Репозитории ALT
Последнее обновление в Сб, 06 июня 2020, 00:49:50 +0000 | Пакетов: 15384
en ru
Исходные пакеты в ветвях
свернуть окно
  • 68.4.1-alt0.M80C.1
  • 68.4.1-alt0.M80P.1
  • 45.9.0-alt0.M70P.1
  • 45.9.0-alt0.M70P.1
Группа :: Сети/WWW
Исходный пакет: firefox-esr

2017-05-19 Андрей Черепанов 45.9.0-alt0.M70P.1

    - Backport new ESR version to p7 branch
        

2017-04-20 Андрей Черепанов 45.9.0-alt1

    - New ESR version
    - Security fixes:
      + CVE-2017-5429: Memory safety bugs fixed in Firefox 53, Firefox ESR 45.9,
      + CVE-2017-5462: DRBG flaw in NSS
      + CVE-2017-5445: Uninitialized values used while parsing
      + CVE-2017-5469: Potential Buffer overflow in flex-generated code
      + CVE-2017-5437: Vulnerabilities in Libevent library
      + CVE-2017-5448: Out-of-bounds write in ClearKeyDecryptor
      + CVE-2017-5465: Out-of-bounds read in ConvolvePixel
      + CVE-2017-5447: Out-of-bounds read during glyph processing
      + CVE-2017-5446: Out-of-bounds read when HTTP/2 DATA frames are sent with
      + CVE-2017-5444: Buffer overflow while parsing application/http-index-format
      + CVE-2017-5443: Out-of-bounds write during BinHex decoding
      + CVE-2017-5464: Memory corruption with accessibility and DOM manipulation
      + CVE-2017-5442: Use-after-free during style changes
      + CVE-2017-5441: Use-after-free with selection during scroll events
      + CVE-2017-5440: Use-after-free in txExecutionState destructor during XSLT
      + CVE-2017-5439: Use-after-free in nsTArray Length() during XSLT processing
      + CVE-2017-5438: Use-after-free in nsAutoPtr during XSLT processing
      + CVE-2017-5460: Use-after-free in frame selection
      + CVE-2017-5432: Use-after-free in text input selection
      + CVE-2017-5434: Use-after-free during focus handling
      + CVE-2017-5459: Buffer overflow in WebGL
      + CVE-2017-5461: Out-of-bounds write in Base64 encoding in NSS
      + CVE-2017-5436: Out-of-bounds write with malicious font in Graphite 2
      + CVE-2017-5435: Use-after-free during transaction processing in the editor
      + CVE-2017-5433: Use-after-free in SMIL animation functions
        

2017-03-08 Андрей Черепанов 45.8.0-alt0.M70P.1

    - Backport new ESR version to p7 branch
        

2017-03-07 Андрей Черепанов 45.8.0-alt1

    - New ESR version
    - Require fresh libnss for correct https open
        

2017-01-27 Андрей Черепанов 45.7.0-alt0.M70P.1

    - Backport new ESR version to p7 branch
        

2017-01-25 Андрей Черепанов 45.7.0-alt1

    - New ESR version
        

2017-01-20 Андрей Черепанов 45.6.0-alt2

    - Fix build with GCC 6.1
        

2016-12-17 Андрей Черепанов 45.6.0-alt0.M70P.1

    - Backport new ESR version to p7 branch
        

2016-12-16 Андрей Черепанов 45.6.0-alt1

    - New ESR version
        

2016-12-06 Иван Захарящев 45.5.1-alt2

    - Make it pass strict verification of unresolved ELF symbols; this will also
      protect us from missing dependencies on libgtk symbols. (Thx legion@ for
      the original hack, removed in 44.0.2-alt3, but found to be restorable by
      ruslandh@'s work on strict unresolved symbols verification in palemoon.)
        

2016-12-01 Андрей Черепанов 45.5.1-alt1

    - New ESR version
    - Security fixes:
      + MFSA 2016-92 Firefox SVG Animation Remote Code Execution
        

2016-12-01 Андрей Черепанов 45.5.1-alt0.M70P.1

    - Backport new ESR version to p7 branch
        

2016-11-24 Андрей Черепанов 45.5.0-alt0.M70P.1

    - Backport new ESR version to p7 branch
        

2016-11-17 Андрей Черепанов 45.5.0-alt1

    - New ESR version
        

2016-09-21 Андрей Черепанов 45.4.0-alt0.M70P.1

    - Backport new ESR version to p7 branch
        

2016-09-20 Андрей Черепанов 45.4.0-alt1

    - New ESR version
        

2016-08-03 Андрей Черепанов 45.3.0-alt0.M70P.1

    - Backport new ESR version to p7 branch
        

2016-08-02 Андрей Черепанов 45.3.0-alt1

    - New ESR version
    - Security fixes:
      + MFSA 2016-80 Same-origin policy violation using local HTML file and saved shortcut file
      + MFSA 2016-79 Use-after-free when applying SVG effects
      + MFSA 2016-78 Type confusion in display transformation
      + MFSA 2016-77 Buffer overflow in ClearKey Content Decryption Module (CDM) during video playback
      + MFSA 2016-76 Scripts on marquee tag can execute in sandboxed iframes
      + MFSA 2016-73 Use-after-free in service workers with nested sync events
      + MFSA 2016-72 Use-after-free in DTLS during WebRTC session shutdown
      + MFSA 2016-70 Use-after-free when using alt key and toplevel menus
      + MFSA 2016-67 Stack underflow during 2D graphics rendering
      + MFSA 2016-65 Cairo rendering crash due to memory allocation issue with FFmpeg 0.10
      + MFSA 2016-64 Buffer overflow rendering SVG with bidirectional content
      + MFSA 2016-63 Favicon network connection can persist when page is closed
        

2016-06-12 Андрей Черепанов 45.2.0-alt1

    - New ESR version
    - Security fixes:
      + MFSA 2016-58 Entering fullscreen and persistent pointerlock without user permission
      + MFSA 2016-56 Use-after-free when textures are used in WebGL operations after recycle pool destruction
      + MFSA 2016-55 File overwrite and privilege escalation through Mozilla Windows updater
      + MFSA 2016-53 Out-of-bounds write with WebGL shader
      + MFSA 2016-52 Addressbar spoofing though the SELECT element
      + MFSA 2016-51 Use-after-free deleting tables from a contenteditable document
      + MFSA 2016-50 Buffer overflow parsing HTML5 fragments
        

2016-06-12 Андрей Черепанов 45.2.0-alt0.M70P.1

    - Backport new version to p7 branch
        

2016-05-24 Андрей Черепанов 45.1.1-alt2

    - Build with GTK+ 2.x (ALT #32120)
        

2016-05-12 Андрей Черепанов 45.1.1-alt0.M70P.2

    - Build with GTK+ 2.x
        

2016-05-06 Андрей Черепанов 45.1.1-alt0.M70P.1

    - Backport new version to p7 branch
    - Do not apply patch for support GTK+ 3.20
        

2016-05-04 Андрей Черепанов 45.1.1-alt1

    - New ESR version
        

2016-05-02 Андрей Черепанов 45.1.0-alt1

    - New ESR version
    - Security fixes:
      + MFSA 2016-47 Write to invalid HashMap entry through JavaScript.watch()
      + MFSA 2016-44 Buffer overflow in libstagefright with CENC offsets
      + MFSA 2016-39 Miscellaneous memory safety hazards
        

2016-04-15 Андрей Черепанов 45.0.2-alt1

    - New ESR version (switch to 45.x)
        

2016-03-24 Андрей Черепанов 38.7.1-alt1

    - New ESR version
        

2016-03-24 Андрей Черепанов 38.7.1-alt0.M70P.1

    - Backport new version to p7 branch
        

2016-03-10 Андрей Черепанов 38.7.0-alt2

    - Rebuild with new rpm
        

2016-03-09 Андрей Черепанов 38.7.0-alt1

    - New ESR version
    - Security fixes:
      + MFSA 2016-37 Font vulnerabilities in the Graphite 2 library
      + MFSA 2016-35 Buffer overflow during ASN.1 decoding in NSS
      + MFSA 2016-34 Out-of-bounds read in HTML parser following a failed allocation
      + MFSA 2016-31 Memory corruption with malicious NPAPI plugin
      + MFSA 2016-28 Addressbar spoofing though history navigation and Location protocol property
      + MFSA 2016-27 Use-after-free during XML transformations
      + MFSA 2016-25 Use-after-free when using multiple WebRTC data channels
      + MFSA 2016-24 Use-after-free in SetBody
      + MFSA 2016-23 Use-after-free in HTML5 string parser
      + MFSA 2016-21 Displayed page address can be overridden
      + MFSA 2016-20 Memory leak in libstagefright when deleting an array during MP4 processing
      + MFSA 2016-17 Local file overwriting and potential privilege escalation through CSP reports
      + MFSA 2016-16 Miscellaneous memory safety hazards
      + MFSA 2015-136 Same-origin policy violation using performance.getEntries and history navigation
      + MFSA 2015-81 Use-after-free in MediaStream playback
        

2016-03-09 Андрей Черепанов 38.7.0-alt0.M70P.1

    - Backport new version to p7 branch
        

2016-02-13 Андрей Черепанов 38.6.1-alt0.M70P.1

    - Backport new version to p7 branch
        

2016-02-12 Андрей Черепанов 38.6.1-alt1

    - New ESR version
    - Security fixes:
      + MFSA 2016-14 Vulnerabilities in Graphite 2
        

2016-01-29 Андрей Черепанов 38.6.0-alt0.M70P.1

    - Backport new version to p7 branch
        

2016-01-28 Андрей Черепанов 38.6.0-alt1

    - New ESR version
    - Security fixes:
      + MFSA 2016-03 Buffer overflow in WebGL after out of memory allocation
      + MFSA 2016-01 Miscellaneous memory safety hazards (rv:44.0 / rv:38.6)
      + MFSA 2015-150 MD5 signatures accepted within TLS 1.2 ServerKeyExchange in server signature
        

2015-12-26 Андрей Черепанов 38.5.2-alt1

    - New ESR version
    - Security fixes:
      + MFSA 2015-150 MD5 signatures accepted within TLS 1.2 ServerKeyExchange in server signature
        

2015-12-26 Андрей Черепанов 38.5.2-alt0.M70P.1

    - Backport new version to p7 branch
        

2015-12-22 Андрей Черепанов 38.5.1-alt1

    - New ESR version
        

2015-12-22 Андрей Черепанов 38.5.1-alt0.M70P.1

    - Backport new version to p7 branch
        

2015-12-18 Андрей Черепанов 38.5.0-alt0.M70P.1

    - Backport new version to p7 branch
        

2015-12-16 Андрей Черепанов 38.5.0-alt1

    - New ESR version
    - Security fixes:
      + MFSA 2015-149 Cross-site reading attack through data and view-source URIs
      + MFSA 2015-147 Integer underflow and buffer overflow processing MP4 metadata in libstagefright
      + MFSA 2015-146 Integer overflow in MP4 playback in 64-bit versions
      + MFSA 2015-145 Underflow through code inspection
      + MFSA 2015-139 Integer overflow allocating extremely large textures
      + MFSA 2015-138 Use-after-free in WebRTC when datachannel is used after being destroyed
        

2015-11-11 Андрей Черепанов 38.4.0-alt0.M70P.1

    - Backport new version to p7 branch
        

2015-11-04 Андрей Черепанов 38.4.0-alt1

    - New ESR version
    - Security fixes:
      + MFSA 2015-133 NSS and NSPR memory corruption issues
      + MFSA 2015-132 Mixed content WebSocket policy bypass through workers
      + MFSA 2015-131 Vulnerabilities found through code inspection
      + MFSA 2015-130 JavaScript garbage collection crash with Java applet
      + MFSA 2015-128 Memory corruption in libjar through zip files
      + MFSA 2015-127 CORS preflight is bypassed when non-standard Content-Type headers are received
      + MFSA 2015-123 Buffer overflow during image interactions in canvas
      + MFSA 2015-122 Trailing whitespace in IP address hostnames can bypass same-origin policy
        

2015-09-30 Андрей Черепанов 38.3.0-alt1.M70P.1

    - Backport fix to p7 branch
        

2015-09-28 Андрей Черепанов 38.3.0-alt2

    - Use GStreamer 1.0 (ALT #31305)
        

2015-09-24 Андрей Черепанов 38.3.0-alt0.M70P.1

    - Backport new ESR version to p7 branch
        

2015-09-23 Андрей Черепанов 38.3.0-alt1

    - New ESR version
    - Security fixes:
      + MFSA 2015-113 Memory safety errors in libGLES in the ANGLE graphics library
      + MFSA 2015-112 Vulnerabilities found through code inspection
      + MFSA 2015-111 Errors in the handling of CORS preflight request headers
      + MFSA 2015-110 Dragging and dropping images exposes final URL after redirects
      + MFSA 2015-106 Use-after-free while manipulating HTML media content
      + MFSA 2015-105 Buffer overflow while decoding WebM video
      + MFSA 2015-101 Buffer overflow in libvpx while parsing vp9 format video
      + MFSA 2015-100 Arbitrary file manipulation by local user through Mozilla updater
        

2015-08-30 Андрей Черепанов 38.2.1-alt0.M70P.1

    - Backport new ESR version to p7 branch
        

2015-08-28 Андрей Черепанов 38.2.1-alt1

    - New ESR version
    - Security fixes:
      + MFSA 2015-95 Add-on notification bypass through data URLs
      + MFSA 2015-94 Use-after-free when resizing canvas element during restyling
        

2015-08-16 Андрей Черепанов 38.2.0-alt0.M70P.1

    - Backport new ESR version to p7 branch
        

2015-08-12 Андрей Черепанов 38.2.0-alt1

    - New ESR version
    - Security fixes:
      + MFSA 2015-92 Use-after-free in XMLHttpRequest with shared workers
      + MFSA 2015-90 Vulnerabilities found through code inspection
      + MFSA 2015-89 Buffer overflows on Libvpx when decoding WebM video
      + MFSA 2015-88 Heap overflow in gdk-pixbuf when scaling bitmap images
      + MFSA 2015-87 Crash when using shared memory in JavaScript
      + MFSA 2015-85 Out-of-bounds write with Updater and malicious MAR file
      + MFSA 2015-84 Arbitrary file overwriting through Mozilla Maintenance
        Service with hard links
      + MFSA 2015-83 Overflow issues in libstagefright
      + MFSA 2015-82 Redefinition of non-configurable JavaScript object
        properties
      + MFSA 2015-80 Out-of-bounds read with malformed MP3 file
        

2015-08-11 Андрей Черепанов 38.1.1-alt0.M70P.1

    - Backport new ESR version to p7 branch
        

2015-08-08 Андрей Черепанов 38.1.1-alt1

    - New ESR version
    - Security fixes:
      + MFSA 2015-78 Same origin violation and local file stealing via PDF reader
        

2015-08-07 Андрей Черепанов 38.1.0-alt0.M70P.1

    - Backport new ESR version to p7 branch
        

2015-07-16 Андрей Черепанов 38.1.0-alt1

    - New ESR version
    - Security fixes:
      + MFSA 2015-70 NSS accepts export-length DHE keys with regular DHE cipher suites
      + MFSA 2015-69 Privilege escalation through internal workers
      + MFSA 2015-67 Key pinning is ignored when overridable errors are encountered
      + MFSA 2015-66 Vulnerabilities found through code inspection
      + MFSA 2015-65 Use-after-free in workers while using XMLHttpRequest
      + MFSA 2015-64 ECDSA signature validation fails to handle some signatures correctly
      + MFSA 2015-63 Use-after-free in Content Policy due to microtask execution error
      + MFSA 2015-62 Out-of-bound read while computing an oscillator rendering range in Web Audio
      + MFSA 2015-61 Type confusion in Indexed Database Manager
      + MFSA 2015-60 Local files or privileged URLs in pages can be opened into new tabs
        

2015-06-03 Андрей Черепанов 38.0.1-alt0.M70P.1

    - Backport new ESR version to p7 branch
        

2015-05-25 Андрей Черепанов 38.0.1-alt1

    - New ESR version
    - Security fixes:
      + MFSA 2015-58 Mozilla Windows updater can be run outside of application directory
      + MFSA 2015-57 Privilege escalation through IPC channel messages
      + MFSA 2015-56 Untrusted site hosting trusted page can intercept webchannel responses
      + MFSA 2015-55 Buffer overflow and out-of-bounds read while parsing MP4 video metadata
      + MFSA 2015-54 Buffer overflow when parsing compressed XML
      + MFSA 2015-53 Use-after-free due to Media Decoder Thread creation during shutdown
      + MFSA 2015-52 Sensitive URL encoded information written to Android logcat
      + MFSA 2015-51 Use-after-free during text processing with vertical text enabled
      + MFSA 2015-50 Out-of-bounds read and write in asm.js validation
      + MFSA 2015-49 Referrer policy ignored when links opened by middle-click and context menu
      + MFSA 2015-48 Buffer overflow with SVG content and CSS
      + MFSA 2015-47 Buffer overflow parsing H.264 video with Linux Gstreamer
        

2015-04-02 Андрей Черепанов 31.6.0-alt0.M70P.1

    - New ESR version
    - Security fixes:
      + MFSA 2015-40 Same-origin bypass through anchor navigation
      + MFSA 2015-37 CORS requests should not follow 30x redirections after
        preflight
      + MFSA 2015-33 resource:// documents can load privileged pages
      + MFSA 2015-31 Use-after-free when using the Fluendo MP3 GStreamer
        plugin
        

2015-03-22 Андрей Черепанов 31.5.3-alt1

    - New ESR version
    - Security fixes:
      + MFSA 2015-28 Privilege escalation through SVG navigation
      + MFSA 2015-29 Code execution through incorrect JavaScript bounds
        checking elimination
        

2015-03-22 Андрей Черепанов 31.5.3-alt0.M70P.1

    - Backport new ESR version to p7 branch
        

2015-02-25 Андрей Черепанов 31.5.0-alt1

    - New ESR version
    - Fixed:
      + 2015-24 Reading of local files through manipulation of form
        autocomplete
      + 2015-19 Out-of-bounds read and write while rendering SVG content
      + 2015-16 Use-after-free in IndexedDB
      + 2015-12 Invoking Mozilla updater will load locally stored DLL files
        

2015-02-25 Андрей Черепанов 31.5.0-alt0.M70P.1

    - Backport new ESR version to p7 branch
        

2015-02-01 Андрей Черепанов 31.4.0-alt0.M70P.2

    - New ESR version
    - Package is renamed to firefox-esr
    - Fixed:
      + MFSA 2015-06 Read-after-free in WebRTC
      + MFSA 2015-04 Cookie injection through Proxy Authenticate responses
      + MFSA 2015-03 sendBeacon requests lack an Origin header
        
 
Проект Geyser основан на коде из проекта Prometheus 2.0, который был доступен по лицензии MIT