File _patchinfo of Package patchinfo.1536
<patchinfo>
<issue id="813026" tracker="bnc">Firefox 20.0/17.0.5</issue>
<issue id="CVE-2013-0788" tracker="cve" />
<issue id="CVE-2013-0791" tracker="cve" />
<issue id="CVE-2013-0789" tracker="cve" />
<issue id="CVE-2013-0793" tracker="cve" />
<issue id="CVE-2013-0792" tracker="cve" />
<issue id="CVE-2013-0795" tracker="cve" />
<issue id="CVE-2013-0794" tracker="cve" />
<issue id="CVE-2013-0796" tracker="cve" />
<issue id="CVE-2013-0800" tracker="cve" />
<issue id="CVE-2013-1620" tracker="cve" />
<category>security</category>
<rating>important</rating>
<packager>wrosenauer</packager>
<description>
The Mozilla suite received security and bugfix updates:
Mozilla Firefox was updated to version 20.0.
Mozilla Thunderbird was updated to version 17.0.5.
Mozilla Seamonkey was updated to version 17.0.5.
Mozilla XULRunner was updated to version 17.0.5.
mozilla-nss was updated to version 3.14.3.
mozilla-nspr was updated to version 4.9.6.
mozilla-nspr was updated to version 4.9.6:
* aarch64 support
* added PL_SizeOfArenaPoolExcludingPool function (bmo#807883)
* Auto detect android api version for x86 (bmo#782214)
* Initialize Windows CRITICAL_SECTIONs without debug info and
with nonzero spin count (bmo#812085)
Previous update to version 4.9.5
* bmo#634793: define NSPR's exact-width integer types PRInt{N} and
PRUint{N} types to match the <stdint.h> exact-width integer types
int{N}_t and uint{N}_t.
* bmo#782815: passing 'int *' to parameter of type 'unsigned int *'
in setsockopt().
* bmo#822932: Port bmo#802527 (NDK r8b support for x86) to NSPR.
* bmo#824742: NSPR shouldn't require librt on Android.
* bmo#831793: data race on lib->refCount in PR_UnloadLibrary.
mozilla-nss was updated to version 3.14.3:
* disable tests with expired certificates
* add SEC_PKCS7VerifyDetachedSignatureAtTime using patch from
mozilla tree to fulfill Firefox 21 requirements
* No new major functionality is introduced in this release. This
release is a patch release to address CVE-2013-1620 (bmo#822365)
* "certutil -a" was not correctly producing ASCII output as
requested. (bmo#840714)
* NSS 3.14.2 broke compilation with older versions of sqlite that
lacked the SQLITE_FCNTL_TEMPFILENAME file control. NSS 3.14.3 now
properly compiles when used with older versions of sqlite
(bmo#837799) - remove system-sqlite.patch
* add arm aarch64 support
* added system-sqlite.patch (bmo#837799)
* do not depend on latest sqlite just for a #define
* enable system sqlite usage again
* update to 3.14.2
* required for Firefox >= 20
* removed obsolete nssckbi update patch
* MFSA 2013-40/CVE-2013-0791 (bmo#629816)
Out-of-bounds array read in CERT_DecodeCertPackage
* disable system sqlite usage since we depend on 3.7.15 which is
not provided in any openSUSE distribution
* add nss-sqlitename.patch to avoid any name clash
Changes in MozillaFirefox:
- update to Firefox 20.0 (bnc#813026)
* requires NSPR 4.9.5 and NSS 3.14.3
* MFSA 2013-30/CVE-2013-0788/CVE-2013-0789
Miscellaneous memory safety hazards
* MFSA 2013-31/CVE-2013-0800 (bmo#825721)
Out-of-bounds write in Cairo library
* MFSA 2013-35/CVE-2013-0796 (bmo#827106)
WebGL crash with Mesa graphics driver on Linux
* MFSA 2013-36/CVE-2013-0795 (bmo#825697)
Bypass of SOW protections allows cloning of protected nodes
* MFSA 2013-37/CVE-2013-0794 (bmo#626775)
Bypass of tab-modal dialog origin disclosure
* MFSA 2013-38/CVE-2013-0793 (bmo#803870)
Cross-site scripting (XSS) using timed history navigations
* MFSA 2013-39/CVE-2013-0792 (bmo#722831)
Memory corruption while rendering grayscale PNG images
- use GStreamer 1.0 starting with 12.3 (mozilla-gstreamer-1.patch)
- build fixes for armv7hl:
* disable debug build as armv7hl does not have enough memory
* disable webrtc on armv7hl as it is non-compiling
Changes in MozillaThunderbird:
- update to Thunderbird 17.0.5 (bnc#813026)
* requires NSPR 4.9.5 and NSS 3.14.3
* MFSA 2013-30/CVE-2013-0788/CVE-2013-0789
Miscellaneous memory safety hazards
* MFSA 2013-31/CVE-2013-0800 (bmo#825721)
Out-of-bounds write in Cairo library
* MFSA 2013-35/CVE-2013-0796 (bmo#827106)
WebGL crash with Mesa graphics driver on Linux
* MFSA 2013-36/CVE-2013-0795 (bmo#825697)
Bypass of SOW protections allows cloning of protected nodes
* MFSA 2013-38/CVE-2013-0793 (bmo#803870)
Cross-site scripting (XSS) using timed history navigations
Changes in seamonkey:
- update to SeaMonkey 2.17 (bnc#813026)
* requires NSPR 4.9.5 and NSS 3.14.3
* MFSA 2013-30/CVE-2013-0788/CVE-2013-0789
Miscellaneous memory safety hazards
* MFSA 2013-31/CVE-2013-0800 (bmo#825721)
Out-of-bounds write in Cairo library
* MFSA 2013-35/CVE-2013-0796 (bmo#827106)
WebGL crash with Mesa graphics driver on Linux
* MFSA 2013-36/CVE-2013-0795 (bmo#825697)
Bypass of SOW protections allows cloning of protected nodes
* MFSA 2013-37/CVE-2013-0794 (bmo#626775)
Bypass of tab-modal dialog origin disclosure
* MFSA 2013-38/CVE-2013-0793 (bmo#803870)
Cross-site scripting (XSS) using timed history navigations
* MFSA 2013-39/CVE-2013-0792 (bmo#722831)
Memory corruption while rendering grayscale PNG images
- use GStreamer 1.0 starting with 12.3 (mozilla-gstreamer-1.patch)
Changes in xulrunner:
- update to 17.0.5esr (bnc#813026)
* requires NSPR 4.9.5 and NSS 3.14.3
* MFSA 2013-30/CVE-2013-0788
Miscellaneous memory safety hazards
* MFSA 2013-31/CVE-2013-0800 (bmo#825721)
Out-of-bounds write in Cairo library
* MFSA 2013-35/CVE-2013-0796 (bmo#827106)
WebGL crash with Mesa graphics driver on Linux
* MFSA 2013-36/CVE-2013-0795 (bmo#825697)
Bypass of SOW protections allows cloning of protected nodes
* MFSA 2013-37/CVE-2013-0794 (bmo#626775)
Bypass of tab-modal dialog origin disclosure
* MFSA 2013-38/CVE-2013-0793 (bmo#803870)
Cross-site scripting (XSS) using timed history navigations
</description>
<summary>Mozilla Firefox and others: Update to Firefox 20.0 release</summary>
</patchinfo>
