File _patchinfo of Package patchinfo
<patchinfo>
<issue id="720264" tracker="bnc">Firefox 7 / 3.6.23 and other Mozilla apps</issue>
<issue id="758408" tracker="bnc">MozillaFirefox 12 / 10.0.4esr etc</issue>
<issue id="726758" tracker="bnc">Thunderbird icon is broken until gtk icon cache is manually refreshed</issue>
<issue id="714931" tracker="bnc">MozillaFirefox 6.0.2 / 3.6.22 security update (chemspill)</issue>
<issue id="749440" tracker="bnc">KDE filemanager is lost in Thunderbird with Update to version 10</issue>
<issue id="728520" tracker="bnc">Firefox 8 / 3.6.24 and other mozilla apps</issue>
<issue id="747328" tracker="bnc">MozillaFirefox: 10.0.2 / 3.6.27(?) release for libpng issue</issue>
<issue id="744275" tracker="bnc">MozillaFirefox 10 / 3.6.26 and other mozilla apps</issue>
<issue id="746616" tracker="bnc">MozillaFirefox: use-after-free in nsXBLDocumentInfo::ReadPrototypeBindings (MFSA 2012-10)</issue>
<issue id="755060" tracker="bnc">Mozilla Thunderbird hangs frequently after update to 11.0</issue>
<issue id="712224" tracker="bnc">MozillaFirefox 6 / 3.6.20 security update round</issue>
<issue id="732898" tracker="bnc">Firefox is not accessible</issue>
<issue id="750044" tracker="bnc">MozillaFirefox 11 / 10.0.3esr etc</issue>
<issue id="733002" tracker="bnc">Thunderbird/Enigmail is endless accessing PGP Keyserver</issue>
<issue id="CVE-2011-3005" tracker="cve" />
<issue id="CVE-2011-3062" tracker="cve" />
<issue id="CVE-2012-0478" tracker="cve" />
<issue id="CVE-2012-0468" tracker="cve" />
<issue id="CVE-2012-0469" tracker="cve" />
<issue id="CVE-2012-0460" tracker="cve" />
<issue id="CVE-2012-0475" tracker="cve" />
<issue id="CVE-2012-0467" tracker="cve" />
<issue id="CVE-2011-3663" tracker="cve" />
<issue id="CVE-2011-3660" tracker="cve" />
<issue id="CVE-2011-3661" tracker="cve" />
<issue id="CVE-2012-0446" tracker="cve" />
<issue id="CVE-2012-0447" tracker="cve" />
<issue id="CVE-2011-2986" tracker="cve" />
<issue id="CVE-2012-0445" tracker="cve" />
<issue id="CVE-2011-2988" tracker="cve" />
<issue id="CVE-2011-2989" tracker="cve" />
<issue id="CVE-2011-3652" tracker="cve" />
<issue id="CVE-2011-3651" tracker="cve" />
<issue id="CVE-2011-2985" tracker="cve" />
<issue id="CVE-2011-3232" tracker="cve" />
<issue id="CVE-2011-3654" tracker="cve" />
<issue id="CVE-2012-0479" tracker="cve" />
<issue id="CVE-2011-3658" tracker="cve" />
<issue id="CVE-2012-0477" tracker="cve" />
<issue id="CVE-2011-3655" tracker="cve" />
<issue id="CVE-2012-0474" tracker="cve" />
<issue id="CVE-2012-0473" tracker="cve" />
<issue id="CVE-2012-0472" tracker="cve" />
<issue id="CVE-2012-0471" tracker="cve" />
<issue id="CVE-2012-0470" tracker="cve" />
<issue id="CVE-2012-0451" tracker="cve" />
<issue id="CVE-2012-0452" tracker="cve" />
<issue id="CVE-2011-2992" tracker="cve" />
<issue id="CVE-2011-2991" tracker="cve" />
<issue id="CVE-2012-0459" tracker="cve" />
<issue id="CVE-2011-2987" tracker="cve" />
<issue id="CVE-2011-1187" tracker="cve" />
<category>security</category>
<rating>moderate</rating>
<packager>wrosenauer</packager>
<description>Changes in xulrunner:
- update to 12.0 (bnc#758408)
* rebased patches
* MFSA 2012-20/CVE-2012-0467/CVE-2012-0468
Miscellaneous memory safety hazards
* MFSA 2012-22/CVE-2012-0469 (bmo#738985)
use-after-free in IDBKeyRange
* MFSA 2012-23/CVE-2012-0470 (bmo#734288)
Invalid frees causes heap corruption in gfxImageSurface
* MFSA 2012-24/CVE-2012-0471 (bmo#715319)
Potential XSS via multibyte content processing errors
* MFSA 2012-25/CVE-2012-0472 (bmo#744480)
Potential memory corruption during font rendering using cairo-dwrite
* MFSA 2012-26/CVE-2012-0473 (bmo#743475)
WebGL.drawElements may read illegal video memory due to
FindMaxUshortElement error
* MFSA 2012-27/CVE-2012-0474 (bmo#687745, bmo#737307)
Page load short-circuit can lead to XSS
* MFSA 2012-28/CVE-2012-0475 (bmo#694576)
Ambiguous IPv6 in Origin headers may bypass webserver access
restrictions
* MFSA 2012-29/CVE-2012-0477 (bmo#718573)
Potential XSS through ISO-2022-KR/ISO-2022-CN decoding issues
* MFSA 2012-30/CVE-2012-0478 (bmo#727547)
Crash with WebGL content using textImage2D
* MFSA 2012-31/CVE-2011-3062 (bmo#739925)
Off-by-one error in OpenType Sanitizer
* MFSA 2012-32/CVE-2011-1187 (bmo#624621)
HTTP Redirections and remote content can be read by javascript errors
* MFSA 2012-33/CVE-2012-0479 (bmo#714631)
Potential site identity spoofing when loading RSS and Atom feeds
- added mozilla-libnotify.patch to allow fallback from libnotify
to xul based events if no notification-daemon is running
- gcc 4.7 fixes
* mozilla-gcc47.patch
* disabled crashreporter temporarily for Factory
Changes in MozillaFirefox:
- update to Firefox 12.0 (bnc#758408)
* rebased patches
* MFSA 2012-20/CVE-2012-0467/CVE-2012-0468
Miscellaneous memory safety hazards
* MFSA 2012-22/CVE-2012-0469 (bmo#738985)
use-after-free in IDBKeyRange
* MFSA 2012-23/CVE-2012-0470 (bmo#734288)
Invalid frees causes heap corruption in gfxImageSurface
* MFSA 2012-24/CVE-2012-0471 (bmo#715319)
Potential XSS via multibyte content processing errors
* MFSA 2012-25/CVE-2012-0472 (bmo#744480)
Potential memory corruption during font rendering using cairo-dwrite
* MFSA 2012-26/CVE-2012-0473 (bmo#743475)
WebGL.drawElements may read illegal video memory due to
FindMaxUshortElement error
* MFSA 2012-27/CVE-2012-0474 (bmo#687745, bmo#737307)
Page load short-circuit can lead to XSS
* MFSA 2012-28/CVE-2012-0475 (bmo#694576)
Ambiguous IPv6 in Origin headers may bypass webserver access
restrictions
* MFSA 2012-29/CVE-2012-0477 (bmo#718573)
Potential XSS through ISO-2022-KR/ISO-2022-CN decoding issues
* MFSA 2012-30/CVE-2012-0478 (bmo#727547)
Crash with WebGL content using textImage2D
* MFSA 2012-31/CVE-2011-3062 (bmo#739925)
Off-by-one error in OpenType Sanitizer
* MFSA 2012-32/CVE-2011-1187 (bmo#624621)
HTTP Redirections and remote content can be read by javascript errors
* MFSA 2012-33/CVE-2012-0479 (bmo#714631)
Potential site identity spoofing when loading RSS and Atom feeds
- added mozilla-libnotify.patch to allow fallback from libnotify
to xul based events if no notification-daemon is running
- gcc 4.7 fixes
* mozilla-gcc47.patch
* disabled crashreporter temporarily for Factory
- recommend libcanberra0 for proper sound notifications
Changes in MozillaThunderbird:
- update to Thunderbird 12.0 (bnc#758408)
* MFSA 2012-20/CVE-2012-0467/CVE-2012-0468
Miscellaneous memory safety hazards
* MFSA 2012-22/CVE-2012-0469 (bmo#738985)
use-after-free in IDBKeyRange
* MFSA 2012-23/CVE-2012-0470 (bmo#734288)
Invalid frees causes heap corruption in gfxImageSurface
* MFSA 2012-24/CVE-2012-0471 (bmo#715319)
Potential XSS via multibyte content processing errors
* MFSA 2012-25/CVE-2012-0472 (bmo#744480)
Potential memory corruption during font rendering using cairo-dwrite
* MFSA 2012-26/CVE-2012-0473 (bmo#743475)
WebGL.drawElements may read illegal video memory due to
FindMaxUshortElement error
* MFSA 2012-27/CVE-2012-0474 (bmo#687745, bmo#737307)
Page load short-circuit can lead to XSS
* MFSA 2012-28/CVE-2012-0475 (bmo#694576)
Ambiguous IPv6 in Origin headers may bypass webserver access
restrictions
* MFSA 2012-29/CVE-2012-0477 (bmo#718573)
Potential XSS through ISO-2022-KR/ISO-2022-CN decoding issues
* MFSA 2012-30/CVE-2012-0478 (bmo#727547)
Crash with WebGL content using textImage2D
* MFSA 2012-31/CVE-2011-3062 (bmo#739925)
Off-by-one error in OpenType Sanitizer
* MFSA 2012-32/CVE-2011-1187 (bmo#624621)
HTTP Redirections and remote content can be read by javascript errors
* MFSA 2012-33/CVE-2012-0479 (bmo#714631)
Potential site identity spoofing when loading RSS and Atom feeds
- update Enigmail to 1.4.1
- added mozilla-revert_621446.patch
- added mozilla-libnotify.patch (bmo#737646)
- added mailnew-showalert.patch (bmo#739146)
- added mozilla-gcc47.patch and mailnews-literals.patch to fix
compilation issues with recent gcc 4.7
- disabled crashreporter temporarily for Factory (gcc 4.7 issue)
Changes in seamonkey:
- update to Seamonkey 2.9 (bnc#758408)
* MFSA 2012-20/CVE-2012-0467/CVE-2012-0468
Miscellaneous memory safety hazards
* MFSA 2012-22/CVE-2012-0469 (bmo#738985)
use-after-free in IDBKeyRange
* MFSA 2012-23/CVE-2012-0470 (bmo#734288)
Invalid frees causes heap corruption in gfxImageSurface
* MFSA 2012-24/CVE-2012-0471 (bmo#715319)
Potential XSS via multibyte content processing errors
* MFSA 2012-25/CVE-2012-0472 (bmo#744480)
Potential memory corruption during font rendering using cairo-dwrite
* MFSA 2012-26/CVE-2012-0473 (bmo#743475)
WebGL.drawElements may read illegal video memory due to
FindMaxUshortElement error
* MFSA 2012-27/CVE-2012-0474 (bmo#687745, bmo#737307)
Page load short-circuit can lead to XSS
* MFSA 2012-28/CVE-2012-0475 (bmo#694576)
Ambiguous IPv6 in Origin headers may bypass webserver access
restrictions
* MFSA 2012-29/CVE-2012-0477 (bmo#718573)
Potential XSS through ISO-2022-KR/ISO-2022-CN decoding issues
* MFSA 2012-30/CVE-2012-0478 (bmo#727547)
Crash with WebGL content using textImage2D
* MFSA 2012-31/CVE-2011-3062 (bmo#739925)
Off-by-one error in OpenType Sanitizer
* MFSA 2012-32/CVE-2011-1187 (bmo#624621)
HTTP Redirections and remote content can be read by javascript errors
* MFSA 2012-33/CVE-2012-0479 (bmo#714631)
Potential site identity spoofing when loading RSS and Atom feeds
- update to 2.9b4
- added mozilla-sle11.patch and add exceptions to be able to build
for SLE11/11.1
- exclude broken gl locale from build
- fixed build on 11.2-x86_64 by adding mozilla-revert_621446.patch
- added mozilla-gcc47.patch and mailnews-literals.patch to fix
compilation issues with recent gcc 4.7
</description>
<summary>update for MozillaFirefox, MozillaThunderbird, seamonkey, xulrunner</summary>
</patchinfo>
