1 ------------------------------------------------------------------- |
1 ------------------------------------------------------------------- |
2 Sat Apr 21 10:02:37 UTC 2012 - wr@rosenauer.org |
2 Sat Apr 21 10:02:37 UTC 2012 - wr@rosenauer.org |
3 |
3 |
4 - update to Firefox 12.0 (bnc#758408) |
4 - update to Firefox 12.0 (bnc#758408) |
5 * rebased patches |
5 * rebased patches |
|
6 * MFSA 2012-20/CVE-2012-0467/CVE-2012-0468 |
|
7 Miscellaneous memory safety hazards |
|
8 * MFSA 2012-22/CVE-2012-0469 (bmo#738985) |
|
9 use-after-free in IDBKeyRange |
|
10 * MFSA 2012-23/CVE-2012-0470 (bmo#734288) |
|
11 Invalid frees causes heap corruption in gfxImageSurface |
|
12 * MFSA 2012-24/CVE-2012-0471 (bmo#715319) |
|
13 Potential XSS via multibyte content processing errors |
|
14 * MFSA 2012-25/CVE-2012-0472 (bmo#744480) |
|
15 Potential memory corruption during font rendering using cairo-dwrite |
|
16 * MFSA 2012-26/CVE-2012-0473 (bmo#743475) |
|
17 WebGL.drawElements may read illegal video memory due to |
|
18 FindMaxUshortElement error |
|
19 * MFSA 2012-27/CVE-2012-0474 (bmo#687745, bmo#737307) |
|
20 Page load short-circuit can lead to XSS |
|
21 * MFSA 2012-28/CVE-2012-0475 (bmo#694576) |
|
22 Ambiguous IPv6 in Origin headers may bypass webserver access |
|
23 restrictions |
|
24 * MFSA 2012-29/CVE-2012-0477 (bmo#718573) |
|
25 Potential XSS through ISO-2022-KR/ISO-2022-CN decoding issues |
|
26 * MFSA 2012-30/CVE-2012-0478 (bmo#727547) |
|
27 Crash with WebGL content using textImage2D |
|
28 * MFSA 2012-31/CVE-2011-3062 (bmo#739925) |
|
29 Off-by-one error in OpenType Sanitizer |
|
30 * MFSA 2012-32/CVE-2011-1187 (bmo#624621) |
|
31 HTTP Redirections and remote content can be read by javascript errors |
|
32 * MFSA 2012-33/CVE-2012-0479 (bmo#714631) |
|
33 Potential site identity spoofing when loading RSS and Atom feeds |
6 - added mozilla-libnotify.patch to allow fallback from libnotify |
34 - added mozilla-libnotify.patch to allow fallback from libnotify |
7 to xul based events if no notification-daemon is running |
35 to xul based events if no notification-daemon is running |
8 - gcc 4.7 fixes |
36 - gcc 4.7 fixes |
9 * mozilla-gcc47.patch |
37 * mozilla-gcc47.patch |
10 * disabled crashreporter temporarily for Factory |
38 * disabled crashreporter temporarily for Factory |