--- a/MozillaFirefox/MozillaFirefox.changes	Sat Dec 12 10:06:11 2015 +0100
+++ b/MozillaFirefox/MozillaFirefox.changes	Sat Dec 19 17:36:33 2015 +0100
@@ -1,4 +1,25 @@
 -------------------------------------------------------------------
+Sat Dec 12 09:09:25 UTC 2015 - wr@rosenauer.org
+
+- update to Firefox 38.5.0 (bnc#959277)
+  * MFSA 2015-134/CVE-2015-7201
+    Miscellaneous memory safety hazards
+  * MFSA 2015-138/CVE-2015-7210 (bmo#1218326)
+    Use-after-free in WebRTC when datachannel is used after being
+    destroyed
+  * MFSA 2015-139/CVE-2015-7212 (bmo#1222809)
+    Integer overflow allocating extremely large textures
+  * MFSA 2015-145/CVE-2015-7205 (bmo#1220493)
+    Underflow through code inspection
+  * MFSA 2015-146/CVE-2015-7213 (bmo#1206211)
+    Integer overflow in MP4 playback in 64-bit versions
+  * MFSA 2015-147/CVE-2015-7222 (bmo#1216748)
+    Integer underflow and buffer overflow processing MP4 metadata in
+    libstagefright
+  * MFSA 2015-149/CVE-2015-7214 (bmo#1228950)
+    Cross-site reading attack through data and view-source URIs
+
+-------------------------------------------------------------------
 Fri Oct 30 21:31:52 UTC 2015 - wr@rosenauer.org
 
 - update to Firefox 38.4.0 (bnc#952810)

--- a/MozillaFirefox/MozillaFirefox.spec	Sat Dec 12 10:06:11 2015 +0100
+++ b/MozillaFirefox/MozillaFirefox.spec	Sat Dec 19 17:36:33 2015 +0100
@@ -19,9 +19,9 @@
 
 # changed with every update
 %define major 38
-%define mainver %major.4.0
+%define mainver %major.5.0
 %define update_channel esr38
-%define releasedate 2015102700
+%define releasedate 2015121000
 
 # general build definitions
 %if "%{update_channel}" != "aurora"

--- a/MozillaFirefox/create-tar.sh	Sat Dec 12 10:06:11 2015 +0100
+++ b/MozillaFirefox/create-tar.sh	Sat Dec 19 17:36:33 2015 +0100
@@ -2,8 +2,8 @@
 
 CHANNEL="esr38"
 BRANCH="releases/mozilla-$CHANNEL"
-RELEASE_TAG="FIREFOX_38_4_0esr_RELEASE"
-VERSION="38.4.0"
+RELEASE_TAG="FIREFOX_38_5_0esr_RELEASE"
+VERSION="38.5.0"
 
 # mozilla
 if [ -d mozilla ]; then

--- a/MozillaFirefox/firefox-esr.changes	Sat Dec 12 10:06:11 2015 +0100
+++ b/MozillaFirefox/firefox-esr.changes	Sat Dec 19 17:36:33 2015 +0100
@@ -1,4 +1,9 @@
 -------------------------------------------------------------------
+Sat Dec 12 09:09:25 UTC 2015 - wr@rosenauer.org
+
+- update to Firefox 38.5.0 (bnc#)
+
+-------------------------------------------------------------------
 Fri Oct 30 21:31:52 UTC 2015 - wr@rosenauer.org
 
 - update to Firefox 38.4.0 (bnc#952810)

--- a/MozillaFirefox/firefox-esr.spec	Sat Dec 12 10:06:11 2015 +0100
+++ b/MozillaFirefox/firefox-esr.spec	Sat Dec 19 17:36:33 2015 +0100
@@ -19,9 +19,9 @@
 
 # changed with every update
 %define major 38
-%define mainver %major.4.0
+%define mainver %major.5.0
 %define update_channel esr38
-%define releasedate 2015102700
+%define releasedate 2015121000
 
 # general build definitions
 %if "%{update_channel}" != "aurora"

--- a/xulrunner/create-tar.sh	Sat Dec 12 10:06:11 2015 +0100
+++ b/xulrunner/create-tar.sh	Sat Dec 19 17:36:33 2015 +0100
@@ -2,8 +2,8 @@
 
 CHANNEL="esr38"
 BRANCH="releases/mozilla-$CHANNEL"
-RELEASE_TAG="FIREFOX_38_4_0esr_RELEASE"
-VERSION="38.4.0"
+RELEASE_TAG="FIREFOX_38_5_0esr_RELEASE"
+VERSION="38.5.0"
 
 # mozilla
 if [ -d mozilla ]; then

--- a/xulrunner/xulrunner.changes	Sat Dec 12 10:06:11 2015 +0100
+++ b/xulrunner/xulrunner.changes	Sat Dec 19 17:36:33 2015 +0100
@@ -1,3 +1,24 @@
+-------------------------------------------------------------------
+Sat Dec 12 12:51:46 UTC 2015 - wr@rosenauer.org
+
+- update to xulrunner 38.5.0 (bnc#959277)
+  * MFSA 2015-134/CVE-2015-7201
+    Miscellaneous memory safety hazards
+  * MFSA 2015-138/CVE-2015-7210 (bmo#1218326)
+    Use-after-free in WebRTC when datachannel is used after being
+    destroyed
+  * MFSA 2015-139/CVE-2015-7212 (bmo#1222809)
+    Integer overflow allocating extremely large textures
+  * MFSA 2015-145/CVE-2015-7205 (bmo#1220493)
+    Underflow through code inspection
+  * MFSA 2015-146/CVE-2015-7213 (bmo#1206211)
+    Integer overflow in MP4 playback in 64-bit versions
+  * MFSA 2015-147/CVE-2015-7222 (bmo#1216748)
+    Integer underflow and buffer overflow processing MP4 metadata in
+    libstagefright
+  * MFSA 2015-149/CVE-2015-7214 (bmo#1228950)
+    Cross-site reading attack through data and view-source URIs
+
 -------------------------------------------------------------------
 Sat Oct 31 09:32:17 UTC 2015 - wr@rosenauer.org
 

--- a/xulrunner/xulrunner.spec	Sat Dec 12 10:06:11 2015 +0100
+++ b/xulrunner/xulrunner.spec	Sat Dec 19 17:36:33 2015 +0100
@@ -17,10 +17,10 @@
 #
 
 
-%define version_internal 38.4.0
+%define version_internal 38.5.0
 %define apiversion 38
-%define uaweight 3840000
-%define releasedate 2015102700
+%define uaweight 3850000
+%define releasedate 2015121000
 %define shared_js 0
 %define has_system_nspr  1
 %define has_system_nss   1