Hello community, here is the log from the commit of package patchinfo.3275 for openSUSE:12.3:Update checked in at 2014-12-07 16:24:40 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:12.3:Update/patchinfo.3275 (Old) and /work/SRC/openSUSE:12.3:Update/.patchinfo.3275.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "patchinfo.3275" Changes: -------- New Changes file: NO CHANGES FILE!!! New: ---- _patchinfo ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ _patchinfo ++++++ <patchinfo incident="3275"> <issue id="900639" tracker="bnc">firefox stopped to spell check - needs external dictionaries</issue> <issue id="908009" tracker="bnc">VUL-0: MozillaFirefox: Firefox 34/Firefox ESR 31.3/Thunderbird 31.3</issue> <issue id="CVE-2014-1591" tracker="cve" /> <issue id="CVE-2014-1590" tracker="cve" /> <issue id="CVE-2014-1593" tracker="cve" /> <issue id="CVE-2014-1592" tracker="cve" /> <issue id="CVE-2014-1587" tracker="cve" /> <issue id="CVE-2014-1588" tracker="cve" /> <issue id="CVE-2014-1589" tracker="cve" /> <issue id="CVE-2014-1594" tracker="cve" /> <category>security</category> <rating>moderate</rating> <packager>wrosenauer</packager> <description>This MozillaFirefox update fixes several security and non security issues. Changes in MozillaFirefox: - update to Firefox 34.0.5 (bnc#908009) * Default search engine changed to Yahoo! for North America * Default search engine changed to Yandex for Belarusian, Kazakh, and Russian locales * Improved search bar (en-US only) * Firefox Hello real-time communication client * Easily switch themes/personas directly in the Customizing mode * Implementation of HTTP/2 (draft14) and ALPN * Disabled SSLv3 * MFSA 2014-83/CVE-2014-1587/CVE-2014-1588 Miscellaneous memory safety hazards * MFSA 2014-84/CVE-2014-1589 (bmo#1043787) XBL bindings accessible via improper CSS declarations * MFSA 2014-85/CVE-2014-1590 (bmo#1087633) XMLHttpRequest crashes with some input streams * MFSA 2014-86/CVE-2014-1591 (bmo#1069762) CSP leaks redirect data via violation reports * MFSA 2014-87/CVE-2014-1592 (bmo#1088635) Use-after-free during HTML5 parsing * MFSA 2014-88/CVE-2014-1593 (bmo#1085175) Buffer overflow while parsing media content * MFSA 2014-89/CVE-2014-1594 (bmo#1074280) Bad casting from the BasicThebesLayer to BasicContainerLayer - rebased patches - limit linker memory usage for %ix86 - update to Firefox 33.1 * Adding DuckDuckGo as a search option (upstream) * Forget Button added * Enhanced Tiles * Privacy tour introduced - fix typo in GStreamer Recommends - Disable elf-hack for aarch64 - Enable EGL for aarch64 - Limit RAM usage during link for %arm - Fix _constraints for ARM - use proper macros for ARM - use '--disable-optimize' not only on 32-bit x86, but on 32-bit arm too to fix compiling. - pass '-Wl,--no-keep-memory' to linker to reduce required memory during linking on arm. - update to Firefox 33.0.2 * Fix a startup crash with some combination of hardware and drivers 33.0.1 * Firefox displays a black screen at start-up with certain graphics drivers - adjusted _constraints for ARM - added mozilla-bmo1088588.patch to fix build with EGL (bmo#1088588) - define /usr/share/myspell as additional dictionary location and remove add-plugins.sh finally (bnc#900639) - use Firefox default optimization flags instead of -Os - specfile cleanup </description> <summary>Security update for MozillaFirefox</summary> </patchinfo> -- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org