1 ------------------------------------------------------------------- |
1 ------------------------------------------------------------------- |
2 Sun Mar 22 13:00:28 UTC 2015 - wr@rosenauer.org |
2 Fri Apr 3 08:27:24 UTC 2015 - wr@rosenauer.org |
3 |
3 |
4 - update to Firefox 37.0b7 |
4 - update to Firefox 37.0.1 (bnc#926166) |
5 - removed obsolete patch |
5 * MFSA 2015-43/CVE-2015-0798 (bmo#1147597) (Android only) |
|
6 Loading privileged content through Reader mode |
|
7 * MFSA 2015-44/CVE-2015-0799 (bmo#1148328) |
|
8 Certificate verification bypass through the HTTP/2 Alt-Svc header |
|
9 |
|
10 ------------------------------------------------------------------- |
|
11 Sat Mar 28 09:46:48 UTC 2015 - wr@rosenauer.org |
|
12 |
|
13 - update to Firefox 37.0 (bnc#925368) |
|
14 * Heartbeat user rating system |
|
15 * Yandex set as default search provider for the Turkish locale |
|
16 * Bing search now uses HTTPS for secure searching |
|
17 * Improved protection against site impersonation via OneCRL |
|
18 centralized certificate revocation |
|
19 * Opportunistically encrypt HTTP traffic where the server supports |
|
20 HTTP/2 AltSvc |
|
21 * some more behaviour changes for TLS |
|
22 security fixes: |
|
23 * MFSA 2015-30/CVE-2015-0814/CVE-2015-0815 |
|
24 Miscellaneous memory safety hazards |
|
25 * MFSA 2015-31/CVE-2015-0813 (bmo#1106596)) |
|
26 Use-after-free when using the Fluendo MP3 GStreamer plugin |
|
27 * MFSA 2015-32/CVE-2015-0812 (bmo#1128126) |
|
28 Add-on lightweight theme installation approval bypassed through |
|
29 MITM attack |
|
30 * MFSA 2015-33/CVE-2015-0816 (bmo#1144991) |
|
31 resource:// documents can load privileged pages |
|
32 * MFSA-2015-34/CVE-2015-0811 (bmo#1132468) |
|
33 Out of bounds read in QCMS library |
|
34 * MFSA-2015-35/CVE-2015-0810 (bmo#1125013) |
|
35 Cursor clickjacking with flash and images (OS X only) |
|
36 * MFSA-2015-36/CVE-2015-0808 (bmo#1109552) |
|
37 Incorrect memory management for simple-type arrays in WebRTC |
|
38 * MFSA-2015-37/CVE-2015-0807 (bmo#1111834) |
|
39 CORS requests should not follow 30x redirections after preflight |
|
40 * MFSA-2015-38/CVE-2015-0805/CVE-2015-0806 (bmo#1135511, bmo#1099437) |
|
41 Memory corruption crashes in Off Main Thread Compositing |
|
42 * MFSA-2015-39/CVE-2015-0803/CVE-2015-0804 (bmo#1134560) |
|
43 Use-after-free due to type confusion flaws |
|
44 * MFSA-2015-40/CVE-2015-0801 (bmo#1146339) |
|
45 Same-origin bypass through anchor navigation |
|
46 * MFSA-2015-41/CVE-2015-0800/CVE-2012-2808 |
|
47 PRNG weakness allows for DNS poisoning on Android (only) |
|
48 * MFSA-2015-42/CVE-2015-0802 (bmo#1124898) |
|
49 Windows can retain access to privileged content on navigation |
|
50 to unprivileged pages |
|
51 - removed obsolete patches |
6 * mozilla-bmo1088588.patch |
52 * mozilla-bmo1088588.patch |
|
53 * mozilla-bmo1108834.patch |
7 - requires NSPR 4.10.8 |
54 - requires NSPR 4.10.8 |
|
55 |
|
56 ------------------------------------------------------------------- |
|
57 Tue Mar 24 15:35:24 UTC 2015 - dvaleev@suse.com |
|
58 |
|
59 - Fix builds with skia on Power |
|
60 mozilla-skia-be-le.patch (patch from #bmo1136958) |
|
61 mozilla-bmo1108834.patch |
|
62 mozilla-bmo1005535.patch |
8 |
63 |
9 ------------------------------------------------------------------- |
64 ------------------------------------------------------------------- |
10 Sat Mar 21 09:03:12 UTC 2015 - wr@rosenauer.org |
65 Sat Mar 21 09:03:12 UTC 2015 - wr@rosenauer.org |
11 |
66 |
12 - update to Firefox 36.0.4 (bnc#923534) |
67 - update to Firefox 36.0.4 (bnc#923534) |