Hello community, here is the log from the commit of package patchinfo.3571 for openSUSE:13.1:Update checked in at 2015-03-01 10:00:14 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:13.1:Update/patchinfo.3571 (Old) and /work/SRC/openSUSE:13.1:Update/.patchinfo.3571.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "patchinfo.3571" Changes: -------- New Changes file: NO CHANGES FILE!!! New: ---- _patchinfo ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ _patchinfo ++++++ <patchinfo incident="3571"> <issue id="917597" tracker="bnc">VUL-0: MozillaFirefox 36 security release</issue> <issue id="910647" tracker="bnc"></issue> <issue id="CVE-2015-0836" tracker="cve" /> <issue id="CVE-2015-0825" tracker="cve" /> <issue id="CVE-2015-0834" tracker="cve" /> <issue id="CVE-2015-0835" tracker="cve" /> <issue id="CVE-2015-0832" tracker="cve" /> <issue id="CVE-2014-1569" tracker="cve" /> <issue id="CVE-2015-0830" tracker="cve" /> <issue id="CVE-2015-0831" tracker="cve" /> <issue id="CVE-2015-0824" tracker="cve" /> <issue id="CVE-2015-0822" tracker="cve" /> <issue id="CVE-2015-0829" tracker="cve" /> <issue id="CVE-2015-0827" tracker="cve" /> <issue id="CVE-2015-0823" tracker="cve" /> <issue id="CVE-2015-0828" tracker="cve" /> <issue id="CVE-2015-0826" tracker="cve" /> <issue id="CVE-2015-0819" tracker="cve" /> <issue id="CVE-2015-0820" tracker="cve" /> <issue id="CVE-2015-0821" tracker="cve" /> <category>security</category> <rating>important</rating> <packager>wrosenauer</packager> <description>MozillaFirefox, mozilla-nss were updated to fix 18 security issues. MozillaFirefox was updated to version 36.0. These security issues were fixed: - CVE-2015-0835, CVE-2015-0836: Miscellaneous memory safety hazards - CVE-2015-0832: Appended period to hostnames can bypass HPKP and HSTS protections - CVE-2015-0830: Malicious WebGL content crash when writing strings - CVE-2015-0834: TLS TURN and STUN connections silently fail to simple TCP connections - CVE-2015-0831: Use-after-free in IndexedDB - CVE-2015-0829: Buffer overflow in libstagefright during MP4 video playback - CVE-2015-0828: Double-free when using non-default memory allocators with a zero-length XHR - CVE-2015-0827: Out-of-bounds read and write while rendering SVG content - CVE-2015-0826: Buffer overflow during CSS restyling - CVE-2015-0825: Buffer underflow during MP3 playback - CVE-2015-0824: Crash using DrawTarget in Cairo graphics library - CVE-2015-0823: Use-after-free in Developer Console date with OpenType Sanitiser - CVE-2015-0822: Reading of local files through manipulation of form autocomplete - CVE-2015-0821: Local files or privileged URLs in pages can be opened into new tabs - CVE-2015-0819: UI Tour whitelisted sites in background tab can spoof foreground tabs - CVE-2015-0820: Caja Compiler JavaScript sandbox bypass mozilla-nss was updated to version 3.17.4 to fix the following issues: - CVE-2014-1569: QuickDER decoder length issue (bnc#910647). - bmo#1084986: If an SSL/TLS connection fails, because client and server don't have any common protocol version enabled, NSS has been changed to report error code SSL_ERROR_UNSUPPORTED_VERSION (instead of reporting SSL_ERROR_NO_CYPHER_OVERLAP). - bmo#1112461: libpkix was fixed to prefer the newest certificate, if multiple certificates match. - bmo#1094492: fixed a memory corruption issue during failure of keypair generation. - bmo#1113632: fixed a failure to reload a PKCS#11 module in FIPS mode. - bmo#1119983: fixed interoperability of NSS server code with a LibreSSL client. </description> <summary>Security update for MozillaFirefox, mozilla-nss</summary> </patchinfo> -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org