From ed1e6f20d03e8284f7ef7633c8cbd7cbb4a9625f2ca7643c9b2a525ad4d4a287 Mon Sep 17 00:00:00 2001
From: Wolfgang Rosenauer <wolfgang@rosenauer.org>
Date: Thu, 15 Jan 2015 06:02:33 +0000
Subject: [PATCH] security fixes:   * MFSA 2015-01/CVE-2014-8634/CVE-2014-8635 
    Miscellaneous memory safety hazards   * MFSA 2015-02/CVE-2014-8637
 (bmo#1094536)     Uninitialized memory use during bitmap rendering   * MFSA
 2015-03/CVE-2014-8638 (bmo#1080987)     sendBeacon requests lack an Origin
 header   * MFSA 2015-04/CVE-2014-8639 (bmo#1095859)     Cookie injection
 through Proxy Authenticate responses   * MFSA 2015-05/CVE-2014-8640
 (bmo#1100409)     Read of uninitialized memory in Web Audio   * MFSA
 2015-06/CVE-2014-8641 (bmo#1108455)     Read-after-free in WebRTC   * MFSA
 2015-07/CVE-2014-8643 (bmo#1114170) (Windows-only)     Gecko Media Plugin
 sandbox escape   * MFSA 2015-08/CVE-2014-8642 (bmo#1079658)     Delegated
 OCSP responder certificates failure with     id-pkix-ocsp-nocheck extension  
 * MFSA 2015-09/CVE-2014-8636 (bmo#987794)     XrayWrapper bypass through DOM
 objects

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=420
---
 MozillaFirefox.changes | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)

diff --git a/MozillaFirefox.changes b/MozillaFirefox.changes
index 290ddf1..28641d1 100644
--- a/MozillaFirefox.changes
+++ b/MozillaFirefox.changes
@@ -6,6 +6,26 @@ Sat Jan 10 18:36:37 UTC 2015 - wr@rosenauer.org
   * Firefox Hello with new rooms-based conversations model
   * Implemented HTTP Public Key Pinning Extension (for enhanced
     authentication of encrypted connections)
+  security fixes:
+  * MFSA 2015-01/CVE-2014-8634/CVE-2014-8635
+    Miscellaneous memory safety hazards
+  * MFSA 2015-02/CVE-2014-8637 (bmo#1094536)
+    Uninitialized memory use during bitmap rendering
+  * MFSA 2015-03/CVE-2014-8638 (bmo#1080987)
+    sendBeacon requests lack an Origin header
+  * MFSA 2015-04/CVE-2014-8639 (bmo#1095859)
+    Cookie injection through Proxy Authenticate responses
+  * MFSA 2015-05/CVE-2014-8640 (bmo#1100409)
+    Read of uninitialized memory in Web Audio
+  * MFSA 2015-06/CVE-2014-8641 (bmo#1108455)
+    Read-after-free in WebRTC
+  * MFSA 2015-07/CVE-2014-8643 (bmo#1114170) (Windows-only)
+    Gecko Media Plugin sandbox escape
+  * MFSA 2015-08/CVE-2014-8642 (bmo#1079658)
+    Delegated OCSP responder certificates failure with
+    id-pkix-ocsp-nocheck extension
+  * MFSA 2015-09/CVE-2014-8636 (bmo#987794)
+    XrayWrapper bypass through DOM objects
 - rebased patches
 - dropped explicit support for everything older than 12.3
   (including SLES11)