This is an automated email from the git hooks/post-receive script. x2go pushed a commit to branch master in repository pale-moon. commit 71e28cb01e54b0ed7105154da543980de09d12bd Author: Mihai Moldovan <ionic@ionic.de> Date: Sat Sep 29 03:50:39 2018 +0200 debian: sync directory with Steven Pusser's palemoon_27.9.4~repack-1 version. --- debian/README.7z-source | 12 ------------ debian/changelog | 42 +++++++++++++++++++++++++++++++++++++++++- 2 files changed, 41 insertions(+), 13 deletions(-) diff --git a/debian/README.7z-source b/debian/README.7z-source deleted file mode 100644 index c916e90..0000000 --- a/debian/README.7z-source +++ /dev/null @@ -1,12 +0,0 @@ -If you obtain the source in a 7z archive, it does not support Linux permissions. -In order to compile it, and create a source tarball, extract the archive, run - -chmod -R 777 <extracted-source-directory> - -and then recompress the source into an approved Debian tarball format. - -Make sure to add a "~repack" to the versioning and the orig tarball to label it -as repacked. - -Currently the tar.gz tarballs from the github releases don't require this, but -a tar.xz repack will save considerable bandwidth. diff --git a/debian/changelog b/debian/changelog index ec1a696..12bed3c 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,43 @@ +palemoon (27.9.4~repack-1) obs; urgency=medium + + * Import new upstream 27.9.4 release. + - Updated the useragent for addons.mozilla.org to work around their "Only + with Firefox" discrimination preventing users from downloading themes, old + versions of extensions, and other files with Pale Moon. + - Restricted web access to the moz-icon:// scheme that could potentially be + abused to infringe the user's privacy. + - Prevented various location-based threats. DiD + - Fixed a potential vulnerability with plugins being redirected to different + origins (CVE-2018-12364). + - Improved the security check for launching executable files + (by association) on Windows from the browser. For users who have (most + likely accidentally) granted a system-wide waiver for opening these kinds + of files without being prompted, this permission has been reset. + - Fixed an issue with invalid qcms transforms (CVE-2018-12366). + - Fixed a buffer overflow using the computed size of canvas elements + (CVE-2018-12359). + - Fixed a use-after-free when using focus() (CVE-2018-12360). + - Added some sanity checks on nsMozIconURI. DiD + - Fixed an issue in the case the preferences file in the profile would not be + writable (e.g. temporary permission issues due to backup, virus scanning or + similar external processes). + + -- Steven Pusser <stevep@mxlinux.org> Wed, 11 Jul 2018 13:59:46 -0700 + +palemoon (27.9.3~repack-1~mx17+1) mx; urgency=medium + + * New upstream security update: + + - Changes/fixes: + - (CVE-2017-0381) Ported a patch from libopus upstream. Note, contrary to + that report, the libopus maintainers state they don't believe remote + code execution was possible, so this was not a critical patch. + - Fixed an issue with task counting in JS GC. + - Fixed a use-after-free in DOMProxyHandler::EnsureExpandoObject (thanks + to Berk Cem Göksel for reporting). + + -- Steven Pusser <stevep@mxlinux.org> Tue, 12 Jun 2018 11:12:06 -0700 + palemoon (27.9.2~repack-1-0x2go1) UNRELEASED; urgency=medium [ Mihai Moldovan ] @@ -288,7 +328,7 @@ palemoon (27.9.2~repack-1-0x2go1) UNRELEASED; urgency=medium -- Mihai Moldovan <ionic@ionic.de> Mon, 28 May 2018 03:44:10 +0200 -palemoon (27.9.2~repack-1) obs; urgency=medium +palemoon (27.9.2~repack-1~mx17+1) mx; urgency=medium * New upstream security and stability update: -- Alioth's /home/x2go-admin/maintenancescripts/git/hooks/post-receive-email on /srv/git/code.x2go.org/pale-moon.git