# HG changeset patch # User Wolfgang Rosenauer # Date 1292177352 -3600 # Node ID b61163298b025593f7be69078c709495f8678f60 # Parent 3306109c5899e2e2e3224a070b9a38ec97729999 changelogs diff -r 3306109c5899 -r b61163298b02 MozillaFirefox/MozillaFirefox.changes --- a/MozillaFirefox/MozillaFirefox.changes Thu Nov 25 10:29:35 2010 +0100 +++ b/MozillaFirefox/MozillaFirefox.changes Sun Dec 12 19:09:12 2010 +0100 @@ -1,7 +1,31 @@ ------------------------------------------------------------------- Thu Nov 25 09:28:25 UTC 2010 - wr@rosenauer.org -- security update to 3.6.13 (bnc#) +- security update to 3.6.13 (bnc#657016) + * MFSA 2010-74/CVE-2010-3776/CVE-2010-3777/CVE-2010-3778 + Miscellaneous memory safety hazards (rv:1.9.2.13/ 1.9.1.16) + * MFSA 2010-75/CVE-2010-3769 (bmo#608336) + Buffer overflow while line breaking after document.write with + long string + * MFSA 2010-76/CVE-2010-3771 (bmo#609437) + Chrome privilege escalation with window.open and element + * MFSA 2010-77/CVE-2010-3772 (bmo#594547) + Crash and remote code execution using HTML tags inside a XUL tree + * MFSA 2010-78/CVE-2010-3768 (bmo#527276) + Add support for OTS font sanitizer + * MFSA 2010-79/CVE-2010-3775 + Java security bypass from LiveConnect loaded via data: URL + meta refresh + * MFSA 2010-80/CVE-2010-3766 (bmo#590771) + Use-after-free error with nsDOMAttribute MutationObserver + * MFSA 2010-81/CVE-2010-3767 (bmo#599468) + Integer overflow vulnerability in NewIdArray + * MFSA 2010-82/CVE-2010-3773 (bmo#554449) + Incomplete fix for CVE-2010-0179 + * MFSA 2010-83/VE-2010-3774 (bmo#602780) + Location bar SSL spoofing using network error page + * MFSA 2010-84/CVE-2010-3770 (bmo#601429) + XSS hazard in multiple character encodings - export a versioned provides for "firefox" ------------------------------------------------------------------- diff -r 3306109c5899 -r b61163298b02 MozillaFirefox/MozillaFirefox.spec --- a/MozillaFirefox/MozillaFirefox.spec Thu Nov 25 10:29:35 2010 +0100 +++ b/MozillaFirefox/MozillaFirefox.spec Sun Dec 12 19:09:12 2010 +0100 @@ -36,7 +36,7 @@ Provides: web_browser Provides: firefox = %{version} Release: 1 -%define releasedate 2010112400 +%define releasedate 2010120300 Summary: Mozilla Firefox Web Browser Url: http://www.mozilla.org/ Group: Productivity/Networking/Web/Browsers diff -r 3306109c5899 -r b61163298b02 mozilla-xulrunner192/mozilla-xulrunner192.changes --- a/mozilla-xulrunner192/mozilla-xulrunner192.changes Thu Nov 25 10:29:35 2010 +0100 +++ b/mozilla-xulrunner192/mozilla-xulrunner192.changes Sun Dec 12 19:09:12 2010 +0100 @@ -1,7 +1,31 @@ ------------------------------------------------------------------- Thu Nov 25 09:25:50 UTC 2010 - wr@rosenauer.org -- security update to 1.9.2.13 (bnc#) +- security update to 1.9.2.13 (bnc#657016) + * MFSA 2010-74/CVE-2010-3776/CVE-2010-3777/CVE-2010-3778 + Miscellaneous memory safety hazards (rv:1.9.2.13/ 1.9.1.16) + * MFSA 2010-75/CVE-2010-3769 (bmo#608336) + Buffer overflow while line breaking after document.write with + long string + * MFSA 2010-76/CVE-2010-3771 (bmo#609437) + Chrome privilege escalation with window.open and element + * MFSA 2010-77/CVE-2010-3772 (bmo#594547) + Crash and remote code execution using HTML tags inside a XUL tree + * MFSA 2010-78/CVE-2010-3768 (bmo#527276) + Add support for OTS font sanitizer + * MFSA 2010-79/CVE-2010-3775 + Java security bypass from LiveConnect loaded via data: URL + meta refresh + * MFSA 2010-80/CVE-2010-3766 (bmo#590771) + Use-after-free error with nsDOMAttribute MutationObserver + * MFSA 2010-81/CVE-2010-3767 (bmo#599468) + Integer overflow vulnerability in NewIdArray + * MFSA 2010-82/CVE-2010-3773 (bmo#554449) + Incomplete fix for CVE-2010-0179 + * MFSA 2010-83/VE-2010-3774 (bmo#602780) + Location bar SSL spoofing using network error page + * MFSA 2010-84/CVE-2010-3770 (bmo#601429) + XSS hazard in multiple character encodings ------------------------------------------------------------------- Wed Oct 27 07:12:14 CEST 2010 - wr@rosenauer.org diff -r 3306109c5899 -r b61163298b02 mozilla-xulrunner192/mozilla-xulrunner192.spec --- a/mozilla-xulrunner192/mozilla-xulrunner192.spec Thu Nov 25 10:29:35 2010 +0100 +++ b/mozilla-xulrunner192/mozilla-xulrunner192.spec Sun Dec 12 19:09:12 2010 +0100 @@ -41,7 +41,7 @@ License: GPLv2+ ; LGPLv2.1+ ; MPLv1.1+ Version: 1.9.2.13 Release: 1 -%define releasedate 2010112400 +%define releasedate 2010120300 %define version_internal 1.9.2.13 %define apiversion 1.9.2 %define uaweight 192130