From owner-svn-ports-all@FreeBSD.ORG Thu Aug 2 21:24:11 2012 Return-Path: Delivered-To: svn-ports-all@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id E846A1065673; Thu, 2 Aug 2012 21:24:11 +0000 (UTC) (envelope-from flo@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c]) by mx1.freebsd.org (Postfix) with ESMTP id C89E08FC08; Thu, 2 Aug 2012 21:24:11 +0000 (UTC) Received: from svn.freebsd.org (localhost [127.0.0.1]) by svn.freebsd.org (8.14.4/8.14.4) with ESMTP id q72LOBhb026997; Thu, 2 Aug 2012 21:24:11 GMT (envelope-from flo@svn.freebsd.org) Received: (from flo@localhost) by svn.freebsd.org (8.14.4/8.14.4/Submit) id q72LOBZF026995; Thu, 2 Aug 2012 21:24:11 GMT (envelope-from flo@svn.freebsd.org) Message-Id: <201208022124.q72LOBZF026995@svn.freebsd.org> From: Florian Smeets Date: Thu, 2 Aug 2012 21:24:11 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org X-SVN-Group: ports-head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Cc: Subject: svn commit: r301872 - head/security/vuxml X-BeenThere: svn-ports-all@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: SVN commit messages for the ports tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 02 Aug 2012 21:24:12 -0000 Author: flo Date: Thu Aug 2 21:24:11 2012 New Revision: 301872 URL: http://svn.freebsd.org/changeset/ports/301872 Log: Belatedly add an entry for the recent Mozilla updates Security: http://www.freebsd.org/ports/portaudit/dbf338d0-dce5-11e1-b655-14dae9ebcf89.html Modified: head/security/vuxml/vuln.xml Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Thu Aug 2 21:02:56 2012 (r301871) +++ head/security/vuxml/vuln.xml Thu Aug 2 21:24:11 2012 (r301872) @@ -52,6 +52,109 @@ Note: Please add new entries to the beg --> + + mozilla -- multiple vulnerabilities + + + firefox + 11.0,114.0.1,1 + 10.0.6,1 + + + linux-firefox + 10.0.6,1 + + + linux-seamonkey + 2.11 + + + linux-thunderbird + 10.0.6 + + + seamonkey + 2.11 + + + thunderbird + 11.014.0 + 10.0.6 + + + libxul + 1.9.2.*10.0.6 + + + + +

The Mozilla Project reports:

+
MFSA 2012-42 Miscellaneous memory safety hazards (rv:14.0/ + rv:10.0.6)
+
MFSA 2012-43 Incorrect URL displayed in addressbar through drag and + drop
+
MFSA 2012-44 Gecko memory corruption
+
MFSA 2012-45 Spoofing issue with location
+
MFSA 2012-46 XSS through data: URLs
+
MFSA 2012-47 Improper filtering of javascript in HTML feed-view
+
MFSA 2012-48 use-after-free in nsGlobalWindow::PageHidden
+
MFSA 2012-49 Same-compartment Security Wrappers can be bypassed
+
MFSA 2012-50 Out of bounds read in QCMS
+
MFSA 2012-51 X-Frame-Options header ignored when duplicated
+
MFSA 2012-52 JSDependentString::undepend string conversion results + in memory corruption
+
MFSA 2012-53 Content Security Policy 1.0 implementation errors + cause data leakage
+
MFSA 2012-54 Clickjacking of certificate warning page
+
MFSA 2012-55 feed: URLs with an innerURI inherit security context + of page
+
MFSA 2012-56 Code execution through javascript: URLs
+

+ + + + CVE-2012-1949 + CVE-2012-1950 + CVE-2012-1951 + CVE-2012-1952 + CVE-2012-1953 + CVE-2012-1954 + CVE-2012-1955 + CVE-2012-1957 + CVE-2012-1958 + CVE-2012-1959 + CVE-2012-1960 + CVE-2012-1961 + CVE-2012-1962 + CVE-2012-1963 + CVE-2012-1964 + CVE-2012-1965 + CVE-2012-1966 + CVE-2012-1967 + http://www.mozilla.org/security/known-vulnerabilities/ + http://www.mozilla.org/security/announce/2012/mfsa2012-42.html + http://www.mozilla.org/security/announce/2012/mfsa2012-43.html + http://www.mozilla.org/security/announce/2012/mfsa2012-44.html + http://www.mozilla.org/security/announce/2012/mfsa2012-45.html + http://www.mozilla.org/security/announce/2012/mfsa2012-46.html + http://www.mozilla.org/security/announce/2012/mfsa2012-47.html + http://www.mozilla.org/security/announce/2012/mfsa2012-48.html + http://www.mozilla.org/security/announce/2012/mfsa2012-49.html + http://www.mozilla.org/security/announce/2012/mfsa2012-50.html + http://www.mozilla.org/security/announce/2012/mfsa2012-51.html + http://www.mozilla.org/security/announce/2012/mfsa2012-52.html + http://www.mozilla.org/security/announce/2012/mfsa2012-53.html + http://www.mozilla.org/security/announce/2012/mfsa2012-54.html + http://www.mozilla.org/security/announce/2012/mfsa2012-55.html + http://www.mozilla.org/security/announce/2012/mfsa2012-56.html + + + 2012-07-17 + 2012-08-02 + + + Apache -- Insecure LD_LIBRARY_PATH handling