| author | Wolfgang Rosenauer <wr@rosenauer.org> |
| Fri, 16 Mar 2012 07:48:35 +0100 | |
| changeset 410 | 0af1b0003b9f |
| parent 408 | 475395d00191 |
| child 427 | 4e79a7c46250 |
| child 435 | df9c4a6e84f8 |
| permissions | -rw-r--r-- |
|
404
5f3bccaf6d52
provide browser(npapi)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
387
diff
changeset
|
1 |
------------------------------------------------------------------- |
| 408 | 2 |
Fri Mar 9 21:49:05 UTC 2012 - wr@rosenauer.org |
|
404
5f3bccaf6d52
provide browser(npapi)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
387
diff
changeset
|
3 |
|
| 408 | 4 |
- update to version 11.0 (bnc#750044) |
| 410 | 5 |
* MFSA 2012-13/CVE-2012-0455 (bmo#704354) |
6 |
XSS with Drag and Drop and Javascript: URL |
|
7 |
* MFSA 2012-14/CVE-2012-0456/CVE-2012-0457 (bmo#711653, #720103) |
|
8 |
SVG issues found with Address Sanitizer |
|
9 |
* MFSA 2012-15/CVE-2012-0451 (bmo#717511) |
|
10 |
XSS with multiple Content Security Policy headers |
|
11 |
* MFSA 2012-16/CVE-2012-0458 |
|
12 |
Escalation of privilege with Javascript: URL as home page |
|
13 |
* MFSA 2012-17/CVE-2012-0459 (bmo#723446) |
|
14 |
Crash when accessing keyframe cssText after dynamic modification |
|
15 |
* MFSA 2012-18/CVE-2012-0460 (bmo#727303) |
|
16 |
window.fullScreen writeable by untrusted content |
|
17 |
* MFSA 2012-19/CVE-2012-0461/CVE-2012-0462/CVE-2012-0464/ |
|
18 |
CVE-2012-0463 |
|
19 |
Miscellaneous memory safety hazards |
|
|
404
5f3bccaf6d52
provide browser(npapi)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
387
diff
changeset
|
20 |
- fix build on ARM |
|
5f3bccaf6d52
provide browser(npapi)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
387
diff
changeset
|
21 |
- disable jemalloc on s390(x) |
|
5f3bccaf6d52
provide browser(npapi)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
387
diff
changeset
|
22 |
|
| 387 | 23 |
------------------------------------------------------------------- |
24 |
Thu Feb 16 08:51:42 UTC 2012 - wr@rosenauer.org |
|
25 |
||
26 |
- update to version 10.0.2 (bnc#747328) |
|
27 |
* CVE-2011-3026 (bmo#727401) |
|
28 |
libpng: integer overflow leading to heap-buffer overflow |
|
29 |
||
30 |
------------------------------------------------------------------- |
|
31 |
Thu Feb 9 10:20:49 UTC 2012 - wr@rosenauer.org |
|
32 |
||
33 |
- update to version 10.0.1 (bnc#746616) |
|
34 |
* MFSA 2012-10/CVE-2012-0452 (bmo#724284) |
|
35 |
use after free in nsXBLDocumentInfo::ReadPrototypeBindings |
|
36 |
||
| 378 | 37 |
------------------------------------------------------------------- |
38 |
Tue Feb 7 10:40:58 UTC 2012 - dvaleev@suse.com |
|
39 |
||
40 |
- Use YARR interpreter instead of PCRE on platforms where YARR JIT |
|
41 |
is not supported, since PCRE doesnt build (bmo#691898) |
|
| 387 | 42 |
- fix ppc64 build (bmo#703534) |
| 378 | 43 |
|
| 373 | 44 |
------------------------------------------------------------------- |
45 |
Mon Jan 30 09:43:21 UTC 2012 - wr@rosenauer.org |
|
46 |
||
|
375
d75cd0dac058
final 10.0 updates (changelog)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
373
diff
changeset
|
47 |
- update to version 10.0 (bnc#744275) |
|
d75cd0dac058
final 10.0 updates (changelog)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
373
diff
changeset
|
48 |
* MFSA 2012-01/CVE-2012-0442/CVE-2012-0443 |
|
d75cd0dac058
final 10.0 updates (changelog)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
373
diff
changeset
|
49 |
Miscellaneous memory safety hazards |
|
d75cd0dac058
final 10.0 updates (changelog)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
373
diff
changeset
|
50 |
* MFSA 2012-03/CVE-2012-0445 (bmo#701071) |
|
d75cd0dac058
final 10.0 updates (changelog)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
373
diff
changeset
|
51 |
<iframe> element exposed across domains via name attribute |
|
d75cd0dac058
final 10.0 updates (changelog)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
373
diff
changeset
|
52 |
* MFSA 2012-04/CVE-2011-3659 (bmo#708198) |
|
d75cd0dac058
final 10.0 updates (changelog)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
373
diff
changeset
|
53 |
Child nodes from nsDOMAttribute still accessible after removal |
|
d75cd0dac058
final 10.0 updates (changelog)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
373
diff
changeset
|
54 |
of nodes |
|
d75cd0dac058
final 10.0 updates (changelog)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
373
diff
changeset
|
55 |
* MFSA 2012-05/CVE-2012-0446 (bmo#705651) |
|
d75cd0dac058
final 10.0 updates (changelog)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
373
diff
changeset
|
56 |
Frame scripts calling into untrusted objects bypass security |
|
d75cd0dac058
final 10.0 updates (changelog)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
373
diff
changeset
|
57 |
checks |
|
d75cd0dac058
final 10.0 updates (changelog)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
373
diff
changeset
|
58 |
* MFSA 2012-06/CVE-2012-0447 (bmo#710079) |
|
d75cd0dac058
final 10.0 updates (changelog)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
373
diff
changeset
|
59 |
Uninitialized memory appended when encoding icon images may |
|
d75cd0dac058
final 10.0 updates (changelog)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
373
diff
changeset
|
60 |
cause information disclosure |
|
d75cd0dac058
final 10.0 updates (changelog)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
373
diff
changeset
|
61 |
* MFSA 2012-07/CVE-2012-0444 (bmo#719612) |
|
d75cd0dac058
final 10.0 updates (changelog)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
373
diff
changeset
|
62 |
Potential Memory Corruption When Decoding Ogg Vorbis files |
|
d75cd0dac058
final 10.0 updates (changelog)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
373
diff
changeset
|
63 |
* MFSA 2012-08/CVE-2012-0449 (bmo#701806, bmo#702466) |
|
d75cd0dac058
final 10.0 updates (changelog)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
373
diff
changeset
|
64 |
Crash with malformed embedded XSLT stylesheets |
|
d75cd0dac058
final 10.0 updates (changelog)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
373
diff
changeset
|
65 |
- removed obsolete ppc64 patch |
|
d75cd0dac058
final 10.0 updates (changelog)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
373
diff
changeset
|
66 |
- disable neon for ARM as it doesn't build correctly |
| 373 | 67 |
|
| 366 | 68 |
------------------------------------------------------------------- |
69 |
Fri Dec 23 17:02:01 UTC 2011 - wr@rosenauer.org |
|
70 |
||
71 |
- update to Firefox 9.0.1 |
|
72 |
* (strongparent) parentNode of element gets lost (bmo#335998) |
|
73 |
||
|
363
48596576f932
update to 9.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
355
diff
changeset
|
74 |
------------------------------------------------------------------- |
|
48596576f932
update to 9.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
355
diff
changeset
|
75 |
Sun Dec 18 09:28:02 UTC 2011 - wr@rosenauer.org |
|
48596576f932
update to 9.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
355
diff
changeset
|
76 |
|
|
48596576f932
update to 9.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
355
diff
changeset
|
77 |
- update to release 9.0 (bnc#737533) |
|
364
0f5c150b9dcd
merge changes from mozilla:Factory including full changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
363
diff
changeset
|
78 |
* MFSA 2011-53/CVE-2011-3660 |
|
0f5c150b9dcd
merge changes from mozilla:Factory including full changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
363
diff
changeset
|
79 |
Miscellaneous memory safety hazards (rv:9.0) |
|
0f5c150b9dcd
merge changes from mozilla:Factory including full changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
363
diff
changeset
|
80 |
* MFSA 2011-54/CVE-2011-3661 (bmo#691299) |
|
0f5c150b9dcd
merge changes from mozilla:Factory including full changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
363
diff
changeset
|
81 |
Potentially exploitable crash in the YARR regular expression |
|
0f5c150b9dcd
merge changes from mozilla:Factory including full changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
363
diff
changeset
|
82 |
library |
|
0f5c150b9dcd
merge changes from mozilla:Factory including full changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
363
diff
changeset
|
83 |
* MFSA 2011-55/CVE-2011-3658 (bmo#708186) |
|
0f5c150b9dcd
merge changes from mozilla:Factory including full changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
363
diff
changeset
|
84 |
nsSVGValue out-of-bounds access |
|
0f5c150b9dcd
merge changes from mozilla:Factory including full changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
363
diff
changeset
|
85 |
* MFSA 2011-56/CVE-2011-3663 (bmo#704482) |
|
0f5c150b9dcd
merge changes from mozilla:Factory including full changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
363
diff
changeset
|
86 |
Key detection without JavaScript via SVG animation |
|
0f5c150b9dcd
merge changes from mozilla:Factory including full changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
363
diff
changeset
|
87 |
* MFSA 2011-58/VE-2011-3665 (bmo#701259) |
|
0f5c150b9dcd
merge changes from mozilla:Factory including full changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
363
diff
changeset
|
88 |
Crash scaling <video> to extreme sizes |
|
363
48596576f932
update to 9.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
355
diff
changeset
|
89 |
|
| 355 | 90 |
------------------------------------------------------------------- |
91 |
Sat Nov 12 15:20:49 UTC 2011 - wr@rosenauer.org |
|
92 |
||
93 |
- fix ppc64 build |
|
94 |
||
|
350
9d46eaac2549
update to Firefox 8 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
337
diff
changeset
|
95 |
------------------------------------------------------------------- |
|
9d46eaac2549
update to Firefox 8 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
337
diff
changeset
|
96 |
Sun Nov 6 08:23:04 UTC 2011 - wr@rosenauer.org |
|
9d46eaac2549
update to Firefox 8 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
337
diff
changeset
|
97 |
|
|
9d46eaac2549
update to Firefox 8 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
337
diff
changeset
|
98 |
- update to release 8.0 (bnc#728520) |
| 354 | 99 |
* MFSA 2011-47/CVE-2011-3648 (bmo#690225) |
100 |
Potential XSS against sites using Shift-JIS |
|
101 |
* MFSA 2011-48/CVE-2011-3651/CVE-2011-3652/CVE-2011-3654 |
|
102 |
Miscellaneous memory safety hazards |
|
103 |
* MFSA 2011-49/CVE-2011-3650 (bmo#674776) |
|
104 |
Memory corruption while profiling using Firebug |
|
105 |
* MFSA 2011-52/CVE-2011-3655 (bmo#672182) |
|
106 |
Code execution via NoWaiverWrapper |
|
|
350
9d46eaac2549
update to Firefox 8 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
337
diff
changeset
|
107 |
- rebased patches |
|
9d46eaac2549
update to Firefox 8 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
337
diff
changeset
|
108 |
|
| 337 | 109 |
------------------------------------------------------------------- |
110 |
Fri Sep 30 10:59:54 UTC 2011 - wr@rosenauer.org |
|
111 |
||
112 |
- update to minor release 7.0.1 |
|
113 |
* fixed staged addon updates |
|
114 |
||
| 334 | 115 |
------------------------------------------------------------------- |
116 |
Fri Sep 23 11:36:04 UTC 2011 - wr@rosenauer.org |
|
117 |
||
118 |
- update to version 7.0 (bnc#720264) |
|
| 337 | 119 |
* MFSA 2011-36/CVE-2011-2995/CVE-2011-2996/CVE-2011-2997 |
120 |
Miscellaneous memory safety hazards |
|
121 |
* MFSA 2011-39/CVE-2011-3000 (bmo#655389) |
|
122 |
Defense against multiple Location headers due to CRLF Injection |
|
123 |
* MFSA 2011-40/CVE-2011-2372/CVE-2011-3001 |
|
124 |
Code installation through holding down Enter |
|
125 |
* MFSA 2011-41/CVE-2011-3002/CVE-2011-3003 (bmo#680840, bmo#682335) |
|
126 |
Potentially exploitable WebGL crashes |
|
127 |
* MFSA 2011-42/CVE-2011-3232 (bmo#653672) |
|
128 |
Potentially exploitable crash in the YARR regular expression |
|
129 |
library |
|
130 |
* MFSA 2011-43/CVE-2011-3004 (bmo#653926) |
|
131 |
loadSubScript unwraps XPCNativeWrapper scope parameter |
|
132 |
* MFSA 2011-44/CVE-2011-3005 (bmo#675747) |
|
133 |
Use after free reading OGG headers |
|
134 |
* MFSA 2011-45 |
|
135 |
Inferring keystrokes from motion data |
|
136 |
- removed obsolete mozilla-cairo-lcd.patch |
|
137 |
- rebased patches |
|
| 334 | 138 |
|
139 |
------------------------------------------------------------------- |
|
140 |
Tue Sep 20 11:54:28 UTC 2011 - wr@rosenauer.org |
|
141 |
||
142 |
- install xpt.py into SDK (mozilla-639554.patch) (bnc#639554) |
|
143 |
||
|
325
f5966ab369fb
manual forward merge xulrunner from firefox6 branch
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
diff
changeset
|
144 |
------------------------------------------------------------------- |
|
f5966ab369fb
manual forward merge xulrunner from firefox6 branch
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
diff
changeset
|
145 |
Wed Sep 14 13:07:39 UTC 2011 - wr@rosenauer.org |
|
f5966ab369fb
manual forward merge xulrunner from firefox6 branch
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
diff
changeset
|
146 |
|
|
f5966ab369fb
manual forward merge xulrunner from firefox6 branch
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
diff
changeset
|
147 |
- initial xulrunner package |
|
f5966ab369fb
manual forward merge xulrunner from firefox6 branch
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
diff
changeset
|
148 |