-
xulrunner (1.9.0.19-16) oldstable-security; urgency=low
* Fixes for mfsa-2012-{01,02,08}, also known as
CVE-2012-0442, CVE-2011-3670, CVE-2012-0449.
-- Mike Hommey <email address hidden> Wed, 01 Feb 2012 00:43:36 +0100
-
xulrunner (1.9.0.19-13) oldstable-security; urgency=low
* Fixes for mfsa2011-30, including:
CVE-2011-2982, CVE-2011-2981, CVE-2011-2378, CVE-2011-2984,
CVE-2011-2983.
* Fixes another cookie regression from the previous cookie regression
fix.
-- Mike Hommey <email address hidden> Mon, 15 Aug 2011 14:34:43 +0200
-
xulrunner (1.9.0.19-7) stable-security; urgency=low
* Fixes for mfsa2010-{74-77,79,81-82,84}, also known as CVE-2010-3776, CVE-2010-3778, CVE-2010-3769, CVE-2010-3771, CVE-2010-3772, CVE-2010-3775, CVE-2010-3767, CVE-2010-3773, CVE-2010-3770 * Fix for one more regression from CVE-2010-2769. * debian/libmozjs1d.symbols: Add new symbol. -- Mike Hommey <email address hidden> Wed, 08 Dec 2010 10:23:44 +0100
-
xulrunner (1.9.0.19-6) stable-security; urgency=low
* Fixes for mfsa2010-{64-69,73}, also known as CVE-2010-3176, CVE-2010-3174, CVE-2010-3179, CVE-2010-3180, CVE-2010-3183, CVE-2010-3177, CVE-2010-3178, CVE-2010-3765. * Fix for mfsa2010-71 aka CVE-2010-3182, which only applies to applications using run-mozilla.sh (e.g. not iceweasel) * Fixes for regressions from CVE-2010-0654 and CVE-2010-2769. -- Mike Hommey <email address hidden> Thu, 28 Oct 2010 11:15:04 +0200
-
xulrunner (1.9.0.19-3) stable-security; urgency=low
* Fixes for mfsa2010-{24,34-35,37,40-41,45-47}, also known as
CVE-2010-0182, CVE-2010-1211, CVE-2010-1208, CVE-2010-1214,
CVE-2010-2753, CVE-2010-1205, CVE-2010-2751, CVE-2010-0654,
CVE-2010-2754.
-- Mike Hommey <email address hidden> Tue, 20 Jul 2010 23:53:41 +0200
-
xulrunner (1.9.0.19-1) stable-security; urgency=low
* New upstream release.
* Fixes mfsa-2010-{16-21}, also known as
CVE-2010-0174, CVE-2010-0175, CVE-2010-0176, CVE-2010-0177,
CVE-2010-0178, CVE-2010-0179.
* modules/libpr0n/decoders/png/nsPNGDecoder.cpp: Fix breakage with png
decoder update in 1.9.0.19.
-- Mike Hommey <email address hidden> Tue, 30 Mar 2010 22:45:04 +0200
-
xulrunner (1.9.0.16-1) stable-security; urgency=low
* New upstream release.
* Fixes mfsa-2009-{65,68-70}, also known as
CVE-2009-3979, CVE-2009-3981, CVE-2009-3983, CVE-2009-3984,
CVE-2009-3985, CVE-2009-3986.
-- Mike Hommey <email address hidden> Wed, 16 Dec 2009 10:26:48 +0100
-
xulrunner (1.9.0.13-0lenny1) stable-security; urgency=high
* New upstream release.
* Fixes mfsa-2009-44, also known as CVE-2009-2654.
* security/manager/ssl/src/nsNSSCallbacks.{h,cpp},
security/manager/ssl/src/nsNSSComponent.cpp: Leave out OCSP responders,
as they require latest nss which we don't have in Lenny.
* security/manager/ssl/src/nsNSSCertHelper.cpp: Define
CERT_RFC1485_EscapeAndQuote function when it is not defined in nss headers.
-- Mike Hommey <email address hidden> Thu, 20 Aug 2009 19:48:22 +0200
-
xulrunner (1.9.0.11-0lenny1) stable-security; urgency=high
* New upstream release.
* Fixes mfsa-2009-{24-32}, also known as
CVE-2009-1392, CVE-2009-1832, CVE-2009-1833, CVE-2009-1834,
CVE-2009-1835, CVE-2009-1836, CVE-2009-1837, CVE-2009-1838,
CVE-2009-1839, CVE-2009-1840, CVE-2009-1841.
* configure.in, configure: Don't require sqlite >= 3.6.7.
-- Mike Hommey <email address hidden> Fri, 12 Jun 2009 09:23:08 +0200
-
xulrunner (1.9.0.7-0lenny2) stable-security; urgency=high
* Non-maintainer upload by the security team.
* Fix msfa-2009-13 (CVE-2009-1044)
* Fix mfsa-2009-12 (CVE-2009-1169)
-- Noah Meyerhans <email address hidden> Fri, 27 Mar 2009 23:31:21 -0400
-
xulrunner (1.9.0.6-1) unstable; urgency=low
* New upstream release.
* Fixes mfsa-2009-{01,02,04-06}, also known as
CVE-2009-0352, CVE-2009-0353, CVE-2009-0354, CVE-2009-0356,
CVE-2009-0357, CVE-2009-0358.
-- Mike Hommey <email address hidden> Wed, 04 Feb 2009 08:00:40 +0100
-
xulrunner (1.9.0.5-1) unstable; urgency=low
* New upstream release.
* Fixes mfsa-2008-{60,63-68}, also known as
CVE-2008-5500, CVE-2008-5501, CVE-2008-5502, CVE-2008-5505,
CVE-2008-5506, CVE-2008-5507, CVE-2008-5508, CVE-2008-5510,
CVE-2008-5511, CVE-2008-5512.
* debian/control: conflict with pango-graphite, to avoid all problems
it causes.
-- Mike Hommey <email address hidden> Sat, 20 Dec 2008 10:55:24 +0100
-
xulrunner (1.9.0.4-2) unstable; urgency=low
* debian/xulrunner-1.9.preinst: Brown paper bag fix to avoid failure on
install (upgrades were fine).
-- Mike Hommey <email address hidden> Sun, 23 Nov 2008 09:34:15 +0100
-
xulrunner (1.9.0.3-1) unstable; urgency=low
* New upstream release.
* Fixes mfsa-2008-{40-44}, also known as
CVE-2007-3837, CVE-2008-4058, CVE-2008-4059, CVE-2008-4060,
CVE-2008-4065, CVE-2008-4066, CVE-2008-4066, CVE-2008-4067.
* debian/xulrunner-1.9.install: Don't install dependentlibs.list. It's
causing problems with gdb and is not necessary on our builds.
* debian/control: Bumped Standards-Version to 3.8.0.1. No changes.
* xulrunner/app/Makefile.in: Use browser/app/mozilla.in instead of
xulrunner/app/mozilla.in. The browser version has received more love
upstream, and properly remove the xremote code, which has been handled
by the binary itself for a while, and causes some problems on PPC at
least.
* build/unix/run-mozilla.sh, debian/postinstrm.in, debian/rules,
xulrunner/stub/nsXULStub.cpp: Disable jemalloc by default, because of all
the kinds of random problems it causes, but let advanced users load it by
setting the MOZILLA_JEMALLOC environment variable. Closes: #490360.
* debian/rules: Create sdk/bin as a symlink to /usr/lib/xulrunner-1.9.
Closes: #491693
* modules/plugin/base/src/nsPluginHostImpl.cpp: Don't register plugins if
the MOZILLA_DISABLE_PLUGINS environment variable is set.
-- Mike Hommey <email address hidden> Sun, 28 Sep 2008 16:30:37 +0200