Mercurial Mercurial > hg > mozilla / diff
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
MozillaFirefox/MozillaFirefox.changes
changeset 880 349bcaa18df4
parent 875 2d6ccc01ea9e
child 882 82af81b0a6c7 
--- a/MozillaFirefox/MozillaFirefox.changes	Sat Aug 22 09:13:27 2015 +0200
+++ b/MozillaFirefox/MozillaFirefox.changes	Sat Aug 22 09:17:03 2015 +0200
@@ -1,7 +1,65 @@
 -------------------------------------------------------------------
-Sat Jul 18 12:47:47 UTC 2015 - wr@rosenauer.org
-
-- update to Firefox 40.0b5
+Fri Aug  7 07:49:49 UTC 2015 - wr@rosenauer.org
+
+- update to Firefox 40.0 (bnc#940806)
+  * Added protection against unwanted software downloads
+  * Suggested Tiles show sites of interest, based on categories
+    from your recent browsing history
+  * Hello allows adding a link to conversations to provide context
+    on what the conversation will be about
+  * New style for add-on manager based on the in-content
+    preferences style
+  * Improved scrolling, graphics, and video playback performance
+    with off main thread compositing (GNU/Linux only)
+  * Graphic blocklist mechanism improved: Firefox version ranges
+    can be specified, limiting the number of devices blocked
+  security fixes:
+  * MFSA 2015-79/CVE-2015-4473/CVE-2015-4474
+    Miscellaneous memory safety hazards
+  * MFSA 2015-80/CVE-2015-4475 (bmo#1175396)
+    Out-of-bounds read with malformed MP3 file
+  * MFSA 2015-81/CVE-2015-4477 (bmo#1179484)
+    Use-after-free in MediaStream playback
+  * MFSA 2015-82/CVE-2015-4478 (bmo#1105914)
+    Redefinition of non-configurable JavaScript object properties
+  * MFSA 2015-83/CVE-2015-4479/CVE-2015-4480/CVE-2015-4493
+    Overflow issues in libstagefright
+  * MFSA 2015-84/CVE-2015-4481 (bmo1171518)
+    Arbitrary file overwriting through Mozilla Maintenance Service
+    with hard links (only affected Windows)
+  * MFSA 2015-85/CVE-2015-4482 (bmo#1184500)
+    Out-of-bounds write with Updater and malicious MAR file
+    (does not affect openSUSE RPM packages which do not ship the
+     updater)
+  * MFSA 2015-86/CVE-2015-4483 (bmo#1148732)
+    Feed protocol with POST bypasses mixed content protections
+  * MFSA 2015-87/CVE-2015-4484 (bmo#1171540)
+    Crash when using shared memory in JavaScript
+  * MFSA 2015-88/CVE-2015-4491 (bmo#1184009)
+    Heap overflow in gdk-pixbuf when scaling bitmap images
+  * MFSA 2015-89/CVE-2015-4485/CVE-2015-4486 (bmo#1177948, bmo#1178148)
+    Buffer overflows on Libvpx when decoding WebM video
+  * MFSA 2015-90/CVE-2015-4487/CVE-2015-4488/CVE-2015-4489
+    Vulnerabilities found through code inspection
+  * MFSA 2015-91/CVE-2015-4490 (bmo#1086999)
+    Mozilla Content Security Policy allows for asterisk wildcards
+    in violation of CSP specification
+  * MFSA 2015-92/CVE-2015-4492 (bmo#1185820)
+    Use-after-free in XMLHttpRequest with shared workers
+- added mozilla-no-stdcxx-check.patch
+- removed obsolete patches
+  * mozilla-add-glibcxx_use_cxx11_abi.patch
+  * firefox-multilocale-chrome.patch
+- rebased patches
+- requires version 40 of the branding package
+- removed browser/searchplugins/ location as it's not valid anymore
+
+-------------------------------------------------------------------
+Fri Aug  7 07:09:39 UTC 2015 - wr@rosenauer.org
+
+- security update to Firefox 39.0.3 (bnc#940918)
+  * MFSA 2015-78/CVE-2015-4495 (bmo#1179262, bmo#1178058)
+    Same origin violation and local file stealing via PDF reader
 
 -------------------------------------------------------------------
 Wed Jul  1 06:43:02 UTC 2015 - wr@rosenauer.org
mozilla