|
1 ------------------------------------------------------------------- |
|
2 Fri Aug 7 09:24:56 UTC 2015 - wr@rosenauer.org |
|
3 |
|
4 - security update to Firefox 38.1.1 (bnc#940918) |
|
5 * MFSA 2015-78/CVE-2015-4495 (bmo#1179262, bmo#1178058) |
|
6 Same origin violation and local file stealing via PDF reader |
|
7 |
1 ------------------------------------------------------------------- |
8 ------------------------------------------------------------------- |
2 Sat Jun 27 21:19:48 UTC 2015 - wr@rosenauer.org |
9 Sat Jun 27 21:19:48 UTC 2015 - wr@rosenauer.org |
3 |
10 |
4 - update to Firefox 38.1.0 (bnc#935979) |
11 - update to Firefox 38.1.0 (bnc#935979) |
|
12 * MFSA 2015-59/CVE-2015-2724/CVE-2015-2725 |
|
13 Miscellaneous memory safety hazards |
|
14 * MFSA 2015-60/CVE-2015-2727 (bmo#1163422) |
|
15 Local files or privileged URLs in pages can be opened into new tabs |
|
16 * MFSA 2015-61/CVE-2015-2728 (bmo#1142210) |
|
17 Type confusion in Indexed Database Manager |
|
18 * MFSA 2015-62/CVE-2015-2729 (bmo#1122218) |
|
19 Out-of-bound read while computing an oscillator rendering range in Web Audio |
|
20 * MFSA 2015-63/CVE-2015-2731 (bmo#1149891) |
|
21 Use-after-free in Content Policy due to microtask execution error |
|
22 * MFSA 2015-64/CVE-2015-2730 (bmo#1125025) |
|
23 ECDSA signature validation fails to handle some signatures correctly |
|
24 (this fix is shipped by NSS 3.19.1 externally) |
|
25 * MFSA 2015-65/CVE-2015-2722/CVE-2015-2733 (bmo#1166924, bmo#1169867) |
|
26 Use-after-free in workers while using XMLHttpRequest |
|
27 * MFSA 2015-66/CVE-2015-2734/CVE-2015-2735/CVE-2015-2736/CVE-2015-2737 |
|
28 CVE-2015-2738/CVE-2015-2739/CVE-2015-2740 |
|
29 Vulnerabilities found through code inspection |
|
30 * MFSA 2015-67/CVE-2015-2741 (bmo#1147497) |
|
31 Key pinning is ignored when overridable errors are encountered |
|
32 * MFSA 2015-69/CVE-2015-2743 (bmo#1163109) |
|
33 Privilege escalation in PDF.js |
|
34 * MFSA 2015-70/CVE-2015-4000 (bmo#1138554) |
|
35 NSS accepts export-length DHE keys with regular DHE cipher suites |
|
36 (this fix is shipped by NSS 3.19.1 externally) |
|
37 * MFSA 2015-71/CVE-2015-2721 (bmo#1086145) |
|
38 NSS incorrectly permits skipping of ServerKeyExchange |
|
39 (this fix is shipped by NSS 3.19.1 externally) |
5 - requires NSS 3.19.2 |
40 - requires NSS 3.19.2 |
6 |
41 |
7 ------------------------------------------------------------------- |
42 ------------------------------------------------------------------- |
8 Thu Jun 18 10:30:18 UTC 2015 - schwab@suse.de |
43 Thu Jun 18 10:30:18 UTC 2015 - schwab@suse.de |
9 |
44 |