# HG changeset patch # User Wolfgang Rosenauer # Date 1299062132 -3600 # Node ID e6d084b6d916492383a1ee29b3eb7fbc586259e3 # Parent 9f0ffc441295cc7992fbedff82495c035c1adef7 merge with released update diff -r 9f0ffc441295 -r e6d084b6d916 MozillaFirefox/MozillaFirefox.changes --- a/MozillaFirefox/MozillaFirefox.changes Tue Feb 15 00:04:06 2011 +0100 +++ b/MozillaFirefox/MozillaFirefox.changes Wed Mar 02 11:35:32 2011 +0100 @@ -1,7 +1,25 @@ ------------------------------------------------------------------- -Sun Jan 23 22:42:10 UTC 2011 - wr@rosenauer.org - -- security update to 3.6.14 (build1) +Tue Feb 22 08:17:39 UTC 2011 - wr@rosenauer.org + +- security update to 3.6.14 (build3) (bnc#667155) + * MFSA 2011-01/CVE-2011-0053/CVE-2011-0062 + Miscellaneous memory safety hazards (rv:1.9.2.14/ 1.9.1.17) + * MFSA 2011-02/CVE-2011-0051 (bmo#616659) + Recursive eval call causes confirm dialogs to evaluate to true + * MFSA 2011-03/CVE-2011-0055 (bmo#616009, bmo#619255) + Use-after-free error in JSON.stringify + * MFSA 2011-04/CVE-2011-0054 (bmo#615657) + Buffer overflow in JavaScript upvarMap + * MFSA 2011-05/CVE-2011-0056 (bmo#622015) + Buffer overflow in JavaScript atom map + * MFSA 2011-06/CVE-2011-0057 (bmo#626631) + Use-after-free error using Web Workers + * MFSA 2011-08/CVE-2010-1585 (bmo#562547) + ParanoidFragmentSink allows javascript: URLs in chrome documents + * MFSA 2011-09/CVE-2011-0061 (bmo#610601) + Crash caused by corrupted JPEG image + * MFSA 2011-10/CVE-2011-0059 (bmo#573873) + CSRF risk with plugins and 307 redirects ------------------------------------------------------------------- Thu Nov 25 09:28:25 UTC 2010 - wr@rosenauer.org diff -r 9f0ffc441295 -r e6d084b6d916 MozillaFirefox/MozillaFirefox.spec --- a/MozillaFirefox/MozillaFirefox.spec Tue Feb 15 00:04:06 2011 +0100 +++ b/MozillaFirefox/MozillaFirefox.spec Wed Mar 02 11:35:32 2011 +0100 @@ -36,7 +36,7 @@ Provides: web_browser Provides: firefox = %{version} Release: 1 -%define releasedate 2011012200 +%define releasedate 2011022100 Summary: Mozilla Firefox Web Browser Url: http://www.mozilla.org/ Group: Productivity/Networking/Web/Browsers diff -r 9f0ffc441295 -r e6d084b6d916 mozilla-xulrunner192/mozilla-xulrunner192.changes --- a/mozilla-xulrunner192/mozilla-xulrunner192.changes Tue Feb 15 00:04:06 2011 +0100 +++ b/mozilla-xulrunner192/mozilla-xulrunner192.changes Wed Mar 02 11:35:32 2011 +0100 @@ -1,15 +1,33 @@ ------------------------------------------------------------------- -Mon Feb 14 23:01:26 UTC 2011 - wr@rosenauer.org - -- security update to 1.9.2.14 (build1) - -------------------------------------------------------------------- -Mon Feb 14 16:03:16 UTC 2011 - pcerny@novell.com +Wed Mar 2 10:33:25 UTC 2011 - pcerny@novell.com - use full path to the ntlm_auth binary (mozilla-ntlm-full-path.patch) ------------------------------------------------------------------- +Tue Feb 22 07:47:01 UTC 2011 - wr@rosenauer.org + +- security update to 1.9.2.14 (build3) (bnc#667155) + * MFSA 2011-01/CVE-2011-0053/CVE-2011-0062 + Miscellaneous memory safety hazards (rv:1.9.2.14/ 1.9.1.17) + * MFSA 2011-02/CVE-2011-0051 (bmo#616659) + Recursive eval call causes confirm dialogs to evaluate to true + * MFSA 2011-03/CVE-2011-0055 (bmo#616009, bmo#619255) + Use-after-free error in JSON.stringify + * MFSA 2011-04/CVE-2011-0054 (bmo#615657) + Buffer overflow in JavaScript upvarMap + * MFSA 2011-05/CVE-2011-0056 (bmo#622015) + Buffer overflow in JavaScript atom map + * MFSA 2011-06/CVE-2011-0057 (bmo#626631) + Use-after-free error using Web Workers + * MFSA 2011-08/CVE-2010-1585 (bmo#562547) + ParanoidFragmentSink allows javascript: URLs in chrome documents + * MFSA 2011-09/CVE-2011-0061 (bmo#610601) + Crash caused by corrupted JPEG image + * MFSA 2011-10/CVE-2011-0059 (bmo#573873) + CSRF risk with plugins and 307 redirects + +------------------------------------------------------------------- Thu Nov 25 09:25:50 UTC 2010 - wr@rosenauer.org - security update to 1.9.2.13 (bnc#657016) diff -r 9f0ffc441295 -r e6d084b6d916 mozilla-xulrunner192/mozilla-xulrunner192.spec --- a/mozilla-xulrunner192/mozilla-xulrunner192.spec Tue Feb 15 00:04:06 2011 +0100 +++ b/mozilla-xulrunner192/mozilla-xulrunner192.spec Wed Mar 02 11:35:32 2011 +0100 @@ -41,7 +41,7 @@ License: GPLv2+ ; LGPLv2.1+ ; MPLv1.1+ Version: 1.9.2.14 Release: 1 -%define releasedate 2011020700 +%define releasedate 2011022100 %define version_internal 1.9.2.14 %define apiversion 1.9.2 %define uaweight 192140