chromium-browser (chromium-browser-15.0.874.106-32-c2-i686.pisi)
----------------------------------------------------------------
* New stable release 15.0.874.106
* A newly redesigned "new tab" feature
* Several security and bug fixes:
* [86758] High CVE-2011-2845: URL bar spoof in history handling.
* [88949] Medium CVE-2011-3875: URL bar spoof with drag+drop of URLs.
* [90217] Low CVE-2011-3876: Avoid stripping whitespace at the end of download filenames.
* [91218] Low CVE-2011-3877: XSS in appcache internals page.
* [94487] Medium CVE-2011-3878: Race condition in worker process initialization.
* [95374] Low CVE-2011-3879: Avoid redirect to chrome scheme URIs.
* [95992] Low CVE-2011-3880: Don’t permit as a HTTP header delimiter.
* [96047] [96885] [98053] [99512] [99750] High CVE-2011-3881: Cross-origin policy violations.
* [96292] High CVE-2011-3882: Use-after-free in media buffer handling.
* [96902] High CVE-2011-3883: Use-after-free in counter handling.
* [97148] High CVE-2011-3884: Timing issues in DOM traversal.
* [97599] [98064] [98556] [99294] [99880] [100059] High CVE-2011-3885: Stale style bugs leading to use-after-free.
* [98773] [99167] High CVE-2011-3886: Out of bounds writes in v8.
* [98407] Medium CVE-2011-3887: Cookie theft with javascript URIs.
* [99138] High CVE-2011-3888: Use-after-free with plug-in and editing.
* [99211] High CVE-2011-3889: Heap overflow in Web Audio.
* [99553] High CVE-2011-3890: Use-after-free in video source handling.
* [100332] High CVE-2011-3891: Exposure of internal v8 functions.

chromium-browser (chromium-browser-18-32-c2-i686.delta.pisi)
------------------------------------------------------------
* New stable release 15.0.874.106
* A newly redesigned "new tab" feature
* Several security and bug fixes:
* [86758] High CVE-2011-2845: URL bar spoof in history handling.
* [88949] Medium CVE-2011-3875: URL bar spoof with drag+drop of URLs.
* [90217] Low CVE-2011-3876: Avoid stripping whitespace at the end of download filenames.
* [91218] Low CVE-2011-3877: XSS in appcache internals page.
* [94487] Medium CVE-2011-3878: Race condition in worker process initialization.
* [95374] Low CVE-2011-3879: Avoid redirect to chrome scheme URIs.
* [95992] Low CVE-2011-3880: Don’t permit as a HTTP header delimiter.
* [96047] [96885] [98053] [99512] [99750] High CVE-2011-3881: Cross-origin policy violations.
* [96292] High CVE-2011-3882: Use-after-free in media buffer handling.
* [96902] High CVE-2011-3883: Use-after-free in counter handling.
* [97148] High CVE-2011-3884: Timing issues in DOM traversal.
* [97599] [98064] [98556] [99294] [99880] [100059] High CVE-2011-3885: Stale style bugs leading to use-after-free.
* [98773] [99167] High CVE-2011-3886: Out of bounds writes in v8.
* [98407] Medium CVE-2011-3887: Cookie theft with javascript URIs.
* [99138] High CVE-2011-3888: Use-after-free with plug-in and editing.
* [99211] High CVE-2011-3889: Heap overflow in Web Audio.
* [99553] High CVE-2011-3890: Use-after-free in video source handling.
* [100332] High CVE-2011-3891: Exposure of internal v8 functions.

chromium-browser (chromium-browser-23-32-c2-i686.delta.pisi)
------------------------------------------------------------
* New stable release 15.0.874.106
* A newly redesigned "new tab" feature
* Several security and bug fixes:
* [86758] High CVE-2011-2845: URL bar spoof in history handling.
* [88949] Medium CVE-2011-3875: URL bar spoof with drag+drop of URLs.
* [90217] Low CVE-2011-3876: Avoid stripping whitespace at the end of download filenames.
* [91218] Low CVE-2011-3877: XSS in appcache internals page.
* [94487] Medium CVE-2011-3878: Race condition in worker process initialization.
* [95374] Low CVE-2011-3879: Avoid redirect to chrome scheme URIs.
* [95992] Low CVE-2011-3880: Don’t permit as a HTTP header delimiter.
* [96047] [96885] [98053] [99512] [99750] High CVE-2011-3881: Cross-origin policy violations.
* [96292] High CVE-2011-3882: Use-after-free in media buffer handling.
* [96902] High CVE-2011-3883: Use-after-free in counter handling.
* [97148] High CVE-2011-3884: Timing issues in DOM traversal.
* [97599] [98064] [98556] [99294] [99880] [100059] High CVE-2011-3885: Stale style bugs leading to use-after-free.
* [98773] [99167] High CVE-2011-3886: Out of bounds writes in v8.
* [98407] Medium CVE-2011-3887: Cookie theft with javascript URIs.
* [99138] High CVE-2011-3888: Use-after-free with plug-in and editing.
* [99211] High CVE-2011-3889: Heap overflow in Web Audio.
* [99553] High CVE-2011-3890: Use-after-free in video source handling.
* [100332] High CVE-2011-3891: Exposure of internal v8 functions.

chromium-browser (chromium-browser-29-32-c2-i686.delta.pisi)
------------------------------------------------------------
* New stable release 15.0.874.106
* A newly redesigned "new tab" feature
* Several security and bug fixes:
* [86758] High CVE-2011-2845: URL bar spoof in history handling.
* [88949] Medium CVE-2011-3875: URL bar spoof with drag+drop of URLs.
* [90217] Low CVE-2011-3876: Avoid stripping whitespace at the end of download filenames.
* [91218] Low CVE-2011-3877: XSS in appcache internals page.
* [94487] Medium CVE-2011-3878: Race condition in worker process initialization.
* [95374] Low CVE-2011-3879: Avoid redirect to chrome scheme URIs.
* [95992] Low CVE-2011-3880: Don’t permit as a HTTP header delimiter.
* [96047] [96885] [98053] [99512] [99750] High CVE-2011-3881: Cross-origin policy violations.
* [96292] High CVE-2011-3882: Use-after-free in media buffer handling.
* [96902] High CVE-2011-3883: Use-after-free in counter handling.
* [97148] High CVE-2011-3884: Timing issues in DOM traversal.
* [97599] [98064] [98556] [99294] [99880] [100059] High CVE-2011-3885: Stale style bugs leading to use-after-free.
* [98773] [99167] High CVE-2011-3886: Out of bounds writes in v8.
* [98407] Medium CVE-2011-3887: Cookie theft with javascript URIs.
* [99138] High CVE-2011-3888: Use-after-free with plug-in and editing.
* [99211] High CVE-2011-3889: Heap overflow in Web Audio.
* [99553] High CVE-2011-3890: Use-after-free in video source handling.
* [100332] High CVE-2011-3891: Exposure of internal v8 functions.

etherape (etherape-0.9.12-4-c2-i686.pisi)
-----------------------------------------
Version bump (CVE-2011-3369) (pb#19199)
Add missing dependency.

ffmpeg (ffmpeg-0.6.1_20110105-92-c2-i686.pisi)
----------------------------------------------
cavs: fix oCERT #2011-002 FFmpeg/libavcodec insufficient boundary check pb #19145

firefox (firefox-135-139-c2-i686.delta.pisi)
--------------------------------------------
Version bump to new 3.6.23 security release:
* Revoked the root certificate for DigiNotar due to fraudulent SSL certificate issuance (see mozbug#682927)
* Removed trust exceptions for certificates issued by Staat der Nederlanden (see mozbug#683449)
* Resolved an issue with gov.uk websites (see mozbug#669792)
* Depend strictly on new nss and nspr to prevent users using fraudulent DigiNotar SSL certificates
* Put main configuration file (mozconfig) as an additional file to ease packaging
* Supply translations as a seperate tarball which is being created with the help of tools/create-locale-tar.sh
* Add new atk and gdk-pixbuf dependencies
* Miscellaneous memory safety hazards
* Integer underflow when using JavaScript RegExp
* XSS via plugins and shadowed window.location object
* Defense against multiple Location headers due to CRLF Injection
* Code installation through holding down Enter

firefox (firefox-137-139-c2-i686.delta.pisi)
--------------------------------------------
Version bump to new 3.6.23 security release:
* Revoked the root certificate for DigiNotar due to fraudulent SSL certificate issuance (see mozbug#682927)
* Removed trust exceptions for certificates issued by Staat der Nederlanden (see mozbug#683449)
* Resolved an issue with gov.uk websites (see mozbug#669792)
* Depend strictly on new nss and nspr to prevent users using fraudulent DigiNotar SSL certificates
* Put main configuration file (mozconfig) as an additional file to ease packaging
* Supply translations as a seperate tarball which is being created with the help of tools/create-locale-tar.sh
* Add new atk and gdk-pixbuf dependencies
* Miscellaneous memory safety hazards
* Integer underflow when using JavaScript RegExp
* XSS via plugins and shadowed window.location object
* Defense against multiple Location headers due to CRLF Injection
* Code installation through holding down Enter

firefox (firefox-138-139-c2-i686.delta.pisi)
--------------------------------------------
Version bump to new 3.6.23 security release:
* Revoked the root certificate for DigiNotar due to fraudulent SSL certificate issuance (see mozbug#682927)
* Removed trust exceptions for certificates issued by Staat der Nederlanden (see mozbug#683449)
* Resolved an issue with gov.uk websites (see mozbug#669792)
* Depend strictly on new nss and nspr to prevent users using fraudulent DigiNotar SSL certificates
* Put main configuration file (mozconfig) as an additional file to ease packaging
* Supply translations as a seperate tarball which is being created with the help of tools/create-locale-tar.sh
* Add new atk and gdk-pixbuf dependencies
* Miscellaneous memory safety hazards
* Integer underflow when using JavaScript RegExp
* XSS via plugins and shadowed window.location object
* Defense against multiple Location headers due to CRLF Injection
* Code installation through holding down Enter

firefox (firefox-3.6.23-139-c2-i686.pisi)
-----------------------------------------
Version bump to new 3.6.23 security release:
* Revoked the root certificate for DigiNotar due to fraudulent SSL certificate issuance (see mozbug#682927)
* Removed trust exceptions for certificates issued by Staat der Nederlanden (see mozbug#683449)
* Resolved an issue with gov.uk websites (see mozbug#669792)
* Depend strictly on new nss and nspr to prevent users using fraudulent DigiNotar SSL certificates
* Put main configuration file (mozconfig) as an additional file to ease packaging
* Supply translations as a seperate tarball which is being created with the help of tools/create-locale-tar.sh
* Add new atk and gdk-pixbuf dependencies
* Miscellaneous memory safety hazards
* Integer underflow when using JavaScript RegExp
* XSS via plugins and shadowed window.location object
* Defense against multiple Location headers due to CRLF Injection
* Code installation through holding down Enter

flashplugin (flashplugin-11.0.1.152-40-c2-i686.pisi)
----------------------------------------------------
Update to latest version 11.0.1.152. This includes several enanchement along with security fixes

flashplugin (flashplugin-32-40-c2-i686.delta.pisi)
--------------------------------------------------
Update to latest version 11.0.1.152. This includes several enanchement along with security fixes

flashplugin (flashplugin-34-40-c2-i686.delta.pisi)
--------------------------------------------------
Update to latest version 11.0.1.152. This includes several enanchement along with security fixes

flashplugin (flashplugin-38-40-c2-i686.delta.pisi)
--------------------------------------------------
Update to latest version 11.0.1.152. This includes several enanchement along with security fixes

freetype (freetype-2.4.7-48-c2-i686.pisi)
-----------------------------------------
Security release, fixes CVE-2011-3256

freetype (freetype-46-48-c2-i686.delta.pisi)
--------------------------------------------
Security release, fixes CVE-2011-3256

freetype (freetype-47-48-c2-i686.delta.pisi)
--------------------------------------------
Security release, fixes CVE-2011-3256

librsvg (librsvg-2.32.1-14-c2-i686.pisi)
----------------------------------------
* Version bump to fix NULL pointer dereference flaw, CVE-2011-3146 pb#19111.
* gtk-doc is needed to build the package, because of the autoreconf actions. This can be patched later, but as a workaround for now, I am adding gtk-doc as a build dependency.

libxml2 (libxml2-2.7.8-23-c2-i686.pisi)
---------------------------------------
fix integer overflow by adding new namespace node (CVE-2011-1944) pb#19092

libxml2-devel (libxml2-devel-2.7.8-23-c2-i686.pisi)
---------------------------------------------------
fix integer overflow by adding new namespace node (CVE-2011-1944) pb#19092

libxml2-docs (libxml2-docs-2.7.8-23-c2-i686.pisi)
-------------------------------------------------
fix integer overflow by adding new namespace node (CVE-2011-1944) pb#19092

mplayer (mplayer-0.6.1_20110105-143-c2-i686.pisi)
-------------------------------------------------
Fix SAMI subtitle parsing buffer overflow, pb #19331

mplayer (mplayer-140-143-c2-i686.delta.pisi)
--------------------------------------------
Fix SAMI subtitle parsing buffer overflow, pb #19331

mplayer (mplayer-142-143-c2-i686.delta.pisi)
--------------------------------------------
Fix SAMI subtitle parsing buffer overflow, pb #19331

nspr (nspr-4.8.9-29-c2-i686.pisi)
---------------------------------
* Version bump to 4.8.9 release to update nss package. With this nss update, fraudulent DigiNotar certs will be explicitely distrusted.

nss (nss-3.12.11-38-c2-i686.pisi)
---------------------------------
Fix CVE-2011-3640 NSS_NoDB_Init should not try to open /pkcs11.txt and /secmod.db pb#19414

nss (nss-35-38-c2-i686.delta.pisi)
----------------------------------
Fix CVE-2011-3640 NSS_NoDB_Init should not try to open /pkcs11.txt and /secmod.db pb#19414

nss (nss-36-38-c2-i686.delta.pisi)
----------------------------------
Fix CVE-2011-3640 NSS_NoDB_Init should not try to open /pkcs11.txt and /secmod.db pb#19414

opera (opera-11.52-38-c2-i686.pisi)
-----------------------------------
Version bump with bug fixes and an important fix where manipulating fonts in SVG could allow execution of arbitrary code, Here is the opera advisory: http://www.opera.com/support/kb/view/1002/. See http://www.opera.com/docs/changelogs/unix/1152/ for details.

opera (opera-34-38-c2-i686.delta.pisi)
--------------------------------------
Version bump with bug fixes and an important fix where manipulating fonts in SVG could allow execution of arbitrary code, Here is the opera advisory: http://www.opera.com/support/kb/view/1002/. See http://www.opera.com/docs/changelogs/unix/1152/ for details.

polipo (polipo-1.0.4.1-4-c2-i686.pisi)
--------------------------------------
Fix special requst assertion failure, fixes CVE-2011-3596, pb #19300

polipo (polipo-2-4-c2-i686.delta.pisi)
--------------------------------------
Fix special requst assertion failure, fixes CVE-2011-3596, pb #19300

polkit (polkit-0.99-7-c2-i686.pisi)
-----------------------------------
Fix polkitd/pkexec vulnerability (CVE-2011-1485) (pb#19382).

polkit (polkit-6-7-c2-i686.delta.pisi)
--------------------------------------
Fix polkitd/pkexec vulnerability (CVE-2011-1485) (pb#19382).

polkit-devel (polkit-devel-0.99-7-c2-i686.pisi)
-----------------------------------------------
Fix polkitd/pkexec vulnerability (CVE-2011-1485) (pb#19382).

polkit-devel (polkit-devel-6-7-c2-i686.delta.pisi)
--------------------------------------------------
Fix polkitd/pkexec vulnerability (CVE-2011-1485) (pb#19382).

samba (samba-3.5.10-66-c2-i686.pisi)
------------------------------------
Fix CVE-2011-2724 (pb#19098):
* Check return from check_newline() by -1 that leads missing some errors.

samba-swat (samba-swat-3.5.10-66-c2-i686.pisi)
----------------------------------------------
Fix CVE-2011-2724 (pb#19098):
* Check return from check_newline() by -1 that leads missing some errors.

vlc (vlc-1.1.9-51-c2-i686.pisi)
-------------------------------
Fix heap buffer overflows in real and avi demuxer, CVE-2011-3333

vlc (vlc-46-51-c2-i686.delta.pisi)
----------------------------------
Fix heap buffer overflows in real and avi demuxer, CVE-2011-3333

vlc (vlc-48-51-c2-i686.delta.pisi)
----------------------------------
Fix heap buffer overflows in real and avi demuxer, CVE-2011-3333

vlc (vlc-50-51-c2-i686.delta.pisi)
----------------------------------
Fix heap buffer overflows in real and avi demuxer, CVE-2011-3333

vlc-firefox (vlc-firefox-1.1.9-51-c2-i686.pisi)
-----------------------------------------------
Fix heap buffer overflows in real and avi demuxer, CVE-2011-3333

vlc-firefox (vlc-firefox-46-51-c2-i686.delta.pisi)
--------------------------------------------------
Fix heap buffer overflows in real and avi demuxer, CVE-2011-3333

vlc-firefox (vlc-firefox-48-51-c2-i686.delta.pisi)
--------------------------------------------------
Fix heap buffer overflows in real and avi demuxer, CVE-2011-3333

vlc-firefox (vlc-firefox-50-51-c2-i686.delta.pisi)
--------------------------------------------------
Fix heap buffer overflows in real and avi demuxer, CVE-2011-3333

xorg-server (xorg-server-1.9.5-77-c2-i686.pisi)
-----------------------------------------------
Security fixes of CVE-4028 and CVE-4029 (pb#19359, pb#19362)

xorg-server (xorg-server-76-77-c2-i686.delta.pisi)
--------------------------------------------------
Security fixes of CVE-4028 and CVE-4029 (pb#19359, pb#19362)

xorg-server-common (xorg-server-common-1.9.5-77-c2-i686.pisi)
-------------------------------------------------------------
Security fixes of CVE-4028 and CVE-4029 (pb#19359, pb#19362)

xorg-server-common (xorg-server-common-76-77-c2-i686.delta.pisi)
----------------------------------------------------------------
Security fixes of CVE-4028 and CVE-4029 (pb#19359, pb#19362)

xorg-server-devel (xorg-server-devel-1.9.5-77-c2-i686.pisi)
-----------------------------------------------------------
Security fixes of CVE-4028 and CVE-4029 (pb#19359, pb#19362)

xorg-server-devel (xorg-server-devel-76-77-c2-i686.delta.pisi)
--------------------------------------------------------------
Security fixes of CVE-4028 and CVE-4029 (pb#19359, pb#19362)

xorg-server-xdmx (xorg-server-xdmx-1.9.5-77-c2-i686.pisi)
---------------------------------------------------------
Security fixes of CVE-4028 and CVE-4029 (pb#19359, pb#19362)

xorg-server-xdmx (xorg-server-xdmx-76-77-c2-i686.delta.pisi)
------------------------------------------------------------
Security fixes of CVE-4028 and CVE-4029 (pb#19359, pb#19362)

xorg-server-xephyr (xorg-server-xephyr-1.9.5-77-c2-i686.pisi)
-------------------------------------------------------------
Security fixes of CVE-4028 and CVE-4029 (pb#19359, pb#19362)

xorg-server-xephyr (xorg-server-xephyr-76-77-c2-i686.delta.pisi)
----------------------------------------------------------------
Security fixes of CVE-4028 and CVE-4029 (pb#19359, pb#19362)

xorg-server-xvfb (xorg-server-xvfb-1.9.5-77-c2-i686.pisi)
---------------------------------------------------------
Security fixes of CVE-4028 and CVE-4029 (pb#19359, pb#19362)

xorg-server-xvfb (xorg-server-xvfb-76-77-c2-i686.delta.pisi)
------------------------------------------------------------
Security fixes of CVE-4028 and CVE-4029 (pb#19359, pb#19362)

xorg-server-xvnc (xorg-server-xvnc-1.9.5-77-c2-i686.pisi)
---------------------------------------------------------
Security fixes of CVE-4028 and CVE-4029 (pb#19359, pb#19362)

xulrunner (xulrunner-1.9.2.23-46-c2-i686.pisi)
----------------------------------------------
Version bump to latest security update:
* Depend strictly on new nss and nspr to prevent users using fraudulent DigiNotar SSL certificates
* Put main configuration file (mozconfig) as an additional file to ease packaging
* Add scripts to get source and locales from Mozilla VCS
* Add missing dependencies according to checkelf script
* Code installation through holding down Enter
* Defense against multiple Location headers due to CRLF Injection
* XSS via plugins and shadowed window.location object
* Integer underflow when using JavaScript RegExp
* Miscellaneous memory safety hazards (rv:7.0 / rv:1.9.2.23)

xulrunner (xulrunner-42-46-c2-i686.delta.pisi)
----------------------------------------------
Version bump to latest security update:
* Depend strictly on new nss and nspr to prevent users using fraudulent DigiNotar SSL certificates
* Put main configuration file (mozconfig) as an additional file to ease packaging
* Add scripts to get source and locales from Mozilla VCS
* Add missing dependencies according to checkelf script
* Code installation through holding down Enter
* Defense against multiple Location headers due to CRLF Injection
* XSS via plugins and shadowed window.location object
* Integer underflow when using JavaScript RegExp
* Miscellaneous memory safety hazards (rv:7.0 / rv:1.9.2.23)

xulrunner (xulrunner-44-46-c2-i686.delta.pisi)
----------------------------------------------
Version bump to latest security update:
* Depend strictly on new nss and nspr to prevent users using fraudulent DigiNotar SSL certificates
* Put main configuration file (mozconfig) as an additional file to ease packaging
* Add scripts to get source and locales from Mozilla VCS
* Add missing dependencies according to checkelf script
* Code installation through holding down Enter
* Defense against multiple Location headers due to CRLF Injection
* XSS via plugins and shadowed window.location object
* Integer underflow when using JavaScript RegExp
* Miscellaneous memory safety hazards (rv:7.0 / rv:1.9.2.23)

xulrunner (xulrunner-45-46-c2-i686.delta.pisi)
----------------------------------------------
Version bump to latest security update:
* Depend strictly on new nss and nspr to prevent users using fraudulent DigiNotar SSL certificates
* Put main configuration file (mozconfig) as an additional file to ease packaging
* Add scripts to get source and locales from Mozilla VCS
* Add missing dependencies according to checkelf script
* Code installation through holding down Enter
* Defense against multiple Location headers due to CRLF Injection
* XSS via plugins and shadowed window.location object
* Integer underflow when using JavaScript RegExp
* Miscellaneous memory safety hazards (rv:7.0 / rv:1.9.2.23)

xulrunner-devel (xulrunner-devel-1.9.2.23-46-c2-i686.pisi)
----------------------------------------------------------
Version bump to latest security update:
* Depend strictly on new nss and nspr to prevent users using fraudulent DigiNotar SSL certificates
* Put main configuration file (mozconfig) as an additional file to ease packaging
* Add scripts to get source and locales from Mozilla VCS
* Add missing dependencies according to checkelf script
* Code installation through holding down Enter
* Defense against multiple Location headers due to CRLF Injection
* XSS via plugins and shadowed window.location object
* Integer underflow when using JavaScript RegExp
* Miscellaneous memory safety hazards (rv:7.0 / rv:1.9.2.23)

xulrunner-devel (xulrunner-devel-42-46-c2-i686.delta.pisi)
----------------------------------------------------------
Version bump to latest security update:
* Depend strictly on new nss and nspr to prevent users using fraudulent DigiNotar SSL certificates
* Put main configuration file (mozconfig) as an additional file to ease packaging
* Add scripts to get source and locales from Mozilla VCS
* Add missing dependencies according to checkelf script
* Code installation through holding down Enter
* Defense against multiple Location headers due to CRLF Injection
* XSS via plugins and shadowed window.location object
* Integer underflow when using JavaScript RegExp
* Miscellaneous memory safety hazards (rv:7.0 / rv:1.9.2.23)

xulrunner-devel (xulrunner-devel-44-46-c2-i686.delta.pisi)
----------------------------------------------------------
Version bump to latest security update:
* Depend strictly on new nss and nspr to prevent users using fraudulent DigiNotar SSL certificates
* Put main configuration file (mozconfig) as an additional file to ease packaging
* Add scripts to get source and locales from Mozilla VCS
* Add missing dependencies according to checkelf script
* Code installation through holding down Enter
* Defense against multiple Location headers due to CRLF Injection
* XSS via plugins and shadowed window.location object
* Integer underflow when using JavaScript RegExp
* Miscellaneous memory safety hazards (rv:7.0 / rv:1.9.2.23)

xulrunner-devel (xulrunner-devel-45-46-c2-i686.delta.pisi)
----------------------------------------------------------
Version bump to latest security update:
* Depend strictly on new nss and nspr to prevent users using fraudulent DigiNotar SSL certificates
* Put main configuration file (mozconfig) as an additional file to ease packaging
* Add scripts to get source and locales from Mozilla VCS
* Add missing dependencies according to checkelf script
* Code installation through holding down Enter
* Defense against multiple Location headers due to CRLF Injection
* XSS via plugins and shadowed window.location object
* Integer underflow when using JavaScript RegExp
* Miscellaneous memory safety hazards (rv:7.0 / rv:1.9.2.23)

chromium-browser (chromium-browser-15.0.874.106-32-c2-x86_64.pisi)
------------------------------------------------------------------
* New stable release 15.0.874.106
* A newly redesigned "new tab" feature
* Several security and bug fixes:
* [86758] High CVE-2011-2845: URL bar spoof in history handling.
* [88949] Medium CVE-2011-3875: URL bar spoof with drag+drop of URLs.
* [90217] Low CVE-2011-3876: Avoid stripping whitespace at the end of download filenames.
* [91218] Low CVE-2011-3877: XSS in appcache internals page.
* [94487] Medium CVE-2011-3878: Race condition in worker process initialization.
* [95374] Low CVE-2011-3879: Avoid redirect to chrome scheme URIs.
* [95992] Low CVE-2011-3880: Don’t permit as a HTTP header delimiter.
* [96047] [96885] [98053] [99512] [99750] High CVE-2011-3881: Cross-origin policy violations.
* [96292] High CVE-2011-3882: Use-after-free in media buffer handling.
* [96902] High CVE-2011-3883: Use-after-free in counter handling.
* [97148] High CVE-2011-3884: Timing issues in DOM traversal.
* [97599] [98064] [98556] [99294] [99880] [100059] High CVE-2011-3885: Stale style bugs leading to use-after-free.
* [98773] [99167] High CVE-2011-3886: Out of bounds writes in v8.
* [98407] Medium CVE-2011-3887: Cookie theft with javascript URIs.
* [99138] High CVE-2011-3888: Use-after-free with plug-in and editing.
* [99211] High CVE-2011-3889: Heap overflow in Web Audio.
* [99553] High CVE-2011-3890: Use-after-free in video source handling.
* [100332] High CVE-2011-3891: Exposure of internal v8 functions.

chromium-browser (chromium-browser-18-32-c2-x86_64.delta.pisi)
--------------------------------------------------------------
* New stable release 15.0.874.106
* A newly redesigned "new tab" feature
* Several security and bug fixes:
* [86758] High CVE-2011-2845: URL bar spoof in history handling.
* [88949] Medium CVE-2011-3875: URL bar spoof with drag+drop of URLs.
* [90217] Low CVE-2011-3876: Avoid stripping whitespace at the end of download filenames.
* [91218] Low CVE-2011-3877: XSS in appcache internals page.
* [94487] Medium CVE-2011-3878: Race condition in worker process initialization.
* [95374] Low CVE-2011-3879: Avoid redirect to chrome scheme URIs.
* [95992] Low CVE-2011-3880: Don’t permit as a HTTP header delimiter.
* [96047] [96885] [98053] [99512] [99750] High CVE-2011-3881: Cross-origin policy violations.
* [96292] High CVE-2011-3882: Use-after-free in media buffer handling.
* [96902] High CVE-2011-3883: Use-after-free in counter handling.
* [97148] High CVE-2011-3884: Timing issues in DOM traversal.
* [97599] [98064] [98556] [99294] [99880] [100059] High CVE-2011-3885: Stale style bugs leading to use-after-free.
* [98773] [99167] High CVE-2011-3886: Out of bounds writes in v8.
* [98407] Medium CVE-2011-3887: Cookie theft with javascript URIs.
* [99138] High CVE-2011-3888: Use-after-free with plug-in and editing.
* [99211] High CVE-2011-3889: Heap overflow in Web Audio.
* [99553] High CVE-2011-3890: Use-after-free in video source handling.
* [100332] High CVE-2011-3891: Exposure of internal v8 functions.

chromium-browser (chromium-browser-23-32-c2-x86_64.delta.pisi)
--------------------------------------------------------------
* New stable release 15.0.874.106
* A newly redesigned "new tab" feature
* Several security and bug fixes:
* [86758] High CVE-2011-2845: URL bar spoof in history handling.
* [88949] Medium CVE-2011-3875: URL bar spoof with drag+drop of URLs.
* [90217] Low CVE-2011-3876: Avoid stripping whitespace at the end of download filenames.
* [91218] Low CVE-2011-3877: XSS in appcache internals page.
* [94487] Medium CVE-2011-3878: Race condition in worker process initialization.
* [95374] Low CVE-2011-3879: Avoid redirect to chrome scheme URIs.
* [95992] Low CVE-2011-3880: Don’t permit as a HTTP header delimiter.
* [96047] [96885] [98053] [99512] [99750] High CVE-2011-3881: Cross-origin policy violations.
* [96292] High CVE-2011-3882: Use-after-free in media buffer handling.
* [96902] High CVE-2011-3883: Use-after-free in counter handling.
* [97148] High CVE-2011-3884: Timing issues in DOM traversal.
* [97599] [98064] [98556] [99294] [99880] [100059] High CVE-2011-3885: Stale style bugs leading to use-after-free.
* [98773] [99167] High CVE-2011-3886: Out of bounds writes in v8.
* [98407] Medium CVE-2011-3887: Cookie theft with javascript URIs.
* [99138] High CVE-2011-3888: Use-after-free with plug-in and editing.
* [99211] High CVE-2011-3889: Heap overflow in Web Audio.
* [99553] High CVE-2011-3890: Use-after-free in video source handling.
* [100332] High CVE-2011-3891: Exposure of internal v8 functions.

chromium-browser (chromium-browser-29-32-c2-x86_64.delta.pisi)
--------------------------------------------------------------
* New stable release 15.0.874.106
* A newly redesigned "new tab" feature
* Several security and bug fixes:
* [86758] High CVE-2011-2845: URL bar spoof in history handling.
* [88949] Medium CVE-2011-3875: URL bar spoof with drag+drop of URLs.
* [90217] Low CVE-2011-3876: Avoid stripping whitespace at the end of download filenames.
* [91218] Low CVE-2011-3877: XSS in appcache internals page.
* [94487] Medium CVE-2011-3878: Race condition in worker process initialization.
* [95374] Low CVE-2011-3879: Avoid redirect to chrome scheme URIs.
* [95992] Low CVE-2011-3880: Don’t permit as a HTTP header delimiter.
* [96047] [96885] [98053] [99512] [99750] High CVE-2011-3881: Cross-origin policy violations.
* [96292] High CVE-2011-3882: Use-after-free in media buffer handling.
* [96902] High CVE-2011-3883: Use-after-free in counter handling.
* [97148] High CVE-2011-3884: Timing issues in DOM traversal.
* [97599] [98064] [98556] [99294] [99880] [100059] High CVE-2011-3885: Stale style bugs leading to use-after-free.
* [98773] [99167] High CVE-2011-3886: Out of bounds writes in v8.
* [98407] Medium CVE-2011-3887: Cookie theft with javascript URIs.
* [99138] High CVE-2011-3888: Use-after-free with plug-in and editing.
* [99211] High CVE-2011-3889: Heap overflow in Web Audio.
* [99553] High CVE-2011-3890: Use-after-free in video source handling.
* [100332] High CVE-2011-3891: Exposure of internal v8 functions.

etherape (etherape-0.9.12-4-c2-x86_64.pisi)
-------------------------------------------
Version bump (CVE-2011-3369) (pb#19199)
Add missing dependency.

ffmpeg (ffmpeg-0.6.1_20110105-92-c2-x86_64.pisi)
------------------------------------------------
cavs: fix oCERT #2011-002 FFmpeg/libavcodec insufficient boundary check pb #19145

firefox (firefox-135-139-c2-x86_64.delta.pisi)
----------------------------------------------
Version bump to new 3.6.23 security release:
* Revoked the root certificate for DigiNotar due to fraudulent SSL certificate issuance (see mozbug#682927)
* Removed trust exceptions for certificates issued by Staat der Nederlanden (see mozbug#683449)
* Resolved an issue with gov.uk websites (see mozbug#669792)
* Depend strictly on new nss and nspr to prevent users using fraudulent DigiNotar SSL certificates
* Put main configuration file (mozconfig) as an additional file to ease packaging
* Supply translations as a seperate tarball which is being created with the help of tools/create-locale-tar.sh
* Add new atk and gdk-pixbuf dependencies
* Miscellaneous memory safety hazards
* Integer underflow when using JavaScript RegExp
* XSS via plugins and shadowed window.location object
* Defense against multiple Location headers due to CRLF Injection
* Code installation through holding down Enter

firefox (firefox-137-139-c2-x86_64.delta.pisi)
----------------------------------------------
Version bump to new 3.6.23 security release:
* Revoked the root certificate for DigiNotar due to fraudulent SSL certificate issuance (see mozbug#682927)
* Removed trust exceptions for certificates issued by Staat der Nederlanden (see mozbug#683449)
* Resolved an issue with gov.uk websites (see mozbug#669792)
* Depend strictly on new nss and nspr to prevent users using fraudulent DigiNotar SSL certificates
* Put main configuration file (mozconfig) as an additional file to ease packaging
* Supply translations as a seperate tarball which is being created with the help of tools/create-locale-tar.sh
* Add new atk and gdk-pixbuf dependencies
* Miscellaneous memory safety hazards
* Integer underflow when using JavaScript RegExp
* XSS via plugins and shadowed window.location object
* Defense against multiple Location headers due to CRLF Injection
* Code installation through holding down Enter

firefox (firefox-138-139-c2-x86_64.delta.pisi)
----------------------------------------------
Version bump to new 3.6.23 security release:
* Revoked the root certificate for DigiNotar due to fraudulent SSL certificate issuance (see mozbug#682927)
* Removed trust exceptions for certificates issued by Staat der Nederlanden (see mozbug#683449)
* Resolved an issue with gov.uk websites (see mozbug#669792)
* Depend strictly on new nss and nspr to prevent users using fraudulent DigiNotar SSL certificates
* Put main configuration file (mozconfig) as an additional file to ease packaging
* Supply translations as a seperate tarball which is being created with the help of tools/create-locale-tar.sh
* Add new atk and gdk-pixbuf dependencies
* Miscellaneous memory safety hazards
* Integer underflow when using JavaScript RegExp
* XSS via plugins and shadowed window.location object
* Defense against multiple Location headers due to CRLF Injection
* Code installation through holding down Enter

firefox (firefox-3.6.23-139-c2-x86_64.pisi)
-------------------------------------------
Version bump to new 3.6.23 security release:
* Revoked the root certificate for DigiNotar due to fraudulent SSL certificate issuance (see mozbug#682927)
* Removed trust exceptions for certificates issued by Staat der Nederlanden (see mozbug#683449)
* Resolved an issue with gov.uk websites (see mozbug#669792)
* Depend strictly on new nss and nspr to prevent users using fraudulent DigiNotar SSL certificates
* Put main configuration file (mozconfig) as an additional file to ease packaging
* Supply translations as a seperate tarball which is being created with the help of tools/create-locale-tar.sh
* Add new atk and gdk-pixbuf dependencies
* Miscellaneous memory safety hazards
* Integer underflow when using JavaScript RegExp
* XSS via plugins and shadowed window.location object
* Defense against multiple Location headers due to CRLF Injection
* Code installation through holding down Enter

flashplugin (flashplugin-11.0.1.152-40-c2-x86_64.pisi)
------------------------------------------------------
Update to latest version 11.0.1.152. This includes several enanchement along with security fixes

flashplugin (flashplugin-32-40-c2-x86_64.delta.pisi)
----------------------------------------------------
Update to latest version 11.0.1.152. This includes several enanchement along with security fixes

flashplugin (flashplugin-34-40-c2-x86_64.delta.pisi)
----------------------------------------------------
Update to latest version 11.0.1.152. This includes several enanchement along with security fixes

flashplugin (flashplugin-38-40-c2-x86_64.delta.pisi)
----------------------------------------------------
Update to latest version 11.0.1.152. This includes several enanchement along with security fixes

freetype (freetype-2.4.7-48-c2-x86_64.pisi)
-------------------------------------------
Security release, fixes CVE-2011-3256

freetype (freetype-46-48-c2-x86_64.delta.pisi)
----------------------------------------------
Security release, fixes CVE-2011-3256

freetype (freetype-47-48-c2-x86_64.delta.pisi)
----------------------------------------------
Security release, fixes CVE-2011-3256

libXfont (libXfont-1.4.4-21-c2-x86_64.pisi)
-------------------------------------------
New release which contains security fix (CVE-2011-2895)

librsvg (librsvg-2.32.1-14-c2-x86_64.pisi)
------------------------------------------
* Version bump to fix NULL pointer dereference flaw, CVE-2011-3146 pb#19111.
* gtk-doc is needed to build the package, because of the autoreconf actions. This can be patched later, but as a workaround for now, I am adding gtk-doc as a build dependency.

libxml2 (libxml2-2.7.8-23-c2-x86_64.pisi)
-----------------------------------------
fix integer overflow by adding new namespace node (CVE-2011-1944) pb#19092

libxml2-devel (libxml2-devel-2.7.8-23-c2-x86_64.pisi)
-----------------------------------------------------
fix integer overflow by adding new namespace node (CVE-2011-1944) pb#19092

libxml2-docs (libxml2-docs-2.7.8-23-c2-x86_64.pisi)
---------------------------------------------------
fix integer overflow by adding new namespace node (CVE-2011-1944) pb#19092

mplayer (mplayer-0.6.1_20110105-143-c2-x86_64.pisi)
---------------------------------------------------
Fix SAMI subtitle parsing buffer overflow, pb #19331

mplayer (mplayer-140-143-c2-x86_64.delta.pisi)
----------------------------------------------
Fix SAMI subtitle parsing buffer overflow, pb #19331

mplayer (mplayer-142-143-c2-x86_64.delta.pisi)
----------------------------------------------
Fix SAMI subtitle parsing buffer overflow, pb #19331

nspr (nspr-4.8.9-29-c2-x86_64.pisi)
-----------------------------------
* Version bump to 4.8.9 release to update nss package. With this nss update, fraudulent DigiNotar certs will be explicitely distrusted.

nss (nss-3.12.11-38-c2-x86_64.pisi)
-----------------------------------
Fix CVE-2011-3640 NSS_NoDB_Init should not try to open /pkcs11.txt and /secmod.db pb#19414

nss (nss-35-38-c2-x86_64.delta.pisi)
------------------------------------
Fix CVE-2011-3640 NSS_NoDB_Init should not try to open /pkcs11.txt and /secmod.db pb#19414

nss (nss-36-38-c2-x86_64.delta.pisi)
------------------------------------
Fix CVE-2011-3640 NSS_NoDB_Init should not try to open /pkcs11.txt and /secmod.db pb#19414

opera (opera-11.52-38-c2-x86_64.pisi)
-------------------------------------
Version bump with bug fixes and an important fix where manipulating fonts in SVG could allow execution of arbitrary code, Here is the opera advisory: http://www.opera.com/support/kb/view/1002/. See http://www.opera.com/docs/changelogs/unix/1152/ for details.

opera (opera-34-38-c2-x86_64.delta.pisi)
----------------------------------------
Version bump with bug fixes and an important fix where manipulating fonts in SVG could allow execution of arbitrary code, Here is the opera advisory: http://www.opera.com/support/kb/view/1002/. See http://www.opera.com/docs/changelogs/unix/1152/ for details.

polipo (polipo-1.0.4.1-4-c2-x86_64.pisi)
----------------------------------------
Fix special requst assertion failure, fixes CVE-2011-3596, pb #19300

polipo (polipo-2-4-c2-x86_64.delta.pisi)
----------------------------------------
Fix special requst assertion failure, fixes CVE-2011-3596, pb #19300

polkit (polkit-0.99-7-c2-x86_64.pisi)
-------------------------------------
Fix polkitd/pkexec vulnerability (CVE-2011-1485) (pb#19382).

polkit (polkit-6-7-c2-x86_64.delta.pisi)
----------------------------------------
Fix polkitd/pkexec vulnerability (CVE-2011-1485) (pb#19382).

polkit-devel (polkit-devel-0.99-7-c2-x86_64.pisi)
-------------------------------------------------
Fix polkitd/pkexec vulnerability (CVE-2011-1485) (pb#19382).

polkit-devel (polkit-devel-6-7-c2-x86_64.delta.pisi)
----------------------------------------------------
Fix polkitd/pkexec vulnerability (CVE-2011-1485) (pb#19382).

samba (samba-3.5.10-66-c2-x86_64.pisi)
--------------------------------------
Fix CVE-2011-2724 (pb#19098):
* Check return from check_newline() by -1 that leads missing some errors.

samba-swat (samba-swat-3.5.10-66-c2-x86_64.pisi)
------------------------------------------------
Fix CVE-2011-2724 (pb#19098):
* Check return from check_newline() by -1 that leads missing some errors.

vlc (vlc-1.1.9-51-c2-x86_64.pisi)
---------------------------------
Fix heap buffer overflows in real and avi demuxer, CVE-2011-3333

vlc (vlc-46-51-c2-x86_64.delta.pisi)
------------------------------------
Fix heap buffer overflows in real and avi demuxer, CVE-2011-3333

vlc (vlc-48-51-c2-x86_64.delta.pisi)
------------------------------------
Fix heap buffer overflows in real and avi demuxer, CVE-2011-3333

vlc (vlc-50-51-c2-x86_64.delta.pisi)
------------------------------------
Fix heap buffer overflows in real and avi demuxer, CVE-2011-3333

vlc-firefox (vlc-firefox-1.1.9-51-c2-x86_64.pisi)
-------------------------------------------------
Fix heap buffer overflows in real and avi demuxer, CVE-2011-3333

vlc-firefox (vlc-firefox-46-51-c2-x86_64.delta.pisi)
----------------------------------------------------
Fix heap buffer overflows in real and avi demuxer, CVE-2011-3333

vlc-firefox (vlc-firefox-48-51-c2-x86_64.delta.pisi)
----------------------------------------------------
Fix heap buffer overflows in real and avi demuxer, CVE-2011-3333

vlc-firefox (vlc-firefox-50-51-c2-x86_64.delta.pisi)
----------------------------------------------------
Fix heap buffer overflows in real and avi demuxer, CVE-2011-3333

xorg-server (xorg-server-1.9.5-77-c2-x86_64.pisi)
-------------------------------------------------
Security fixes of CVE-4028 and CVE-4029 (pb#19359, pb#19362)

xorg-server (xorg-server-76-77-c2-x86_64.delta.pisi)
----------------------------------------------------
Security fixes of CVE-4028 and CVE-4029 (pb#19359, pb#19362)

xorg-server-common (xorg-server-common-1.9.5-77-c2-x86_64.pisi)
---------------------------------------------------------------
Security fixes of CVE-4028 and CVE-4029 (pb#19359, pb#19362)

xorg-server-common (xorg-server-common-76-77-c2-x86_64.delta.pisi)
------------------------------------------------------------------
Security fixes of CVE-4028 and CVE-4029 (pb#19359, pb#19362)

xorg-server-devel (xorg-server-devel-1.9.5-77-c2-x86_64.pisi)
-------------------------------------------------------------
Security fixes of CVE-4028 and CVE-4029 (pb#19359, pb#19362)

xorg-server-devel (xorg-server-devel-76-77-c2-x86_64.delta.pisi)
----------------------------------------------------------------
Security fixes of CVE-4028 and CVE-4029 (pb#19359, pb#19362)

xorg-server-xdmx (xorg-server-xdmx-1.9.5-77-c2-x86_64.pisi)
-----------------------------------------------------------
Security fixes of CVE-4028 and CVE-4029 (pb#19359, pb#19362)

xorg-server-xdmx (xorg-server-xdmx-76-77-c2-x86_64.delta.pisi)
--------------------------------------------------------------
Security fixes of CVE-4028 and CVE-4029 (pb#19359, pb#19362)

xorg-server-xephyr (xorg-server-xephyr-1.9.5-77-c2-x86_64.pisi)
---------------------------------------------------------------
Security fixes of CVE-4028 and CVE-4029 (pb#19359, pb#19362)

xorg-server-xephyr (xorg-server-xephyr-76-77-c2-x86_64.delta.pisi)
------------------------------------------------------------------
Security fixes of CVE-4028 and CVE-4029 (pb#19359, pb#19362)

xorg-server-xvfb (xorg-server-xvfb-1.9.5-77-c2-x86_64.pisi)
-----------------------------------------------------------
Security fixes of CVE-4028 and CVE-4029 (pb#19359, pb#19362)

xorg-server-xvfb (xorg-server-xvfb-76-77-c2-x86_64.delta.pisi)
--------------------------------------------------------------
Security fixes of CVE-4028 and CVE-4029 (pb#19359, pb#19362)

xorg-server-xvnc (xorg-server-xvnc-1.9.5-77-c2-x86_64.pisi)
-----------------------------------------------------------
Security fixes of CVE-4028 and CVE-4029 (pb#19359, pb#19362)

xulrunner (xulrunner-1.9.2.23-46-c2-x86_64.pisi)
------------------------------------------------
Version bump to latest security update:
* Depend strictly on new nss and nspr to prevent users using fraudulent DigiNotar SSL certificates
* Put main configuration file (mozconfig) as an additional file to ease packaging
* Add scripts to get source and locales from Mozilla VCS
* Add missing dependencies according to checkelf script
* Code installation through holding down Enter
* Defense against multiple Location headers due to CRLF Injection
* XSS via plugins and shadowed window.location object
* Integer underflow when using JavaScript RegExp
* Miscellaneous memory safety hazards (rv:7.0 / rv:1.9.2.23)

xulrunner (xulrunner-42-46-c2-x86_64.delta.pisi)
------------------------------------------------
Version bump to latest security update:
* Depend strictly on new nss and nspr to prevent users using fraudulent DigiNotar SSL certificates
* Put main configuration file (mozconfig) as an additional file to ease packaging
* Add scripts to get source and locales from Mozilla VCS
* Add missing dependencies according to checkelf script
* Code installation through holding down Enter
* Defense against multiple Location headers due to CRLF Injection
* XSS via plugins and shadowed window.location object
* Integer underflow when using JavaScript RegExp
* Miscellaneous memory safety hazards (rv:7.0 / rv:1.9.2.23)

xulrunner (xulrunner-44-46-c2-x86_64.delta.pisi)
------------------------------------------------
Version bump to latest security update:
* Depend strictly on new nss and nspr to prevent users using fraudulent DigiNotar SSL certificates
* Put main configuration file (mozconfig) as an additional file to ease packaging
* Add scripts to get source and locales from Mozilla VCS
* Add missing dependencies according to checkelf script
* Code installation through holding down Enter
* Defense against multiple Location headers due to CRLF Injection
* XSS via plugins and shadowed window.location object
* Integer underflow when using JavaScript RegExp
* Miscellaneous memory safety hazards (rv:7.0 / rv:1.9.2.23)

xulrunner (xulrunner-45-46-c2-x86_64.delta.pisi)
------------------------------------------------
Version bump to latest security update:
* Depend strictly on new nss and nspr to prevent users using fraudulent DigiNotar SSL certificates
* Put main configuration file (mozconfig) as an additional file to ease packaging
* Add scripts to get source and locales from Mozilla VCS
* Add missing dependencies according to checkelf script
* Code installation through holding down Enter
* Defense against multiple Location headers due to CRLF Injection
* XSS via plugins and shadowed window.location object
* Integer underflow when using JavaScript RegExp
* Miscellaneous memory safety hazards (rv:7.0 / rv:1.9.2.23)

xulrunner-devel (xulrunner-devel-1.9.2.23-46-c2-x86_64.pisi)
------------------------------------------------------------
Version bump to latest security update:
* Depend strictly on new nss and nspr to prevent users using fraudulent DigiNotar SSL certificates
* Put main configuration file (mozconfig) as an additional file to ease packaging
* Add scripts to get source and locales from Mozilla VCS
* Add missing dependencies according to checkelf script
* Code installation through holding down Enter
* Defense against multiple Location headers due to CRLF Injection
* XSS via plugins and shadowed window.location object
* Integer underflow when using JavaScript RegExp
* Miscellaneous memory safety hazards (rv:7.0 / rv:1.9.2.23)

xulrunner-devel (xulrunner-devel-42-46-c2-x86_64.delta.pisi)
------------------------------------------------------------
Version bump to latest security update:
* Depend strictly on new nss and nspr to prevent users using fraudulent DigiNotar SSL certificates
* Put main configuration file (mozconfig) as an additional file to ease packaging
* Add scripts to get source and locales from Mozilla VCS
* Add missing dependencies according to checkelf script
* Code installation through holding down Enter
* Defense against multiple Location headers due to CRLF Injection
* XSS via plugins and shadowed window.location object
* Integer underflow when using JavaScript RegExp
* Miscellaneous memory safety hazards (rv:7.0 / rv:1.9.2.23)

xulrunner-devel (xulrunner-devel-44-46-c2-x86_64.delta.pisi)
------------------------------------------------------------
Version bump to latest security update:
* Depend strictly on new nss and nspr to prevent users using fraudulent DigiNotar SSL certificates
* Put main configuration file (mozconfig) as an additional file to ease packaging
* Add scripts to get source and locales from Mozilla VCS
* Add missing dependencies according to checkelf script
* Code installation through holding down Enter
* Defense against multiple Location headers due to CRLF Injection
* XSS via plugins and shadowed window.location object
* Integer underflow when using JavaScript RegExp
* Miscellaneous memory safety hazards (rv:7.0 / rv:1.9.2.23)

xulrunner-devel (xulrunner-devel-45-46-c2-x86_64.delta.pisi)
------------------------------------------------------------
Version bump to latest security update:
* Depend strictly on new nss and nspr to prevent users using fraudulent DigiNotar SSL certificates
* Put main configuration file (mozconfig) as an additional file to ease packaging
* Add scripts to get source and locales from Mozilla VCS
* Add missing dependencies according to checkelf script
* Code installation through holding down Enter
* Defense against multiple Location headers due to CRLF Injection
* XSS via plugins and shadowed window.location object
* Integer underflow when using JavaScript RegExp
* Miscellaneous memory safety hazards (rv:7.0 / rv:1.9.2.23)