LogoopenSUSE Build Service > Projects > mozilla:Factory > xulrunner > Revisions
Sign Up | Log In

Revision Log of xulrunner (44)

buildservice-autocommit accepted request 356181 5 months ago (revision 44)
baserev update by copy to link target
Wolfgang Rosenauer Wolfgang Rosenauer (wrosenauer) accepted request 356234 5 months ago (revision 43)
update bug tracking
Wolfgang Rosenauer Wolfgang Rosenauer (wrosenauer) committed 5 months ago (revision 42)
- update to xulrunner 38.6.0 (boo#963520)
  * MFSA 2016-01/CVE-2016-1930
    Miscellaneous memory safety hazards
  * MFSA 2016-03/CVE-2016-1935 (bmo#1220450)
    Buffer overflow in WebGL after out of memory allocation
buildservice-autocommit accepted request 354763 5 months ago (revision 41)
baserev update by copy to link target
Wolfgang Rosenauer Wolfgang Rosenauer (wrosenauer) accepted request 354759 5 months ago (revision 40)
- Add pkgconfig(xcomposite) BuildRequires: libcanberra happen to
  pull this in for us, but in fact xulrunner requires it on its own
  and must not rely on other libraries to require it.
buildservice-autocommit accepted request 349664 6 months ago (revision 39)
baserev update by copy to link target
Wolfgang Rosenauer Wolfgang Rosenauer (wrosenauer) committed 6 months ago (revision 38)
- update to xulrunner 38.5.0 (bnc#959277)
  * MFSA 2015-134/CVE-2015-7201
    Miscellaneous memory safety hazards
  * MFSA 2015-138/CVE-2015-7210 (bmo#1218326)
    Use-after-free in WebRTC when datachannel is used after being
    destroyed
  * MFSA 2015-139/CVE-2015-7212 (bmo#1222809)
    Integer overflow allocating extremely large textures
  * MFSA 2015-145/CVE-2015-7205 (bmo#1220493)
    Underflow through code inspection
  * MFSA 2015-146/CVE-2015-7213 (bmo#1206211)
    Integer overflow in MP4 playback in 64-bit versions
  * MFSA 2015-147/CVE-2015-7222 (bmo#1216748)
    Integer underflow and buffer overflow processing MP4 metadata in
    libstagefright
  * MFSA 2015-149/CVE-2015-7214 (bmo#1228950)
    Cross-site reading attack through data and view-source URIs
buildservice-autocommit accepted request 342308 8 months ago (revision 37)
baserev update by copy to link target
Wolfgang Rosenauer Wolfgang Rosenauer (wrosenauer) committed 8 months ago (revision 36)
  * MFSA 2015-116/CVE-2015-4513/CVE-2015-4514
    Miscellaneous memory safety hazards
  * MFSA 2015-122/CVE-2015-7188 (bmo#1199430)
    Trailing whitespace in IP address hostnames can bypass same-origin policy
  * MFSA 2015-123/CVE-2015-7189 (bmo#1205900)
    Buffer overflow during image interactions in canvas
  * MFSA 2015-127/CVE-2015-7193 (bmo#1210302)
    CORS preflight is bypassed when non-standard Content-Type headers
    are received
  * MFSA 2015-128/CVE-2015-7194 (bmo#1211262)
    Memory corruption in libjar through zip files
  * MFSA 2015-130/CVE-2015-7196 (bmo#1140616)
    JavaScript garbage collection crash with Java applet
  * MFSA 2015-131/CVE-2015-7198/CVE-2015-7199/CVE-2015-7200
    (bmo#1188010, bmo#1204061, bmo#1204155)
    Vulnerabilities found through code inspection
  * MFSA 2015-132/CVE-2015-7197 (bmo#1204269)
    Mixed content WebSocket policy bypass through workers
  * MFSA 2015-133/CVE-2015-7181/CVE-2015-7182/CVE-2015-7183
    (bmo#1202868, bmo#1205157)
    NSS and NSPR memory corruption issues
    (fixed in mozilla-nspr and mozilla-nss packages)
Wolfgang Rosenauer Wolfgang Rosenauer (wrosenauer) committed 8 months ago (revision 35)
- update to xulrunner 38.4.0 (bnc#952810)
- requires NSPR 4.10.10 and NSS 3.19.2.1
buildservice-autocommit accepted request 333411 9 months ago (revision 34)
baserev update by copy to link target
Wolfgang Rosenauer Wolfgang Rosenauer (wrosenauer) committed 9 months ago (revision 33)
- update to xulrunner 38.3.0 (bnc#947003)
  * MFSA 2015-96/CVE-2015-4500
    Miscellaneous memory safety hazards
  * MFSA 2015-100/CVE-2015-4505 (bmo#1177861) (Windows only)
    Arbitrary file manipulation by local user through Mozilla updater
  * MFSA 2015-101/CVE-2015-4506 (bmo#1192226)
    Buffer overflow in libvpx while parsing vp9 format video
  * MFSA 2015-105/CVE-2015-4511 (bmo#1200148)
    Buffer overflow while decoding WebM video
  * MFSA 2015-106/CVE-2015-4509 (bmo#1198435)
    Use-after-free while manipulating HTML media content
  * MFSA 2015-110/CVE-2015-4519 (bmo#1189814)
    Dragging and dropping images exposes final URL after redirects
  * MFSA 2015-111/CVE-2015-4520 (bmo#1200856, bmo#1200869)
    Errors in the handling of CORS preflight request headers
  * MFSA 2015-112/CVE-2015-4517/CVE-2015-4521/CVE-2015-4522/
    CVE-2015-7174/CVE-2015-7175/CVE-2015-7176/CVE-2015-7177/
    CVE-2015-7180
    Vulnerabilities found through code inspection
  * MFSA 2015-113/CVE-2015-7178/CVE-2015-7179 (bmo#1189860,
    bmo#1190526) (Windows only)
    Memory safety errors in libGLES in the ANGLE graphics library
buildservice-autocommit accepted request 322845 11 months ago (revision 32)
baserev update by copy to link target
Wolfgang Rosenauer Wolfgang Rosenauer (wrosenauer) committed 11 months ago (revision 31)
  * mozilla-shared-nss-db.patch
Wolfgang Rosenauer Wolfgang Rosenauer (wrosenauer) committed 11 months ago (revision 30)
- added platform specific patches from Firefox package:
  * mozilla-skia-be-le.patch
  * mozilla-bmo1005535.patch
  * mozilla-add-glibcxx_use_cxx11_abi.patch
  * mozilla-arm64-libjpeg-turbo.patch
Wolfgang Rosenauer Wolfgang Rosenauer (wrosenauer) committed 11 months ago (revision 29)
- update to xulrunner 38.2.0esr (bnc#940806)
  * MFSA 2015-79/CVE-2015-4473
    Miscellaneous memory safety hazards
  * MFSA 2015-80/CVE-2015-4475 (bmo#1175396)
    Out-of-bounds read with malformed MP3 file
  * MFSA 2015-82/CVE-2015-4478 (bmo#1105914)
    Redefinition of non-configurable JavaScript object properties
  * MFSA 2015-83/CVE-2015-4479/CVE-2015-4480/CVE-2015-4493
    Overflow issues in libstagefright
  * MFSA 2015-84/CVE-2015-4481 (bmo1171518)
    Arbitrary file overwriting through Mozilla Maintenance Service
    with hard links (only affected Windows)
  * MFSA 2015-85/CVE-2015-4482 (bmo#1184500)
    Out-of-bounds write with Updater and malicious MAR file
    (does not affect openSUSE RPM packages which do not ship the
     updater)
  * MFSA 2015-87/CVE-2015-4484 (bmo#1171540)
    Crash when using shared memory in JavaScript
  * MFSA 2015-88/CVE-2015-4491 (bmo#1184009)
    Heap overflow in gdk-pixbuf when scaling bitmap images
  * MFSA 2015-89/CVE-2015-4485/CVE-2015-4486 (bmo#1177948, bmo#1178148)
    Buffer overflows on Libvpx when decoding WebM video
  * MFSA 2015-90/CVE-2015-4487/CVE-2015-4488/CVE-2015-4489
    Vulnerabilities found through code inspection
  * MFSA 2015-92/CVE-2015-4492 (bmo#1185820)
    Use-after-free in XMLHttpRequest with shared workers
- rebased all patches
- dropped obsolete patches:
  * mozilla-sle11.patch
  * mozilla-ppc.patch
buildservice-autocommit accepted request 314955 12 months ago (revision 28)
baserev update by copy to link target
Wolfgang Rosenauer Wolfgang Rosenauer (wrosenauer) committed 12 months ago (revision 27)
- update to 31.8.0 (bnc#935979)
  * MFSA 2015-59/CVE-2015-2724
    Miscellaneous memory safety hazards
  * MFSA 2015-61/CVE-2015-2728 (bmo#1142210)
    Type confusion in Indexed Database Manager
  * MFSA 2015-64/CVE-2015-2730 (bmo#1125025)
    ECDSA signature validation fails to handle some signatures correctly
    (this fix is shipped by NSS 3.19.1 externally)
  * MFSA 2015-65/CVE-2015-2722/CVE-2015-2733 (bmo#1166924, bmo#1169867)
    Use-after-free in workers while using XMLHttpRequest
  * MFSA 2015-66/CVE-2015-2734/CVE-2015-2735/CVE-2015-2736/CVE-2015-2737
    CVE-2015-2738/CVE-2015-2739/CVE-2015-2740
    Vulnerabilities found through code inspection
  * MFSA 2015-69/CVE-2015-2743 (bmo#1163109)
    Privilege escalation in PDF.js
  * MFSA 2015-70/CVE-2015-4000 (bmo#1138554)
    NSS accepts export-length DHE keys with regular DHE cipher suites
    (this fix is shipped by NSS 3.19.1 externally)
  * MFSA 2015-71/CVE-2015-2721 (bmo#1086145)
    NSS incorrectly permits skipping of ServerKeyExchange
    (this fix is shipped by NSS 3.19.1 externally)
- requires NSS 3.19.2
  * add mozilla-fix-compilation-gcc5-bmo-1021171.patch
buildservice-autocommit accepted request 313190 about 1 year ago (revision 26)
baserev update by copy to link target
Wolfgang Rosenauer Wolfgang Rosenauer (wrosenauer) accepted request 312916 about 1 year ago (revision 25)
- Fix compilation with GCC5 (bmo#1153109, bmo#1021171)
  * add mozilla-fix-compilation-gcc5-bmo-1153109.patch
  * add mozilla-fix-compilation-gcc5-bmo-1021171.patch

Show all