1653371) + Heap overflow when processing an update file + * CVE-2020-15668 (bmo#1651520) + Data Race when reading certificate information + * CVE-2020-15670 (bmo#1651001, bmo#1651449, bmo#1653626, + bmo#1656957) + Memory safety bugs fixed in Firefox 80 and Firefox ESR 78.2 +- requires + * NSPR 4.27 + * NSS 3.55 +- added mozilla-system-nspr.patch (bmo#1661096) +- exclude ga-IE locale as it's failing to build +- rollback parallelize locale build because it breaks bookmarks + (boo#1167976) +- preserve original default bookmark file during langpack build + (boo#1167976) +- add some ccache output during build + +------------------------------------------------------------------- Thu Aug 20 13:07:33 UTC 2020 - Martin Liška - Use new memoryperjob _constraints instead of %limit_build macro.