--- a/xulrunner/xulrunner-esr.changes	Sat Apr 21 19:08:35 2012 +0200
+++ b/xulrunner/xulrunner-esr.changes	Wed Apr 25 08:02:28 2012 +0200
@@ -2,6 +2,29 @@
 Sat Apr 21 15:36:28 UTC 2012 - wr@rosenauer.org
 
 - update to 10.0.4esr (bnc#758408)
+  * MFSA 2012-20/CVE-2012-0467/CVE-2012-0468
+    Miscellaneous memory safety hazards
+  * MFSA 2012-22/CVE-2012-0469 (bmo#738985)
+    use-after-free in IDBKeyRange
+  * MFSA 2012-23/CVE-2012-0470 (bmo#734288)
+    Invalid frees causes heap corruption in gfxImageSurface
+  * MFSA 2012-24/CVE-2012-0471 (bmo#715319)
+    Potential XSS via multibyte content processing errors
+  * MFSA 2012-25/CVE-2012-0472 (bmo#744480)
+    Potential memory corruption during font rendering using cairo-dwrite
+  * MFSA 2012-26/CVE-2012-0473 (bmo#743475)
+    WebGL.drawElements may read illegal video memory due to
+    FindMaxUshortElement error
+  * MFSA 2012-27/CVE-2012-0474 (bmo#687745, bmo#737307)
+    Page load short-circuit can lead to XSS
+  * MFSA 2012-29/CVE-2012-0477 (bmo#718573)
+    Potential XSS through ISO-2022-KR/ISO-2022-CN decoding issues
+  * MFSA 2012-30/CVE-2012-0478 (bmo#727547)
+    Crash with WebGL content using textImage2D
+  * MFSA 2012-31/CVE-2011-3062 (bmo#739925)
+    Off-by-one error in OpenType Sanitizer
+  * MFSA 2012-33/CVE-2012-0479 (bmo#714631)
+    Potential site identity spoofing when loading RSS and Atom feeds
 
 -------------------------------------------------------------------
 Mon Mar  5 07:15:57 UTC 2012 - wr@rosenauer.org