LogoopenSUSE Build Service > Projects > mozilla:Factory > xulrunner > Revisions
Sign Up | Log In

Revision Log of xulrunner (44)

buildservice-autocommit accepted request 356181 11 days ago (revision 44)
baserev update by copy to link target
Wolfgang Rosenauer Wolfgang Rosenauer (wrosenauer) accepted request 356234 15 days ago (revision 43)
update bug tracking
Wolfgang Rosenauer Wolfgang Rosenauer (wrosenauer) committed 16 days ago (revision 42)
- update to xulrunner 38.6.0 (boo#963520)
  * MFSA 2016-01/CVE-2016-1930
    Miscellaneous memory safety hazards
  * MFSA 2016-03/CVE-2016-1935 (bmo#1220450)
    Buffer overflow in WebGL after out of memory allocation
buildservice-autocommit accepted request 354763 20 days ago (revision 41)
baserev update by copy to link target
Wolfgang Rosenauer Wolfgang Rosenauer (wrosenauer) accepted request 354759 24 days ago (revision 40)
- Add pkgconfig(xcomposite) BuildRequires: libcanberra happen to
  pull this in for us, but in fact xulrunner requires it on its own
  and must not rely on other libraries to require it.
buildservice-autocommit accepted request 349664 about 2 months ago (revision 39)
baserev update by copy to link target
Wolfgang Rosenauer Wolfgang Rosenauer (wrosenauer) committed about 2 months ago (revision 38)
- update to xulrunner 38.5.0 (bnc#959277)
  * MFSA 2015-134/CVE-2015-7201
    Miscellaneous memory safety hazards
  * MFSA 2015-138/CVE-2015-7210 (bmo#1218326)
    Use-after-free in WebRTC when datachannel is used after being
    destroyed
  * MFSA 2015-139/CVE-2015-7212 (bmo#1222809)
    Integer overflow allocating extremely large textures
  * MFSA 2015-145/CVE-2015-7205 (bmo#1220493)
    Underflow through code inspection
  * MFSA 2015-146/CVE-2015-7213 (bmo#1206211)
    Integer overflow in MP4 playback in 64-bit versions
  * MFSA 2015-147/CVE-2015-7222 (bmo#1216748)
    Integer underflow and buffer overflow processing MP4 metadata in
    libstagefright
  * MFSA 2015-149/CVE-2015-7214 (bmo#1228950)
    Cross-site reading attack through data and view-source URIs
buildservice-autocommit accepted request 342308 3 months ago (revision 37)
baserev update by copy to link target
Wolfgang Rosenauer Wolfgang Rosenauer (wrosenauer) committed 3 months ago (revision 36)
  * MFSA 2015-116/CVE-2015-4513/CVE-2015-4514
    Miscellaneous memory safety hazards
  * MFSA 2015-122/CVE-2015-7188 (bmo#1199430)
    Trailing whitespace in IP address hostnames can bypass same-origin policy
  * MFSA 2015-123/CVE-2015-7189 (bmo#1205900)
    Buffer overflow during image interactions in canvas
  * MFSA 2015-127/CVE-2015-7193 (bmo#1210302)
    CORS preflight is bypassed when non-standard Content-Type headers
    are received
  * MFSA 2015-128/CVE-2015-7194 (bmo#1211262)
    Memory corruption in libjar through zip files
  * MFSA 2015-130/CVE-2015-7196 (bmo#1140616)
    JavaScript garbage collection crash with Java applet
  * MFSA 2015-131/CVE-2015-7198/CVE-2015-7199/CVE-2015-7200
    (bmo#1188010, bmo#1204061, bmo#1204155)
    Vulnerabilities found through code inspection
  * MFSA 2015-132/CVE-2015-7197 (bmo#1204269)
    Mixed content WebSocket policy bypass through workers
  * MFSA 2015-133/CVE-2015-7181/CVE-2015-7182/CVE-2015-7183
    (bmo#1202868, bmo#1205157)
    NSS and NSPR memory corruption issues
    (fixed in mozilla-nspr and mozilla-nss packages)
Wolfgang Rosenauer Wolfgang Rosenauer (wrosenauer) committed 3 months ago (revision 35)
- update to xulrunner 38.4.0 (bnc#952810)
- requires NSPR 4.10.10 and NSS 3.19.2.1
buildservice-autocommit accepted request 333411 5 months ago (revision 34)
baserev update by copy to link target
Wolfgang Rosenauer Wolfgang Rosenauer (wrosenauer) committed 5 months ago (revision 33)
- update to xulrunner 38.3.0 (bnc#947003)
  * MFSA 2015-96/CVE-2015-4500
    Miscellaneous memory safety hazards
  * MFSA 2015-100/CVE-2015-4505 (bmo#1177861) (Windows only)
    Arbitrary file manipulation by local user through Mozilla updater
  * MFSA 2015-101/CVE-2015-4506 (bmo#1192226)
    Buffer overflow in libvpx while parsing vp9 format video
  * MFSA 2015-105/CVE-2015-4511 (bmo#1200148)
    Buffer overflow while decoding WebM video
  * MFSA 2015-106/CVE-2015-4509 (bmo#1198435)
    Use-after-free while manipulating HTML media content
  * MFSA 2015-110/CVE-2015-4519 (bmo#1189814)
    Dragging and dropping images exposes final URL after redirects
  * MFSA 2015-111/CVE-2015-4520 (bmo#1200856, bmo#1200869)
    Errors in the handling of CORS preflight request headers
  * MFSA 2015-112/CVE-2015-4517/CVE-2015-4521/CVE-2015-4522/
    CVE-2015-7174/CVE-2015-7175/CVE-2015-7176/CVE-2015-7177/
    CVE-2015-7180
    Vulnerabilities found through code inspection
  * MFSA 2015-113/CVE-2015-7178/CVE-2015-7179 (bmo#1189860,
    bmo#1190526) (Windows only)
    Memory safety errors in libGLES in the ANGLE graphics library
buildservice-autocommit accepted request 322845 6 months ago (revision 32)
baserev update by copy to link target
Wolfgang Rosenauer Wolfgang Rosenauer (wrosenauer) committed 6 months ago (revision 31)
  * mozilla-shared-nss-db.patch
Wolfgang Rosenauer Wolfgang Rosenauer (wrosenauer) committed 6 months ago (revision 30)
- added platform specific patches from Firefox package:
  * mozilla-skia-be-le.patch
  * mozilla-bmo1005535.patch
  * mozilla-add-glibcxx_use_cxx11_abi.patch
  * mozilla-arm64-libjpeg-turbo.patch
Wolfgang Rosenauer Wolfgang Rosenauer (wrosenauer) committed 6 months ago (revision 29)
- update to xulrunner 38.2.0esr (bnc#940806)
  * MFSA 2015-79/CVE-2015-4473
    Miscellaneous memory safety hazards
  * MFSA 2015-80/CVE-2015-4475 (bmo#1175396)
    Out-of-bounds read with malformed MP3 file
  * MFSA 2015-82/CVE-2015-4478 (bmo#1105914)
    Redefinition of non-configurable JavaScript object properties
  * MFSA 2015-83/CVE-2015-4479/CVE-2015-4480/CVE-2015-4493
    Overflow issues in libstagefright
  * MFSA 2015-84/CVE-2015-4481 (bmo1171518)
    Arbitrary file overwriting through Mozilla Maintenance Service
    with hard links (only affected Windows)
  * MFSA 2015-85/CVE-2015-4482 (bmo#1184500)
    Out-of-bounds write with Updater and malicious MAR file
    (does not affect openSUSE RPM packages which do not ship the
     updater)
  * MFSA 2015-87/CVE-2015-4484 (bmo#1171540)
    Crash when using shared memory in JavaScript
  * MFSA 2015-88/CVE-2015-4491 (bmo#1184009)
    Heap overflow in gdk-pixbuf when scaling bitmap images
  * MFSA 2015-89/CVE-2015-4485/CVE-2015-4486 (bmo#1177948, bmo#1178148)
    Buffer overflows on Libvpx when decoding WebM video
  * MFSA 2015-90/CVE-2015-4487/CVE-2015-4488/CVE-2015-4489
    Vulnerabilities found through code inspection
  * MFSA 2015-92/CVE-2015-4492 (bmo#1185820)
    Use-after-free in XMLHttpRequest with shared workers
- rebased all patches
- dropped obsolete patches:
  * mozilla-sle11.patch
  * mozilla-ppc.patch
buildservice-autocommit accepted request 314955 7 months ago (revision 28)
baserev update by copy to link target
Wolfgang Rosenauer Wolfgang Rosenauer (wrosenauer) committed 7 months ago (revision 27)
- update to 31.8.0 (bnc#935979)
  * MFSA 2015-59/CVE-2015-2724
    Miscellaneous memory safety hazards
  * MFSA 2015-61/CVE-2015-2728 (bmo#1142210)
    Type confusion in Indexed Database Manager
  * MFSA 2015-64/CVE-2015-2730 (bmo#1125025)
    ECDSA signature validation fails to handle some signatures correctly
    (this fix is shipped by NSS 3.19.1 externally)
  * MFSA 2015-65/CVE-2015-2722/CVE-2015-2733 (bmo#1166924, bmo#1169867)
    Use-after-free in workers while using XMLHttpRequest
  * MFSA 2015-66/CVE-2015-2734/CVE-2015-2735/CVE-2015-2736/CVE-2015-2737
    CVE-2015-2738/CVE-2015-2739/CVE-2015-2740
    Vulnerabilities found through code inspection
  * MFSA 2015-69/CVE-2015-2743 (bmo#1163109)
    Privilege escalation in PDF.js
  * MFSA 2015-70/CVE-2015-4000 (bmo#1138554)
    NSS accepts export-length DHE keys with regular DHE cipher suites
    (this fix is shipped by NSS 3.19.1 externally)
  * MFSA 2015-71/CVE-2015-2721 (bmo#1086145)
    NSS incorrectly permits skipping of ServerKeyExchange
    (this fix is shipped by NSS 3.19.1 externally)
- requires NSS 3.19.2
  * add mozilla-fix-compilation-gcc5-bmo-1021171.patch
buildservice-autocommit accepted request 313190 8 months ago (revision 26)
baserev update by copy to link target
Wolfgang Rosenauer Wolfgang Rosenauer (wrosenauer) accepted request 312916 8 months ago (revision 25)
- Fix compilation with GCC5 (bmo#1153109, bmo#1021171)
  * add mozilla-fix-compilation-gcc5-bmo-1153109.patch
  * add mozilla-fix-compilation-gcc5-bmo-1021171.patch

Show all