1 ------------------------------------------------------------------- |
1 ------------------------------------------------------------------- |
2 Wed Jun 19 10:48:49 UTC 2015 - wr@rosenauer.org |
2 Sat Jul 18 12:47:47 UTC 2015 - wr@rosenauer.org |
3 |
3 |
4 - update to Firefox 39.0b6 |
4 - update to Firefox 40.0b5 |
|
5 |
|
6 ------------------------------------------------------------------- |
|
7 Wed Jul 1 06:43:02 UTC 2015 - wr@rosenauer.org |
|
8 |
|
9 - update to Firefox 39.0 (bnc#935979) |
|
10 * Share Hello URLs with social networks |
|
11 * Support for 'switch' role in ARIA 1.1 (web accessibility) |
|
12 * SafeBrowsing malware detection lookups enabled for downloads |
|
13 (Mac OS X and Linux) |
|
14 * Support for new Unicode 8.0 skin tone emoji |
|
15 * Removed support for insecure SSLv3 for network communications |
|
16 * Disable use of RC4 except for temporarily whitelisted hosts |
|
17 * NPAPI Plug-in performance improved via asynchronous initialization |
|
18 security fixes: |
|
19 * MFSA 2015-59/CVE-2015-2724/CVE-2015-2725/CVE-2015-2726 |
|
20 Miscellaneous memory safety hazards |
|
21 * MFSA 2015-60/CVE-2015-2727 (bmo#1163422) |
|
22 Local files or privileged URLs in pages can be opened into new tabs |
|
23 * MFSA 2015-61/CVE-2015-2728 (bmo#1142210) |
|
24 Type confusion in Indexed Database Manager |
|
25 * MFSA 2015-62/CVE-2015-2729 (bmo#1122218) |
|
26 Out-of-bound read while computing an oscillator rendering range in Web Audio |
|
27 * MFSA 2015-63/CVE-2015-2731 (bmo#1149891) |
|
28 Use-after-free in Content Policy due to microtask execution error |
|
29 * MFSA 2015-64/CVE-2015-2730 (bmo#1125025) |
|
30 ECDSA signature validation fails to handle some signatures correctly |
|
31 (this fix is shipped by NSS 3.19.1 externally) |
|
32 * MFSA 2015-65/CVE-2015-2722/CVE-2015-2733 (bmo#1166924, bmo#1169867) |
|
33 Use-after-free in workers while using XMLHttpRequest |
|
34 * MFSA 2015-66/CVE-2015-2734/CVE-2015-2735/CVE-2015-2736/CVE-2015-2737 |
|
35 CVE-2015-2738/CVE-2015-2739/CVE-2015-2740 |
|
36 Vulnerabilities found through code inspection |
|
37 * MFSA 2015-67/CVE-2015-2741 (bmo#1147497) |
|
38 Key pinning is ignored when overridable errors are encountered |
|
39 * MFSA 2015-68/CVE-2015-2742 (bmo#1138669) |
|
40 OS X crash reports may contain entered key press information |
|
41 (not relevant under Linux) |
|
42 * MFSA 2015-69/CVE-2015-2743 (bmo#1163109) |
|
43 Privilege escalation in PDF.js |
|
44 * MFSA 2015-70/CVE-2015-4000 (bmo#1138554) |
|
45 NSS accepts export-length DHE keys with regular DHE cipher suites |
|
46 (this fix is shipped by NSS 3.19.1 externally) |
|
47 * MFSA 2015-71/CVE-2015-2721 (bmo#1086145) |
|
48 NSS incorrectly permits skipping of ServerKeyExchange |
|
49 (this fix is shipped by NSS 3.19.1 externally) |
5 - dropped mozilla-prefer_plugin_pref.patch as this feature is |
50 - dropped mozilla-prefer_plugin_pref.patch as this feature is |
6 likely not worth maintaining further |
51 likely not worth maintaining further |
7 - rebased patches |
52 - rebased patches |
8 - require NSS 3.19.1 |
53 - require NSS 3.19.2 |
9 |
54 |
10 ------------------------------------------------------------------- |
55 ------------------------------------------------------------------- |
11 Thu Jun 18 10:30:18 UTC 2015 - schwab@suse.de |
56 Thu Jun 18 10:30:18 UTC 2015 - schwab@suse.de |
12 |
57 |
13 - mozilla-arm64-libjpeg-turbo.patch: fix libjpeg-turbo configuration |
58 - mozilla-arm64-libjpeg-turbo.patch: fix libjpeg-turbo configuration |