Hello community, here is the log from the commit of package mozilla-xulrunner192 for openSUSE:Factory checked in at Sun Apr 4 11:53:31 CEST 2010. -------- --- mozilla-xulrunner192/mozilla-xulrunner192.changes 2010-03-25 20:11:09.000000000 +0100 +++ /mounts/work_src_done/STABLE/mozilla-xulrunner192/mozilla-xulrunner192.changes 2010-04-03 21:55:22.000000000 +0200 @@ -1,0 +2,7 @@ +Thu Apr 1 11:15:38 UTC 2010 - wr@rosenauer.org + +- security update to 1.9.2.3 + * MFSA 2010-25/CVE-2010-1121 (bmo#555109) + Re-use of freed object due to scope confusion + +------------------------------------------------------------------- @@ -5,2 +12 @@ - * requires NSS 3.12.6 - * MFSA 2010-08/CVE-2010-1028 (bmo#552216) + * MFSA 2010-08/CVE-2010-1028 @@ -7,0 +14,28 @@ + * MFSA 2010-09/CVE-2010-0164 (bmo#547143) + Deleted frame reuse in multipart/x-mixed-replace image + * MFSA 2010-10/CVE-2010-0170 (bmo#541530) + XSS via plugins and unprotected Location object + * MFSA 2010-11/CVE-2010-0165/CVE-2010-0166/CVE-2010-0167 + Crashes with evidence of memory corruption + * MFSA 2010-12/CVE-2010-0171 (bmo#531364) + XSS using addEventListener and setTimeout on a wrapped object + * MFSA 2010-13/CVE-2010-0168 (bmo#540642) + Content policy bypass with image preloading + * MFSA 2010-14/CVE-2010-0169 (bmo#535806) + Browser chrome defacement via cached XUL stylesheets + * MFSA 2010-15/CVE-2010-0172 (bmo#537862) + Asynchronous Auth Prompt attaches to wrong window + * MFSA 2010-16/CVE-2010-0173/CVE-2010-0174 + Crashes with evidence of memory corruption + * MFSA 2010-18/CVE-2010-0176 (bmo#538308) + Dangling pointer vulnerability in nsTreeContentView + * MFSA 2010-19/CVE-2010-0177 (bmo#538310) + Dangling pointer vulnerability in nsPluginArray + * MFSA 2010-20/CVE-2010-0178 (bmo#546909) + Chrome privilege escalation via forced URL drag and drop + * MFSA 2010-22/CVE-2009-3555 (bmo#545755) + Update NSS to support TLS renegotiation indication + * MFSA 2010-23/CVE-2010-0181 (bmo#452093) + Image src redirect to mailto: URL opens email editor + * MFSA 2010-24/CVE-2010-0182 (bmo#490790) + XMLDocument::load() doesn't check nsIContentPolicy calling whatdependson for head-i586 Old: ---- l10n-1.9.2.2.tar.bz2 xulrunner-source-1.9.2.2.tar.bz2 New: ---- l10n-1.9.2.3.tar.bz2 xulrunner-source-1.9.2.3.tar.bz2 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ mozilla-xulrunner192.spec ++++++ --- /var/tmp/diff_new_pack.qpIvCX/_old 2010-04-04 11:53:18.000000000 +0200 +++ /var/tmp/diff_new_pack.qpIvCX/_new 2010-04-04 11:53:18.000000000 +0200 @@ -1,5 +1,5 @@ # -# spec file for package mozilla-xulrunner192 (Version 1.9.2.2) +# spec file for package mozilla-xulrunner192 (Version 1.9.2.3) # # Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany. # 2006-2010 Wolfgang Rosenauer @@ -39,12 +39,12 @@ BuildRequires: wireless-tools %endif License: GPLv2+ ; LGPLv2.1+ ; MPLv1.1+ -Version: 1.9.2.2 +Version: 1.9.2.3 Release: 1 -%define releasedate 2010031700 -%define version_internal 1.9.2.2 +%define releasedate 2010040100 +%define version_internal 1.9.2.3 %define apiversion 1.9.2 -%define uaweight 192020 +%define uaweight 192030 Summary: Mozilla Runtime Environment 1.9.2 Url: http://www.mozilla.org Group: Productivity/Other ++++++ create-tar.sh ++++++ --- /var/tmp/diff_new_pack.qpIvCX/_old 2010-04-04 11:53:18.000000000 +0200 +++ /var/tmp/diff_new_pack.qpIvCX/_new 2010-04-04 11:53:18.000000000 +0200 @@ -1,7 +1,7 @@ #!/bin/bash -RELEASE_TAG="FIREFOX_3_6_2_RELEASE" -VERSION="1.9.2.2" +RELEASE_TAG="FIREFOX_3_6_3_RELEASE" +VERSION="1.9.2.3" # mozilla hg clone http://hg.mozilla.org/releases/mozilla-1.9.2 mozilla ++++++ l10n-1.9.2.2.tar.bz2 -> l10n-1.9.2.3.tar.bz2 ++++++ mozilla-xulrunner192/l10n-1.9.2.2.tar.bz2 /mounts/work_src_done/STABLE/mozilla-xulrunner192/l10n-1.9.2.3.tar.bz2 differ: char 11, line 1 ++++++ xulrunner-source-1.9.2.2.tar.bz2 -> xulrunner-source-1.9.2.3.tar.bz2 ++++++ mozilla-xulrunner192/xulrunner-source-1.9.2.2.tar.bz2 /mounts/work_src_done/STABLE/mozilla-xulrunner192/xulrunner-source-1.9.2.3.tar.bz2 differ: char 11, line 1 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... -- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org