Hello community, here is the log from the commit of package MozillaFirefox for openSUSE:Factory checked in at Sun Apr 4 11:53:02 CEST 2010. -------- --- MozillaFirefox/MozillaFirefox.changes 2010-03-23 21:07:50.000000000 +0100 +++ /mounts/work_src_done/STABLE/MozillaFirefox/MozillaFirefox.changes 2010-04-03 22:30:20.000000000 +0200 @@ -1,0 +2,7 @@ +Thu Apr 1 11:15:38 UTC 2010 - wr@rosenauer.org + +- security update to 3.6.3 + * MFSA 2010-25/CVE-2010-1121 (bmo#555109) + Re-use of freed object due to scope confusion + +------------------------------------------------------------------- @@ -5 +12 @@ - * MFSA 2010-08/CVE-2010-1028 (bmo#552216) + * MFSA 2010-08/CVE-2010-1028 @@ -6,0 +14,28 @@ + * MFSA 2010-09/CVE-2010-0164 (bmo#547143) + Deleted frame reuse in multipart/x-mixed-replace image + * MFSA 2010-10/CVE-2010-0170 (bmo#541530) + XSS via plugins and unprotected Location object + * MFSA 2010-11/CVE-2010-0165/CVE-2010-0166/CVE-2010-0167 + Crashes with evidence of memory corruption + * MFSA 2010-12/CVE-2010-0171 (bmo#531364) + XSS using addEventListener and setTimeout on a wrapped object + * MFSA 2010-13/CVE-2010-0168 (bmo#540642) + Content policy bypass with image preloading + * MFSA 2010-14/CVE-2010-0169 (bmo#535806) + Browser chrome defacement via cached XUL stylesheets + * MFSA 2010-15/CVE-2010-0172 (bmo#537862) + Asynchronous Auth Prompt attaches to wrong window + * MFSA 2010-16/CVE-2010-0173/CVE-2010-0174 + Crashes with evidence of memory corruption + * MFSA 2010-18/CVE-2010-0176 (bmo#538308) + Dangling pointer vulnerability in nsTreeContentView + * MFSA 2010-19/CVE-2010-0177 (bmo#538310) + Dangling pointer vulnerability in nsPluginArray + * MFSA 2010-20/CVE-2010-0178 (bmo#546909) + Chrome privilege escalation via forced URL drag and drop + * MFSA 2010-22/CVE-2009-3555 (bmo#545755) + Update NSS to support TLS renegotiation indication + * MFSA 2010-23/CVE-2010-0181 (bmo#452093) + Image src redirect to mailto: URL opens email editor + * MFSA 2010-24/CVE-2010-0182 (bmo#490790) + XMLDocument::load() doesn't check nsIContentPolicy calling whatdependson for head-i586 Old: ---- firefox-3.6.2-source.tar.bz2 l10n-3.6.2.tar.bz2 New: ---- firefox-3.6.3-source.tar.bz2 l10n-3.6.3.tar.bz2 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ MozillaFirefox.spec ++++++ --- /var/tmp/diff_new_pack.Gyhm1l/_old 2010-04-04 11:52:51.000000000 +0200 +++ /var/tmp/diff_new_pack.Gyhm1l/_new 2010-04-04 11:52:51.000000000 +0200 @@ -1,5 +1,5 @@ # -# spec file for package MozillaFirefox (Version 3.6.2) +# spec file for package MozillaFirefox (Version 3.6.3) # # Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany. # 2006-2010 Wolfgang Rosenauer @@ -22,7 +22,7 @@ Name: MozillaFirefox %define xulrunner mozilla-xulrunner192 BuildRequires: autoconf213 gcc-c++ libcurl-devel libgnomeui-devel libidl-devel libnotify-devel python unzip update-desktop-files zip -BuildRequires: %{xulrunner}-devel = 1.9.2.2 +BuildRequires: %{xulrunner}-devel = 1.9.2.3 %if %suse_version > 1020 BuildRequires: fdupes %endif @@ -34,9 +34,9 @@ License: GPLv2+ ; LGPLv2.1+ ; MPLv1.1+ Provides: web_browser Provides: firefox -Version: 3.6.2 +Version: 3.6.3 Release: 1 -%define releasedate 2010031700 +%define releasedate 2010040100 Summary: Mozilla Firefox Web Browser Url: http://www.mozilla.org/ Group: Productivity/Networking/Web/Browsers ++++++ firefox-3.6.2-source.tar.bz2 -> firefox-3.6.3-source.tar.bz2 ++++++ MozillaFirefox/firefox-3.6.2-source.tar.bz2 /mounts/work_src_done/STABLE/MozillaFirefox/firefox-3.6.3-source.tar.bz2 differ: char 11, line 1 ++++++ l10n-3.6.2.tar.bz2 -> l10n-3.6.3.tar.bz2 ++++++ MozillaFirefox/l10n-3.6.2.tar.bz2 /mounts/work_src_done/STABLE/MozillaFirefox/l10n-3.6.3.tar.bz2 differ: char 11, line 1 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... -- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org