|
1 ------------------------------------------------------------------- |
|
2 Sat Jun 27 15:26:00 UTC 2015 - wr@rosenauer.org |
|
3 |
|
4 - update to 31.8.0 (bnc#935979) |
|
5 - requires NSS 3.19.2 |
|
6 |
|
7 ------------------------------------------------------------------- |
|
8 Wed May 6 07:49:53 UTC 2015 - wr@rosenauer.org |
|
9 |
|
10 - update to 31.7.0 (bnc#930622) |
|
11 * MFSA 2015-46/CVE-2015-2708 |
|
12 Miscellaneous memory safety hazards |
|
13 * MFSA 2015-47/VE-2015-0797 (bmo#1080995) |
|
14 Buffer overflow parsing H.264 video with Linux Gstreamer |
|
15 * MFSA 2015-48/CVE-2015-2710 (bmo#1149542) |
|
16 Buffer overflow with SVG content and CSS |
|
17 * MFSA 2015-51/CVE-2015-2713 (bmo#1153478) |
|
18 Use-after-free during text processing with vertical text enabled |
|
19 * MFSA 2015-54/CVE-2015-2716 (bmo#1140537) |
|
20 Buffer overflow when parsing compressed XML |
|
21 * MFSA 2015-57/CVE-2011-3079 (bmo#1087565) |
|
22 Privilege escalation through IPC channel messages |
|
23 - strip baselibs.conf to reflect the current set of packages |
|
24 |
|
25 ------------------------------------------------------------------- |
|
26 Mon Mar 30 07:56:19 UTC 2015 - wr@rosenauer.org |
|
27 |
|
28 - update to 31.6.0 (bnc#925368) |
|
29 * MFSA 2015-30/CVE-2015-0815 |
|
30 Miscellaneous memory safety hazards |
|
31 * MFSA 2015-31/CVE-2015-0813 (bmo#1106596)) |
|
32 Use-after-free when using the Fluendo MP3 GStreamer plugin |
|
33 * MFSA 2015-33/CVE-2015-0816 (bmo#1144991) |
|
34 resource:// documents can load privileged pages |
|
35 * MFSA-2015-37/CVE-2015-0807 (bmo#1111834) |
|
36 CORS requests should not follow 30x redirections after preflight |
|
37 * MFSA-2015-40/CVE-2015-0801 (bmo#1146339) |
|
38 Same-origin bypass through anchor navigation |
|
39 |
|
40 ------------------------------------------------------------------- |
|
41 Thu Feb 19 22:56:55 UTC 2015 - wr@rosenauer.org |
|
42 |
|
43 - update to 31.5.0 (bnc#917597) |
|
44 * MFSA 2015-11/CVE-2015-0836 |
|
45 Miscellaneous memory safety hazards |
|
46 * MFSA 2015-12/CVE-2015-0833 (bmo#945192) |
|
47 Invoking Mozilla updater will load locally stored DLL files |
|
48 (Windows only) |
|
49 * MFSA 2015-16/CVE-2015-0831 (bmo#1130514) |
|
50 Use-after-free in IndexedDB |
|
51 * MFSA 2015-19/CVE-2015-0827 (bmo#1117304) |
|
52 Out-of-bounds read and write while rendering SVG content |
|
53 * MFSA 2015-24/CVE-2015-0822 (bmo#1110557) |
|
54 Reading of local files through manipulation of form autocomplete |
|
55 |
|
56 ------------------------------------------------------------------- |
|
57 Sat Jan 10 17:33:51 UTC 2015 - wr@rosenauer.org |
|
58 |
|
59 - update to 31.4.0 (bnc#910669) |
|
60 * MFSA 2015-01/CVE-2014-8634/CVE-2014-8635 |
|
61 Miscellaneous memory safety hazards |
|
62 * MFSA 2015-03/CVE-2014-8638 (bmo#1080987) |
|
63 sendBeacon requests lack an Origin header |
|
64 * MFSA 2015-04/CVE-2014-8639 (bmo#1095859) |
|
65 Cookie injection through Proxy Authenticate responses |
|
66 * MFSA 2015-06/CVE-2014-8641 (bmo#1108455) |
|
67 Read-after-free in WebRTC |
|
68 |
|
69 ------------------------------------------------------------------- |
|
70 Wed Dec 31 16:01:40 UTC 2014 - dimstar@opensuse.org |
|
71 |
|
72 - Do not require mozilla-js-32bit from xulrunner-32bit: since we |
|
73 have shared_js currently set to 0, mozilla-js(-32bit) is not |
|
74 being built. |
|
75 |
|
76 ------------------------------------------------------------------- |
|
77 Sun Nov 30 12:15:59 UTC 2014 - wr@rosenauer.org |
|
78 |
|
79 - update to 31.3.0 (bnc#908009) |
|
80 * MFSA 2014-83/CVE-2014-1587 |
|
81 Miscellaneous memory safety hazards |
|
82 * MFSA 2014-85/CVE-2014-1590 (bmo#1087633) |
|
83 XMLHttpRequest crashes with some input streams |
|
84 * MFSA 2014-87/CVE-2014-1592 (bmo#1088635) |
|
85 Use-after-free during HTML5 parsing |
|
86 * MFSA 2014-88/CVE-2014-1593 (bmo#1085175) |
|
87 Buffer overflow while parsing media content |
|
88 * MFSA 2014-89/CVE-2014-1594 (bmo#1074280) |
|
89 Bad casting from the BasicThebesLayer to BasicContainerLayer |
|
90 - readded mozilla-pkgconfig.patch |
|
91 |
|
92 ------------------------------------------------------------------- |
|
93 Thu Nov 13 08:37:50 UTC 2014 - guillaume@opensuse.org |
|
94 |
|
95 - Fix %arm build (fix CFLAGS) |
|
96 - Disable elf-hack for aarch64 |
|
97 |
|
98 ------------------------------------------------------------------- |
|
99 Sat Nov 1 13:08:20 UTC 2014 - wr@rosenauer.org |
|
100 |
|
101 - update to 31.2.0 |
|
102 - synchronize patchset with firefox-esr |
|
103 - removed add-plugins.sh in favor of using a pref to use myspell |
|
104 |
1 ------------------------------------------------------------------- |
105 ------------------------------------------------------------------- |
2 Wed Sep 18 14:39:34 UTC 2013 - wr@rosenauer.org |
106 Wed Sep 18 14:39:34 UTC 2013 - wr@rosenauer.org |
3 |
107 |
4 - update to 24.0 (bnc#840485) |
108 - update to 24.0 (bnc#840485) |
5 * MFSA 2013-76/CVE-2013-1718/CVE-2013-1719 |
109 * MFSA 2013-76/CVE-2013-1718/CVE-2013-1719 |