Mercurial Mercurial > hg > mozilla / diff
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
MozillaFirefox/firefox-esr.changes
branchfirefox38
changeset 905 47f0968a6491
parent 891 2fa2f92f6f37
child 912 e4de90d18024 
--- a/MozillaFirefox/firefox-esr.changes	Sat Dec 19 17:36:33 2015 +0100
+++ b/MozillaFirefox/firefox-esr.changes	Tue Mar 15 11:47:14 2016 +0100
@@ -1,7 +1,78 @@
 -------------------------------------------------------------------
+Tue Mar  8 06:58:55 UTC 2016 - wr@rosenauer.org
+
+- update to Firefox 38.7.0 (boo#969894)
+  * MFSA 2015-81/CVE-2015-4477 (bmo#1179484)
+    Use-after-free in MediaStream playback
+  * MFSA 2015-136/CVE-2015-7207 (bmo#1185256)
+    Same-origin policy violation using performance.getEntries and
+    history navigation
+  * MFSA 2016-16/CVE-2016-1952
+    Miscellaneous memory safety hazards
+  * MFSA 2016-17/CVE-2016-1954 (bmo#1243178)
+    Local file overwriting and potential privilege escalation through
+    CSP reports
+  * MFSA 2016-20/CVE-2016-1957 (bmo#1227052)
+    Memory leak in libstagefright when deleting an array during MP4
+    processing
+  * MFSA 2016-21/CVE-2016-1958 (bmo#1228754)
+    Displayed page address can be overridden
+  * MFSA 2016-23/CVE-2016-1960/ZDI-CAN-3545 (bmo#1246014)
+    Use-after-free in HTML5 string parser
+  * MFSA 2016-24/CVE-2016-1961/ZDI-CAN-3574 (bmo#1249377)
+    Use-after-free in SetBody
+  * MFSA 2016-25/CVE-2016-1962 (bmo#1240760)
+    Use-after-free when using multiple WebRTC data channels
+  * MFSA 2016-27/CVE-2016-1964 (bmo#1243335)
+    Use-after-free during XML transformations
+  * MFSA 2016-28/CVE-2016-1965 (bmo#1245264)
+    Addressbar spoofing though history navigation and Location protocol
+    property
+  * MFSA 2016-31/CVE-2016-1966 (bmo#1246054)
+    Memory corruption with malicious NPAPI plugin
+  * MFSA 2016-34/CVE-2016-1974 (bmo#1228103)
+    Out-of-bounds read in HTML parser following a failed allocation
+  * MFSA 2016-37/CVE-2016-1977/CVE-2016-2790/CVE-2016-2791/
+    CVE-2016-2792/CVE-2016-2793/CVE-2016-2794/CVE-2016-2795/
+    CVE-2016-2796/CVE-2016-2797/CVE-2016-2798/CVE-2016-2799/
+    CVE-2016-2800/CVE-2016-2801/CVE-2016-2802
+    Font vulnerabilities in the Graphite 2 library
+
+-------------------------------------------------------------------
+Mon Jan 25 10:29:11 UTC 2016 - wr@rosenauer.org
+
+- update to Firefox 38.6.0esr (boo#963520)
+  * MFSA 2016-01/CVE-2016-1930
+    Miscellaneous memory safety hazards
+  * MFSA 2016-03/CVE-2016-1935 (bmo#1220450)
+    Buffer overflow in WebGL after out of memory allocation
+
+-------------------------------------------------------------------
+Tue Dec 29 20:43:18 UTC 2015 - wr@rosenauer.org
+
+- update to Firefox 38.5.2
+- some spec file changes to support 11.4 again
+
+-------------------------------------------------------------------
 Sat Dec 12 09:09:25 UTC 2015 - wr@rosenauer.org
 
-- update to Firefox 38.5.0 (bnc#)
+- update to Firefox 38.5.0 (bnc#959277)
+  * MFSA 2015-134/CVE-2015-7201
+    Miscellaneous memory safety hazards
+  * MFSA 2015-138/CVE-2015-7210 (bmo#1218326)
+    Use-after-free in WebRTC when datachannel is used after being
+    destroyed
+  * MFSA 2015-139/CVE-2015-7212 (bmo#1222809)
+    Integer overflow allocating extremely large textures
+  * MFSA 2015-145/CVE-2015-7205 (bmo#1220493)
+    Underflow through code inspection
+  * MFSA 2015-146/CVE-2015-7213 (bmo#1206211)
+    Integer overflow in MP4 playback in 64-bit versions
+  * MFSA 2015-147/CVE-2015-7222 (bmo#1216748)
+    Integer underflow and buffer overflow processing MP4 metadata in
+    libstagefright
+  * MFSA 2015-149/CVE-2015-7214 (bmo#1228950)
+    Cross-site reading attack through data and view-source URIs
 
 -------------------------------------------------------------------
 Fri Oct 30 21:31:52 UTC 2015 - wr@rosenauer.org
mozilla