Index index by Group index by Distribution index by Vendor index by creation date index by Name Mirrors Help Search

mozilla-xulrunner192-buildsymbols- RPM for i586

From OpenSuSE 12.1 for i586

Name: mozilla-xulrunner192-buildsymbols Distribution: openSUSE 12.1
Version: Vendor: openSUSE
Release: 2.1.2 Build date: Sun Oct 30 04:22:00 2011
Group: Development/Tools/Other Build host: build09
Size: 94099763 Source RPM: mozilla-xulrunner192-
Summary: Breakpad buildsymbols for mozilla-xulrunner192
This subpackage contains the Breakpad created and compatible debugging
symbols meant for upload to Mozilla's crash collector database.




MPLv1.1 or GPLv2+ or LGPLv2+


* Wed Sep 21 2011
  - security update to (bnc#720264)
  - bring KDE's dialog.xml in sync with original widget
* Wed Sep 14 2011
  - add dbus-1-glib-devel to BuildRequires (not pulled in
    automatically with 12.1)
* Wed Sep 07 2011
  - security update to (bnc#714931)
    * Complete blocking of certificates issued by DigiNotar
* Fri Sep 02 2011
  - security update to (bnc#714931)
    * MFSA 2011-34
      Protection against fraudulent DigiNotar certificates
* Fri Aug 05 2011
  - security update to (bnc#712224)
    fixed security issues MFSA 2011-30
    * CVE-2011-2982
      Miscellaneous memory safety hazards
    * CVE-2011-0084 (bmo#648094)
      Crash in SVGTextElement.getCharNumAtPosition()
    * CVE-2011-2981
      Privilege escalation using event handlers
    * CVE-2011-2378 (bmo#572129)
      Privilege escalation dropping a tab element in content area
    * CVE-2011-2980 (bmo#642469)
      Binary planting vulnerability in ThinkPadSensor::Startup
    * CVE-2011-2983 (bmo#626297)
      Private data leakage using RegExp.input
  - added mozilla-implicit-declarations.patch to fix rpmlint/gcc
  - added mozilla-curl.patch to remove obsolete header dependency
  - added mozilla-linux3.patch to make python symbol dumper aware
    of the "linux3" platform
* Mon Jun 20 2011
  - security update to (bnc#701296)
    * MFSA 2011-19/CVE-2011-2374 CVE-2011-2376 CVE-2011-2364
      Miscellaneous memory safety hazards
    * MFSA 2011-20/CVE-2011-2373 (bmo#617247)
      Use-after-free vulnerability when viewing XUL document with
      script disabled
    * MFSA 2011-21/CVE-2011-2377 (bmo#638018, bmo#639303)
      Memory corruption due to multipart/x-mixed-replace images
    * MFSA 2011-22/CVE-2011-2371 (bmo#664009)
      Integer overflow and arbitrary code execution in
    * MFSA 2011-23/CVE-2011-0083 CVE-2011-0085 CVE-2011-2363
      Multiple dangling pointer vulnerabilities
    * MFSA 2011-24/CVE-2011-2362 (bmo#616264)
      Cookie isolation error
  - speedier
  - do not build dump_syms static as it is not needed for us
    - > fixes build for 12.1 and above
* Wed May 11 2011
  - Add mozilla-gcc46.patch. Fixes various build errors with GCC4.6
* Thu Apr 21 2011
  - security update to (bnc#689281)
    * MFSA 2011-12/ CVE-2011-0069 CVE-2011-0070 CVE-2011-0072
      CVE-2011-0074 CVE-2011-0075 CVE-2011-0077 CVE-2011-0078
      CVE-2011-0080 CVE-2011-0081
      Miscellaneous memory safety hazards
    * MFSA 2011-13/CVE-2011-0065/CVE-2011-0066/CVE-2011-0073
      Multiple dangling pointer vulnerabilities
    * MFSA 2011-14/CVE-2011-0067 (bmo#527935)
      Information stealing via form history
    * MFSA 2011-18/CVE-2011-1202 (bmo#640339)
      XSLT generate-id() function heap address leak
* Mon Mar 28 2011
  - fix 'save as' with KDE integration (bnc#557598)
* Sat Mar 19 2011
  - security update to (bnc#680771)
    * MFSA 2011-11
      Update HTTPS certificate blacklist (bmo#642395)
* Fri Mar 04 2011
  - update to
    * fix a regression introduced with previous update affecting
      Java applet integration (bmo#629030)
* Wed Mar 02 2011
  - use full path to the ntlm_auth binary (bmo#634334)
* Tue Feb 22 2011
  - security update to (build3) (bnc#667155)
    * MFSA 2011-01/CVE-2011-0053/CVE-2011-0062
      Miscellaneous memory safety hazards (rv:
    * MFSA 2011-02/CVE-2011-0051 (bmo#616659)
      Recursive eval call causes confirm dialogs to evaluate to true
    * MFSA 2011-03/CVE-2011-0055 (bmo#616009, bmo#619255)
      Use-after-free error in JSON.stringify
    * MFSA 2011-04/CVE-2011-0054 (bmo#615657)
      Buffer overflow in JavaScript upvarMap
    * MFSA 2011-05/CVE-2011-0056 (bmo#622015)
      Buffer overflow in JavaScript atom map
    * MFSA 2011-06/CVE-2011-0057 (bmo#626631)
      Use-after-free error using Web Workers
    * MFSA 2011-08/CVE-2010-1585 (bmo#562547)
      ParanoidFragmentSink allows javascript: URLs in chrome documents
    * MFSA 2011-09/CVE-2011-0061 (bmo#610601)
      Crash caused by corrupted JPEG image
    * MFSA 2011-10/CVE-2011-0059 (bmo#573873)
      CSRF risk with plugins and 307 redirects
* Thu Nov 25 2010
  - security update to (bnc#657016)
    * MFSA 2010-74/CVE-2010-3776/CVE-2010-3777/CVE-2010-3778
      Miscellaneous memory safety hazards (rv:
    * MFSA 2010-75/CVE-2010-3769 (bmo#608336)
      Buffer overflow while line breaking after document.write with
      long string
    * MFSA 2010-76/CVE-2010-3771 (bmo#609437)
      Chrome privilege escalation with and <isindex> element
    * MFSA 2010-77/CVE-2010-3772 (bmo#594547)
      Crash and remote code execution using HTML tags inside a XUL tree
    * MFSA 2010-78/CVE-2010-3768 (bmo#527276)
      Add support for OTS font sanitizer
    * MFSA 2010-79/CVE-2010-3775
      Java security bypass from LiveConnect loaded via data: URL
      meta refresh
    * MFSA 2010-80/CVE-2010-3766 (bmo#590771)
      Use-after-free error with nsDOMAttribute MutationObserver
    * MFSA 2010-81/CVE-2010-3767 (bmo#599468)
      Integer overflow vulnerability in NewIdArray
    * MFSA 2010-82/CVE-2010-3773 (bmo#554449)
      Incomplete fix for CVE-2010-0179
    * MFSA 2010-83/VE-2010-3774 (bmo#602780)
      Location bar SSL spoofing using network error page
    * MFSA 2010-84/CVE-2010-3770 (bmo#601429)
      XSS hazard in multiple character encodings
* Wed Oct 27 2010
  - security update to (bnc#649492)
    * MFSA 2010-73/CVE-2010-3765 (bmo#607222)
      Heap buffer overflow mixing document.write and DOM insertion
  - ignore empty LANGUAGE environment variable (bnc#648854)
* Wed Oct 06 2010
  - security update to (bnc#645315)
    * MFSA 2010-64/CVE-2010-3174/CVE-2010-3175/CVE-2010-3176
      Miscellaneous memory safety hazards
    * MFSA 2010-65/CVE-2010-3179 (bmo#583077)
      Buffer overflow and memory corruption using document.write
    * MFSA 2010-66/CVE-2010-3180 (bmo#588929)
      Use-after-free error in nsBarProp
    * MFSA 2010-67/CVE-2010-3183 (bmo#598669)
      Dangling pointer vulnerability in LookupGetterOrSetter
    * MFSA 2010-68/CVE-2010-3177 (bmo#556734)
      XSS in gopher parser when parsing hrefs
    * MFSA 2010-69/CVE-2010-3178 (bmo#576616)
      Cross-site information disclosure via modal calls
    * MFSA 2010-70/CVE-2010-3170 (bmo#578697)
      SSL wildcard certificate matching IP addresses
    * MFSA 2010-71/CVE-2010-3182 (bmo#590753)
      Unsafe library loading vulnerabilities
    * MFSA 2010-72/CVE-2010-3173
      Insecure Diffie-Hellman key exchange
  - removed upstreamed patches:
    * mozilla-esd.patch
    * mozilla-helper-app.patch
  - build and runtime requirement is NSS 3.12.8
* Wed Sep 15 2010
  - update to
    * fixing startup topcrash (bmo#594699)
* Mon Aug 30 2010
  - security update to (bnc#637303)
    * MFSA 2010-49/CVE-2010-3169
      Miscellaneous memory safety hazards
    * MFSA 2010-50/CVE-2010-2765 (bmo#576447)
      Frameset integer overflow vulnerability
    * MFSA 2010-51/CVE-2010-2767 (bmo#584512)
      Dangling pointer vulnerability using DOM plugin array
    * MFSA 2010-53/CVE-2010-3166 (bmo#579655)
      Heap buffer overflow in nsTextFrameUtils::TransformText
    * MFSA 2010-54/CVE-2010-2760 (bmo#585815)
      Dangling pointer vulnerability in nsTreeSelection
    * MFSA 2010-55/CVE-2010-3168 (bmo#576075)
      XUL tree removal crash and remote code execution
    * MFSA 2010-56/CVE-2010-3167 (bmo#576070)
      Dangling pointer vulnerability in nsTreeContentView
    * MFSA 2010-57/CVE-2010-2766 (bmo#580445)
      Crash and remote code execution in normalizeDocument
    * MFSA 2010-59/CVE-2010-2762 (bmo#584180)
      SJOW creates scope chains ending in outer object
    * MFSA 2010-61/CVE-2010-2768 (bmo#579744)
      UTF-7 XSS by overriding document charset using <object> type
    * MFSA 2010-62/CVE-2010-2769 (bmo#520189)
      Copy-and-paste or drag-and-drop into designMode document allows
    * MFSA 2010-63/CVE-2010-2764 (bmo#552090)
      Information leak via XMLHttpRequest statusText
  - honor LANGUAGE environment variable for UI locale (bmo#583793)
  - fixed compilation against NSPR < 4.8.6 (mozilla-prlog.patch)
* Mon Aug 30 2010
  - fixed build with latest Gnome in Factory
* Wed Jul 28 2010
  - fixed sound notifications through libesd (bmo#579877)
  - updated libproxy implementation after upstream review (bmo#517655)
  - added lcd filter patch for internal cairo
* Tue Jul 27 2010
  - disable ipc and crashreport for ia64,ppc,ppc64,s390,s390x.
* Sat Jul 24 2010
  - security update to (bnc#622506)
    * MFSA 2010-48/CVE-2010-2755 (bmo#575836)
      Dangling pointer crash regression from plugin parameter array
* Thu Jul 15 2010
  - security update to (bnc#622506)
    * MFSA 2010-34/CVE-2010-1211/CVE-2010-1212
      Miscellaneous memory safety hazards
    * MFSA 2010-35/CVE-2010-1208 (bmo#572986)
      DOM attribute cloning remote code execution vulnerability
    * MFSA 2010-36/CVE-2010-1209 (bmo#552110)
      Use-after-free error in NodeIterator
    * MFSA 2010-37/CVE-2010-1214 (bmo#572985)
      Plugin parameter EnsureCachedAttrParamArrays remote code
      execution vulnerability
    * MFSA 2010-38/CVE-2010-1215 (bmo#567069)
      Arbitrary code execution using SJOW and fast native function
    * MFSA 2010-39/CVE-2010-2752 (bmo#574059)
      nsCSSValue::Array index integer overflow
    * MFSA 2010-40/CVE-2010-2753 (bmo#571106)
      nsTreeSelection dangling pointer remote code execution
    * MFSA 2010-41/CVE-2010-1205 (bmo#570451)
      Remote code execution using malformed PNG image
    * MFSA 2010-42/CVE-2010-1213 (bmo#568148)
      Cross-origin data disclosure via Web Workers and importScripts
    * MFSA 2010-43/CVE-2010-1207 (bmo#571287)
      Same-origin bypass using canvas context
    * MFSA 2010-44/CVE-2010-1210 (bmo#564679)
      Characters mapped to U+FFFD in 8 bit encodings cause subsequent
      character to vanish
    * MFSA 2010-45/CVE-2010-1206/CVE-2010-2751 (bmo#536466,556957)
      Multiple location bar spoofing vulnerabilities
    * MFSA 2010-46/CVE-2010-0654 (bmo#524223)
      Cross-domain data theft using CSS
    * MFSA 2010-47/CVE-2010-2754 (bmo#568564)
      Cross-origin data leakage from script filename in error messages
* Sun Jun 27 2010
  - update to release
    * modifies the crash protection feature to increase the amount
      of time that plugins are allowed to be non-responsive before
      being terminated.
  - require exact matching version of mozilla-js192
* Wed Jun 23 2010
  - update to final release (bnc#603356)
    * MFSA 2010-26/CVE-2010-1200/CVE-2010-1201/CVE-2010-1202/
      Crashes with evidence of memory corruption (rv:
    * MFSA 2010-28/CVE-2010-1198 (bmo#532246)
      Freed object reuse across plugin instances
    * MFSA 2010-29/CVE-2010-1196 (bmo#534666)
      Heap buffer overflow in nsGenericDOMDataNode::SetTextInternal
    * MFSA 2010-30/CVE-2010-1199 (bmo#554255)
      Integer Overflow in XSLT Node Sorting
    * MFSA 2010-31/CVE-2010-1125 (bmo#552255)
      focus() behavior can be used to inject or steal keystrokes
    * MFSA 2010-32/CVE-2010-1197 (bmo#537120)
      Content-Disposition: attachment ignored if
      Content-Type: multipart also present
    * MFSA 2010-33/CVE-2008-5913 (bmo#475585)
      User tracking across sites using Math.random()
* Mon Jun 07 2010
  - update to
* Tue May 04 2010
  - security update to (Lorentz)
    * enable crashreporter also for x86-64
    * provide mozilla-runtime to host NPAPI out of process plugins
  - removed libproxy debug message (bnc#604711)
* Mon Apr 26 2010
  - point alternatives link to the stable version to improve
    robustness (bnc#589037)
* Sat Apr 24 2010
  - buildrequire pkg-config to fix provides
* Thu Apr 01 2010
  - security update to
    * MFSA 2010-25/CVE-2010-1121 (bmo#555109)
      Re-use of freed object due to scope confusion
* Thu Mar 25 2010
  - security update to (bnc#586567)
    * MFSA 2010-08/CVE-2010-1028
      WOFF heap corruption due to integer overflow
    * MFSA 2010-09/CVE-2010-0164 (bmo#547143)
      Deleted frame reuse in multipart/x-mixed-replace image
    * MFSA 2010-10/CVE-2010-0170 (bmo#541530)
      XSS via plugins and unprotected Location object
    * MFSA 2010-11/CVE-2010-0165/CVE-2010-0166/CVE-2010-0167
      Crashes with evidence of memory corruption
    * MFSA 2010-12/CVE-2010-0171 (bmo#531364)
      XSS using addEventListener and setTimeout on a wrapped object
    * MFSA 2010-13/CVE-2010-0168 (bmo#540642)
      Content policy bypass with image preloading
    * MFSA 2010-14/CVE-2010-0169 (bmo#535806)
      Browser chrome defacement via cached XUL stylesheets
    * MFSA 2010-15/CVE-2010-0172 (bmo#537862)
      Asynchronous Auth Prompt attaches to wrong window
    * MFSA 2010-16/CVE-2010-0173/CVE-2010-0174
      Crashes with evidence of memory corruption
    * MFSA 2010-18/CVE-2010-0176 (bmo#538308)
      Dangling pointer vulnerability in nsTreeContentView
    * MFSA 2010-19/CVE-2010-0177 (bmo#538310)
      Dangling pointer vulnerability in nsPluginArray
    * MFSA 2010-20/CVE-2010-0178 (bmo#546909)
      Chrome privilege escalation via forced URL drag and drop
    * MFSA 2010-22/CVE-2009-3555 (bmo#545755)
      Update NSS to support TLS renegotiation indication
    * MFSA 2010-23/CVE-2010-0181 (bmo#452093)
      Image src redirect to mailto: URL opens email editor
    * MFSA 2010-24/CVE-2010-0182 (bmo#490790)
      XMLDocument::load() doesn't check nsIContentPolicy
  - general.useragent.locale in profile overrides
    intl.locale.matchOS (bmo#542999)
  - split mozilla-js192 package which contains libmozjs only
    to allow its installation w/o all GUI dependencies
* Mon Jan 18 2010
  - update to 1.9.2rc2
  - add update-alternatives %ghost file to filelist starting
    with 11.2 (%ghost files are conflicting in earlier versions)
  - fixed mozilla-plugin.pc (remove obsolete stable reference)
* Wed Jan 06 2010
  - update to 1.9.2rc1
    * removed obsolete mozilla-breakpad.patch
  - expand -translations-* and -gnome filelists to clean up the
    filesystem for upgrades and removals correctly
  - enable crashreporter and create breakpad buildsymbols package
    for mozilla crashreporter (for ix86)
  - drop PreReq usage by cleaning up the different Requires tags
* Thu Dec 24 2009
  - update to 1.9.2b5
  - removed upstreamed mozilla-abi.patch
  - integrated mozilla-kde.patch
  - use .autoreg file for autoregistration when needed (bnc#440872)
  - enable libproxy support from 11.2 on
  - renamed -gnomevfs subpackage to -gnome
  - readded lockdown patches and preferences
  - fix baselibs.conf
* Tue Nov 10 2009
  - update to 1.9.2b2
  - merge from xulrunner191 package
* Sun Nov 01 2009
  - update to 1.9.2b1
  - use newer internal cairo for 11.1 and older
* Sun Oct 18 2009
  - reworked PreReq list
* Fri Oct 16 2009
  - update to snapshot 1.9.2b2pre (20091015)
    (entering beta phase)
* Mon Sep 21 2009
  - BuildRequire libiw-devel instead of wireless-tools from 11.2 on
* Wed Sep 16 2009
  - new snapshot (20090916)
* Mon Aug 24 2009
  - first alpha package of XULRunner 1.9.2



Generated by rpm2html 1.8.1

Fabrice Bellet, Sat Jun 10 06:20:49 2017