Changelog for
mozilla-xulrunner192-1.9.2.24-2.3.test.9.x86_64.rpm :
* Tue Nov 01 2011 wrAATTrosenauer.org- security update to 1.9.2.24 (bnc#728520)
* MFSA 2011-46/CVE-2011-3647 (bmo#680880) loadSubScript unwraps XPCNativeWrapper scope parameter
* MFSA 2011-47/CVE-2011-3648 (bmo#690225) Potential XSS against sites using Shift-JIS
* MFSA 2011-49/CVE-2011-3650 (bmo#674776) Memory corruption while profiling using Firebug
* Wed Sep 21 2011 wrAATTrosenauer.org- security update to 1.9.2.23 (bnc#720264)
* MFSA 2011-36/CVE-2011-2996 (bmo#555018) Miscellaneous memory safety hazards
* MFSA 2011-37/CVE-2011-2998 (bmo#684815) Integer underflow when using JavaScript RegExp
* MFSA 2011-38/CVE-2011-2999 (bmo#665548) XSS via plugins and shadowed window.location object
* MFSA 2011-39/CVE-2011-3000 (bmo#655389) Defense against multiple Location headers due to CRLF Injection
* MFSA 2011-40/CVE-2011-2372/CVE-2011-3001 Code installation through holding down Enter- bring KDE\'s dialog.xml in sync with original widget
* Wed Sep 14 2011 wrAATTrosenauer.org- add dbus-1-glib-devel to BuildRequires (not pulled in automatically with 12.1)
* Wed Sep 07 2011 pcernyAATTsuse.com- security update to 1.9.2.22 (bnc#714931)
* Complete blocking of certificates issued by DigiNotar (bmo#683449)
* Fri Sep 02 2011 pcernyAATTsuse.com- security update to 1.9.2.21 (bnc#714931)
* MFSA 2011-34 Protection against fraudulent DigiNotar certificates (bmo#682927)
* Fri Aug 05 2011 wrAATTrosenauer.org- security update to 1.9.2.20 (bnc#712224) fixed security issues MFSA 2011-30
* CVE-2011-2982 Miscellaneous memory safety hazards
* CVE-2011-0084 (bmo#648094) Crash in SVGTextElement.getCharNumAtPosition()
* CVE-2011-2981 Privilege escalation using event handlers
* CVE-2011-2378 (bmo#572129) Privilege escalation dropping a tab element in content area
* CVE-2011-2980 (bmo#642469) Binary planting vulnerability in ThinkPadSensor::Startup
* CVE-2011-2983 (bmo#626297) Private data leakage using RegExp.input- added mozilla-implicit-declarations.patch to fix rpmlint/gcc checks- added mozilla-curl.patch to remove obsolete header dependency- added mozilla-linux3.patch to make python symbol dumper aware of the \"linux3\" platform
* Mon Jun 20 2011 wrAATTrosenauer.org- security update to 1.9.2.18 (bnc#701296)
* MFSA 2011-19/CVE-2011-2374 CVE-2011-2376 CVE-2011-2364 CVE-2011-2365 Miscellaneous memory safety hazards
* MFSA 2011-20/CVE-2011-2373 (bmo#617247) Use-after-free vulnerability when viewing XUL document with script disabled
* MFSA 2011-21/CVE-2011-2377 (bmo#638018, bmo#639303) Memory corruption due to multipart/x-mixed-replace images
* MFSA 2011-22/CVE-2011-2371 (bmo#664009) Integer overflow and arbitrary code execution in Array.reduceRight()
* MFSA 2011-23/CVE-2011-0083 CVE-2011-0085 CVE-2011-2363 Multiple dangling pointer vulnerabilities
* MFSA 2011-24/CVE-2011-2362 (bmo#616264) Cookie isolation error- speedier find-external-requires.sh- do not build dump_syms static as it is not needed for us - > fixes build for 12.1 and above
* Wed May 11 2011 cgiboudeauxAATTgmx.com- Add mozilla-gcc46.patch. Fixes various build errors with GCC4.6
* Thu Apr 21 2011 wrAATTrosenauer.org- security update to 1.9.2.17 (bnc#689281)
* MFSA 2011-12/ CVE-2011-0069 CVE-2011-0070 CVE-2011-0072 CVE-2011-0074 CVE-2011-0075 CVE-2011-0077 CVE-2011-0078 CVE-2011-0080 CVE-2011-0081 Miscellaneous memory safety hazards
* MFSA 2011-13/CVE-2011-0065/CVE-2011-0066/CVE-2011-0073 Multiple dangling pointer vulnerabilities
* MFSA 2011-14/CVE-2011-0067 (bmo#527935) Information stealing via form history
* MFSA 2011-18/CVE-2011-1202 (bmo#640339) XSLT generate-id() function heap address leak
* Mon Mar 28 2011 llunakAATTnovell.com- fix \'save as\' with KDE integration (bnc#557598)
* Sat Mar 19 2011 wrAATTrosenauer.org- security update to 1.9.2.16 (bnc#680771)
* MFSA 2011-11 Update HTTPS certificate blacklist (bmo#642395)
* Fri Mar 04 2011 wrAATTrosenauer.org- update to 1.9.2.15
* fix a regression introduced with previous update affecting Java applet integration (bmo#629030)
* Wed Mar 02 2011 pcernyAATTnovell.com- use full path to the ntlm_auth binary (bmo#634334) (mozilla-ntlm-full-path.patch)
* Tue Feb 22 2011 wrAATTrosenauer.org- security update to 1.9.2.14 (build3) (bnc#667155)
* MFSA 2011-01/CVE-2011-0053/CVE-2011-0062 Miscellaneous memory safety hazards (rv:1.9.2.14/ 1.9.1.17)
* MFSA 2011-02/CVE-2011-0051 (bmo#616659) Recursive eval call causes confirm dialogs to evaluate to true
* MFSA 2011-03/CVE-2011-0055 (bmo#616009, bmo#619255) Use-after-free error in JSON.stringify
* MFSA 2011-04/CVE-2011-0054 (bmo#615657) Buffer overflow in JavaScript upvarMap
* MFSA 2011-05/CVE-2011-0056 (bmo#622015) Buffer overflow in JavaScript atom map
* MFSA 2011-06/CVE-2011-0057 (bmo#626631) Use-after-free error using Web Workers
* MFSA 2011-08/CVE-2010-1585 (bmo#562547) ParanoidFragmentSink allows javascript: URLs in chrome documents
* MFSA 2011-09/CVE-2011-0061 (bmo#610601) Crash caused by corrupted JPEG image
* MFSA 2011-10/CVE-2011-0059 (bmo#573873) CSRF risk with plugins and 307 redirects
* Thu Nov 25 2010 wrAATTrosenauer.org- security update to 1.9.2.13 (bnc#657016)
* MFSA 2010-74/CVE-2010-3776/CVE-2010-3777/CVE-2010-3778 Miscellaneous memory safety hazards (rv:1.9.2.13/ 1.9.1.16)
* MFSA 2010-75/CVE-2010-3769 (bmo#608336) Buffer overflow while line breaking after document.write with long string
* MFSA 2010-76/CVE-2010-3771 (bmo#609437) Chrome privilege escalation with window.open and
element
* MFSA 2010-77/CVE-2010-3772 (bmo#594547) Crash and remote code execution using HTML tags inside a XUL tree
* MFSA 2010-78/CVE-2010-3768 (bmo#527276) Add support for OTS font sanitizer
* MFSA 2010-79/CVE-2010-3775 Java security bypass from LiveConnect loaded via data: URL meta refresh
* MFSA 2010-80/CVE-2010-3766 (bmo#590771) Use-after-free error with nsDOMAttribute MutationObserver
* MFSA 2010-81/CVE-2010-3767 (bmo#599468) Integer overflow vulnerability in NewIdArray
* MFSA 2010-82/CVE-2010-3773 (bmo#554449) Incomplete fix for CVE-2010-0179
* MFSA 2010-83/VE-2010-3774 (bmo#602780) Location bar SSL spoofing using network error page
* MFSA 2010-84/CVE-2010-3770 (bmo#601429) XSS hazard in multiple character encodings
* Wed Oct 27 2010 wrAATTrosenauer.org- security update to 1.9.2.12 (bnc#649492)
* MFSA 2010-73/CVE-2010-3765 (bmo#607222) Heap buffer overflow mixing document.write and DOM insertion- ignore empty LANGUAGE environment variable (bnc#648854)
* Wed Oct 06 2010 wrAATTrosenauer.org- security update to 1.9.2.11 (bnc#645315)
* MFSA 2010-64/CVE-2010-3174/CVE-2010-3175/CVE-2010-3176 Miscellaneous memory safety hazards
* MFSA 2010-65/CVE-2010-3179 (bmo#583077) Buffer overflow and memory corruption using document.write
* MFSA 2010-66/CVE-2010-3180 (bmo#588929) Use-after-free error in nsBarProp
* MFSA 2010-67/CVE-2010-3183 (bmo#598669) Dangling pointer vulnerability in LookupGetterOrSetter
* MFSA 2010-68/CVE-2010-3177 (bmo#556734) XSS in gopher parser when parsing hrefs
* MFSA 2010-69/CVE-2010-3178 (bmo#576616) Cross-site information disclosure via modal calls
* MFSA 2010-70/CVE-2010-3170 (bmo#578697) SSL wildcard certificate matching IP addresses
* MFSA 2010-71/CVE-2010-3182 (bmo#590753) Unsafe library loading vulnerabilities
* MFSA 2010-72/CVE-2010-3173 Insecure Diffie-Hellman key exchange- removed upstreamed patches:
* mozilla-esd.patch
* mozilla-helper-app.patch- build and runtime requirement is NSS 3.12.8
* Wed Sep 15 2010 wrAATTrosenauer.org- update to 1.9.2.10
* fixing startup topcrash (bmo#594699)
* Mon Aug 30 2010 wrAATTrosenauer.org- security update to 1.9.2.9 (bnc#637303)
* MFSA 2010-49/CVE-2010-3169 Miscellaneous memory safety hazards
* MFSA 2010-50/CVE-2010-2765 (bmo#576447) Frameset integer overflow vulnerability
* MFSA 2010-51/CVE-2010-2767 (bmo#584512) Dangling pointer vulnerability using DOM plugin array
* MFSA 2010-53/CVE-2010-3166 (bmo#579655) Heap buffer overflow in nsTextFrameUtils::TransformText
* MFSA 2010-54/CVE-2010-2760 (bmo#585815) Dangling pointer vulnerability in nsTreeSelection
* MFSA 2010-55/CVE-2010-3168 (bmo#576075) XUL tree removal crash and remote code execution
* MFSA 2010-56/CVE-2010-3167 (bmo#576070) Dangling pointer vulnerability in nsTreeContentView
* MFSA 2010-57/CVE-2010-2766 (bmo#580445) Crash and remote code execution in normalizeDocument
* MFSA 2010-59/CVE-2010-2762 (bmo#584180) SJOW creates scope chains ending in outer object
* MFSA 2010-61/CVE-2010-2768 (bmo#579744) UTF-7 XSS by overriding document charset using