From owner-freebsd-gecko@FreeBSD.ORG Tue Oct 14 18:51:06 2014 Return-Path: Delivered-To: freebsd-gecko@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 7402CF8E for ; Tue, 14 Oct 2014 18:51:06 +0000 (UTC) Received: from trillian.chruetertee.ch (trillian.chruetertee.ch [217.150.244.247]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 11EEE758 for ; Tue, 14 Oct 2014 18:51:05 +0000 (UTC) Received: from trillian.chruetertee.ch (trillian [217.150.244.247]) by trillian.chruetertee.ch (8.14.4/8.14.3) with ESMTP id s9EIp29F007492 for ; Tue, 14 Oct 2014 18:51:02 GMT (envelope-from svn-freebsd-gecko@chruetertee.ch) Received: (from www@localhost) by trillian.chruetertee.ch (8.14.4/8.14.3/Submit) id s9EIou7N006864 for freebsd-gecko@freebsd.org; Tue, 14 Oct 2014 18:50:56 GMT (envelope-from svn-freebsd-gecko@chruetertee.ch) Date: Tue, 14 Oct 2014 18:50:56 GMT Message-Id: <201410141850.s9EIou7N006864@trillian.chruetertee.ch> X-Authentication-Warning: trillian.chruetertee.ch: www set sender to svn-freebsd-gecko@chruetertee.ch using -f From: svn-freebsd-gecko@chruetertee.ch To: freebsd-gecko@freebsd.org Subject: [SVN-Commit] r1728 - branches/firefox33 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Reply-To: freebsd-gecko@freebsd.org X-BeenThere: freebsd-gecko@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: Gecko Rendering Engine issues List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 14 Oct 2014 18:51:06 -0000 Author: jbeich Date: Tue Oct 14 18:50:56 2014 New Revision: 1728 Log: list changes and vulnerabilities fixed Added: branches/firefox33/Gecko_ChangeLog branches/firefox33/VuXML Added: branches/firefox33/Gecko_ChangeLog ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ branches/firefox33/Gecko_ChangeLog Tue Oct 14 18:50:56 2014 (r1728) @@ -0,0 +1,10 @@ +- add multimedia/openh264, maybe used by WebRTC video +- (workaround) replace USE_GCC=yes with USES=compiler:gcc-c++11-lib in + order to fix runtime for PGO and powerpc/powerpc64 on libc++ systems +- add OSS audio fallback for HTML5 audio from upstream bug; + not exposed yet because WebRTC still needs ALSA or PulseAudio +- apply r368080 to seamonkey-i18n +- kill @dirrm from gecko@ ports per CHANGES from 20140922 +- drop workaround for LLVM PR 19007: base and lang/clang34 have the fix +- improve workaround comment for LLVM PR 15840, partially rejecting + r348851 by marino@ until bug 193555 Added: branches/firefox33/VuXML ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ branches/firefox33/VuXML Tue Oct 14 18:50:56 2014 (r1728) @@ -0,0 +1,80 @@ + + mozilla -- multiple vulnerabilities + + + firefox + 33.0,1 + + + firefox-esr + 31.2.0,1 + + + linux-firefox + 33.0,1 + + + linux-seamonkey + 2.30 + + + linux-thunderbird + 31.2.0 + + + seamonkey + 2.30 + + + thunderbird + 31.2.0 + + + + +

The Mozilla Project reports:

+
MFSA 2014-74 Miscellaneous memory safety hazards + (rv:33.0 / rv:31.2)
+
MFSA 2014-75 Buffer overflow during CSS manipulation
+
MFSA 2014-76 Web Audio memory corruption issues with + custom waveforms
+
MFSA 2014-77 Out-of-bounds write with WebM video
+
MFSA 2014-78 Further uninitialized memory use during GIF
+
MFSA 2014-79 Use-after-free interacting with text + directionality
+
MFSA 2014-80 Key pinning bypasses
+
MFSA 2014-81 Inconsistent video sharing within iframe
+
MFSA 2014-82 Accessing cross-origin objects via the + Alarms API
+

+ + + + CVE-2014-1574 + CVE-2014-1575 + CVE-2014-1576 + CVE-2014-1577 + CVE-2014-1578 + CVE-2014-1580 + CVE-2014-1581 + CVE-2014-1583 + CVE-2014-1584 + CVE-2014-1585 + CVE-2014-1586 + https://www.mozilla.org/security/announce/2014/mfsa2014-74.html + https://www.mozilla.org/security/announce/2014/mfsa2014-75.html + https://www.mozilla.org/security/announce/2014/mfsa2014-76.html + https://www.mozilla.org/security/announce/2014/mfsa2014-77.html + https://www.mozilla.org/security/announce/2014/mfsa2014-78.html + https://www.mozilla.org/security/announce/2014/mfsa2014-79.html + https://www.mozilla.org/security/announce/2014/mfsa2014-80.html + https://www.mozilla.org/security/announce/2014/mfsa2014-81.html + https://www.mozilla.org/security/announce/2014/mfsa2014-82.html + https://www.mozilla.org/security/announce/ + + + 2014-10-06 + 2014-10-14 + +