--- a/xulrunner/xulrunner.changes Wed Jul 18 07:07:48 2012 +0200
+++ b/xulrunner/xulrunner.changes Wed Jul 18 07:23:34 2012 +0200
@@ -1,13 +1,44 @@
-------------------------------------------------------------------
Sat Jul 14 19:33:44 UTC 2012 - wr@rosenauer.org
-- update to 14.0.1 (bnc#)
+- update to 14.0.1 (bnc#771583)
+ * MFSA 2012-42/CVE-2012-1949/CVE-2012-1948
+ Miscellaneous memory safety hazards
+ * MFSA 2012-43/CVE-2012-1950
+ Incorrect URL displayed in addressbar through drag and drop
+ * MFSA 2012-44/CVE-2012-1951/CVE-2012-1954/CVE-2012-1953/CVE-2012-1952
+ Gecko memory corruption
+ * MFSA 2012-45/CVE-2012-1955 (bmo#757376)
+ Spoofing issue with location
+ * MFSA 2012-46/CVE-2012-1966 (bmo#734076)
+ XSS through data: URLs
+ * MFSA 2012-47/CVE-2012-1957 (bmo#750096)
+ Improper filtering of javascript in HTML feed-view
+ * MFSA 2012-48/CVE-2012-1958 (bmo#750820)
+ use-after-free in nsGlobalWindow::PageHidden
+ * MFSA 2012-49/CVE-2012-1959 (bmo#754044, bmo#737559)
+ Same-compartment Security Wrappers can be bypassed
+ * MFSA 2012-50/CVE-2012-1960 (bmo#761014)
+ Out of bounds read in QCMS
+ * MFSA 2012-51/CVE-2012-1961 (bmo#761655)
+ X-Frame-Options header ignored when duplicated
+ * MFSA 2012-52/CVE-2012-1962 (bmo#764296)
+ JSDependentString::undepend string conversion results in memory
+ corruption
+ * MFSA 2012-53/CVE-2012-1963 (bmo#767778)
+ Content Security Policy 1.0 implementation errors cause data
+ leakage
+ * MFSA 2012-55/CVE-2012-1965 (bmo#758990)
+ feed: URLs with an innerURI inherit security context of page
+ * MFSA 2012-56/CVE-2012-1967 (bmo#758344)
+ Code execution through javascript: URLs
- license change from tri license to MPL-2.0
- require NSS 3.13.5
- PPC fixes:
* reenabled mozilla-yarr-pcre.patch to fix build for PPC
* add patches for bmo#750620 and bmo#746112
* fix xpcshell segfault on ppc
+- build plugin-container on every arch
-------------------------------------------------------------------
Sat Jun 2 09:16:34 UTC 2012 - wr@rosenauer.org