OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaFirefox?expand=0&rev=53

MozillaFirefox.changes

@@ -1,3 +1,37 @@
+-------------------------------------------------------------------
+Tue Apr 28 10:47:54 CEST 2009 - wr@rosenauer.org
+
+- security update to 3.0.10
+  * MFSA 2009-23/CVE-2009-1313 (bmo#489647)
+      Crash in nsTextFrame::ClearTextRun()
+
+-------------------------------------------------------------------
+Thu Apr 16 13:52:21 CEST 2009 - wr@rosenauer.org
+
+- security update to 3.0.9 (bnc#495473)
+  * MFSA 2009-14/CVE-2009-1302/CVE-2009-1303/CVE-2009-1304/CVE-2009-1305
+      Crashes with evidence of memory corruption (rv:1.9.0.9)
+  * MFSA 2009-15/CVE-2009-0652 (bmo#479336)
+      URL spoofing with box drawing character
+  * MFSA 2009-16/CVE-2009-1306 (bmo#474536)
+      jar: scheme ignores the content-disposition: header on the
+      inner URI
+  * MFSA 2009-17/CVE-2009-1307 (bmo#481342)
+      Same-origin violations when Adobe Flash loaded via
+      view-source: scheme
+  * MFSA 2009-18/CVE-2009-1308 (bmo#481558)
+      XSS hazard using third-party stylesheets and XBL bindings
+  * MFSA 2009-19/CVE-2009-1309 (bmo#482206,478433)
+      Same-origin violations in XMLHttpRequest and
+      XPCNativeWrapper.toString
+  * MFSA 2009-20/CVE-2009-1310 (bmo#483086)
+      Malicious search plugins can inject code into arbitrary sites
+  * MFSA 2009-21/CVE-2009-1311 (bmo#471962)
+      POST data sent to wrong site when saving web page with
+      embedded frame
+  * MFSA 2009-22/CVE-2009-1312 (bmo#475636)
+      Firefox allows Refresh header to redirect to javascript: URIs
+
 -------------------------------------------------------------------
 Fri Mar 27 09:43:43 CET 2009 - wr@rosenauer.org
 

MozillaFirefox.spec

@@ -1,5 +1,5 @@
 #
-# spec file for package MozillaFirefox (Version 3.0.8)
+# spec file for package MozillaFirefox (Version 3.0.10)
 #
 # Copyright (c) 2009 SUSE LINUX Products GmbH, Nuernberg, Germany.
 #
@@ -26,7 +26,7 @@ BuildRequires:  fdupes
 License:        GPL v2 or later; LGPL v2.1 or later; MOZILLA PUBLIC LICENSE (MPL/NPL)
 Provides:       web_browser
 Provides:       firefox
-Version:        3.0.8
+Version:        3.0.10
 Release:        1
 Summary:        Mozilla Firefox Web Browser
 Url:            http://www.mozilla.org/
@@ -60,7 +60,7 @@ Requires:       %{name}-branding >= 3.0
 %define __find_requires sh %{SOURCE4}
 %global provfind sh -c "grep -v '.so' | %__find_provides"
 %global __find_provides %provfind
-%define releasedate 2009032600
+%define releasedate 2009042700
 %define progname firefox
 %define progdir %{_prefix}/%_lib/%{progname}
 %if %suse_version > 1020
@@ -340,6 +340,34 @@ fi
 %{progdir}/defaults/profile/bookmarks.html
 
 %changelog
+* Tue Apr 28 2009 wr@rosenauer.org
+- security update to 3.0.10
+  * MFSA 2009-23/CVE-2009-1313 (bmo#489647)
+  Crash in nsTextFrame::ClearTextRun()
+* Thu Apr 16 2009 wr@rosenauer.org
+- security update to 3.0.9 (bnc#495473)
+  * MFSA 2009-14/CVE-2009-1302/CVE-2009-1303/CVE-2009-1304/CVE-2009-1305
+  Crashes with evidence of memory corruption (rv:1.9.0.9)
+  * MFSA 2009-15/CVE-2009-0652 (bmo#479336)
+  URL spoofing with box drawing character
+  * MFSA 2009-16/CVE-2009-1306 (bmo#474536)
+  jar: scheme ignores the content-disposition: header on the
+  inner URI
+  * MFSA 2009-17/CVE-2009-1307 (bmo#481342)
+  Same-origin violations when Adobe Flash loaded via
+  view-source: scheme
+  * MFSA 2009-18/CVE-2009-1308 (bmo#481558)
+  XSS hazard using third-party stylesheets and XBL bindings
+  * MFSA 2009-19/CVE-2009-1309 (bmo#482206,478433)
+  Same-origin violations in XMLHttpRequest and
+  XPCNativeWrapper.toString
+  * MFSA 2009-20/CVE-2009-1310 (bmo#483086)
+  Malicious search plugins can inject code into arbitrary sites
+  * MFSA 2009-21/CVE-2009-1311 (bmo#471962)
+  POST data sent to wrong site when saving web page with
+  embedded frame
+  * MFSA 2009-22/CVE-2009-1312 (bmo#475636)
+  Firefox allows Refresh header to redirect to javascript: URIs
 * Fri Mar 27 2009 wr@rosenauer.org
 - security update to 1.9.0.8 (bnc#488955,489411)
   * MFSA 2009-12/CVE-2009-1169 (bmo#460090,485217)
@@ -422,7 +450,7 @@ fi
 - removed obsolete configure option (enable-gconf)
 * Fri Nov 07 2008 maw@suse.de
 - Review and approve changes.
-* Tue Nov 04 2008 wr@rosenauer.org
+* Wed Nov 05 2008 wr@rosenauer.org
 - moved gconf schema into branding packages (bnc#441646)
 * Tue Oct 28 2008 hfiguiere@suse.de
 - Fix missing %%endif (for fix for bnc#434283)
@@ -702,7 +730,7 @@ fi
   U+3099 U+309A (see bugzilla #262718 comment #29).
 * Mon Mar 12 2007 maw@suse.de
 - Package gconf stuff.
-* Wed Feb 21 2007 maw@suse.de
+* Thu Feb 22 2007 maw@suse.de
 - Security update to 2.0.0.2 (#244923), which covers:
   + mfsa2007-01
   * CVE-2007-0775 - layout engine crashes
@@ -995,7 +1023,7 @@ fi
 - unlocalize bookmarks (#114279)
 * Thu Sep 08 2005 stark@suse.de
 - fixed some filemodes (#114849)
-* Sat Sep 03 2005 stark@suse.de
+* Sun Sep 04 2005 stark@suse.de
 - fixed gconf-backend patch to be able to use
   system prefs (#114054)
 * Thu Sep 01 2005 stark@suse.de
@@ -1101,7 +1129,7 @@ fi
 - don't execute gconf magic within build environment
 * Sat Apr 16 2005 stark@suse.de
 - update to final 1.0.3 release
-* Thu Apr 14 2005 ro@suse.de
+* Fri Apr 15 2005 ro@suse.de
 - fix problem in postinstall script
 * Thu Apr 14 2005 stark@suse.de
 - included fixed lockdown patch for NLD
@@ -1252,7 +1280,7 @@ fi
 - fixed inclusion of RealPlayer plugin again
 * Tue Oct 05 2004 stark@suse.de
 - small important fix in firefox-download.patch (Ximian #65472)
-* Sat Oct 02 2004 stark@suse.de
+* Sun Oct 03 2004 stark@suse.de
 - added security-fix from 0.10.1 (mozilla.org #259708) (#46687)
 * Fri Oct 01 2004 stark@suse.de
 - final fix for downloading to Desktop folder (Ximian #65756)

firefox-3.0.10-source.tar.bz2

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:9f1f3812828affa75314d55f6e0eae211d2de845e21449fad8963fc0994e7288
+size 36964636

firefox-3.0.8-source.tar.bz2

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:cf272b6be6733500fed37e42147cc8082291577ec6ad752a8f73b9b12d21e490
-size 36921714

l10n-3.0.10.tar.bz2

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:a32c41537113c9ee1a5f9995686d8db9a8d27dcc5cd37c5c80b5055c75ba50db
+size 29338694

l10n-3.0.8.tar.bz2

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:47fc0ea01c4d0030a6469f611d29133c3dbad3994d8d5ed5f115b02ddf11bde8
-size 29350258