--- a/MozillaFirefox/create-tar.sh Fri Oct 26 23:25:51 2012 +0200
+++ b/MozillaFirefox/create-tar.sh Wed Nov 21 00:03:27 2012 +0100
@@ -2,8 +2,8 @@
CHANNEL="esr10"
BRANCH="releases/mozilla-$CHANNEL"
-RELEASE_TAG="FIREFOX_10_0_10esr_RELEASE"
-VERSION="10.0.10"
+RELEASE_TAG="FIREFOX_10_0_11esr_RELEASE"
+VERSION="10.0.11"
# mozilla
hg clone -r $RELEASE_TAG http://hg.mozilla.org/$BRANCH mozilla
--- a/MozillaFirefox/firefox-esr.changes Fri Oct 26 23:25:51 2012 +0200
+++ b/MozillaFirefox/firefox-esr.changes Wed Nov 21 00:03:27 2012 +0100
@@ -1,3 +1,30 @@
+-------------------------------------------------------------------
+Tue Nov 20 20:46:00 UTC 2012 - wr@rosenauer.org
+
+- update to Firefox 10.0.11esr (bnc#790140)
+ * MFSA 2012-91/CVE-2012-5842/CVE-2012-5843
+ Miscellaneous memory safety hazards
+ * MFSA 2012-92/CVE-2012-4202 (bmo#758200)
+ Buffer overflow while rendering GIF images
+ * MFSA 2012-93/CVE-2012-4201 (bmo#747607)
+ evalInSanbox location context incorrectly applied
+ * MFSA 2012-100/CVE-2012-5841 (bmo#805807)
+ Improper security filtering for cross-origin wrappers
+ * MFSA 2012-101/CVE-2012-4207 (bmo#801681)
+ Improper character decoding in HZ-GB-2312 charset
+ * MFSA 2012-103/CVE-2012-4209 (bmo#792405)
+ Frames can shadow top.location
+ * MFSA 2012-104/CVE-2012-4210 (bmo#796866)
+ CSS and HTML injection through Style Inspector
+ * MFSA 2012-105/CVE-2012-4214/CVE-2012-4215/CVE-2012-4216/
+ CVE-2012-5829/CVE-2012-5839/CVE-2012-5840/CVE-2012-4212/
+ CVE-2012-4213/CVE-2012-4217/CVE-2012-4218
+ Use-after-free and buffer overflow issues found using Address
+ Sanitizer
+ * MFSA 2012-106/CVE-2012-5830/CVE-2012-5833/CVE-2012-5835/CVE-2012-5838
+ Use-after-free, buffer overflow, and memory corruption issues
+ found using Address Sanitizer
+
-------------------------------------------------------------------
Thu Oct 25 05:46:38 UTC 2012 - wr@rosenauer.org
--- a/MozillaFirefox/firefox-esr.spec Fri Oct 26 23:25:51 2012 +0200
+++ b/MozillaFirefox/firefox-esr.spec Wed Nov 21 00:03:27 2012 +0100
@@ -18,7 +18,7 @@
%define major 10
-%define mainver %major.0.10
+%define mainver %major.0.11
Name: firefox-esr
BuildRequires: Mesa-devel
@@ -48,7 +48,7 @@
BuildRequires: nss-shared-helper-devel
Version: %{mainver}
Release: 0
-%define releasedate 2012102400
+%define releasedate 2012111500
Provides: web_browser
Provides: firefox-esr = %{mainver}
# this is needed to match this package with the kde4 helper package without the main package
--- a/xulrunner/create-tar.sh Fri Oct 26 23:25:51 2012 +0200
+++ b/xulrunner/create-tar.sh Wed Nov 21 00:03:27 2012 +0100
@@ -2,8 +2,8 @@
CHANNEL="esr10"
BRANCH="releases/mozilla-$CHANNEL"
-RELEASE_TAG="FIREFOX_10_0_10esr_RELEASE"
-VERSION="10.0.10"
+RELEASE_TAG="FIREFOX_10_0_11esr_RELEASE"
+VERSION="10.0.11"
# mozilla
hg clone -r $RELEASE_TAG http://hg.mozilla.org/$BRANCH mozilla
--- a/xulrunner/xulrunner-esr.changes Fri Oct 26 23:25:51 2012 +0200
+++ b/xulrunner/xulrunner-esr.changes Wed Nov 21 00:03:27 2012 +0100
@@ -1,3 +1,30 @@
+-------------------------------------------------------------------
+Tue Nov 20 20:48:04 UTC 2012 - wr@rosenauer.org
+
+- update to 10.0.11esr (bnc#790140)
+ * MFSA 2012-91/CVE-2012-5842/CVE-2012-5843
+ Miscellaneous memory safety hazards
+ * MFSA 2012-92/CVE-2012-4202 (bmo#758200)
+ Buffer overflow while rendering GIF images
+ * MFSA 2012-93/CVE-2012-4201 (bmo#747607)
+ evalInSanbox location context incorrectly applied
+ * MFSA 2012-100/CVE-2012-5841 (bmo#805807)
+ Improper security filtering for cross-origin wrappers
+ * MFSA 2012-101/CVE-2012-4207 (bmo#801681)
+ Improper character decoding in HZ-GB-2312 charset
+ * MFSA 2012-103/CVE-2012-4209 (bmo#792405)
+ Frames can shadow top.location
+ * MFSA 2012-104/CVE-2012-4210 (bmo#796866)
+ CSS and HTML injection through Style Inspector
+ * MFSA 2012-105/CVE-2012-4214/CVE-2012-4215/CVE-2012-4216/
+ CVE-2012-5829/CVE-2012-5839/CVE-2012-5840/CVE-2012-4212/
+ CVE-2012-4213/CVE-2012-4217/CVE-2012-4218
+ Use-after-free and buffer overflow issues found using Address
+ Sanitizer
+ * MFSA 2012-106/CVE-2012-5830/CVE-2012-5833/CVE-2012-5835/CVE-2012-5838
+ Use-after-free, buffer overflow, and memory corruption issues
+ found using Address Sanitizer
+
-------------------------------------------------------------------
Thu Oct 25 08:03:09 UTC 2012 - wr@rosenauer.org
--- a/xulrunner/xulrunner-esr.spec Fri Oct 26 23:25:51 2012 +0200
+++ b/xulrunner/xulrunner-esr.spec Wed Nov 21 00:03:27 2012 +0100
@@ -44,12 +44,12 @@
%endif
BuildRequires: mozilla-nspr-devel >= 4.9.0
BuildRequires: mozilla-nss-devel >= 3.13.5
-Version: 10.0.10
+Version: 10.0.11
Release: 0
-%define releasedate 2012102400
-%define version_internal 10.0.10
+%define releasedate 2012111500
+%define version_internal 10.0.11
%define apiversion 10
-%define uaweight 1000010
+%define uaweight 1000011
Summary: Mozilla Runtime Environment ESR
License: MPL-1.1 or GPL-2.0+ or LGPL-2.1+
Group: Productivity/Other