Fedora 20: firefox Security Update

    Date 21 Apr 2015
    156
    Posted By LinuxSecurity Advisories
    New upstream version - 37.0.1
    --------------------------------------------------------------------------------
    Fedora Update Notification
    FEDORA-2015-5723
    2015-04-08 03:25:44
    --------------------------------------------------------------------------------
    
    Name        : firefox
    Product     : Fedora 20
    Version     : 37.0.1
    Release     : 1.fc20
    URL         : https://www.mozilla.org/projects/firefox/
    Summary     : Mozilla Firefox Web browser
    Description :
    Mozilla Firefox is an open-source web browser, designed for standards
    compliance, performance and portability.
    
    --------------------------------------------------------------------------------
    Update Information:
    
    New upstream version - 37.0.1
    --------------------------------------------------------------------------------
    ChangeLog:
    
    * Tue Apr  7 2015 Martin Stransky  - 37.0.1-1
    - Update to 37.0.1
    * Mon Apr  6 2015 Tom Callaway  - 37.0-4
    - rebuild for libvpx 1.4.0
    * Tue Mar 31 2015 Marcin Juszkiewicz  - 37.0-3
    - Fix build on AArch64 (based on upstream skia changes)
    * Fri Mar 27 2015 Martin Stransky  - 37.0-2
    - Added tooltip patch (mozbz#1144643)
    * Fri Mar 27 2015 Martin Stransky  - 37.0-1
    - Update to 37.0 Build 2
    * Thu Mar 26 2015 Richard Hughes  - 36.0.4-2
    - Add an AppData file for the software center
    * Sat Mar 21 2015 Martin Stransky  - 36.0.4-1
    - Update to 36.0.4
    * Fri Mar 20 2015 Martin Stransky  - 36.0.3-1
    - Update to 36.0.3
    * Tue Mar 17 2015 Martin Stransky  - 36.0.1-6
    - Fixed rhbz#1201527 - [GTK3] Scrollbars in Firefox
      are not consistent with the rest of the desktop
    * Tue Mar 10 2015 Martin Stransky  - 36.0.1-5
    - Arm build fix
    * Mon Mar  9 2015 Jan Horak  - 36.0.1-1
    - Update to 36.0.1
    * Fri Mar  6 2015 Martin Stransky  - 36.0-4
    - ppc64le build fix
    * Thu Mar  5 2015 Martin Stransky  - 36.0-3
    - Added back the removed "-remote" option
    - Fixed rhbz#1198965 - mozilla-xremote-client has been removed,
      langpack installation may be broken
    * Tue Mar  3 2015 Martin Stransky  - 36.0-2
    - Enable Skia for all arches (rhbz#1197007)
    * Fri Feb 20 2015 Jan Horak  - 36.0-1
    - Update to 36.0
    * Mon Feb  9 2015 Martin Stransky  - 35.0.1-5
    - Fixed rhbz#1190774 - update usear agent string for Fedora
    * Wed Feb  4 2015 Petr Machata  - 35.0.1-4
    - Bump for rebuild.
    * Tue Jan 27 2015 Martin Stransky  - 35.0.1-3
    - Backed out the flash click-to-play setup
    * Mon Jan 26 2015 David Tardon  - 35.0.1-2
    - rebuild for ICU 54.1
    * Fri Jan 23 2015 Martin Stransky  - 35.0.1-1
    - New upstream version
    * Thu Jan 22 2015 Martin Stransky  - 35.0-7
    - Updated hiDPI patch to upstream version (mozbz#975919)
    * Thu Jan 22 2015 Martin Stransky  - 35.0-6
    - Disabled flash by default because of 0day live flash exploit
      (see https://isc.sans.edu/diary/Flash+0-Day+Exploit+Used+by+Angler+Exploit+Kit/19213)
    * Mon Jan 19 2015 Martin Stransky  - 35.0-5
    - Enable release build config
    - Gtk3 - added patch for HiDPI support (mozbz#975919)
    * Mon Jan 19 2015 Martin Stransky  - 35.0-4
    - Gtk3 - fixed tabs rendering
    * Wed Jan 14 2015 Martin Stransky  - 35.0-3
    - Gtk3 - replaced obsoleted focus properties
    - Make start.fedoraproject.org the homepage
    * Mon Jan 12 2015 Martin Stransky  - 35.0-2
    - Update to 35.0 Build 3
    - Gtk3 - added fix for button/entry box sizes
    - Gtk3 - added fix for button/entry focus sizes
    - Spec clean-up (by This email address is being protected from spambots. You need JavaScript enabled to view it.)
    * Tue Jan  6 2015 Martin Stransky  - 35.0-1
    - Update to 35.0 Build 1
    * Mon Jan  5 2015 Martin Stransky  - 34.0-12
    - Fixed rhbz#1014858 - GLib-CRITICAL **: g_slice_set_config:
      assertion `sys_page_size == 0' failed
    * Fri Jan  2 2015 Martin Stransky  - 34.0-11
    - Build with system jpeg on rawhide
    - Updated ATK patch for gtk3
    * Tue Dec 23 2014 Martin Stransky  - 34.0-9
    - Added fix for rhbz#1173156 - Native NTLM authentication
      on Linux unsupported
    - Added fix for rhbz#1170109 - data corruption bug on armhfp
    * Sat Dec 13 2014 Martin Stransky  - 34.0-8
    - Gtk3 - Workaround for Firefox freeze when accessibility is enabled
    * Fri Dec 12 2014 Martin Stransky  - 34.0-7
    - Added fix for mozbz#1097592 - Firefox freeze in Gtk3
    * Thu Dec 11 2014 Martin Stransky  - 34.0-6
    - Disabled Gtk3 on Fedora 21 and earlier (rhbz#1172926)
    * Wed Dec 10 2014 Martin Stransky  - 34.0-5
    - Disabled flash plugin instllation pop-up (mozbz#1108645)
    * Mon Dec  8 2014 Jiri Vanek   - 34.0-4
    - added and applied patch218, java-plugin-url.patch
    - fixed url for java plugin installation guide
    - resolves rhbz#979985
    * Mon Dec  8 2014 Martin Stransky  - 34.0-3
    - Gtk3 flash plugin fix (rhbz#1171457)
    - Gtk3 theme fixes
    * Wed Dec  3 2014 Jan Horak  - 34.0-2
    - Fix for mozbz#1097550 - wrong default dictionary
    * Mon Dec  1 2014 Martin Stransky  - 34.0-1
    - Update to 34.0 build 2
    * Thu Nov 13 2014 Martin Stransky  - 33.1-2
    - Disabled downloads non-free OpenH264 blob on first start
      (rhbz#1155499)
    * Tue Nov 11 2014 Martin Stransky  - 33.1-1
    - Update to 33.1 build 3
    * Mon Nov 10 2014 Martin Stransky  - 33.0-5
    - Fixed rhbz#1161110 - /usr/bin/firefox should not mess with TMPDIR
    * Tue Nov  4 2014 Martin Stransky  - 33.0-4
    - Do not use system libjpeg-turbo on rawhide
    * Mon Nov  3 2014 Martin Stransky  - 33.0-3
    - Added Gtk3 support
    * Wed Oct 15 2014 Martin Stransky  - 33.0-2
    - Added patches from mozbz#858919
    * Tue Oct 14 2014 Martin Stransky  - 33.0-1
    - Update to 33.0 build 2
    * Fri Sep 19 2014 Jan Horak  - 32.0.2-2
    - Added support for Mozilla tests
    * Thu Sep 18 2014 Martin Stransky  - 32.0.2-1
    - Update to 32.0.2 build 1
    * Tue Sep 16 2014 Martin Stransky  - 32.0.1-2
    - disable baseline JIT on i686 (rhbz#1047079)
    * Mon Sep 15 2014 Martin Stransky  - 32.0.1-1
    - Update to 32.0.1 build 2
    - Patch from rhbz#1140157
    * Wed Sep 10 2014 Jan Horak  - 32.0-2
    - Fix for geolocation API (rhbz#1063739)
    * Tue Aug 26 2014 Martin Stransky  - 32.0-1
    - Update to 32.0 build 1
    * Tue Aug 26 2014 David Tardon  - 31.0-4
    - rebuild for ICU 53.1
    * Sat Aug 16 2014 Fedora Release Engineering  - 31.0-3
    - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
    * Wed Jul 30 2014 Martin Stransky  - 31.0-2
    - Added patch for mozbz#858919
    * Thu Jul 17 2014 Martin Stransky  - 31.0-1
    - Update to 31.0 build 2
    * Wed Jun 11 2014 Martin Stransky  - 30.0-4
    - Updated NSPR version
    * Sat Jun  7 2014 Fedora Release Engineering  - 30.0-3
    - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
    * Thu Jun  5 2014 Martin Stransky  - 30.0-2
    - Enable gstreamer 1.0
    * Wed Jun  4 2014 Martin Stransky  - 30.0-1
    - Update to 30.0 build 1
    * Fri May 23 2014 Martin Stransky  - 29.0.1-5
    - Added a build fix for ppc64 - rhbz#1100495
    * Tue May 20 2014 Martin Stransky  - 29.0.1-4
    - Enabled necko-wifi
    * Thu May 15 2014 Peter Robinson  29.0.1-3
    - Add upstream patches for aarch64 support
    * Thu May 15 2014 Martin Stransky  - 29.0.1-2
    - Fixed rhbz#1098090 - Enable plugin-container for nspluginwrapper
    * Wed May 14 2014 Martin Stransky  - 29.0.1-1
    - Update to 29.0.1
    * Mon Apr 28 2014 Martin Stransky  - 29.0-5
    - An updated ppc64le patch (rhbz#1091054)
    * Mon Apr 28 2014 Martin Stransky  - 29.0-4
    - Arm build fixes
    * Fri Apr 25 2014 Martin Stransky  - 29.0-3
    - Build with system ICU
    * Thu Apr 24 2014 Martin Stransky  - 29.0-2
    - Removed unused patch
    * Tue Apr 22 2014 Martin Stransky  - 29.0-1
    - Update to 29.0 Build 1
    * Tue Apr  8 2014 Jan Horak  - 28.0-4
    - Support for ppc64le architecture
    * Wed Mar 19 2014 Martin Stransky  - 28.0-3
    - Arm build fix
    * Wed Mar 19 2014 Martin Stransky  - 28.0-2
    - NSS version up, disable arm for now
    * Tue Mar 18 2014 Martin Stransky  - 28.0-1
    - Update to 28.0
    * Thu Mar  6 2014 Martin Stransky  - 27.0.1-2
    - Removed needless build patch
    * Mon Feb 24 2014 Martin Stransky  - 27.0.1-1
    - Update to 27.0.1
    * Mon Feb  3 2014 Martin Stransky  - 27.0-1
    - Update to 27.0
    * Thu Jan 30 2014 Jan Horak  - 26.0-7
    - Set default homepage to about:newtab and make start.fedoraproject.org page pinned on it
    - Disable system cairo because of rhbz#1059076
    * Mon Jan 20 2014 Jan Horak  - 26.0-6
    - Fixed langpack installation
    * Thu Jan  9 2014 Jan Horak  - 26.0-5
    - Build standalone firefox package without dependency on xulrunner
    * Tue Dec 17 2013 Martin Stransky  - 26.0-4
    - Added fix for rhbz#1007603 - NSS and cert9 (sql): firefox crash
      on exit with https-everywhere installed (edit)
    * Fri Dec 13 2013 Martin Stransky  - 26.0-3
    - Build with -Werror=format-security (rhbz#1037063)
    * Mon Dec  9 2013 Martin Stransky  - 26.0-2
    - Update to 26.0 Build 2
    --------------------------------------------------------------------------------
    
    This update can be installed with the "yum" update program.  Use
    su -c 'yum update firefox' at the command line.
    For more information, refer to "Managing Software with yum",
    available at https://docs.fedoraproject.org/yum/.
    
    All packages are signed with the Fedora Project GPG key.  More details on the
    GPG keys used by the Fedora Project can be found at
    https://fedoraproject.org/keys
    --------------------------------------------------------------------------------
    _______________________________________________
    package-announce mailing list
    This email address is being protected from spambots. You need JavaScript enabled to view it.
    https://admin.fedoraproject.org/mailman/listinfo/package-announce
    

    LinuxSecurity Poll

    Do you feel that the Lawful Access to Encrypted Data Act, which aims to force encryption backdoors, is a threat to US citizens' privacy?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/30-do-you-feel-that-the-lawful-access-to-encrypted-data-act-which-aims-to-force-encryption-backdoors-is-a-threat-to-privacy?task=poll.vote&format=json
    30
    radio
    [{"id":"106","title":"Yes - I am a privacy advocate and I am strongly opposed to this bill.","votes":"19","type":"x","order":"1","pct":95,"resources":[]},{"id":"107","title":"I'm undecided - it has its pros and cons.","votes":"1","type":"x","order":"2","pct":5,"resources":[]},{"id":"108","title":"No - I support this bill and feel that it will help protect against crime and threats to our national security. ","votes":"0","type":"x","order":"3","pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
    bottom 200

    Advisories

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.