diff -r abc6cbf98a30 -r b94dace970c6 xulrunner/xulrunner.changes
--- a/xulrunner/xulrunner.changes	Sat Aug 22 09:10:33 2015 +0200
+++ b/xulrunner/xulrunner.changes	Sat Dec 12 10:06:11 2015 +0100
@@ -1,3 +1,57 @@
+-------------------------------------------------------------------
+Sat Oct 31 09:32:17 UTC 2015 - wr@rosenauer.org
+
+- update to xulrunner 38.4.0 (bnc#952810)
+  * MFSA 2015-116/CVE-2015-4513/CVE-2015-4514
+    Miscellaneous memory safety hazards
+  * MFSA 2015-122/CVE-2015-7188 (bmo#1199430)
+    Trailing whitespace in IP address hostnames can bypass same-origin policy
+  * MFSA 2015-123/CVE-2015-7189 (bmo#1205900)
+    Buffer overflow during image interactions in canvas
+  * MFSA 2015-127/CVE-2015-7193 (bmo#1210302)
+    CORS preflight is bypassed when non-standard Content-Type headers
+    are received
+  * MFSA 2015-128/CVE-2015-7194 (bmo#1211262)
+    Memory corruption in libjar through zip files
+  * MFSA 2015-130/CVE-2015-7196 (bmo#1140616)
+    JavaScript garbage collection crash with Java applet
+  * MFSA 2015-131/CVE-2015-7198/CVE-2015-7199/CVE-2015-7200
+    (bmo#1188010, bmo#1204061, bmo#1204155)
+    Vulnerabilities found through code inspection
+  * MFSA 2015-132/CVE-2015-7197 (bmo#1204269)
+    Mixed content WebSocket policy bypass through workers
+  * MFSA 2015-133/CVE-2015-7181/CVE-2015-7182/CVE-2015-7183
+    (bmo#1202868, bmo#1205157)
+    NSS and NSPR memory corruption issues
+    (fixed in mozilla-nspr and mozilla-nss packages)
+- requires NSPR 4.10.10 and NSS 3.19.2.1
+
+-------------------------------------------------------------------
+Wed Sep 23 05:47:20 UTC 2015 - wr@rosenauer.org
+
+- update to xulrunner 38.3.0 (bnc#947003)
+  * MFSA 2015-96/CVE-2015-4500
+    Miscellaneous memory safety hazards
+  * MFSA 2015-100/CVE-2015-4505 (bmo#1177861) (Windows only)
+    Arbitrary file manipulation by local user through Mozilla updater
+  * MFSA 2015-101/CVE-2015-4506 (bmo#1192226)
+    Buffer overflow in libvpx while parsing vp9 format video
+  * MFSA 2015-105/CVE-2015-4511 (bmo#1200148)
+    Buffer overflow while decoding WebM video
+  * MFSA 2015-106/CVE-2015-4509 (bmo#1198435)
+    Use-after-free while manipulating HTML media content
+  * MFSA 2015-110/CVE-2015-4519 (bmo#1189814)
+    Dragging and dropping images exposes final URL after redirects
+  * MFSA 2015-111/CVE-2015-4520 (bmo#1200856, bmo#1200869)
+    Errors in the handling of CORS preflight request headers
+  * MFSA 2015-112/CVE-2015-4517/CVE-2015-4521/CVE-2015-4522/
+    CVE-2015-7174/CVE-2015-7175/CVE-2015-7176/CVE-2015-7177/
+    CVE-2015-7180
+    Vulnerabilities found through code inspection
+  * MFSA 2015-113/CVE-2015-7178/CVE-2015-7179 (bmo#1189860,
+    bmo#1190526) (Windows only)
+    Memory safety errors in libGLES in the ANGLE graphics library
+
 -------------------------------------------------------------------
 Mon Aug 10 16:40:17 UTC 2015 - wr@rosenauer.org