1 ------------------------------------------------------------------- |
1 ------------------------------------------------------------------- |
2 Mon Jun 17 20:56:08 UTC 2013 - wr@rosenauer.org |
2 Wed Jun 26 08:42:37 UTC 2013 - wr@rosenauer.org |
3 |
3 |
4 - update to Firefox 23.0pre (20130616) |
4 - update to Firefox 23.0b1 (20130626) |
5 - requires NSPR 4.10 and NSS 3.15 |
5 - requires NSPR 4.10 and NSS 3.15 |
6 |
6 |
7 ------------------------------------------------------------------- |
7 ------------------------------------------------------------------- |
8 Sun Jun 16 21:54:10 UTC 2013 - wr@rosenauer.org |
8 Sat Jun 22 17:48:06 UTC 2013 - wr@rosenauer.org |
9 |
9 |
10 - update to Firefox 22.0b5 |
10 - update to Firefox 22.0 (bnc#825935) |
11 * removed obsolete patches |
11 * removed obsolete patches |
12 + mozilla-qcms-ppc.patch |
12 + mozilla-qcms-ppc.patch |
13 + mozilla-gstreamer-760140.patch |
13 + mozilla-gstreamer-760140.patch |
|
14 * GStreamer support does not build on 12.1 anymore (build only |
|
15 on 12.2 and later) |
|
16 * MFSA 2013-49/CVE-2013-1682/CVE-2013-1683 |
|
17 Miscellaneous memory safety hazards |
|
18 * MFSA 2013-50/CVE-2013-1684/CVE-2013-1685/CVE-2013-1686 |
|
19 Memory corruption found using Address Sanitizer |
|
20 * MFSA 2013-51/CVE-2013-1687 (bmo#863933, bmo#866823) |
|
21 Privileged content access and execution via XBL |
|
22 * MFSA 2013-52/CVE-2013-1688 (bmo#873966) |
|
23 Arbitrary code execution within Profiler |
|
24 * MFSA 2013-53/CVE-2013-1690 (bmo#857883) |
|
25 Execution of unmapped memory through onreadystatechange event |
|
26 * MFSA 2013-54/CVE-2013-1692 (bmo#866915) |
|
27 Data in the body of XHR HEAD requests leads to CSRF attacks |
|
28 * MFSA 2013-55/CVE-2013-1693 (bmo#711043) |
|
29 SVG filters can lead to information disclosure |
|
30 * MFSA 2013-56/CVE-2013-1694 (bmo#848535) |
|
31 PreserveWrapper has inconsistent behavior |
|
32 * MFSA 2013-57/CVE-2013-1695 (bmo#849791) |
|
33 Sandbox restrictions not applied to nested frame elements |
|
34 * MFSA 2013-58/CVE-2013-1696 (bmo#761667) |
|
35 X-Frame-Options ignored when using server push with multi-part |
|
36 responses |
|
37 * MFSA 2013-59/CVE-2013-1697 (bmo#858101) |
|
38 XrayWrappers can be bypassed to run user defined methods in a |
|
39 privileged context |
|
40 * MFSA 2013-60/CVE-2013-1698 (bmo#876044) |
|
41 getUserMedia permission dialog incorrectly displays location |
|
42 * MFSA 2013-61/CVE-2013-1699 (bmo#840882) |
|
43 Homograph domain spoofing in .com, .net and .name |
14 |
44 |
15 ------------------------------------------------------------------- |
45 ------------------------------------------------------------------- |
16 Tue Jun 11 21:06:58 UTC 2013 - dvaleev@suse.com |
46 Tue Jun 11 21:06:58 UTC 2013 - dvaleev@suse.com |
17 |
47 |
18 - Fix qcms altivec include (mozilla-qcms-ppc.patch) |
48 - Fix qcms altivec include (mozilla-qcms-ppc.patch) |