2 Sat Jul 18 12:47:47 UTC 2015 - wr@rosenauer.org

     2 Fri Aug  7 07:49:49 UTC 2015 - wr@rosenauer.org

     3 

     3 

     4 - update to Firefox 40.0b5

     4 - update to Firefox 40.0 (bnc#940806)

     5   * Added protection against unwanted software downloads

     6   * Suggested Tiles show sites of interest, based on categories

     7     from your recent browsing history

     8   * Hello allows adding a link to conversations to provide context

     9     on what the conversation will be about

    10   * New style for add-on manager based on the in-content

    11     preferences style

    12   * Improved scrolling, graphics, and video playback performance

    13     with off main thread compositing (GNU/Linux only)

    14   * Graphic blocklist mechanism improved: Firefox version ranges

    15     can be specified, limiting the number of devices blocked

    16   security fixes:

    17   * MFSA 2015-79/CVE-2015-4473/CVE-2015-4474

    18     Miscellaneous memory safety hazards

    19   * MFSA 2015-80/CVE-2015-4475 (bmo#1175396)

    20     Out-of-bounds read with malformed MP3 file

    21   * MFSA 2015-81/CVE-2015-4477 (bmo#1179484)

    22     Use-after-free in MediaStream playback

    23   * MFSA 2015-82/CVE-2015-4478 (bmo#1105914)

    24     Redefinition of non-configurable JavaScript object properties

    25   * MFSA 2015-83/CVE-2015-4479/CVE-2015-4480/CVE-2015-4493

    26     Overflow issues in libstagefright

    27   * MFSA 2015-84/CVE-2015-4481 (bmo1171518)

    28     Arbitrary file overwriting through Mozilla Maintenance Service

    29     with hard links (only affected Windows)

    30   * MFSA 2015-85/CVE-2015-4482 (bmo#1184500)

    31     Out-of-bounds write with Updater and malicious MAR file

    32     (does not affect openSUSE RPM packages which do not ship the

    33      updater)

    34   * MFSA 2015-86/CVE-2015-4483 (bmo#1148732)

    35     Feed protocol with POST bypasses mixed content protections

    36   * MFSA 2015-87/CVE-2015-4484 (bmo#1171540)

    37     Crash when using shared memory in JavaScript

    38   * MFSA 2015-88/CVE-2015-4491 (bmo#1184009)

    39     Heap overflow in gdk-pixbuf when scaling bitmap images

    40   * MFSA 2015-89/CVE-2015-4485/CVE-2015-4486 (bmo#1177948, bmo#1178148)

    41     Buffer overflows on Libvpx when decoding WebM video

    42   * MFSA 2015-90/CVE-2015-4487/CVE-2015-4488/CVE-2015-4489

    43     Vulnerabilities found through code inspection

    44   * MFSA 2015-91/CVE-2015-4490 (bmo#1086999)

    45     Mozilla Content Security Policy allows for asterisk wildcards

    46     in violation of CSP specification

    47   * MFSA 2015-92/CVE-2015-4492 (bmo#1185820)

    48     Use-after-free in XMLHttpRequest with shared workers

    49 - added mozilla-no-stdcxx-check.patch

    50 - removed obsolete patches

    51   * mozilla-add-glibcxx_use_cxx11_abi.patch

    52   * firefox-multilocale-chrome.patch

    53 - rebased patches

    54 - requires version 40 of the branding package

    55 - removed browser/searchplugins/ location as it's not valid anymore

    56 

    57 -------------------------------------------------------------------

    58 Fri Aug  7 07:09:39 UTC 2015 - wr@rosenauer.org

    59 

    60 - security update to Firefox 39.0.3 (bnc#940918)

    61   * MFSA 2015-78/CVE-2015-4495 (bmo#1179262, bmo#1178058)

    62     Same origin violation and local file stealing via PDF reader