1 ------------------------------------------------------------------- |
1 ------------------------------------------------------------------- |
2 Sun Dec 13 12:48:28 UTC 2015 - wr@rosenauer.org |
2 Thu Dec 31 08:45:14 UTC 2015 - wr@rosenauer.org |
3 |
3 |
4 - update to Firefox 43.0b9 |
4 - prepare mozilla-kde.patch for Gtk3 builds |
|
5 |
|
6 ------------------------------------------------------------------- |
|
7 Tue Dec 29 20:29:35 UTC 2015 - wr@rosenauer.org |
|
8 |
|
9 - update to Firefox 43.0.3 |
|
10 * requires NSS 3.20.2 to fix |
|
11 MFSA 2015-150/CVE-2015-7575 (bmo#1158489) |
|
12 MD5 signatures accepted within TLS 1.2 ServerKeyExchange in |
|
13 server signature |
|
14 * various changes to support Windows update (SHA-1 vs. SHA-2) |
|
15 * workaround Youtube user agent detection issue (bmo#1233970) |
|
16 - fix file download regression for multi user systems |
|
17 (bmo#1233434) (mozilla-bmo1233434.patch) |
|
18 - explicitely requires libXcomposite-devel |
|
19 |
|
20 ------------------------------------------------------------------- |
|
21 Sun Dec 13 23:07:56 UTC 2015 - wr@rosenauer.org |
|
22 |
|
23 - update to Firefox 43.0 (bnc#959277) |
5 * Improved API support for m4v video playback |
24 * Improved API support for m4v video playback |
6 * Users can opt-in to receive search suggestions from the Awesome Bar |
25 * Users can opt-in to receive search suggestions from the Awesome Bar |
7 * WebRTC streaming on multiple monitors |
26 * WebRTC streaming on multiple monitors |
8 * User selectable second block list for Private Browsing's Tracking |
27 * User selectable second block list for Private Browsing's Tracking |
9 Protection |
28 Protection |
|
29 security fixes: |
|
30 * MFSA 2015-134/CVE-2015-7201/CVE-2015-7202 |
|
31 Miscellaneous memory safety hazards |
|
32 * MFSA 2015-135/CVE-2015-7204 (bmo#1216130) |
|
33 Crash with JavaScript variable assignment with unboxed objects |
|
34 * MFSA 2015-136/CVE-2015-7207 (bmo#1185256) |
|
35 Same-origin policy violation using perfomance.getEntries and |
|
36 history navigation |
|
37 * MFSA 2015-137/CVE-2015-7208 (bmo#1191423) |
|
38 Firefox allows for control characters to be set in cookies |
|
39 * MFSA 2015-138/CVE-2015-7210 (bmo#1218326) |
|
40 Use-after-free in WebRTC when datachannel is used after being |
|
41 destroyed |
|
42 * MFSA 2015-139/CVE-2015-7212 (bmo#1222809) |
|
43 Integer overflow allocating extremely large textures |
|
44 * MFSA 2015-140/CVE-2015-7215 (bmo#1160890) |
|
45 Cross-origin information leak through web workers error events |
|
46 * MFSA 2015-141/CVE-2015-7211 (bmo#1221444) |
|
47 Hash in data URI is incorrectly parsed |
|
48 * MFSA 2015-142/CVE-2015-7218/CVE-2015-7219 (bmo#1194818, bmo#1194820) |
|
49 DOS due to malformed frames in HTTP/2 |
|
50 * MFSA 2015-143/CVE-2015-7216/CVE-2015-7217 (bmo#1197059, bmo#1203078) |
|
51 Linux file chooser crashes on malformed images due to flaws in |
|
52 Jasper library |
|
53 * MFSA 2015-144/CVE-2015-7203/CVE-2015-7220/CVE-2015-7221 |
|
54 (bmo#1201183, bmo#1178033, bmo#1199400) |
|
55 Buffer overflows found through code inspection |
|
56 * MFSA 2015-145/CVE-2015-7205 (bmo#1220493) |
|
57 Underflow through code inspection |
|
58 * MFSA 2015-146/CVE-2015-7213 (bmo#1206211) |
|
59 Integer overflow in MP4 playback in 64-bit versions |
|
60 * MFSA 2015-147/CVE-2015-7222 (bmo#1216748) |
|
61 Integer underflow and buffer overflow processing MP4 metadata in |
|
62 libstagefright |
|
63 * MFSA 2015-148/CVE-2015-7223 (bmo#1226423) |
|
64 Privilege escalation vulnerabilities in WebExtension APIs |
|
65 * MFSA 2015-149/CVE-2015-7214 (bmo#1228950) |
|
66 Cross-site reading attack through data and view-source URIs |
10 - rebased patches |
67 - rebased patches |
11 |
68 |
12 ------------------------------------------------------------------- |
69 ------------------------------------------------------------------- |
13 Sun Nov 15 19:52:20 UTC 2015 - wr@rosenauer.org |
70 Sun Nov 15 19:52:20 UTC 2015 - wr@rosenauer.org |
14 |
71 |