SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for mozilla-xulrunner190-1.9.0.19-1.1.x86_64.rpm :
Thu Mar 18 13:00:00 2010 wrAATTrosenauer.org
- security update to version 1.9.0.19 (bnc#586567)

* MFSA-2010-21/CVE-2010-0179
Arbitrary code execution with Firebug XMLHttpRequestSpy
(bmo#504021)

* MFSA-2010-20/CVE-2010-0178
Chrome privilege escalation via forced URL drag and drop
(bmo#546909)

* MFSA-2010-19/CVE-2010-0177
Dangling pointer vulnerability in nsPluginArray (bmo#538310)

* MFSA-2010-18/CVE-2010-0176
Dangling pointer vulnerability in nsTreeContentView
(bmo#538308)

* MFSA-2010-17/CVE-2010-0175
Remote code execution with use-after-free in nsTreeSelection

* MFSA-2010-16/CVE-2010-0173/CVE-2010-0174
Crashes with evidence of memory corruption
- clean up correctly on update (bnc#589094)

Fri Feb 5 13:00:00 2010 wrAATTrosenauer.org
- security update to version 1.9.0.18 (bnc#576969)

* MFSA-2010-01/CVE-2010-0159
Crashes with evidence of memory corruption

* MFSA-2010-02/CVE-2010-0160
Web Worker Array Handling Heap Corruption Vulnerability

* MFSA-2010-03/CVE-2009-1571 (bmo#526500)
Use-after-free crash in HTML parser

* MFSA-2010-04/CVE-2009-3988 (bmo#504862)
XSS due to window.dialogArguments being readable cross-domain

* MFSA-2010-05/CVE-2010-0162 (bmo#455472)
XSS hazard using SVG document and binary Content-Type

Wed Dec 23 13:00:00 2009 wrAATTrosenauer.org
- update to version 1.9.0.17

* DNS resolution in MakeSN of nsAuthSSPI causing issues for
proxy servers that support NTLM auth (bmo#535193)

Fri Dec 4 13:00:00 2009 wrAATTrosenauer.org
- security update to 1.9.0.16 (bnc#559807)

* MFSA 2009-65/CVE-2009-3979/CVE-2009-3981
Crashes with evidence of memory corruption (1.9.0.16)

* MFSA 2009-68/CVE-2009-3983 (bmo#487872)
NTLM reflection vulnerability

* MFSA 2009-69/CVE-2009-3984/CVE-2009-3985 (bmo#521461,bmo#514232)
Location bar spoofing vulnerabilities

* MFSA 2009-70/CVE-2009-3986 (bmo#522430)
Privilege escalation via chrome window.opener

Thu Oct 22 14:00:00 2009 wrAATTrosenauer.org
- security update to 1.9.0.15 (bnc#545277)

* MFSA 2009-52/CVE-2009-3370 (bmo#511615)
Form history vulnerable to stealing

* MFSA 2009-53/CVE-2009-3274 (bmo#514823)
Local downloaded file tampering

* MFSA 2009-55/CVE-2009-3372 (bmo#500644)
Crash in proxy auto-configuration regexp parsing

* MFSA 2009-56/CVE-2009-3373 (bmo#511689)
Heap buffer overflow in GIF color map parser

* MFSA 2009-57/CVE-2009-3374 (bmo#505988)
Chrome privilege escalation in XPCVariant::VariantDataToJS()

* MFSA 2009-59/CVE-2009-1563 (bmo#516396, bmo#516862)
Heap buffer overflow in string to number conversion

* MFSA 2009-61/CVE-2009-3375 (bmo#503226)
Cross-origin data theft through document.getSelection()

* MFSA 2009-62/CVE-2009-3376 (bmo#511521)
Download filename spoofing with RTL override

* MFSA 2009-64/CVE-2009-3380/CVE-2009-3382
Crashes with evidence of memory corruption

Thu Oct 15 14:00:00 2009 pwuAATTnovell.com
- extend list of supported architectures as ABI identifier
(mozilla-abi.patch) (bnc#543460)

Thu Sep 10 14:00:00 2009 wrAATTrosenauer.org
- security update to 1.9.0.14 (bnc#534458)

* MFSA 2009-47/CVE-2009-3069/CVE-2009-3070/CVE-2009-3071/
CVE-2009-3072/CVE-2009-3073/CVE-2009-3074/CVE-2009-3075
Crashes with evidence of memory corruption

* MFSA 2009-48/CVE-2009-3076
Insufficient warning for PKCS11 module installation and removal

* MFSA 2009-49/CVE-2009-3077 (bmo#506871)
TreeColumns dangling pointer vulnerability

* MFSA 2009-50/CVE-2009-3078 (bmo#453827)
Location bar spoofing via tall line-height Unicode characters

* MFSA 2009-51/CVE-2009-3079 (bmo#454363)
Chrome privilege escalation with FeedWriter
- removed obsolete lcms patches (included upstream)
- don\'t provide libsqlite3.so (bnc#538094)

Mon Aug 3 14:00:00 2009 wrAATTrosenauer.org
- security update to 1.9.0.13 (bnc#527489)

* MFSA 2009-42 and MFSA 2009-43 don\'t apply as NSS is provided
through package mozilla-nss

* MFSA 2009-44/CVE-2009-2654 (bmo#451898)
Location bar and SSL indicator spoofing via window.open() on
invalid URL

Tue Jul 28 14:00:00 2009 wrAATTrosenauer.org
- fixed %exclude usage

Tue Jul 21 14:00:00 2009 wrAATTrosenauer.org
- security update to 1.9.0.12 (bnc#522109)

* MFSA 2009-34/CVE-2009-2462/CVE-2009-2463/CVE-2009-2464/
CVE-2009-2465/CVE-2009-2466
Crashes with evidence of memory corruption

* MFSA 2009-35/CVE-2009-2467 (bmo#493601)
Crash and remote code execution during Flash player unloading

* MFSA 2009-36/CVE-2009-1194/oCERT-2009-001 (bmo#480134)
Heap/integer overflows in font glyph rendering libraries

* MFSA 2009-37/CVE-2009-2469 (bmo#488995)
Crash and remote code execution using watch and
__defineSetter__ on SVG

* MFSA 2009-38/CVE-2009-2470 (bmo#459524)
Data corruption with SOCKS5 reply containing DNS name
longer than 15 characters

* MFSA 2009-39/CVE-2009-2471 (bmo#460882)
setTimeout loses XPCNativeWrappers

* MFSA 2009-40/CVE-2009-2472
Multiple cross origin wrapper bypasses

Mon Jul 13 14:00:00 2009 bgmerrellAATTnovell.com
- Fixes bnc#490610 (MozillaFirefox: LittleCMS null pointer
dereference CVE-2009-0793), add a patch lcms-bnc490610.patch.

Fri Jun 12 14:00:00 2009 wrAATTrosenauer.org
- security update to 1.9.0.11 (bnc#505563)

* MFSA 2009-24/CVE-2009-1392/CVE-2009-1832/CVE-2009-1833
Crashes with evidence of memory corruption (rv:1.9.0.11)

* MFSA 2009-25/CVE-2009-1834 (bmo#479413)
URL spoofing with invalid unicode characters

* MFSA 2009-26/CVE-2009-1835 (bmo#491801)
Arbitrary domain cookie access by local file: resources

* MFSA 2009-27/CVE-2009-1836 (bmo#479880)
SSL tampering via non-200 responses to proxy CONNECT requests

* MFSA 2009-28/CVE-2009-1837 (bmo#486269)
Race condition while accessing the private data of a NPObject
JS wrapper class object

* MFSA 2009-29/CVE-2009-1838 (bmo#489131)
Arbitrary code execution using event listeners attached to an
element whose owner document is null

* MFSA 2009-30/CVE-2009-1839 (bmo#479943)
Incorrect principal set for file: resources loaded via
location bar

* MFSA 2009-31/CVE-2009-1840 (bmo#477979)
XUL scripts bypass content-policy checks

* MFSA 2009-32/CVE-2009-1841 (bmo#479560)
JavaScript chrome privilege escalation
- fixing rpath linker flags (part of bnc#501174)

Tue Apr 28 14:00:00 2009 wrAATTrosenauer.org
- update to 1.9.0.10

* MFSA 2009-23/CVE-2009-1313 (bmo#489647)
Crash in nsTextFrame::ClearTextRun()
- fix preprocessor statement to fix build with gcc 4.4

Thu Apr 16 14:00:00 2009 wrAATTrosenauer.org
- security update to 1.9.0.9 (bnc#495473)

* MFSA 2009-14/CVE-2009-1302/CVE-2009-1303/CVE-2009-1304/CVE-2009-1305
Crashes with evidence of memory corruption (rv:1.9.0.9)

* MFSA 2009-15/CVE-2009-0652 (bmo#479336)
URL spoofing with box drawing character

* MFSA 2009-16/CVE-2009-1306 (bmo#474536)
jar: scheme ignores the content-disposition: header on the
inner URI

* MFSA 2009-17/CVE-2009-1307 (bmo#481342)
Same-origin violations when Adobe Flash loaded via
view-source: scheme

* MFSA 2009-18/CVE-2009-1308 (bmo#481558)
XSS hazard using third-party stylesheets and XBL bindings

* MFSA 2009-19/CVE-2009-1309 (bmo#482206,478433)
Same-origin violations in XMLHttpRequest and
XPCNativeWrapper.toString

* MFSA 2009-20/CVE-2009-1310 (bmo#483086)
Malicious search plugins can inject code into arbitrary sites

* MFSA 2009-21/CVE-2009-1311 (bmo#471962)
POST data sent to wrong site when saving web page with
embedded frame

* MFSA 2009-22/CVE-2009-1312 (bmo#475636)
Firefox allows Refresh header to redirect to javascript: URIs
- removed bnc465284-VUL-designMode.patch since it\'s integrated
in 1.9.0.9

Fri Mar 27 13:00:00 2009 wrAATTrosenauer.org
- security update to 1.9.0.8 (bnc#488955,489411)

* MFSA 2009-12/CVE-2009-1169 (bmo#460090,485217)
Crash and remote code execution in XSL transformation

* MFSA 2009-13/CVE-2009-1044 (bmo#484320)
Arbitrary code execution via XUL tree moveToEdgeShift

Fri Mar 13 13:00:00 2009 wrAATTrosenauer.org
- make mozjs consumers using rpath to the correct location
to find the library at runtime (bnc#479505)

Wed Mar 11 13:00:00 2009 pwuAATTsuse.de
- Fixes bnc#479610(MozillaFirefox: LittleCMS integer overflows),
add a patch lcms-bnc479606.patch.

Thu Mar 5 13:00:00 2009 pwuAATTsuse.de
- Backport a patch from xulrunner191,
and fix bnc#465284 and CVE-2009-0071.

Sun Mar 1 13:00:00 2009 wrAATTrosenauer.org
- security update to 1.9.0.7 (bnc#478625)

* MFSA 2009-07 - Crashes with evidence of memory corruption
CVE-2009-0771 - Layout Engine Crashes
CVE-2009-0772 - Layout Engine Crashes
CVE-2009-0773 - crashes in the JavaScript engine
CVE-2009-0774 - Layout Engine Crashes

* MFSA 2009-08/CVE-2009-0775 - (bmo#474456)
Mozilla Firefox XUL Linked Clones Double Free Vulnerability

* MFSA 2009-09/CVE-2009-0776 (bmo#414540)
XML data theft via RDFXMLDataSource and cross-domain redirect

* MFSA 2009-10/CVE-2009-0040 (bmo#478901)
Upgrade PNG library to fix memory safety hazards

* MFSA 2009-11/CVE-2009-0777 (bmo#452979)
URL spoofing with invisible control characters
- removed obsolete patch to configure system sqlite

Wed Feb 4 13:00:00 2009 hfiguiereAATTsuse.de
- Review and approve changes.

Tue Feb 3 13:00:00 2009 wrAATTrosenauer.org
- security update to 1.9.0.6 (bnc#470074)

* MFSA 2009-06/CVE-2009-0358: Directives to not cache pages ignored
(bmo#441751)

* MFSA 2009-05/CVE-2009-0357: XMLHttpRequest allows reading
HTTPOnly cookies (bmo#380418)

* MFSA 2009-04/CVE-2009-0356: Chrome privilege escalation via
local .desktop files (bmo#460425)

* MFSA 2009-03/CVE-2009-0355: Local file stealing with SessionStore
(bmo#466937)

* MFSA 2009-02/CVE-2009-0354: XSS using a chrome XBL method
and window.eval (bmo#468581)

* MFSA 2009-01/CVE-2009-0352 - CVE-2009-0353: Crashes with
evidence of memory corruption (rv:1.9.0.6) (bmo#452913,
bmo#449006, bmo#331088, bmo#401042, bmo#416461, bmo#422283,
bmo#422301, bmo#431705, bmo#437142, bmo#421839, bmo#420697,
bmo#461027)

* (non security) added lv locale
- never use system sqlite for now since it doesn\'t provide all
features needed and used by mozstorage (bnc#468689)
- set the actual xul application name as \"uniq\" identifier for
NSS database merges (instead of hardcoded \"mozilla-xul\")
- fixed crash in certificate viewer (bmo#472464)

Thu Jan 29 13:00:00 2009 hfiguiereAATTsuse.de
- Update gconf-backend.patch to fix a compilation error in debug
mode.
- Update toolkit-ui-lockdown.patch to fix bnc#366746

Wed Dec 17 13:00:00 2008 hfiguiereAATTsuse.de
- Review and approve changes.

Mon Dec 15 13:00:00 2008 wrAATTrosenauer.org
- security update to 1.9.0.5 (bnc#455804)
for details
http://www.mozilla.org/security/known-vulnerabilities/firefox30.html

* added et locale

Tue Dec 9 13:00:00 2008 hfiguiereAATTsuse.de
- Remove the lockdown part of the proxy because of the new upstream
management. (bnc#440625)

Mon Dec 8 13:00:00 2008 hfiguiereAATTsuse.de
- Review and approve changes.

Fri Dec 5 13:00:00 2008 hfiguiereAATTsuse.de
- resetting /system/proxy/mode to \'none\' set back network.proxy.type
to 5 instead of 0. (bnc#441648)

Fri Nov 21 13:00:00 2008 mawAATTsuse.de
- Review and approve changes.

Wed Nov 19 13:00:00 2008 wrAATTrosenauer.org
- updated mozilla-shared-nss-db.patch

* make the patch autodetect nss-shared-helper at buildtime

* feature can be disabled completely at runtime exporting
MOZ_XRE_NO_NSSHELPER=1 before starting Firefox
(that helps to workaround bnc#444780 and makes sense anyway)

Thu Nov 13 13:00:00 2008 hfiguiereAATTsuse.de
- Added gecko-lockdown.patch and toolkit-ui-lockdown.patch

* Iron out some bugs from lockdown (bnc#439380)

* Apparently fixes (bnc#443420)

Thu Nov 13 13:00:00 2008 mawAATTsuse.de
- Review and approve changes.

Tue Nov 11 13:00:00 2008 wrAATTrosenauer.org
- update to security/maintenance release 1.9.0.4 (bnc#439841)

* support additional locales

Thu Nov 6 13:00:00 2008 hpjAATTnovell.com
- Add mozilla-shared-nss-db.patch, which migrates the old NSS DB
to the new, shared format and location.

Tue Oct 28 13:00:00 2008 mawAATTsuse.de
- Review and approve changes.

Mon Oct 27 13:00:00 2008 wrAATTrosenauer.org
- improved baselibs dependencies
- removed obsolete build flags
- make biarch dependencies work correctly (bnc#434283)
- removed executable bits from PNGs (bnc#433752)

Thu Oct 23 14:00:00 2008 hfiguiereAATTsuse.de
- Added gconf-backend.patch:

* Lockdown: FATE#302023, FATE#302024

Mon Sep 29 14:00:00 2008 mawAATTsuse.de
- Review and approve changes.

Sun Sep 28 14:00:00 2008 wrAATTrosenauer.org
- update to regression fix release 1.9.0.3

* Fixed a problem where users were unable to retrieve saved
passwords or save new passwords (bmo#454708, bnc#429179#c20,
CVE-2008-4063, CVE-2008-4064, CVE-2008-3836, andCVE-2008-4070)

Thu Sep 25 14:00:00 2008 mawAATTsuse.de
- Review and approve changes.

Mon Sep 15 14:00:00 2008 wrAATTrosenauer.org
- update to security/maintenance release 1.9.0.2 (bnc#429179)

* support more locales

* removed upstreamed patches
- added PyXPCOM subpackage python-xpcom190
- fix helper app detection for application/octet-stream type
(bnc#406979, bmo#327323)
- stop shipping the \"simple\" example
- use system provided cairo from 11.1 on

Thu Sep 4 14:00:00 2008 roAATTsuse.de
- get rid of at least one opensuse_bs check
(should really check project name and not buildsystem)

Tue Aug 19 14:00:00 2008 mawAATTsuse.de
- Check whether the build is happening on the build service
by using 0%{?opensuse_bs}
- Readd unzip to the list of build requirements.

Sat Aug 16 14:00:00 2008 mawAATTnovell.com
- Review and approve changes.

Wed Aug 6 14:00:00 2008 wrAATTrosenauer.org
- Fix releasedate and apiversion defines

Tue Jul 29 14:00:00 2008 mauroAATTsuse.de
- Merge changes from the Build Service (thanks, Wolfgang)
- Update to stability/security release 1.9.0.1 (bnc#407573)

* added si and sl locales

* for security issues please refer to Firefox 3.0.1
- Fixed a crash [AATT cairo_draw_with_xlib] (bmo#435764)
+ Added bmo435764.patch
- Fixed vertical stripes in windowless plugins (bmo#430450)
+ Added bmo430450.patch
- Remove about:about (bnc#402699, bmo#349451)
+ Added mozilla-aboutAbout.patch

Tue Jun 17 14:00:00 2008 mawAATTsuse.de
- Merge changes from the Build Service (thanks, Wolfgang)
(bnc#400001 and SWAMP#18164).

Tue Jun 17 14:00:00 2008 wrAATTrosenauer.org
- update to version 1.9
- removed obsolete mozilla-fsync
* patch
- make it possible to ignore NM events with a pref (bmo#424626)
(toolkit.networkmanager.ignore=false|true)
(mozilla-network-status.patch)
- modify pref to not stop at punctuation for selections
(bnc#395070)
- fixed restart command for session managers (bnc#396552)
- do not compile cairo with SSE support (bnc#397815)
- mozilla-js.pc uses correct cflags (bnc#397814)

Mon May 26 14:00:00 2008 mawAATTsuse.de
- Fix baselibs.conf to mention mozilla-xulrunner190-translations
(bnc#393856).

Tue May 20 14:00:00 2008 mawAATTsuse.de
- Add mozilla-pkgconfig.patch (part of bnc#381154).

Tue May 20 14:00:00 2008 mawAATTsuse.de
- Add mozilla-fsync-bmo499050.patch (bmo#499050).

Wed Apr 30 14:00:00 2008 mawAATTsuse.de
- Merge changes from the build service (thanks, Wolfgang):
+ Only use gconf proxy settings under GNOME (bnc#381172)
+ Add mozilla-extensionmanager.patch (bnc#381733, and #382969)
+ Add mozilla-system-hunspell.patch to enable use of the system\'s
hunspell (bnc#382437)
+ Add mozilla-gnome-proxies.patch:

* Only use gconf proxy settings when running under GNOME
(bnc#381172)

* Correctly read the ignored hosts settings from gconf
(bmo#429520)
+ Add mozilla-helperapp.patch to offer the gconf default for
protocol handlers (bnc#383697)
- Rename the -lang subpackage to -stranslations (bnc#381635).

Wed Apr 16 14:00:00 2008 mawAATTsuse.de
- Merge changes from the build service:
+ Add mozilla-chrome-registry.patch to fix a startup crash
(bmo#391311 and bnc#379523)
+ Add mozilla-scroll.patch to fix scrolling performance issues
(bmo#424915 and bnc#377055)
+ Update baselibs.conf.

Mon Apr 14 14:00:00 2008 mawAATTsuse.de
- Better sync against the build service\'s version.

Thu Apr 10 14:00:00 2008 roAATTsuse.de
- added baselibs.conf file to create xxbit packages

Tue Apr 1 14:00:00 2008 wrAATTrosenauer.org
- update to version 1.9b5

* including fix for bnc #368967

* integrated mozilla-gnome-vfs.patch
- updated shipped locales \"Provides\"
- fixed version upgrading (remove leftovers from previous versions)
- remove executable flags from JS scripts
- CSS DPI scaling now occurs with higher dpi values now (>192)
- prerequire coreutils for \'rm\' in post scripts

Tue Mar 18 13:00:00 2008 mawAATTsuse.de
- Merge changes from the build service (thanks, Wolfgang).

Mon Mar 10 13:00:00 2008 wrAATTrosenauer.org
- new snapshot version 1.9b4
- updated shipped locales \"Provides\"
- enabled url classifier component
(needed for Firefox\' safe browsing feature)
- added mozilla-gnome-vfs.patch (#368238)

Fri Feb 29 13:00:00 2008 wrAATTrosenauer.org
- new snapshot 20080228
- source archive contains browser components now to make it easier
to keep xulrunner and firefox in sync
(use shipped-locales from browser now instead of keeping a copy
in the package)
- proxy-type 5 is default now (removed from default prefs)

Thu Feb 28 13:00:00 2008 wrAATTrosenauer.org
- new snapshot 20080227
- use system provided sqlite for factory/11.0
- use fdupes
- tweak default preferences
- fix debuginfo package
- fix wrong executable permissions
- fix wrong ownership of the gnomevfs libs
- add add-plugins.sh to manage dictionaries

Tue Feb 26 13:00:00 2008 wrAATTrosenauer.org
- new snapshot 20080225
- added -gnomevfs subpackage for evaluation
- added back -l10n subpackage

Fri Feb 22 13:00:00 2008 wrAATTrosenauer.org
- initial xulrunner 1.9 package

* doesn\'t update any prior xulrunner yet

* can be installed in parallel

* just updates the /usr/bin/xulrunner link to the new version

* needs NSPR 4.7.1 and NSS 3.12


 
ICM