|
1 ------------------------------------------------------------------- |
|
2 Fri Sep 29 08:56:27 UTC 2017 - wr@rosenauer.org |
|
3 |
|
4 - update to Firefox 52.4esr (boo#1060445) |
|
5 * requires NSS >= 3.28.6 |
|
6 MFSA 2017-22 |
|
7 * CVE-2017-7793 (bmo#1371889) |
|
8 Use-after-free with Fetch API |
|
9 * CVE-2017-7818 (bmo#1363723) |
|
10 Use-after-free during ARIA array manipulation |
|
11 * CVE-2017-7819 (bmo#1380292) |
|
12 Use-after-free while resizing images in design mode |
|
13 * CVE-2017-7824 (bmo#1398381) |
|
14 Buffer overflow when drawing and validating elements with ANGLE |
|
15 * CVE-2017-7805 (bmo#1377618) (fixed via NSS requirement) |
|
16 Use-after-free in TLS 1.2 generating handshake hashes |
|
17 * CVE-2017-7814 (bmo#1376036) |
|
18 Blob and data URLs bypass phishing and malware protection warnings |
|
19 * CVE-2017-7825 (bmo#1393624, bmo#1390980) (OSX-only) |
|
20 OS X fonts render some Tibetan and Arabic unicode characters as spaces |
|
21 * CVE-2017-7823 (bmo#1396320) |
|
22 CSP sandbox directive did not create a unique origin |
|
23 * CVE-2017-7810 |
|
24 Memory safety bugs fixed in Firefox 56 and Firefox ESR 52.4 |
|
25 - fixed language accept header to use correct locale |
|
26 (mozilla-bmo1005640.patch, boo#1029917) |
|
27 |
1 ------------------------------------------------------------------- |
28 ------------------------------------------------------------------- |
2 Wed Aug 9 09:47:39 UTC 2017 - schwab@suse.de |
29 Wed Aug 9 09:47:39 UTC 2017 - schwab@suse.de |
3 |
30 |
4 - mozilla-ucontext.patch: use ucontext_t instead of struct ucontext |
31 - mozilla-ucontext.patch: use ucontext_t instead of struct ucontext |
5 |
32 |