openSUSE Security Update: update for MozillaFirefox, MozillaThunderbird,
mozilla-nspr, mozilla-nss, seamonkey, xulrunner
______________________________________________________________________________
Announcement ID: openSUSE-SU-2013:1348-1
Rating: important
References: #833389
Cross-References: CVE-2013-1701 CVE-2013-1702 CVE-2013-1704
CVE-2013-1705 CVE-2013-1708 CVE-2013-1709
CVE-2013-1710 CVE-2013-1711 CVE-2013-1713
CVE-2013-1714 CVE-2013-1717
Affected Products:
openSUSE 12.3
openSUSE 12.2
______________________________________________________________________________
An update that fixes 11 vulnerabilities is now available.
Description:
Changes in seamonkey:
- update to SeaMonkey 2.20 (bnc#833389)
* MFSA 2013-63/CVE-2013-1701/CVE-2013-1702 Miscellaneous
memory safety hazards
* MFSA 2013-64/CVE-2013-1704 (bmo#883313) Use after free
mutating DOM during SetBody
* MFSA 2013-65/CVE-2013-1705 (bmo#882865) Buffer
underflow when generating CRMF requests
* MFSA 2013-67/CVE-2013-1708 (bmo#879924) Crash during
WAV audio file decoding
* MFSA 2013-68/CVE-2013-1709 (bmo#838253) Document URI
misrepresentation and masquerading
* MFSA 2013-69/CVE-2013-1710 (bmo#871368) CRMF requests
allow for code execution and XSS attacks
* MFSA 2013-70/CVE-2013-1711 (bmo#843829) Bypass of
XrayWrappers using XBL Scopes
* MFSA 2013-72/CVE-2013-1713 (bmo#887098) Wrong principal
used for validating URI for some Javascript components
* MFSA 2013-73/CVE-2013-1714 (bmo#879787) Same-origin
bypass with web workers and XMLHttpRequest
* MFSA 2013-75/CVE-2013-1717 (bmo#406541, bmo#738397)
Local Java applets may read contents of local file
system
- requires NSPR 4.10 and NSS 3.15
- removed obsolete seamonkey-shared-nss-db.patch
Changes in seamonkey:
- update to SeaMonkey 2.20 (bnc#833389)
* MFSA 2013-63/CVE-2013-1701/CVE-2013-1702 Miscellaneous
memory safety hazards
* MFSA 2013-64/CVE-2013-1704 (bmo#883313) Use after free
mutating DOM during SetBody
* MFSA 2013-65/CVE-2013-1705 (bmo#882865) Buffer
underflow when generating CRMF requests
* MFSA 2013-67/CVE-2013-1708 (bmo#879924) Crash during
WAV audio file decoding
* MFSA 2013-68/CVE-2013-1709 (bmo#838253) Document URI
misrepresentation and masquerading
* MFSA 2013-69/CVE-2013-1710 (bmo#871368) CRMF requests
allow for code execution and XSS attacks
* MFSA 2013-70/CVE-2013-1711 (bmo#843829) Bypass of
XrayWrappers using XBL Scopes
* MFSA 2013-72/CVE-2013-1713 (bmo#887098) Wrong principal
used for validating URI for some Javascript components
* MFSA 2013-73/CVE-2013-1714 (bmo#879787) Same-origin
bypass with web workers and XMLHttpRequest
* MFSA 2013-75/CVE-2013-1717 (bmo#406541, bmo#738397)
Local Java applets may read contents of local file
system
- requires NSPR 4.10 and NSS 3.15
- removed obsolete seamonkey-shared-nss-db.patch
Changes in xulrunner:
- update to 17.0.8esr (bnc#833389)
* MFSA 2013-63/CVE-2013-1701 Miscellaneous memory safety
hazards
* MFSA 2013-68/CVE-2013-1709 (bmo#838253) Document URI
misrepresentation and masquerading
* MFSA 2013-69/CVE-2013-1710 (bmo#871368) CRMF requests
allow for code execution and XSS attacks
* MFSA 2013-72/CVE-2013-1713 (bmo#887098) Wrong principal
used for validating URI for some Javascript components
* MFSA 2013-73/CVE-2013-1714 (bmo#879787) Same-origin
bypass with web workers and XMLHttpRequest
* MFSA 2013-75/CVE-2013-1717 (bmo#406541, bmo#738397)
Local Java applets may read contents of local file
system
Changes in xulrunner:
- update to 17.0.8esr (bnc#833389)
* MFSA 2013-63/CVE-2013-1701 Miscellaneous memory safety
hazards
* MFSA 2013-68/CVE-2013-1709 (bmo#838253) Document URI
misrepresentation and masquerading
* MFSA 2013-69/CVE-2013-1710 (bmo#871368) CRMF requests
allow for code execution and XSS attacks
* MFSA 2013-72/CVE-2013-1713 (bmo#887098) Wrong principal
used for validating URI for some Javascript components
* MFSA 2013-73/CVE-2013-1714 (bmo#879787) Same-origin
bypass with web workers and XMLHttpRequest
* MFSA 2013-75/CVE-2013-1717 (bmo#406541, bmo#738397)
Local Java applets may read contents of local file
system
Changes in MozillaThunderbird:
- update to Thunderbird 17.0.8 (bnc#833389)
* MFSA 2013-63/CVE-2013-1701 Miscellaneous memory safety
hazards
* MFSA 2013-68/CVE-2013-1709 (bmo#838253) Document URI
misrepresentation and masquerading
* MFSA 2013-69/CVE-2013-1710 (bmo#871368) CRMF requests
allow for code execution and XSS attacks
* MFSA 2013-72/CVE-2013-1713 (bmo#887098) Wrong principal
used for validating URI for some Javascript components
* MFSA 2013-73/CVE-2013-1714 (bmo#879787) Same-origin
bypass with web workers and XMLHttpRequest
* MFSA 2013-75/CVE-2013-1717 (bmo#406541, bmo#738397)
Local Java applets may read contents of local file
system
- update Enigmail to 1.5.2
* bugfix release
Changes in MozillaThunderbird:
- update to Thunderbird 17.0.8 (bnc#833389)
* MFSA 2013-63/CVE-2013-1701 Miscellaneous memory safety
hazards
* MFSA 2013-68/CVE-2013-1709 (bmo#838253) Document URI
misrepresentation and masquerading
* MFSA 2013-69/CVE-2013-1710 (bmo#871368) CRMF requests
allow for code execution and XSS attacks
* MFSA 2013-72/CVE-2013-1713 (bmo#887098) Wrong principal
used for validating URI for some Javascript components
* MFSA 2013-73/CVE-2013-1714 (bmo#879787) Same-origin
bypass with web workers and XMLHttpRequest
* MFSA 2013-75/CVE-2013-1717 (bmo#406541, bmo#738397)
Local Java applets may read contents of local file
system
- update Enigmail to 1.5.2
* bugfix release
Changes in mozilla-nss:
- fix 32bit requirement, it's without () actually
- update to 3.15.1
* TLS 1.2 (RFC 5246) is supported. HMAC-SHA256 cipher
suites (RFC 5246 and RFC 5289) are supported, allowing
TLS to be used without MD5 and SHA-1. Note the
following limitations: The hash function used in the
signature for TLS 1.2 client authentication must be the
hash function of the TLS 1.2 PRF, which is always
SHA-256 in NSS 3.15.1. AES GCM cipher suites are not
yet supported.
* some bugfixes and improvements
- require libnssckbi instead of mozilla-nss-certs so
p11-kit can conflict with the latter (fate#314991)
- update to 3.15
* Packaging
+ removed obsolete patches
* nss-disable-expired-testcerts.patch
* bug-834091.patch
* New Functionality
+ Support for OCSP Stapling (RFC 6066, Certificate
Status Request) has been added for both client and server
sockets. TLS client applications may enable this via a call
to SSL_OptionSetDefault(SSL_ENABLE_OCSP_STAPLING, PR_TRUE);
+ Added function SECITEM_ReallocItemV2. It replaces
function SECITEM_ReallocItem, which is now declared as
obsolete.
+ Support for single-operation (eg: not multi-part)
symmetric key encryption and decryption, via PK11_Encrypt
and PK11_Decrypt.
+ certutil has been updated to support creating name
constraints extensions.
* New Functions in ssl.h SSL_PeerStapledOCSPResponse -
Returns the server's stapled OCSP response, when used
with a TLS client socket that negotiated the
status_request extension. SSL_SetStapledOCSPResponses -
Set's a stapled OCSP response for a TLS server socket
to return when clients send the status_request
extension. in ocsp.h CERT_PostOCSPRequest - Primarily
intended for testing, permits the sending and receiving
of raw OCSP request/responses. in secpkcs7.h
SEC_PKCS7VerifyDetachedSignatureAtTime - Verifies a
PKCS#7 signature at a specific time other than the
present time. in xconst.h
CERT_EncodeNameConstraintsExtension - Matching function
for CERT_DecodeNameConstraintsExtension, added in NSS
3.10. in secitem.h SECITEM_AllocArray SECITEM_DupArray
SECITEM_FreeArray SECITEM_ZfreeArray - Utility
functions to handle the allocation and deallocation of
SECItemArrays SECITEM_ReallocItemV2 - Replaces
SECITEM_ReallocItem, which is now obsolete.
SECITEM_ReallocItemV2 better matches caller
expectations, in that it updates item->len on
allocation. For more details of the issues with
SECITEM_ReallocItem, see Bug 298649 and Bug 298938. in
pk11pub.h PK11_Decrypt - Performs decryption as a
single PKCS#11 operation (eg: not multi-part). This is
necessary for AES-GCM. PK11_Encrypt - Performs
encryption as a single PKCS#11 operation (eg: not
multi-part). This is necessary for AES-GCM.
* New Types in secitem.h SECItemArray - Represents a
variable-length array of SECItems.
* New Macros in ssl.h SSL_ENABLE_OCSP_STAPLING - Used
with SSL_OptionSet to configure TLS client sockets to
request the certificate_status extension (eg: OCSP
stapling) when set to PR_TRUE
* Notable changes
+ SECITEM_ReallocItem is now deprecated. Please
consider using SECITEM_ReallocItemV2 in all future code.
+ The list of root CA certificates in the nssckbi
module has been updated.
+ The default implementation of SSL_AuthCertificate has
been updated to add certificate status responses stapled by
the TLS server to the OCSP cache.
* a lot of bugfixes
- Add Source URL, see https://en.opensuse.org/SourceUrls
Changes in mozilla-nss:
- fix 32bit requirement, it's without () actually
- update to 3.15.1
* TLS 1.2 (RFC 5246) is supported. HMAC-SHA256 cipher
suites (RFC 5246 and RFC 5289) are supported, allowing
TLS to be used without MD5 and SHA-1. Note the
following limitations: The hash function used in the
signature for TLS 1.2 client authentication must be the
hash function of the TLS 1.2 PRF, which is always
SHA-256 in NSS 3.15.1. AES GCM cipher suites are not
yet supported.
* some bugfixes and improvements
- require libnssckbi instead of mozilla-nss-certs so
p11-kit can conflict with the latter (fate#314991)
- update to 3.15
* Packaging
+ removed obsolete patches
* nss-disable-expired-testcerts.patch
* bug-834091.patch
* New Functionality
+ Support for OCSP Stapling (RFC 6066, Certificate
Status Request) has been added for both client and server
sockets. TLS client applications may enable this via a call
to SSL_OptionSetDefault(SSL_ENABLE_OCSP_STAPLING, PR_TRUE);
+ Added function SECITEM_ReallocItemV2. It replaces
function SECITEM_ReallocItem, which is now declared as
obsolete.
+ Support for single-operation (eg: not multi-part)
symmetric key encryption and decryption, via PK11_Encrypt
and PK11_Decrypt.
+ certutil has been updated to support creating name
constraints extensions.
* New Functions in ssl.h SSL_PeerStapledOCSPResponse -
Returns the server's stapled OCSP response, when used
with a TLS client socket that negotiated the
status_request extension. SSL_SetStapledOCSPResponses -
Set's a stapled OCSP response for a TLS server socket
to return when clients send the status_request
extension. in ocsp.h CERT_PostOCSPRequest - Primarily
intended for testing, permits the sending and receiving
of raw OCSP request/responses. in secpkcs7.h
SEC_PKCS7VerifyDetachedSignatureAtTime - Verifies a
PKCS#7 signature at a specific time other than the
present time. in xconst.h
CERT_EncodeNameConstraintsExtension - Matching function
for CERT_DecodeNameConstraintsExtension, added in NSS
3.10. in secitem.h SECITEM_AllocArray SECITEM_DupArray
SECITEM_FreeArray SECITEM_ZfreeArray - Utility
functions to handle the allocation and deallocation of
SECItemArrays SECITEM_ReallocItemV2 - Replaces
SECITEM_ReallocItem, which is now obsolete.
SECITEM_ReallocItemV2 better matches caller
expectations, in that it updates item->len on
allocation. For more details of the issues with
SECITEM_ReallocItem, see Bug 298649 and Bug 298938. in
pk11pub.h PK11_Decrypt - Performs decryption as a
single PKCS#11 operation (eg: not multi-part). This is
necessary for AES-GCM. PK11_Encrypt - Performs
encryption as a single PKCS#11 operation (eg: not
multi-part). This is necessary for AES-GCM.
* New Types in secitem.h SECItemArray - Represents a
variable-length array of SECItems.
* New Macros in ssl.h SSL_ENABLE_OCSP_STAPLING - Used
with SSL_OptionSet to configure TLS client sockets to
request the certificate_status extension (eg: OCSP
stapling) when set to PR_TRUE
* Notable changes
+ SECITEM_ReallocItem is now deprecated. Please
consider using SECITEM_ReallocItemV2 in all future code.
+ The list of root CA certificates in the nssckbi
module has been updated.
+ The default implementation of SSL_AuthCertificate has
been updated to add certificate status responses stapled by
the TLS server to the OCSP cache.
* a lot of bugfixes
- Add Source URL, see https://en.opensuse.org/SourceUrls
Changes in mozilla-nspr:
- update to version 4.10
* bmo#844513: Add AddressSanitizer (ASan) memory check
annotations to PLArena.
* bmo#849089: Simple changes to make NSPR's configure.in
work with the current version of autoconf.
* bmo#856196: Fix compiler warnings and clean up code in
NSPR 4.10.
* bmo#859066: Fix warning in
nsprpub/pr/src/misc/prnetdb.c.
* bmo#859830: Deprecate ANDROID_VERSION in favor of
android/api-level.h.
* bmo#861434: Make PR_SetThreadPriority() change
priorities relatively to the main process instead of
using absolute values on Linux.
* bmo#871064L: _PR_InitThreads() should not call
PR_SetThreadPriority.
Changes in mozilla-nspr:
- update to version 4.10
* bmo#844513: Add AddressSanitizer (ASan) memory check
annotations to PLArena.
* bmo#849089: Simple changes to make NSPR's configure.in
work with the current version of autoconf.
* bmo#856196: Fix compiler warnings and clean up code in
NSPR 4.10.
* bmo#859066: Fix warning in
nsprpub/pr/src/misc/prnetdb.c.
* bmo#859830: Deprecate ANDROID_VERSION in favor of
android/api-level.h.
* bmo#861434: Make PR_SetThreadPriority() change
priorities relatively to the main process instead of
using absolute values on Linux.
* bmo#871064L: _PR_InitThreads() should not call
PR_SetThreadPriority.
Changes in MozillaFirefox:
- update to Firefox 23.0 (bnc#833389)
* MFSA 2013-63/CVE-2013-1701/CVE-2013-1702 Miscellaneous
memory safety hazards
* MFSA 2013-64/CVE-2013-1704 (bmo#883313) Use after free
mutating DOM during SetBody
* MFSA 2013-65/CVE-2013-1705 (bmo#882865) Buffer
underflow when generating CRMF requests
* MFSA 2013-67/CVE-2013-1708 (bmo#879924) Crash during
WAV audio file decoding
* MFSA 2013-68/CVE-2013-1709 (bmo#838253) Document URI
misrepresentation and masquerading
* MFSA 2013-69/CVE-2013-1710 (bmo#871368) CRMF requests
allow for code execution and XSS attacks
* MFSA 2013-70/CVE-2013-1711 (bmo#843829) Bypass of
XrayWrappers using XBL Scopes
* MFSA 2013-72/CVE-2013-1713 (bmo#887098) Wrong principal
used for validating URI for some Javascript components
* MFSA 2013-73/CVE-2013-1714 (bmo#879787) Same-origin
bypass with web workers and XMLHttpRequest
* MFSA 2013-75/CVE-2013-1717 (bmo#406541, bmo#738397)
Local Java applets may read contents of local file
system
- requires NSPR 4.10 and NSS 3.15
- fix build on ARM (/-g/ matches /-grecord-switches/)
Changes in MozillaFirefox:
- update to Firefox 23.0 (bnc#833389)
* MFSA 2013-63/CVE-2013-1701/CVE-2013-1702 Miscellaneous
memory safety hazards
* MFSA 2013-64/CVE-2013-1704 (bmo#883313) Use after free
mutating DOM during SetBody
* MFSA 2013-65/CVE-2013-1705 (bmo#882865) Buffer
underflow when generating CRMF requests
* MFSA 2013-67/CVE-2013-1708 (bmo#879924) Crash during
WAV audio file decoding
* MFSA 2013-68/CVE-2013-1709 (bmo#838253) Document URI
misrepresentation and masquerading
* MFSA 2013-69/CVE-2013-1710 (bmo#871368) CRMF requests
allow for code execution and XSS attacks
* MFSA 2013-70/CVE-2013-1711 (bmo#843829) Bypass of
XrayWrappers using XBL Scopes
* MFSA 2013-72/CVE-2013-1713 (bmo#887098) Wrong principal
used for validating URI for some Javascript components
* MFSA 2013-73/CVE-2013-1714 (bmo#879787) Same-origin
bypass with web workers and XMLHttpRequest
* MFSA 2013-75/CVE-2013-1717 (bmo#406541, bmo#738397)
Local Java applets may read contents of local file
system
- requires NSPR 4.10 and NSS 3.15
- fix build on ARM (/-g/ matches /-grecord-switches/)
Patch Instructions:
To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- openSUSE 12.3:
zypper in -t patch openSUSE-2013-652
- openSUSE 12.2:
zypper in -t patch openSUSE-2013-652
To bring your system up-to-date, use "zypper patch".
Package List:
- openSUSE 12.3 (i586 x86_64):
MozillaFirefox-23.0-1.29.1
MozillaFirefox-branding-upstream-23.0-1.29.1
MozillaFirefox-buildsymbols-23.0-1.29.1
MozillaFirefox-debuginfo-23.0-1.29.1
MozillaFirefox-debugsource-23.0-1.29.1
MozillaFirefox-devel-23.0-1.29.1
MozillaFirefox-translations-common-23.0-1.29.1
MozillaFirefox-translations-other-23.0-1.29.1
MozillaThunderbird-17.0.8-61.21.2
MozillaThunderbird-buildsymbols-17.0.8-61.21.2
MozillaThunderbird-debuginfo-17.0.8-61.21.2
MozillaThunderbird-debugsource-17.0.8-61.21.2
MozillaThunderbird-devel-17.0.8-61.21.2
MozillaThunderbird-devel-debuginfo-17.0.8-61.21.2
MozillaThunderbird-translations-common-17.0.8-61.21.2
MozillaThunderbird-translations-other-17.0.8-61.21.2
enigmail-1.5.2+17.0.8-61.21.2
enigmail-debuginfo-1.5.2+17.0.8-61.21.2
libfreebl3-3.15.1-1.12.1
libfreebl3-debuginfo-3.15.1-1.12.1
libsoftokn3-3.15.1-1.12.1
libsoftokn3-debuginfo-3.15.1-1.12.1
mozilla-js-17.0.8-1.24.1
mozilla-js-debuginfo-17.0.8-1.24.1
mozilla-nspr-4.10-1.14.1
mozilla-nspr-debuginfo-4.10-1.14.1
mozilla-nspr-debugsource-4.10-1.14.1
mozilla-nspr-devel-4.10-1.14.1
mozilla-nss-3.15.1-1.12.1
mozilla-nss-certs-3.15.1-1.12.1
mozilla-nss-certs-debuginfo-3.15.1-1.12.1
mozilla-nss-debuginfo-3.15.1-1.12.1
mozilla-nss-debugsource-3.15.1-1.12.1
mozilla-nss-devel-3.15.1-1.12.1
mozilla-nss-sysinit-3.15.1-1.12.1
mozilla-nss-sysinit-debuginfo-3.15.1-1.12.1
mozilla-nss-tools-3.15.1-1.12.1
mozilla-nss-tools-debuginfo-3.15.1-1.12.1
seamonkey-2.20-1.16.1
seamonkey-debuginfo-2.20-1.16.1
seamonkey-debugsource-2.20-1.16.1
seamonkey-dom-inspector-2.20-1.16.1
seamonkey-irc-2.20-1.16.1
seamonkey-translations-common-2.20-1.16.1
seamonkey-translations-other-2.20-1.16.1
seamonkey-venkman-2.20-1.16.1
xulrunner-17.0.8-1.24.1
xulrunner-buildsymbols-17.0.8-1.24.1
xulrunner-debuginfo-17.0.8-1.24.1
xulrunner-debugsource-17.0.8-1.24.1
xulrunner-devel-17.0.8-1.24.1
xulrunner-devel-debuginfo-17.0.8-1.24.1
- openSUSE 12.3 (x86_64):
libfreebl3-32bit-3.15.1-1.12.1
libfreebl3-debuginfo-32bit-3.15.1-1.12.1
libsoftokn3-32bit-3.15.1-1.12.1
libsoftokn3-debuginfo-32bit-3.15.1-1.12.1
mozilla-js-32bit-17.0.8-1.24.1
mozilla-js-debuginfo-32bit-17.0.8-1.24.1
mozilla-nspr-32bit-4.10-1.14.1
mozilla-nspr-debuginfo-32bit-4.10-1.14.1
mozilla-nss-32bit-3.15.1-1.12.1
mozilla-nss-certs-32bit-3.15.1-1.12.1
mozilla-nss-certs-debuginfo-32bit-3.15.1-1.12.1
mozilla-nss-debuginfo-32bit-3.15.1-1.12.1
mozilla-nss-sysinit-32bit-3.15.1-1.12.1
mozilla-nss-sysinit-debuginfo-32bit-3.15.1-1.12.1
xulrunner-32bit-17.0.8-1.24.1
xulrunner-debuginfo-32bit-17.0.8-1.24.1
- openSUSE 12.2 (i586 x86_64):
MozillaFirefox-23.0-2.55.1
MozillaFirefox-branding-upstream-23.0-2.55.1
MozillaFirefox-buildsymbols-23.0-2.55.1
MozillaFirefox-debuginfo-23.0-2.55.1
MozillaFirefox-debugsource-23.0-2.55.1
MozillaFirefox-devel-23.0-2.55.1
MozillaFirefox-translations-common-23.0-2.55.1
MozillaFirefox-translations-other-23.0-2.55.1
MozillaThunderbird-17.0.8-49.51.2
MozillaThunderbird-buildsymbols-17.0.8-49.51.2
MozillaThunderbird-debuginfo-17.0.8-49.51.2
MozillaThunderbird-debugsource-17.0.8-49.51.2
MozillaThunderbird-devel-17.0.8-49.51.2
MozillaThunderbird-devel-debuginfo-17.0.8-49.51.2
MozillaThunderbird-translations-common-17.0.8-49.51.2
MozillaThunderbird-translations-other-17.0.8-49.51.2
enigmail-1.5.2+17.0.8-49.51.2
enigmail-debuginfo-1.5.2+17.0.8-49.51.2
libfreebl3-3.15.1-2.23.1
libfreebl3-debuginfo-3.15.1-2.23.1
libsoftokn3-3.15.1-2.23.1
libsoftokn3-debuginfo-3.15.1-2.23.1
mozilla-js-17.0.8-2.50.1
mozilla-js-debuginfo-17.0.8-2.50.1
mozilla-nspr-4.10-1.16.1
mozilla-nspr-debuginfo-4.10-1.16.1
mozilla-nspr-debugsource-4.10-1.16.1
mozilla-nspr-devel-4.10-1.16.1
mozilla-nss-3.15.1-2.23.1
mozilla-nss-certs-3.15.1-2.23.1
mozilla-nss-certs-debuginfo-3.15.1-2.23.1
mozilla-nss-debuginfo-3.15.1-2.23.1
mozilla-nss-debugsource-3.15.1-2.23.1
mozilla-nss-devel-3.15.1-2.23.1
mozilla-nss-sysinit-3.15.1-2.23.1
mozilla-nss-sysinit-debuginfo-3.15.1-2.23.1
mozilla-nss-tools-3.15.1-2.23.1
mozilla-nss-tools-debuginfo-3.15.1-2.23.1
seamonkey-2.20-2.46.1
seamonkey-debuginfo-2.20-2.46.1
seamonkey-debugsource-2.20-2.46.1
seamonkey-dom-inspector-2.20-2.46.1
seamonkey-irc-2.20-2.46.1
seamonkey-translations-common-2.20-2.46.1
seamonkey-translations-other-2.20-2.46.1
seamonkey-venkman-2.20-2.46.1
xulrunner-17.0.8-2.50.1
xulrunner-buildsymbols-17.0.8-2.50.1
xulrunner-debuginfo-17.0.8-2.50.1
xulrunner-debugsource-17.0.8-2.50.1
xulrunner-devel-17.0.8-2.50.1
xulrunner-devel-debuginfo-17.0.8-2.50.1
- openSUSE 12.2 (x86_64):
libfreebl3-32bit-3.15.1-2.23.1
libfreebl3-debuginfo-32bit-3.15.1-2.23.1
libsoftokn3-32bit-3.15.1-2.23.1
libsoftokn3-debuginfo-32bit-3.15.1-2.23.1
mozilla-js-32bit-17.0.8-2.50.1
mozilla-js-debuginfo-32bit-17.0.8-2.50.1
mozilla-nspr-32bit-4.10-1.16.1
mozilla-nspr-debuginfo-32bit-4.10-1.16.1
mozilla-nss-32bit-3.15.1-2.23.1
mozilla-nss-certs-32bit-3.15.1-2.23.1
mozilla-nss-certs-debuginfo-32bit-3.15.1-2.23.1
mozilla-nss-debuginfo-32bit-3.15.1-2.23.1
mozilla-nss-sysinit-32bit-3.15.1-2.23.1
mozilla-nss-sysinit-debuginfo-32bit-3.15.1-2.23.1
xulrunner-32bit-17.0.8-2.50.1
xulrunner-debuginfo-32bit-17.0.8-2.50.1
References:
http://support.novell.com/security/cve/CVE-2013-1701.html
http://support.novell.com/security/cve/CVE-2013-1702.html
http://support.novell.com/security/cve/CVE-2013-1704.html
http://support.novell.com/security/cve/CVE-2013-1705.html
http://support.novell.com/security/cve/CVE-2013-1708.html
http://support.novell.com/security/cve/CVE-2013-1709.html
http://support.novell.com/security/cve/CVE-2013-1710.html
http://support.novell.com/security/cve/CVE-2013-1711.html
http://support.novell.com/security/cve/CVE-2013-1713.html
http://support.novell.com/security/cve/CVE-2013-1714.html
http://support.novell.com/security/cve/CVE-2013-1717.html
https://bugzilla.novell.com/833389
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org
|
