summaryrefslogtreecommitdiff
path: root/palemoon/debian/changelog
diff options
context:
space:
mode:
Diffstat (limited to 'palemoon/debian/changelog')
-rw-r--r--palemoon/debian/changelog16
1 files changed, 16 insertions, 0 deletions
diff --git a/palemoon/debian/changelog b/palemoon/debian/changelog
index 54456ae..24911ec 100644
--- a/palemoon/debian/changelog
+++ b/palemoon/debian/changelog
@@ -1,3 +1,19 @@
+palemoon (28.4.1-1devuan) manual; urgency=low
+
+ * New 28.4.1 security and bugfix release:
+ - Fixed hover state arrows on some controls.
+ - Fixed potential denial-of-service issues involving FTP (loading of subresources and spamming errors).
+ - Disabled Microsoft Family Safety (Win 8.1) by default. This prevents security issues as a result of a local MitM setup.
+ - Added several site-specific overrides (Firefox Send and polyfill.io) to work around website UA-sniffing isues.
+ - Implemented the origin-clean algorithm for controlling access to image resources.
+ - Cleaned up the helper application service code.
+ - Ported applicable security fixes from Mozilla (CVE-2019-9791, CVE-2019-9792, CVE-2019-9796, CVE-2019-9801, CVE-2019-9793, CVE-2019-9794, CVE-2019-9808 and ZDI-CAN-8368).
+ - Implemented several defense-in-depth measures (for CVE-2019-9790, CVE-2019-9797, CVE-2019-9804, and a JavaScript issue).
+ - Fixed several memory safety hazards and crashes.
+ - Binaries are now code-signed again (including the setup program for the installer).
+
+ -- B Stack <bgstack15@gmail.com> Fri, 29 Mar 2019 14:42:19 -0500
+
palemoon (28.4.0-1devuan) manual; urgency=low
* Import new 28.4.0 major development and security release:
bgstack15