- Tue Jun 5 2012 fwang <fwang> 0:10.0.5-1.mga1
+ Revision: 255762
- new version 10.0.5esr
- new version 10.0.3 ESR (Extended Support Release)
o fixes http://www.mozilla.org/security/announce/2012/mfsa2012-13.html
(XSS with Drag and Drop and Javascript: URL [CVE-2012-0455])
o fixes http://www.mozilla.org/security/announce/2012/mfsa2012-14.html
(SVG issues found with Address Sanitizer [CVE-2012-0456, CVE-2012-0457])
o fixes http://www.mozilla.org/security/announce/2012/mfsa2012-15.html
(XSS with multiple Content Security Policy headers [CVE-2012-0451])
o fixes http://www.mozilla.org/security/announce/2012/mfsa2012-16.html
(Escalation of privilege with Javascript: URL as home page [CVE-2012-0458])
o fixes http://www.mozilla.org/security/announce/2012/mfsa2012-17.html
(Crash when accessing keyframe cssText after dynamic modification
[CVE-2012-0459])
o fixes http://www.mozilla.org/security/announce/2012/mfsa2012-18.html
(window.fullScreen writeable by untrusted content [CVE-2012-0460])
o fixes http://www.mozilla.org/security/announce/2012/mfsa2012-19.html
(Miscellaneous memory safety hazards (rv:11.0/ rv:10.0.3 / rv:1.9.2.28)
[CVE-2012-0461, CVE-2012-0462, CVE-2012-0464, CVE-2012-0463 ])
- new version 3.1.12
+ doktor5000
- new version 10.0.4 ESR (Extended Support Release)
o fixes http://www.mozilla.org/security/announce/2012/mfsa2012-20.html
(Miscellaneous memory safety hazards [CVE-2012-0468, CVE-2012-0467])
o fixes http://www.mozilla.org/security/announce/2012/mfsa2012-22.html
(use-after-free in IDBKeyRange[CVE-2012-0469])
o fixes http://www.mozilla.org/security/announce/2012/mfsa2012-23.html
(Invalid frees causes heap corruption in gfxImageSurface [CVE-2012-0470])
o fixes http://www.mozilla.org/security/announce/2012/mfsa2012-24.html
(Potential XSS via multibyte content processing errors [CVE-2012-0471])
o fixes http://www.mozilla.org/security/announce/2012/mfsa2012-25.html
(Potential memory corruption during font rendering using cairo-dwrite
[CVE-2012-0472])
o fixes http://www.mozilla.org/security/announce/2012/mfsa2012-26.html
(WebGL.drawElements may read illegal video memory due to
FindMaxUshortElement error [CVE-2012-0473])
o fixes http://www.mozilla.org/security/announce/2012/mfsa2012-27.html
(Page load short-circuit can lead to XSS [CVE-2012-0474])
o fixes http://www.mozilla.org/security/announce/2012/mfsa2012-28.html
(Ambiguous IPv6 in Origin headers may bypass webserver access restrictions
[CVE-2012-0475])
o fixes http://www.mozilla.org/security/announce/2012/mfsa2012-29.html
(Potential XSS through ISO-2022-KR/ISO-2022-CN decoding issues
[CVE-2012-0477])
o fixes http://www.mozilla.org/security/announce/2012/mfsa2012-30.html
(Crash with WebGL content using textImage2D [CVE-2012-0478])
o fixes http://www.mozilla.org/security/announce/2012/mfsa2012-31.html
(Off-by-one error in OpenType Sanitizer [CVE-2011-3062])
o fixes http://www.mozilla.org/security/announce/2012/mfsa2012-33.html
(Potential site identity spoofing when loading RSS and Atom feeds
[CVE-2012-0479])
- switch to Enigmail 1.4, officially supported version for ESR releases
o fixes a problem with inline PGP decrpytion
- use system nss shlibsign instead of missing bundled one
- remove unused Sources
- change Requires on libcanberra to Suggests
- new version 10.0.2 ESR (Extended Support Release)
o fixes http://www.mozilla.org/security/announce/2012/mfsa2012-11.html
(libpng integer overflow [CVE-2011-3026])
- drop all unused patches
- remove useless commented-out stuff
- new version 10.0.1, switch to ESR (Extended Support Release)
o fixes http://www.mozilla.org/security/announce/2012/mfsa2012-01.html
(miscellaneous memory safety hazards [CVE-2012-0442] [CVE-2012-0443]
fixed in 10.0 )
o fixes http://www.mozilla.org/security/announce/2012/mfsa2012-03.html
(
distrib
>
Mageia
>
1
>
i586
>
media
>
core-updates
>
by-pkgid
>
3ac09c0ecd322006ee4e5808b6109dc5
>
changelog