Anzeigen der neuesten Beiträge
0 Mitglieder und 8 Gäste betrachten dieses Thema.
General Python build scripts and example plugins are now compatible with Python 3. (Ashish Gupta) (#15624) libpurple Fix potential crash if libpurple gets an error attempting to read a reply from a STUN server. (Discovered by Coverity static analysis) (CVE-2013-6484) Fix potential crash parsing a malformed HTTP response. (Discovered by Jacob Appelbaum of the Tor Project) (CVE-2013-6479) Fix buffer overflow when parsing a malformed HTTP response with chunked Transfer-Encoding. (Discovered by Matt Jones, Volvent) (CVE-2013-6485) Better handling of HTTP proxy responses with negative Content-Lengths. (Discovered by Matt Jones, Volvent) Fix handling of SSL certificates without subjects when using libnss. Fix handling of SSL certificates with timestamps in the distant future when using libnss. (#15586) Impose maximum download size for all HTTP fetches. Pidgin Fix crash displaying tooltip of long URLs. (CVE-2013-6478) Better handling of URLs longer than 1000 letters. Fix handling of multibyte UTF-8 characters in smiley themes. (#15756) Windows-Specific Changes When clicking file:// links, show the file in Explorer rather than attempting to run the file. This reduces the chances of a user clicking on a link and mistakenly running a malicious file. (Originally discovered by James Burton, Insomnia Security. Rediscovered by Yves Younan of Sourcefire VRT.) (CVE-2013-6486) Fix Tcl scripts. (#15520) Fix crash-on-startup when ASLR is always on. (#15521) Updates to dependencies: NSS 3.15.4 and NSPR 4.10.2 Pango 1.29.4-1daa. Patched for https://bugzilla.gnome.org/show_bug.cgi?id=668154 AIM Fix untrusted certificate error. AIM and ICQ Fix a possible crash when receiving a malformed message in a Direct IM session. Gadu-Gadu Fix buffer overflow with remote code execution potential. Only triggerable by a Gadu-Gadu server or a man-in-the-middle. (Discovered by Yves Younan and Ryan Pentney of Sourcefire VRT) (CVE-2013-6487) Disabled buddy list import/export from/to server (it didn't work anymore). Buddy list synchronization will be implemented in 3.0.0. Disabled new account registration and password change options, as it didn't work either. Account registration also caused a crash. Both functions are available using official Gadu-Gadu website. IRC Fix bug where a malicious server or man-in-the-middle could trigger a crash by not sending enough arguments with various messages. (Discovered by Daniel Atallah) (CVE-2014-0020) Fix bug where initial IRC status would not be set correctly. Fix bug where IRC wasn't available when libpurple was compiled with Cyrus SASL support. (#15517) MSN Fix NULL pointer dereference parsing headers in MSN. (Discovered by Fabian Yamaguchi and Christian Wressnegger of the University of Goettingen) (CVE-2013-6482) Fix NULL pointer dereference parsing OIM data in MSN. (Discovered by Fabian Yamaguchi and Christian Wressnegger of the University of Goettingen) (CVE-2013-6482) Fix NULL pointer dereference parsing SOAP data in MSN. (Discovered by Fabian Yamaguchi and Christian Wressnegger of the University of Goettingen) (CVE-2013-6482) Fix possible crash when sending very long messages. Not remotely-triggerable. (Discovered by Matt Jones, Volvent) MXit Fix buffer overflow with remote code execution potential. (Discovered by Yves Younan and Pawel Janic of Sourcefire VRT) (CVE-2013-6489) Fix sporadic crashes that can happen after user is disconnected. Fix crash when attempting to add a contact via search results. Show error message if file transfer fails. Fix compiling with InstantBird. Fix display of some custom emoticons. SILC Correctly set whiteboard dimensions in whiteboard sessions. SIMPLE Fix buffer overflow with remote code execution potential. (Discovered by Yves Younan of Sourcefire VRT) (CVE-2013-6490) XMPP Prevent spoofing of iq replies by verifying that the 'from' address matches the 'to' address of the iq request. (Discovered by Fabian Yamaguchi and Christian Wressnegger of the University of Goettingen, fixed by Thijs Alkemade) (CVE-2013-6483) Fix crash on some systems when receiving fake delay timestamps with extreme values. (Discovered by Jaime Breva Ribes) (CVE-2013-6477) Fix possible crash or other erratic behavior when selecting a very small file for your own buddy icon. Fix crash if the user tries to initiate a voice/video session with a resourceless JID. Fix login errors when the first two available auth mechanisms fail but a subsequent mechanism would otherwise work when using Cyrus SASL. (#15524) Fix dropping incoming stanzas on BOSH connections when we receive multiple HTTP responses at once. (Issa Gorissen) (#15684) Yahoo! Fix possible crashes handling incoming strings that are not UTF-8. (Discovered by Thijs Alkemade and Robert Vehse) (CVE-2012-6152) Fix a bug reading a peer to peer message where a remote user could trigger a crash. (CVE-2013-6481) Plugins Fix crash in contact availability plugin. Fix perl function Purple::Network::ip_atoi Add Unity integration plugin.
Chrome has been updated to 32.0.1700.102 for Windows, Mac, Linux and Chrome Frame.This update has fixes for the following issues: Mouse Pointer disappears after exiting full-screen mode. (317496) Drag and drop files into Chrome may not work properly. (332579) Quicktime Plugin crashes in Chrome. (308466) Chrome becomes unresponsive. (335248) Trackpad users may not be able to scroll horizontally. (332797) Scrolling does not work in combo box. (334454) Chrome does not work with all CSS minifiers such as whitespace around a media query's `and` keyword. (333035)Security Fixes and RewardsThis update includes 14 security fixes. Below, we highlight fixes that were either contributed by external researchers or particularly interesting. Please see the Chromium security page for more information.[$1000][330420] High CVE-2013-6649: Use-after-free in SVG images. Credit to Atte Kettunen of OUSPG.[$3000][331444] High CVE-2013-6650: Memory corruption in V8. This issue was fixed in v8 version 3.22.24.16. Credit to Christian Holler.We would also like to thank cloudfuzzer and miaubiz for working with us during the development cycle to prevent security bugs from ever reaching the stable channel. $6000 in additional rewards were issued.Many of the above bugs were detected using AddressSanitizer.A partial list of changes is available in the SVN log.
New build: Atom-optimized Pale Moon:After some thorough testing, the Atom/netbook builds are being released as final. These builds are specifically made for PCs with Intel Atom processors.New feature: the title has been brought back to the title bar:When using the Application Menu (Pale Moon button), the title bar of the browser window would be blank. Considering this is wasted space, the page title will now be displayed in the title bar again (it's called a title bar for a reason, after all!). Several different styles have been implemented to cater to different OS version layouts.Removal of the services tab in the Add-on Manager:It will be visible only if someone actually has a service extension installed (similar to how language packs work)Improvement of UI consistency:Removal of illogical selective hiding of the navigation bar and toolbars when in tabs-on-top mode (Add-ons manager, permissions manager, etc.). Browser chrome will now never be hidden.Bugfix: When using the classic downloads window, downloads in private windows were not shown:If you use the classic downloads window and would open a Private Browsing (PB) window, there was no easy way to see which downloads were done in the PB window. When checking the downloads, it would open up the (non-PB) classic downloads window which does not have downloads listed from the PB session. This has been fixed, and PB windows will now open a new tab in the PB window with the downloads from that private session.Bugfix: Geolocation didn't work in Pale Moon:This was caused by the Firefox standard geolocation provider (Google Inc.) now requiring an API key to request geolocation coordinates. Only official Mozilla Firefox builds will have working geolocation from Google.Pale Moon has switched provider to IP-API.com to address this issue, with the required re-write of code for the different type of request. More information on the forum.Bugfix: The "More information" link for blocked add-ons didn't workBugfix: Certain scaled fonts would have malformed letters:On Vista and later with hardware acceleration enabled, certain letters of some font families would become malformed and difficult to read because of a Direct2D scaling issue. These fonts should now render sharp and more legibly.Romanian has been added to the status bar localizations
Yesterday we identified an issue with auto update to Opera 19. There was a risk that modified Speed Dials would be reset to default ones. We’ve fixed it and now you can safely update to the latest Opera version.
The Dev Channel has been updated to 34.0.1797.2 for Windows, Mac, and Linux.This release fixes a number of crashes and other bugs. A full list of changes is available in the SVN log.
Autor
Thema: Portable Software und Tools für USB-Sticks (Gelesen 1021675 mal)
