1 ------------------------------------------------------------------- |
1 ------------------------------------------------------------------- |
2 Thu Oct 24 17:07:51 UTC 2013 - wr@rosenauer.org |
2 Mon Jan 13 15:51:35 UTC 2014 - wr@rosenauer.org |
3 |
3 |
4 - update to 24.1.0esr (bnc#) |
4 - removed obsolete mozilla-use-recommended-freetype-include.patch |
|
5 |
|
6 ------------------------------------------------------------------- |
|
7 Mon Jan 13 15:37:53 UTC 2014 - wr@rosenauer.org |
|
8 |
|
9 - update to Firefox 24.2.0esr (bnc#854367, bnc#854370) |
|
10 * requires NSPR 4.10.2 and NSS 3.15.3.1 or higher |
|
11 * MFSA 2013-104/CVE-2013-5609/CVE-2013-5610 |
|
12 Miscellaneous memory safety hazards |
|
13 * MFSA 2013-108/CVE-2013-5616 (bmo#938341) |
|
14 Use-after-free in event listeners |
|
15 * MFSA 2013-109/CVE-2013-5618 (bmo#926361) |
|
16 Use-after-free during Table Editing |
|
17 * MFSA 2013-111/CVE-2013-6671 (bmo#930281) |
|
18 Segmentation violation when replacing ordered list elements |
|
19 * MFSA 2013-113/CVE-2013-6673 (bmo#970380) |
|
20 Trust settings for built-in roots ignored during EV certificate |
|
21 validation |
|
22 * MFSA 2013-114/CVE-2013-5613 (bmo#930381, bmo#932449) |
|
23 Use-after-free in synthetic mouse movement |
|
24 * MFSA 2013-115/CVE-2013-5615 (bmo#929261) |
|
25 GetElementIC typed array stubs can be generated outside observed |
|
26 typesets |
|
27 * MFSA 2013-116/CVE-2013-6629/CVE-2013-6630 (bmo#891693) |
|
28 JPEG information leak |
|
29 * MFSA 2013-117 (bmo#946351) |
|
30 Mis-issued ANSSI/DCSSI certificate |
|
31 (fixed via NSS 3.15.3.1) |
|
32 |
|
33 - update to Firefox 24.1.0esr (bnc#847708) |
5 * requires NSS 3.15.2 or above |
34 * requires NSS 3.15.2 or above |
6 |
35 * MFSA 2013-93/CVE-2013-5590/CVE-2013-5591/CVE-2013-5592 |
7 ------------------------------------------------------------------- |
36 Miscellaneous memory safety hazards |
8 Wed Sep 18 14:39:34 UTC 2013 - wr@rosenauer.org |
37 * MFSA 2013-94/CVE-2013-5593 (bmo#868327) |
|
38 Spoofing addressbar through SELECT element |
|
39 * MFSA 2013-95/CVE-2013-5604 (bmo#914017) |
|
40 Access violation with XSLT and uninitialized data |
|
41 * MFSA 2013-96/CVE-2013-5595 (bmo#916580) |
|
42 Improperly initialized memory and overflows in some JavaScript |
|
43 functions |
|
44 * MFSA 2013-97/CVE-2013-5596 (bmo#910881) |
|
45 Writing to cycle collected object during image decoding |
|
46 * MFSA 2013-98/CVE-2013-5597 (bmo#918864) |
|
47 Use-after-free when updating offline cache |
|
48 * MFSA 2013-99/CVE-2013-5598 (bmo#920515) |
|
49 Security bypass of PDF.js checks using iframes |
|
50 * MFSA 2013-100/CVE-2013-5599/CVE-2013-5600/CVE-2013-5601 |
|
51 (bmo#915210, bmo#915576, bmo#916685) |
|
52 Miscellaneous use-after-free issues found through ASAN fuzzing |
|
53 * MFSA 2013-101/CVE-2013-5602 (bmo#897678) |
|
54 Memory corruption in workers |
|
55 * MFSA 2013-102/CVE-2013-5603 (bmo#916404) |
|
56 Use-after-free in HTML document templates |
9 |
57 |
10 - update to 24.0 (bnc#840485) |
58 - update to 24.0 (bnc#840485) |
11 * MFSA 2013-76/CVE-2013-1718/CVE-2013-1719 |
59 * MFSA 2013-76/CVE-2013-1718/CVE-2013-1719 |
12 Miscellaneous memory safety hazards |
60 Miscellaneous memory safety hazards |
13 * MFSA 2013-77/CVE-2013-1720 (bmo#888820) |
61 * MFSA 2013-77/CVE-2013-1720 (bmo#888820) |
33 * MFSA 2013-91/CVE-2013-1737 (bmo#907727) |
81 * MFSA 2013-91/CVE-2013-1737 (bmo#907727) |
34 User-defined properties on DOM proxies get the wrong "this" object |
82 User-defined properties on DOM proxies get the wrong "this" object |
35 * MFSA 2013-92/CVE-2013-1738 (bmo#887334, bmo#882897) |
83 * MFSA 2013-92/CVE-2013-1738 (bmo#887334, bmo#882897) |
36 GC hazard with default compartments and frame chain restoration |
84 GC hazard with default compartments and frame chain restoration |
37 - require NSPR 4.10 and NSS 3.15.1 |
85 - require NSPR 4.10 and NSS 3.15.1 |
|
86 |
|
87 ------------------------------------------------------------------- |
|
88 Sat Dec 14 17:42:53 UTC 2013 - hrvoje.senjan@gmail.com |
|
89 |
|
90 - Added mozilla-use-recommended-freetype-include.patch: |
|
91 Freetype upstream recommends using their macros together with |
|
92 ft2build include. Positive sideeffect is that this patch makes it |
|
93 build with both freetype2 2.5.1, and older versions |
|
94 |
|
95 ------------------------------------------------------------------- |
|
96 Thu Dec 12 05:46:02 UTC 2013 - uweigand@de.ibm.com |
|
97 |
|
98 - Add xpcom patch and general support for ppc64le |
|
99 - added patches: |
|
100 * ppc64le-support.patch |
|
101 * xpcom-ppc64le.patch |
|
102 |
|
103 ------------------------------------------------------------------- |
|
104 Tue Dec 10 10:01:45 UTC 2013 - dvaleev@suse.com |
|
105 |
|
106 - Add libffi patch for ppc64le |
|
107 - added patches: |
|
108 * libffi-ppc64le.patch |
|
109 |
|
110 ------------------------------------------------------------------- |
|
111 Wed Oct 30 10:03:20 UTC 2013 - schwab@suse.de |
|
112 |
|
113 - mozilla-aarch64.patch: Add support for aarch64 |
|
114 |
|
115 ------------------------------------------------------------------- |
|
116 Thu Oct 24 16:40:37 UTC 2013 - wr@rosenauer.org |
|
117 |
|
118 - update to 17.0.10esr (bnc#847708) |
|
119 * require NSS 3.14.4 or above |
|
120 * MFSA 2013-93/CVE-2013-5590/CVE-2013-5591/CVE-2013-5592 |
|
121 Miscellaneous memory safety hazards |
|
122 * MFSA 2013-95/CVE-2013-5604 (bmo#914017) |
|
123 Access violation with XSLT and uninitialized data |
|
124 * MFSA 2013-96/CVE-2013-5595 (bmo#916580) |
|
125 Improperly initialized memory and overflows in some JavaScript |
|
126 functions |
|
127 * MFSA 2013-98/CVE-2013-5597 (bmo#918864) |
|
128 Use-after-free when updating offline cache |
|
129 * MFSA 2013-100/CVE-2013-5599/CVE-2013-5600/CVE-2013-5601 |
|
130 (bmo#915210, bmo#915576, bmo#916685) |
|
131 Miscellaneous use-after-free issues found through ASAN fuzzing |
|
132 * MFSA 2013-101/CVE-2013-5602 (bmo#897678) |
|
133 Memory corruption in workers |
|
134 |
|
135 ------------------------------------------------------------------- |
|
136 Thu Sep 12 10:06:08 UTC 2013 - wr@rosenauer.org |
|
137 |
|
138 - update to 17.0.9esr (bnc#840485) |
|
139 * MFSA 2013-65/CVE-2013-1705 (bmo#882865) |
|
140 Buffer underflow when generating CRMF requests |
|
141 * MFSA 2013-76/CVE-2013-1718 |
|
142 Miscellaneous memory safety hazards |
|
143 * MFSA 2013-79/CVE-2013-1722 (bmo#893308) |
|
144 Use-after-free in Animation Manager during stylesheet cloning |
|
145 * MFSA 2013-82/CVE-2013-1725 (bmo#876762) |
|
146 Calling scope for new Javascript objects can lead to memory corruption |
|
147 * MFSA 2013-88/CVE-2013-1730 (bmo#851353) |
|
148 Compartment mismatch re-attaching XBL-backed nodes |
|
149 * MFSA 2013-89/CVE-2013-1732 (bmo#883514) |
|
150 Buffer overflow with multi-column, lists, and floats |
|
151 * MFSA 2013-90/CVE-2013-1735/CVE-2013-1736 (bmo#898871, bmo#906301) |
|
152 Memory corruption involving scrolling |
|
153 * MFSA 2013-91/CVE-2013-1737 (bmo#907727) |
|
154 User-defined properties on DOM proxies get the wrong "this" object |
38 |
155 |
39 ------------------------------------------------------------------- |
156 ------------------------------------------------------------------- |
40 Fri Aug 2 10:56:43 UTC 2013 - wr@rosenauer.org |
157 Fri Aug 2 10:56:43 UTC 2013 - wr@rosenauer.org |
41 |
158 |
42 - update to 17.0.8esr (bnc#833389) |
159 - update to 17.0.8esr (bnc#833389) |