Hello community,
here is the log from the commit of package patchinfo.5200 for
openSUSE:13.2:Update checked in at 2016-06-11 10:50:14
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:13.2:Update/patchinfo.5200 (Old)
and /work/SRC/openSUSE:13.2:Update/.patchinfo.5200.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "patchinfo.5200"
Changes:
--------
New Changes file:
NO CHANGES FILE!!!
New:
----
_patchinfo
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ _patchinfo ++++++
<patchinfo incident="5200">
<issue id="983549" tracker="bnc">VUL-0: MozillaFirefox 47 / 45.2 ESR security
release</issue>
<issue id="981695" tracker="bnc">Firefox configure options cleanup</issue>
<issue id="980384" tracker="bnc">Enable PIE and full relro build for
firefox</issue>
<issue id="983640" tracker="bnc">VUL-0: CVE-2016-2833: MozillaFirefox: Java
applets bypass CSP protections (MFSA-2016-60)</issue>
<issue id="983651" tracker="bnc">VUL-0: CVE-2016-2824: MozillaFirefox:
Out-of-bounds write with WebGL shader (MFSA 2016-53)</issue>
<issue id="983643" tracker="bnc">VUL-0: CVE-2016-2831: MozillaFirefox:
Entering fullscreen and persistent pointerlock without user permission (MFSA
2016-58)</issue>
<issue id="983653" tracker="bnc">VUL-0: CVE-2016-2821: MozillaFirefox:
Use-after-free deleting tables from a contenteditable document (MFSA
2016-51)</issue>
<issue id="983652" tracker="bnc">VUL-0: CVE-2016-2822: MozillaFirefox:
Addressbar spoofing though the SELECT element (MFSA 2016-52)</issue>
<issue id="983655" tracker="bnc">VUL-0: CVE-2016-2819: MozillaFirefox: Buffer
overflow parsing HTML5 fragments (MFSA 2016-50)</issue>
<issue id="983632" tracker="bnc">VUL-0: CVE-2016-2832: MozillaFirefox:
Information disclosure of disabled plugins through CSS pseudo-classes (MFSA
2016-59)</issue>
<issue id="983644" tracker="bnc">VUL-0: CVE-2016-2829: MozillaFirefox:
Incorrect icon displayed on permissions notifications (MFSA 2016-57)</issue>
<issue id="983646" tracker="bnc">VUL-0: CVE-2016-2828: MozillaFirefox:
Use-after-free when textures are used in WebGL operations after recycle pool
destruction (MFSA 2016-56)</issue>
<issue id="983649" tracker="bnc">VUL-0: CVE-2016-2825: MozillaFirefox:
Partial same-origin-policy through setting location.host through data URI (MFSA
2016-54)</issue>
<issue id="983638" tracker="bnc">VUL-0: CVE-2016-2815 CVE-2016-2818:
MozillaFirefox: Miscellaneous memory safety hazards (rv:45.2) (MFSA
2016-49)</issue>
<issue id="CVE-2016-2818" tracker="cve" />
<issue id="CVE-2016-2824" tracker="cve" />
<issue id="CVE-2016-2825" tracker="cve" />
<issue id="CVE-2016-2822" tracker="cve" />
<issue id="CVE-2016-2815" tracker="cve" />
<issue id="CVE-2016-2833" tracker="cve" />
<issue id="CVE-2016-2821" tracker="cve" />
<issue id="CVE-2016-2819" tracker="cve" />
<issue id="CVE-2016-2832" tracker="cve" />
<issue id="CVE-2016-2828" tracker="cve" />
<issue id="CVE-2016-2829" tracker="cve" />
<issue id="CVE-2016-2831" tracker="cve" />
<issue id="983639" tracker="bnc">VUL-0: CVE-2016-2834: mozilla-nss: Memory
safety bugs fixed in NSS 3.23 (MFSA 2016-61)</issue>
<issue id="CVE-2016-2834" tracker="cve" />
<category>security</category>
<rating>important</rating>
<packager>wrosenauer</packager>
<description>This update to Mozilla Firefox 47 fixes the following issues
(boo#983549):
Security fixes:
- CVE-2016-2815/CVE-2016-2818: Miscellaneous memory safety hazards (boo#983638
MFSA 2016-49)
- CVE-2016-2819: Buffer overflow parsing HTML5 fragments (boo#983655 MFSA
2016-50)
- CVE-2016-2821: Use-after-free deleting tables from a contenteditable document
(boo#983653 MFSA 2016-51)
- CVE-2016-2822: Addressbar spoofing though the SELECT element (boo#983652 MFSA
2016-52)
- CVE-2016-2824: Out-of-bounds write with WebGL shader (boo#983651 MFSA 2016-53)
- CVE-2016-2825: Partial same-origin-policy through setting location.host
through data URI (boo#983649 MFSA 2016-54)
- CVE-2016-2828: Use-after-free when textures are used in WebGL operations
after recycle pool destruction (boo#983646 MFSA 2016-56)
- CVE-2016-2829: Incorrect icon displayed on permissions notifications
(boo#983644 MFSA 2016-57)
- CVE-2016-2831: Entering fullscreen and persistent pointerlock without user
permission (boo#983643 MFSA 2016-58)
- CVE-2016-2832: Information disclosure of disabled plugins through CSS
pseudo-classes (boo#983632 MFSA 2016-59)
- CVE-2016-2833: Java applets bypass CSP protections (boo#983640 MFSA 2016-60)
Mozilla NSS was updated to 3.23 to address the following vulnerabilities:
- CVE-2016-2834: Memory safety bugs (boo#983639 MFSA-2016-61)
The following non-security changes are included:
- Enable VP9 video codec for users with fast machines
- Embedded YouTube videos now play with HTML5 video if Flash is not installed
- View and search open tabs from your smartphone or another computer in a
sidebar
- Allow no-cache on back/forward navigations for https resources
The following packaging changes are included:
- boo#981695: cleanup configure options, notably removing GStreamer support
which is gone from FF
- boo#980384: enable build with PIE and full relro on x86_64
The following new functionality is provided:
- ChaCha20/Poly1305 cipher and TLS cipher suites now supported
- The list of TLS extensions sent in the TLS handshake has been reordered to
increase compatibility of the Extended Master Secret with with servers
</description>
<summary>Security update for MozillaFirefox, mozilla-nss</summary>
</patchinfo>
