Date: Tue, 24 Jan 2017 22:50:18 +0000 (UTC) From: Jan Beich <jbeich@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r432403 - head/security/vuxml Message-ID: <201701242250.v0OMoIki063457@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: jbeich Date: Tue Jan 24 22:50:17 2017 New Revision: 432403 URL: https://svnweb.freebsd.org/changeset/ports/432403 Log: security/vuxml: mark Gecko < 51.0/45.7esr as vulnerable Modified: head/security/vuxml/vuln.xml Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Tue Jan 24 22:38:07 2017 (r432402) +++ head/security/vuxml/vuln.xml Tue Jan 24 22:50:17 2017 (r432403) @@ -58,6 +58,98 @@ Notes: * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">; + <vuln vid="e60169c4-aa86-46b0-8ae2-0d81f683df09"> + <topic>mozilla -- multiple vulnerabilities</topic> + <affects> + <package> + <name>firefox</name> + <range><lt>51.0_1,1</lt></range> + </package> + <package> + <name>seamonkey</name> + <name>linux-seamonkey</name> + <range><lt>2.48</lt></range> + </package> + <package> + <name>firefox-esr</name> + <range><lt>45.7.0,1</lt></range> + </package> + <package> + <name>linux-firefox</name> + <range><lt>45.7.0,2</lt></range> + </package> + <package> + <name>libxul</name> + <name>thunderbird</name> + <name>linux-thunderbird</name> + <range><lt>45.7.0</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml">; + <p>Mozilla Foundation reports:</p> + <blockquote cite="https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/">; + <p>CVE-2017-5373: Memory safety bugs fixed in Firefox 51 and Firefox ESR 45.7</p> + <p>CVE-2017-5374: Memory safety bugs fixed in Firefox 51</p> + <p>CVE-2017-5375: Excessive JIT code allocation allows bypass of ASLR and DEP</p> + <p>CVE-2017-5376: Use-after-free in XSL</p> + <p>CVE-2017-5377: Memory corruption with transforms to create gradients in Skia</p> + <p>CVE-2017-5378: Pointer and frame data leakage of Javascript objects</p> + <p>CVE-2017-5379: Use-after-free in Web Animations</p> + <p>CVE-2017-5380: Potential use-after-free during DOM manipulations</p> + <p>CVE-2017-5381: Certificate Viewer exporting can be used to navigate and save to arbitrary filesystem locations</p> + <p>CVE-2017-5382: Feed preview can expose privileged content errors and exceptions</p> + <p>CVE-2017-5383: Location bar spoofing with unicode characters</p> + <p>CVE-2017-5384: Information disclosure via Proxy Auto-Config (PAC)</p> + <p>CVE-2017-5385: Data sent in multipart channels ignores referrer-policy response headers</p> + <p>CVE-2017-5386: WebExtensions can use data: protocol to affect other extensions</p> + <p>CVE-2017-5387: Disclosure of local file existence through TRACK tag error messages</p> + <p>CVE-2017-5388: WebRTC can be used to generate a large amount of UDP traffic for DDOS attacks</p> + <p>CVE-2017-5389: WebExtensions can install additional add-ons via modified host requests</p> + <p>CVE-2017-5390: Insecure communication methods in Developer Tools JSON viewer</p> + <p>CVE-2017-5391: Content about: pages can load privileged about: pages</p> + <p>CVE-2017-5392: Weak references using multiple threads on weak proxy objects lead to unsafe memory usage</p> + <p>CVE-2017-5393: Remove addons.mozilla.org CDN from whitelist for mozAddonManager</p> + <p>CVE-2017-5394: Android location bar spoofing using fullscreen and JavaScript events</p> + <p>CVE-2017-5395: Android location bar spoofing during scrolling</p> + <p>CVE-2017-5396: Use-after-free with Media Decoder</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2017-5373</cvename> + <cvename>CVE-2017-5374</cvename> + <cvename>CVE-2017-5375</cvename> + <cvename>CVE-2017-5376</cvename> + <cvename>CVE-2017-5377</cvename> + <cvename>CVE-2017-5378</cvename> + <cvename>CVE-2017-5379</cvename> + <cvename>CVE-2017-5380</cvename> + <cvename>CVE-2017-5381</cvename> + <cvename>CVE-2017-5382</cvename> + <cvename>CVE-2017-5383</cvename> + <cvename>CVE-2017-5384</cvename> + <cvename>CVE-2017-5385</cvename> + <cvename>CVE-2017-5386</cvename> + <cvename>CVE-2017-5387</cvename> + <cvename>CVE-2017-5388</cvename> + <cvename>CVE-2017-5389</cvename> + <cvename>CVE-2017-5390</cvename> + <cvename>CVE-2017-5391</cvename> + <cvename>CVE-2017-5392</cvename> + <cvename>CVE-2017-5393</cvename> + <cvename>CVE-2017-5394</cvename> + <cvename>CVE-2017-5395</cvename> + <cvename>CVE-2017-5396</cvename> + <url>https://www.mozilla.org/security/advisories/mfsa2017-01/</url>; + <url>https://www.mozilla.org/security/advisories/mfsa2017-02/</url>; + </references> + <dates> + <discovery>2017-01-24</discovery> + <entry>2017-01-24</entry> + </dates> + </vuln> + <vuln vid="7721562b-e20a-11e6-b2e2-6805ca0b3d42"> <topic>phpMyAdmin -- Multiple vulnerabilities</topic> <affects>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201701242250.v0OMoIki063457>