FreeBSD Mail Archives

Date:      Fri, 9 Sep 2016 11:02:05 +0000 (UTC)
From:      Christoph Moench-Tegeder <cmt@FreeBSD.org>
To:        ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org
Subject:   svn commit: r421609 - head/security/vuxml
Message-ID:  <201609091102.u89B25TH041015@repo.freebsd.org>

next in thread | raw e-mail | index | archive | help

Author: cmt
Date: Fri Sep  9 11:02:05 2016
New Revision: 421609
URL: https://svnweb.freebsd.org/changeset/ports/421609

Log:
  document mozilla vulnerabilities (<48, <45.3esr)
  
  PR:		212463
  Approved by:	jbeich (maintainer), rene (mentor)

Modified:
  head/security/vuxml/vuln.xml

Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml	Fri Sep  9 10:57:45 2016	(r421608)
+++ head/security/vuxml/vuln.xml	Fri Sep  9 11:02:05 2016	(r421609)
@@ -58,6 +58,133 @@ Notes:
   * Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
 -->
 <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">;
+  <vuln vid="aa1aefe3-6e37-47db-bfda-343ef4acb1b5">
+    <topic>Mozilla -- multiple vulnerabilities</topic>
+    <affects>
+      <package>
+	<name>firefox</name>
+	<range><lt>48.0,1</lt></range>
+      </package>
+      <package>
+	<name>firefox-esr</name>
+	<range><lt>45.3.0,1</lt></range>
+      </package>
+      <package>
+	<name>linux-firefox</name>
+	<range><lt>45.3.0,2</lt></range>
+      </package>
+      <package>
+	<name>libxul</name>
+	<name>thunderbird</name>
+	<name>linux-thunderbird</name>
+	<range><lt>45.3.0</lt></range>
+      </package>
+    </affects>
+    <description>
+      <body xmlns="http://www.w3.org/1999/xhtml">;
+	<p>Mozilla Foundation reports:</p>
+	<blockquote cite="https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/#firefox48">;
+	  <p>MFSA2016-84 Information disclosure through Resource Timing API \
+	    during page navigation</p>
+	  <p>MFSA2016-83 Spoofing attack through text injection into \
+	    internal error pages</p>
+	  <p>MFSA2016-82 Addressbar spoofing with right-to-left characters \
+	    on Firefox for Android</p>
+	  <p>MFSA2016-81 Information disclosure and local file \
+	    manipulation through drag and drop</p>
+	  <p>MFSA2016-80 Same-origin policy violation using local HTML
+	    file and saved shortcut file</p>
+	  <p>MFSA2016-79 Use-after-free when applying SVG effects</p>
+	  <p>MFSA2016-78 Type confusion in display transformation</p>
+	  <p>MFSA2016-77 Buffer overflow in ClearKey Content Decryption
+	    Module (CDM) during video playback</p>
+	  <p>MFSA2016-76 Scripts on marquee tag can execute in sandboxed
+	    iframes</p>
+	  <p>MFSA2016-75 Integer overflow in WebSockets during data \
+	    buffering</p>
+	  <p>MFSA2016-74 Form input type change from password to text \
+	    can store plain text password in session restore file</p>
+	  <p>MFSA2016-73 Use-after-free in service workers with nested
+	    sync events</p>
+	  <p>MFSA2016-72 Use-after-free in DTLS during WebRTC session
+	    shutdown</p>
+	  <p>MFSA2016-71 Crash in incremental garbage collection in \
+	    JavaScript</p>
+	  <p>MFSA2016-70 Use-after-free when using alt key and toplevel
+	    menus</p>
+	  <p>MFSA2016-69 Arbitrary file manipulation by local user through \
+	    Mozilla updater and callback application path parameter</p>
+	  <p>MFSA2016-68 Out-of-bounds read during XML parsing in \
+	    Expat library</p>
+	  <p>MFSA2016-67 Stack underflow during 2D graphics rendering</p>
+	  <p>MFSA2016-66 Location bar spoofing via data URLs with \
+	    malformed/invalid mediatypes</p>
+	  <p>MFSA2016-65 Cairo rendering crash due to memory allocation
+	    issue with FFmpeg 0.10</p>
+	  <p>MFSA2016-64 Buffer overflow rendering SVG with bidirectional
+	    content</p>
+	  <p>MFSA2016-63 Favicon network connection can persist when page
+	    is closed</p>
+	  <p>MFSA2016-62 Miscellaneous memory safety hazards (rv:48.0 /
+	    rv:45.3)</p>
+	</blockquote>
+      </body>
+    </description>
+    <references>
+      <cvename>CVE-2016-0718</cvename>
+      <cvename>CVE-2016-2830</cvename>
+      <cvename>CVE-2016-2835</cvename>
+      <cvename>CVE-2016-2836</cvename>
+      <cvename>CVE-2016-2837</cvename>
+      <cvename>CVE-2016-2838</cvename>
+      <cvename>CVE-2016-2839</cvename>
+      <cvename>CVE-2016-5250</cvename>
+      <cvename>CVE-2016-5251</cvename>
+      <cvename>CVE-2016-5252</cvename>
+      <cvename>CVE-2016-5253</cvename>
+      <cvename>CVE-2016-5254</cvename>
+      <cvename>CVE-2016-5255</cvename>
+      <cvename>CVE-2016-5258</cvename>
+      <cvename>CVE-2016-5259</cvename>
+      <cvename>CVE-2016-5260</cvename>
+      <cvename>CVE-2016-5261</cvename>
+      <cvename>CVE-2016-5262</cvename>
+      <cvename>CVE-2016-5263</cvename>
+      <cvename>CVE-2016-5264</cvename>
+      <cvename>CVE-2016-5265</cvename>
+      <cvename>CVE-2016-5266</cvename>
+      <cvename>CVE-2016-5267</cvename>
+      <cvename>CVE-2016-5268</cvename>
+      <url>https://www.mozilla.org/en-US/security/advisories/mfsa2016-62/</url>;
+      <url>https://www.mozilla.org/en-US/security/advisories/mfsa2016-63/</url>;
+      <url>https://www.mozilla.org/en-US/security/advisories/mfsa2016-64/</url>;
+      <url>https://www.mozilla.org/en-US/security/advisories/mfsa2016-65/</url>;
+      <url>https://www.mozilla.org/en-US/security/advisories/mfsa2016-66/</url>;
+      <url>https://www.mozilla.org/en-US/security/advisories/mfsa2016-67/</url>;
+      <url>https://www.mozilla.org/en-US/security/advisories/mfsa2016-68/</url>;
+      <url>https://www.mozilla.org/en-US/security/advisories/mfsa2016-69/</url>;
+      <url>https://www.mozilla.org/en-US/security/advisories/mfsa2016-70/</url>;
+      <url>https://www.mozilla.org/en-US/security/advisories/mfsa2016-71/</url>;
+      <url>https://www.mozilla.org/en-US/security/advisories/mfsa2016-72/</url>;
+      <url>https://www.mozilla.org/en-US/security/advisories/mfsa2016-73/</url>;
+      <url>https://www.mozilla.org/en-US/security/advisories/mfsa2016-74/</url>;
+      <url>https://www.mozilla.org/en-US/security/advisories/mfsa2016-75/</url>;
+      <url>https://www.mozilla.org/en-US/security/advisories/mfsa2016-76/</url>;
+      <url>https://www.mozilla.org/en-US/security/advisories/mfsa2016-77/</url>;
+      <url>https://www.mozilla.org/en-US/security/advisories/mfsa2016-78/</url>;
+      <url>https://www.mozilla.org/en-US/security/advisories/mfsa2016-79/</url>;
+      <url>https://www.mozilla.org/en-US/security/advisories/mfsa2016-80/</url>;
+      <url>https://www.mozilla.org/en-US/security/advisories/mfsa2016-81/</url>;
+      <url>https://www.mozilla.org/en-US/security/advisories/mfsa2016-82/</url>;
+      <url>https://www.mozilla.org/en-US/security/advisories/mfsa2016-83/</url>;
+      <url>https://www.mozilla.org/en-US/security/advisories/mfsa2016-84/</url>;
+    </references>
+    <dates>
+      <discovery>2016-08-02</discovery>
+      <entry>2016-09-07</entry>
+    </dates>
+  </vuln>
+
   <vuln vid="5cb18881-7604-11e6-b362-001999f8d30b">
     <topic>asterisk -- RTP Resource Exhaustion</topic>
     <affects>

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201609091102.u89B25TH041015>

Header And Logo

Peripheral Links

Site Navigation

Header And Logo

Peripheral Links

Search

Site Navigation