diff -r 7fa561e5d7c7 -r f890ebd6b627 MozillaFirefox/MozillaFirefox.changes --- a/MozillaFirefox/MozillaFirefox.changes Mon Mar 30 21:49:01 2020 +0200 +++ b/MozillaFirefox/MozillaFirefox.changes Mon Apr 20 14:12:08 2020 +0200 @@ -1,4 +1,49 @@ ------------------------------------------------------------------- +Tue Apr 7 12:18:27 UTC 2020 - Wolfgang Rosenauer + +- Mozilla Firefox 75.0 + * https://www.mozilla.org/en-US/firefox/75.0/releasenotes + MFSA 2020-12 (bsc#1168874) + * CVE-2020-6821 (bmo#1625404) + Uninitialized memory could be read when using the WebGL + copyTexSubImage method + * CVE-2020-6822 (bmo#1544181) + Out of bounds write in GMPDecodeData when processing large images + * CVE-2020-6823 (bmo#1614919) + Malicious Extension could obtain auth codes from OAuth login flows + * CVE-2020-6824 (bmo#1621853) + Generated passwords may be identical on the same site between + separate private browsing sessions + * CVE-2020-6825 (bmo#1572541,bmo#1620193,bmo#1620203) + Memory safety bugs fixed in Firefox 75 and Firefox ESR 68.7 + * CVE-2020-6826 (bmo#1613009,bmo#1613195,bmo#1616734,bmo#1617488, + bmo#1619229,bmo#1620719,bmo#1624897) + Memory safety bugs fixed in Firefox 75 +- removed obsolete patch + mozilla-bmo1609538.patch +- requires + * rust >= 1.41 + * rust-cbindgen >= 0.13.1 + * mozilla-nss >= 3.51 + * nodejs10 >= 10.19 +- fix build issue in libvpx for i586 via mozilla-bmo1622013.patch + +------------------------------------------------------------------- +Mon Apr 6 11:19:24 UTC 2020 - Michel Normand + +- increase _constraints memory for ppc64le + +------------------------------------------------------------------- +Fri Apr 3 15:23:28 UTC 2020 - Wolfgang Rosenauer + +- Mozilla Firefox 74.0.1 + MFSA 2020-11 (boo#1168630) + * CVE-2020-6819 (bmo#1620818) + Use-after-free while running the nsDocShell destructor + * CVE-2020-6820 (bmo#1626728) + Use-after-free when handling a ReadableStream + +------------------------------------------------------------------- Wed Mar 25 07:30:39 UTC 2020 - Marcus Meissner - mozilla-sandbox-fips.patch: allow /proc/sys/crypto/fips_enabled