--- a/MozillaFirefox/MozillaFirefox.changes Wed Oct 06 07:14:29 2010 +0200
+++ b/MozillaFirefox/MozillaFirefox.changes Mon Oct 25 10:06:05 2010 +0200
@@ -1,7 +1,25 @@
-------------------------------------------------------------------
Wed Oct 6 07:13:52 CEST 2010 - wr@rosenauer.org
-- security update to 3.6.11
+- security update to 3.6.11 (bnc#645315)
+ * MFSA 2010-64/CVE-2010-3174/CVE-2010-3175/CVE-2010-3176
+ Miscellaneous memory safety hazards
+ * MFSA 2010-65/CVE-2010-3179 (bmo#583077)
+ Buffer overflow and memory corruption using document.write
+ * MFSA 2010-66/CVE-2010-3180 (bmo#588929)
+ Use-after-free error in nsBarProp
+ * MFSA 2010-67/CVE-2010-3183 (bmo#598669)
+ Dangling pointer vulnerability in LookupGetterOrSetter
+ * MFSA 2010-68/CVE-2010-3177 (bmo#556734)
+ XSS in gopher parser when parsing hrefs
+ * MFSA 2010-69/CVE-2010-3178 (bmo#576616)
+ Cross-site information disclosure via modal calls
+ * MFSA 2010-70/CVE-2010-3170 (bmo#578697)
+ SSL wildcard certificate matching IP addresses
+ * MFSA 2010-71/CVE-2010-3182 (bmo#590753)
+ Unsafe library loading vulnerabilities
+ * MFSA 2010-72/CVE-2010-3173
+ Insecure Diffie-Hellman key exchange
-------------------------------------------------------------------
Wed Sep 15 07:39:22 CEST 2010 - wr@rosenauer.org
--- a/MozillaFirefox/MozillaFirefox.spec Wed Oct 06 07:14:29 2010 +0200
+++ b/MozillaFirefox/MozillaFirefox.spec Mon Oct 25 10:06:05 2010 +0200
@@ -36,7 +36,7 @@
Provides: firefox
Version: 3.6.11
Release: 1
-%define releasedate 2010100500
+%define releasedate 2010101300
Summary: Mozilla Firefox Web Browser
Url: http://www.mozilla.org/
Group: Productivity/Networking/Web/Browsers
--- a/mozilla-xulrunner192/mozilla-xulrunner192.changes Wed Oct 06 07:14:29 2010 +0200
+++ b/mozilla-xulrunner192/mozilla-xulrunner192.changes Mon Oct 25 10:06:05 2010 +0200
@@ -1,7 +1,25 @@
-------------------------------------------------------------------
Wed Oct 6 07:13:34 CEST 2010 - wr@rosenauer.org
-- security update to 1.9.2.11
+- security update to 1.9.2.11 (bnc#645315)
+ * MFSA 2010-64/CVE-2010-3174/CVE-2010-3175/CVE-2010-3176
+ Miscellaneous memory safety hazards
+ * MFSA 2010-65/CVE-2010-3179 (bmo#583077)
+ Buffer overflow and memory corruption using document.write
+ * MFSA 2010-66/CVE-2010-3180 (bmo#588929)
+ Use-after-free error in nsBarProp
+ * MFSA 2010-67/CVE-2010-3183 (bmo#598669)
+ Dangling pointer vulnerability in LookupGetterOrSetter
+ * MFSA 2010-68/CVE-2010-3177 (bmo#556734)
+ XSS in gopher parser when parsing hrefs
+ * MFSA 2010-69/CVE-2010-3178 (bmo#576616)
+ Cross-site information disclosure via modal calls
+ * MFSA 2010-70/CVE-2010-3170 (bmo#578697)
+ SSL wildcard certificate matching IP addresses
+ * MFSA 2010-71/CVE-2010-3182 (bmo#590753)
+ Unsafe library loading vulnerabilities
+ * MFSA 2010-72/CVE-2010-3173
+ Insecure Diffie-Hellman key exchange
- removed upstreamed patches:
* mozilla-esd.patch
* mozilla-helper-app.patch
--- a/mozilla-xulrunner192/mozilla-xulrunner192.spec Wed Oct 06 07:14:29 2010 +0200
+++ b/mozilla-xulrunner192/mozilla-xulrunner192.spec Mon Oct 25 10:06:05 2010 +0200
@@ -20,7 +20,7 @@
Name: mozilla-xulrunner192
-BuildRequires: autoconf213 gcc-c++ libcurl-devel libgnomeui-devel libidl-devel libnotify-devel python startup-notification-devel zip pkg-config
+BuildRequires: autoconf213 gcc-c++ libcurl-devel libgnomeui-devel libidl-devel libnotify-devel pkg-config python startup-notification-devel zip
# needed for brp-check-bytecode-version (jar, fastjar would do as well)
BuildRequires: unzip
%if %suse_version > 1020
@@ -41,7 +41,7 @@
License: GPLv2+ ; LGPLv2.1+ ; MPLv1.1+
Version: 1.9.2.11
Release: 1
-%define releasedate 2010100500
+%define releasedate 2010101300
%define version_internal 1.9.2.11
%define apiversion 1.9.2
%define uaweight 192110
@@ -203,6 +203,7 @@
%if %crashreporter
+
%package buildsymbols
License: GPLv2+ ; LGPLv2.1+ ; MPLv1.1+
Summary: Breakpad buildsymbols for %{name}