forked from pool/MozillaFirefox
- update to Firefox 52.3esr (boo#1052829)
MFSA 2017-19 * CVE-2017-7798 (bmo#1371586, bmo#1372112) XUL injection in the style editor in devtools * CVE-2017-7800 (bmo#1374047) Use-after-free in WebSockets during disconnection * CVE-2017-7801 (bmo#1371259) Use-after-free with marquee during window resizing * CVE-2017-7784 (bmo#1376087) Use-after-free with image observers * CVE-2017-7802 (bmo#1378147) Use-after-free resizing image elements * CVE-2017-7785 (bmo#1356985) Buffer overflow manipulating ARIA attributes in DOM * CVE-2017-7786 (bmo#1365189) Buffer overflow while painting non-displayable SVG * CVE-2017-7753 (bmo#1353312) Out-of-bounds read with cached style data and pseudo-elements# * CVE-2017-7787 (bmo#1322896) Same-origin policy bypass with iframes through page reloads * CVE-2017-7807 (bmo#1376459) Domain hijacking through AppCache fallback * CVE-2017-7792 (bmo#1368652) Buffer overflow viewing certificates with an extremely long OID * CVE-2017-7804 (bmo#1372849) Memory protection bypass through WindowsDllDetourPatcher * CVE-2017-7791 (bmo#1365875) Spoofing following page navigation with data: protocol and modal alerts * CVE-2017-7782 (bmo#1344034) WindowsDllDetourPatcher allocates memory without DEP protections OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=598
This commit is contained in:
parent
39f69ee80f
commit
b7e1035064
@ -1,3 +1,41 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Tue Aug 8 18:13:34 UTC 2017 - wr@rosenauer.org
|
||||||
|
|
||||||
|
- update to Firefox 52.3esr (boo#1052829)
|
||||||
|
MFSA 2017-19
|
||||||
|
* CVE-2017-7798 (bmo#1371586, bmo#1372112)
|
||||||
|
XUL injection in the style editor in devtools
|
||||||
|
* CVE-2017-7800 (bmo#1374047)
|
||||||
|
Use-after-free in WebSockets during disconnection
|
||||||
|
* CVE-2017-7801 (bmo#1371259)
|
||||||
|
Use-after-free with marquee during window resizing
|
||||||
|
* CVE-2017-7784 (bmo#1376087)
|
||||||
|
Use-after-free with image observers
|
||||||
|
* CVE-2017-7802 (bmo#1378147)
|
||||||
|
Use-after-free resizing image elements
|
||||||
|
* CVE-2017-7785 (bmo#1356985)
|
||||||
|
Buffer overflow manipulating ARIA attributes in DOM
|
||||||
|
* CVE-2017-7786 (bmo#1365189)
|
||||||
|
Buffer overflow while painting non-displayable SVG
|
||||||
|
* CVE-2017-7753 (bmo#1353312)
|
||||||
|
Out-of-bounds read with cached style data and pseudo-elements#
|
||||||
|
* CVE-2017-7787 (bmo#1322896)
|
||||||
|
Same-origin policy bypass with iframes through page reloads
|
||||||
|
* CVE-2017-7807 (bmo#1376459)
|
||||||
|
Domain hijacking through AppCache fallback
|
||||||
|
* CVE-2017-7792 (bmo#1368652)
|
||||||
|
Buffer overflow viewing certificates with an extremely long OID
|
||||||
|
* CVE-2017-7804 (bmo#1372849)
|
||||||
|
Memory protection bypass through WindowsDllDetourPatcher
|
||||||
|
* CVE-2017-7791 (bmo#1365875)
|
||||||
|
Spoofing following page navigation with data: protocol and modal alerts
|
||||||
|
* CVE-2017-7782 (bmo#1344034)
|
||||||
|
WindowsDllDetourPatcher allocates memory without DEP protections
|
||||||
|
* CVE-2017-7803 (bmo#1377426)
|
||||||
|
CSP containing 'sandbox' improperly applied
|
||||||
|
* CVE-2017-7779
|
||||||
|
Memory safety bugs fixed in Firefox 55 and Firefox ESR 52.3
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Wed Jul 5 07:26:32 UTC 2017 - astieger@suse.com
|
Wed Jul 5 07:26:32 UTC 2017 - astieger@suse.com
|
||||||
|
|
||||||
|
@ -19,9 +19,9 @@
|
|||||||
|
|
||||||
# changed with every update
|
# changed with every update
|
||||||
%define major 52
|
%define major 52
|
||||||
%define mainver %major.2.1
|
%define mainver %major.3.0
|
||||||
%define update_channel esr52
|
%define update_channel esr52
|
||||||
%define releasedate 20170629000000
|
%define releasedate 20170807000000
|
||||||
|
|
||||||
# PIE, full relro (x86_64 for now)
|
# PIE, full relro (x86_64 for now)
|
||||||
%define build_hardened 1
|
%define build_hardened 1
|
||||||
|
@ -1,3 +1,3 @@
|
|||||||
version https://git-lfs.github.com/spec/v1
|
version https://git-lfs.github.com/spec/v1
|
||||||
oid sha256:b14ec1fcbda280d664f73c0cc109dfe70dfd9c82ee73e6b6effcfb91b683e974
|
oid sha256:0c012241138a66dea1995518f245898791d94cb31d11b2472c889dbe464418bb
|
||||||
size 28824
|
size 28392
|
||||||
|
@ -7,8 +7,8 @@
|
|||||||
|
|
||||||
CHANNEL="esr52"
|
CHANNEL="esr52"
|
||||||
BRANCH="releases/mozilla-$CHANNEL"
|
BRANCH="releases/mozilla-$CHANNEL"
|
||||||
RELEASE_TAG="FIREFOX_52_2_1esr_RELEASE"
|
RELEASE_TAG="FIREFOX_52_3_0esr_RELEASE"
|
||||||
VERSION="52.2.1"
|
VERSION="52.3.0"
|
||||||
|
|
||||||
# mozilla
|
# mozilla
|
||||||
if [ -d mozilla ]; then
|
if [ -d mozilla ]; then
|
||||||
|
@ -1,3 +0,0 @@
|
|||||||
version https://git-lfs.github.com/spec/v1
|
|
||||||
oid sha256:ba0a07c30a18029a82304b99ab6d309e297fd4daf154b28dd3fd355b2da58b61
|
|
||||||
size 228016352
|
|
3
firefox-52.3.0-source.tar.xz
Normal file
3
firefox-52.3.0-source.tar.xz
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
version https://git-lfs.github.com/spec/v1
|
||||||
|
oid sha256:81cda681a593c1737ff6a448e73288beab6e1499f638002f5cfaa6726896420b
|
||||||
|
size 223189032
|
@ -1,3 +0,0 @@
|
|||||||
version https://git-lfs.github.com/spec/v1
|
|
||||||
oid sha256:fcc7a6c7f1666fc216a43418dcb698001ca97e1ad2de1620364b50ef79d6c9a7
|
|
||||||
size 49291392
|
|
3
l10n-52.3.0.tar.xz
Normal file
3
l10n-52.3.0.tar.xz
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
version https://git-lfs.github.com/spec/v1
|
||||||
|
oid sha256:20761eb9dd53c5880410fa1a94574f14b75e443b5bc8efe383d27c40a3e241c9
|
||||||
|
size 45075116
|
@ -1,2 +1,2 @@
|
|||||||
REV=512efd480dac
|
REV=20a1a6ad46d5
|
||||||
REPO=http://hg.mozilla.org/releases/mozilla-esr52
|
REPO=http://hg.mozilla.org/releases/mozilla-esr52
|
||||||
|
Loading…
Reference in New Issue
Block a user