1 ------------------------------------------------------------------- |
1 ------------------------------------------------------------------- |
2 Wed Oct 6 07:13:34 CEST 2010 - wr@rosenauer.org |
2 Wed Oct 6 07:13:34 CEST 2010 - wr@rosenauer.org |
3 |
3 |
4 - security update to 1.9.2.11 |
4 - security update to 1.9.2.11 (bnc#645315) |
|
5 * MFSA 2010-64/CVE-2010-3174/CVE-2010-3175/CVE-2010-3176 |
|
6 Miscellaneous memory safety hazards |
|
7 * MFSA 2010-65/CVE-2010-3179 (bmo#583077) |
|
8 Buffer overflow and memory corruption using document.write |
|
9 * MFSA 2010-66/CVE-2010-3180 (bmo#588929) |
|
10 Use-after-free error in nsBarProp |
|
11 * MFSA 2010-67/CVE-2010-3183 (bmo#598669) |
|
12 Dangling pointer vulnerability in LookupGetterOrSetter |
|
13 * MFSA 2010-68/CVE-2010-3177 (bmo#556734) |
|
14 XSS in gopher parser when parsing hrefs |
|
15 * MFSA 2010-69/CVE-2010-3178 (bmo#576616) |
|
16 Cross-site information disclosure via modal calls |
|
17 * MFSA 2010-70/CVE-2010-3170 (bmo#578697) |
|
18 SSL wildcard certificate matching IP addresses |
|
19 * MFSA 2010-71/CVE-2010-3182 (bmo#590753) |
|
20 Unsafe library loading vulnerabilities |
|
21 * MFSA 2010-72/CVE-2010-3173 |
|
22 Insecure Diffie-Hellman key exchange |
5 - removed upstreamed patches: |
23 - removed upstreamed patches: |
6 * mozilla-esd.patch |
24 * mozilla-esd.patch |
7 * mozilla-helper-app.patch |
25 * mozilla-helper-app.patch |
8 - build and runtime requirement is NSS 3.12.8 |
26 - build and runtime requirement is NSS 3.12.8 |
9 |
27 |