|
1 ------------------------------------------------------------------- |
|
2 Wed Mar 25 07:30:39 UTC 2020 - Marcus Meissner <meissner@suse.com> |
|
3 |
|
4 - mozilla-sandbox-fips.patch: allow /proc/sys/crypto/fips_enabled |
|
5 to be read, as openssl 1.1.1 FIPS aborts if it cannot access it |
|
6 (bsc#1167132) |
|
7 |
|
8 ------------------------------------------------------------------- |
|
9 Sat Mar 7 08:51:06 UTC 2020 - Wolfgang Rosenauer <wr@rosenauer.org> |
|
10 |
|
11 - Mozilla Firefox 74.0 |
|
12 * https://www.mozilla.org/en-US/firefox/74.0/releasenotes/ |
|
13 MFSA 2020-08 (bsc#1166238) |
|
14 * CVE-2020-6805 (bmo#1610880) |
|
15 Use-after-free when removing data about origins |
|
16 * CVE-2020-6806 (bmo#1612308) |
|
17 BodyStream::OnInputStreamReady was missing protections against |
|
18 state confusion |
|
19 * CVE-2020-6807 (bmo#1614971) |
|
20 Use-after-free in cubeb during stream destruction |
|
21 * CVE-2020-6808 (bmo#1247968) |
|
22 URL Spoofing via javascript: URL |
|
23 * CVE-2020-6809 (bmo#1420296) |
|
24 Web Extensions with the all-urls permission could access local |
|
25 files |
|
26 * CVE-2020-6810 (bmo#1432856) |
|
27 Focusing a popup while in fullscreen could have obscured the |
|
28 fullscreen notification |
|
29 * CVE-2020-6811 (bmo#1607742) |
|
30 Devtools' 'Copy as cURL' feature did not fully escape |
|
31 website-controlled data, potentially leading to command injection |
|
32 * CVE-2019-20503 (bmo#1613765) |
|
33 Out of bounds reads in sctp_load_addresses_from_init |
|
34 * CVE-2020-6812 (bmo#1616661) |
|
35 The names of AirPods with personally identifiable information |
|
36 were exposed to websites with camera or microphone permission |
|
37 * CVE-2020-6813 (bmo#1605814) |
|
38 @import statements in CSS could bypass the Content Security |
|
39 Policy nonce feature |
|
40 * CVE-2020-6814 (bmo#1592078,bmo#1604847,bmo#1608256,bmo#1612636, |
|
41 bmo#1614339) |
|
42 Memory safety bugs fixed in Firefox 74 and Firefox ESR 68.6 |
|
43 * CVE-2020-6815 (bmo#1181957,bmo#1557732,bmo#1557739,bmo#1611457, |
|
44 bmo#1612431) |
|
45 Memory and script safety bugs fixed in Firefox 74 |
|
46 - requires |
|
47 * NSPR 4.25 |
|
48 * NSS 3.50 |
|
49 * rust-cbindgen 0.13.0 |
|
50 - removed obsolete patches |
|
51 mozilla-bmo1610814.patch |
|
52 mozilla-cubeb-noreturn.patch |
|
53 - add mozilla-bmo1609538.patch to fix wayland issues with mutter 3.36 |
|
54 (bmo#1609538, boo#1166471) |
|
55 |
1 ------------------------------------------------------------------- |
56 ------------------------------------------------------------------- |
2 Wed Feb 26 08:12:00 UTC 2020 - Wolfgang Rosenauer <wr@rosenauer.org> |
57 Wed Feb 26 08:12:00 UTC 2020 - Wolfgang Rosenauer <wr@rosenauer.org> |
3 |
58 |
4 - big endian fixes |
59 - big endian fixes |
5 |
60 |