Problems found with existing digests:
Package suse131_libSDL
1c4d17a53bece6243cb3e6dd11c36d50f851a4f4 [recorded]
da39a3ee5e6b4b0d3255bfef95601890afd80709 [calculated]
Package suse131_libdbus
de99fcfa8e2c7ced28caf38c24d217d6037aaa56 [recorded]
da39a3ee5e6b4b0d3255bfef95601890afd80709 [calculated]
Package suse131_qt4
94daff738912c96ed8878ce1a131cd49fb379206 [recorded]
886206018431aee9f8a01e1fb7e46973e8dca9d9 [calculated]
Problems found locating distfiles for atari800, compat12, compat 13,
compat14, compat15, compat20, compat30, compat40, compat50,
compat50-x11, compat51, compat51-x11, compat60, compat61,
compat61-x11, fmsx, osf1_lib, vice, xbeeb, xm7.
Otherwise, existing SHA1 digests verified and found to be the same on
the machine holding the existing distfiles (morden). All existing
SHA1 digests retained for now as an audit trail.
openSUSE Security Update: update for firefox, mozilla-nspr, mozilla-nss and seamonkey
______________________________________________________________________________
Announcement ID: openSUSE-SU-2014:1345-1
Rating: moderate
References: #894370#896624#897890#900941#901213
Cross-References: CVE-2014-1554 CVE-2014-1574 CVE-2014-1575
CVE-2014-1576 CVE-2014-1577 CVE-2014-1578
CVE-2014-1580 CVE-2014-1581 CVE-2014-1582
CVE-2014-1583 CVE-2014-1584 CVE-2014-1585
CVE-2014-1586
Affected Products:
openSUSE 13.1
______________________________________________________________________________
An update that fixes 13 vulnerabilities is now available.
Description:
...
Changes in mozilla-nspr:
- update to version 4.10.7
* bmo#836658: VC11+ defaults to SSE2 builds by default.
* bmo#979278: TSan: data race nsprpub/pr/src/threads/prtpd.c:103
PR_NewThreadPrivateIndex.
* bmo#1026129: Replace some manual declarations of MSVC intrinsics with
#include <intrin.h>.
* bmo#1026469: Use AC_CHECK_LIB instead of MOZ_CHECK_PTHREADS. Skip
compiler checks when using MSVC, even when $CC is not literally "cl".
* bmo#1034415: NSPR hardcodes the C compiler to cl on Windows.
* bmo#1042408: Compilation fix for Android > API level 19.
* bmo#1043082: NSPR's build system hardcodes -MD.
Update fixes nine security issues
Announcement ID: openSUSE-SU-2014:0819-1
Description:
mozilla-nspr was updated to version 4.10.6 to fix one security issue:
* OOB write with sprintf and console functions (CVE-2014-1545)
Bump PKGREVISION.
Changes in mozilla-nspr:
- update to version 4.10.4
* bmo#767759: Add support for new x32 abi
* bmo#844784: Thread data race in PR_EnterMonitor
* bmo#939786: data race
nsprpub/pr/src/pthreads/ptthread.c:137 _pt_root
* bmo#958796: Users of _beginthreadex that set a custom
stack size may not be getting the behavior they want
* bmo#963033: AArch64 support update for NSPR
* bmo#969061: Incorrect end-of-list test when iterating
over a PRCList in prcountr.c and prtrace.c
* bmo#971152: IPv6 detection on linux depends on
availability of /proc/net/if_inet6
- update to version 4.10.3
* bmo#749849: ensure we'll free the thread-specific data
key.
* bmo#941461: don't compile android with unaligned memory
access.
* bmo#932398: Add PR_SyncMemMap, a portable version of
msync/FlushViewOfFile.
* bmo#952621: Fix a thread-unsafe access to lock->owner
in PR_Lock.
* bmo#957458: Fix several bugs in the lock rank checking
code.
* bmo#936320: Use an alternative test for IPv6 support on
Linux to avoid opening a socket.
Bump PKGREVISION.
