From owner-svn-ports-all@freebsd.org Tue Jun 7 16:34:08 2016 Return-Path: Delivered-To: svn-ports-all@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 93319B6E8B2; Tue, 7 Jun 2016 16:34:08 +0000 (UTC) (envelope-from jbeich@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 508D11011; Tue, 7 Jun 2016 16:34:08 +0000 (UTC) (envelope-from jbeich@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id u57GY7aa049175; Tue, 7 Jun 2016 16:34:07 GMT (envelope-from jbeich@FreeBSD.org) Received: (from jbeich@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id u57GY7jX049173; Tue, 7 Jun 2016 16:34:07 GMT (envelope-from jbeich@FreeBSD.org) Message-Id: <201606071634.u57GY7jX049173@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: jbeich set sender to jbeich@FreeBSD.org using -f From: Jan Beich Date: Tue, 7 Jun 2016 16:34:07 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r416514 - head/security/vuxml X-SVN-Group: ports-head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-ports-all@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: SVN commit messages for the ports tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 07 Jun 2016 16:34:08 -0000 Author: jbeich Date: Tue Jun 7 16:34:07 2016 New Revision: 416514 URL: https://svnweb.freebsd.org/changeset/ports/416514 Log: Document recent Firefox vulnerabilities Modified: head/security/vuxml/vuln.xml Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Tue Jun 7 16:26:29 2016 (r416513) +++ head/security/vuxml/vuln.xml Tue Jun 7 16:34:07 2016 (r416514) @@ -58,6 +58,124 @@ Notes: * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) --> + + NSS -- multiple vulnerabilities + + + nss + linux-c6-nss + 3.223.23 + + + linux-seamonkey + 2.44 + + + + +

Mozilla Foundation reports:

+
Mozilla has updated the version of Network Security + Services (NSS) library used in Firefox to NSS 3.23. This + addresses four moderate rated networking security issues + reported by Mozilla engineers Tyson Smith and Jed Davis.
+

+ + + + CVE-2016-2834 + https://www.mozilla.org/security/advisories/mfsa2016-62/ + https://hg.mozilla.org/projects/nss/rev/1ba7cd83c672 + https://hg.mozilla.org/projects/nss/rev/8d78a5ae260a + https://hg.mozilla.org/projects/nss/rev/5fde729fdbff + https://hg.mozilla.org/projects/nss/rev/329932eb1700 + + + 2016-06-07 + 2016-06-07 + + + + + mozilla -- multiple vulnerabilities + + + firefox + 47.0,1 + + + seamonkey + linux-seamonkey + 2.44 + + + firefox-esr + 45.2.0,1 + + + linux-firefox + 45.2.0,2 + + + libxul + thunderbird + linux-thunderbird + 45.2.0 + + + + +

Mozilla Foundation reports:

+
MFSA 2016-49 Miscellaneous memory safety hazards (rv:47.0 / + rv:45.2)
+
MFSA 2016-50 Buffer overflow parsing HTML5 fragments
+
MFSA 2016-51 Use-after-free deleting tables from a + contenteditable document
+
MFSA 2016-52 Addressbar spoofing though the SELECT element
+
MFSA 2016-54 Partial same-origin-policy through setting + location.host through data URI
+
MFSA 2016-56 Use-after-free when textures are used in WebGL + operations after recycle pool destruction
+
MFSA 2016-57 Incorrect icon displayed on permissions + notifications
+
MFSA 2016-58 Entering fullscreen and persistent pointerlock + without user permission
+
MFSA 2016-59 Information disclosure of disabled plugins + through CSS pseudo-classes
+
MFSA 2016-60 Java applets bypass CSP protections
+

+ + + + CVE-2016-2815 + CVE-2016-2818 + CVE-2016-2819 + CVE-2016-2821 + CVE-2016-2822 + CVE-2016-2825 + CVE-2016-2828 + CVE-2016-2829 + CVE-2016-2831 + CVE-2016-2832 + CVE-2016-2833 + https://www.mozilla.org/security/advisories/mfsa2016-49/ + https://www.mozilla.org/security/advisories/mfsa2016-50/ + https://www.mozilla.org/security/advisories/mfsa2016-51/ + https://www.mozilla.org/security/advisories/mfsa2016-52/ + https://www.mozilla.org/security/advisories/mfsa2016-54/ + https://www.mozilla.org/security/advisories/mfsa2016-56/ + https://www.mozilla.org/security/advisories/mfsa2016-57/ + https://www.mozilla.org/security/advisories/mfsa2016-58/ + https://www.mozilla.org/security/advisories/mfsa2016-59/ + https://www.mozilla.org/security/advisories/mfsa2016-60/ + + + 2016-06-07 + 2016-06-07 + + + chromium -- multiple vulnerabilities