--- a/MozillaFirefox/MozillaFirefox.changes Fri Sep 06 18:28:48 2019 +0200
+++ b/MozillaFirefox/MozillaFirefox.changes Mon Sep 09 09:30:11 2019 +0200
@@ -12,6 +12,20 @@
* Support for receiving multiple video codecs with this release makes
it easier for WebRTC conferencing services to mix video from
different clients.
+ MFSA 2019-25 (boo#1149324)
+ * CVE-2019-11741 (bmo#1539595)
+ Isolate addons.mozilla.org and accounts.firefox.com
+ * CVE-2019-5849 (bmo#1555838)
+ Out-of-bounds read in Skia
+ * CVE-2019-11737 (bmo#1388015)
+ Content security policy directives ignore port and path if host is a wildcard
+ * CVE-2019-11734 (bmo#1352875,bmo#1536227,bmo#1557208,bmo#1560641)
+ Memory safety bugs fixed in Firefox 69
+ * CVE-2019-11735 (bmo#1561404,bmo#1561484,bmo#1568047,bmo#1561912,
+ bmo#1565744,bmo#1568858,bmo#1570358)
+ Memory safety bugs fixed in Firefox 69 and Firefox ESR 68.1
+ * CVE-2019-11740 (bmo#1563133,bmo#1573160)
+ Memory safety bugs fixed in Firefox 69, Firefox ESR 68.1, and Firefox ESR 60.9
- requires
* rust/cargo >= 1.35
* rust-cbindgen >= 0.9.0
@@ -22,9 +36,9 @@
Wed Sep 4 15:38:40 UTC 2019 - Wolfgang Rosenauer <wr@rosenauer.org>
- added a bunch of patches mainly for big endian platforms
- * mozilla-bmo1504834-part1.patch
- * mozilla-bmo1504834-part2.patch
- * mozilla-bmo1504834-part3.patch
+ * mozilla-bmo1504834-part1.patch (currently unused as it breaks LE)
+ * mozilla-bmo1504834-part2.patch (currently unused as it breaks LE)
+ * mozilla-bmo1504834-part3.patch (currently unused as it breaks LE)
* mozilla-bmo1511604.patch
* mozilla-bmo1554971.patch
* mozilla-bmo1573381.patch