From owner-svn-ports-all@freebsd.org Tue Mar 8 19:45:12 2016 Return-Path: Delivered-To: svn-ports-all@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id BD7F7AC7284; Tue, 8 Mar 2016 19:45:12 +0000 (UTC) (envelope-from jbeich@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 8D8092DB; Tue, 8 Mar 2016 19:45:12 +0000 (UTC) (envelope-from jbeich@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id u28JjBIx098211; Tue, 8 Mar 2016 19:45:11 GMT (envelope-from jbeich@FreeBSD.org) Received: (from jbeich@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id u28JjBNV098210; Tue, 8 Mar 2016 19:45:11 GMT (envelope-from jbeich@FreeBSD.org) Message-Id: <201603081945.u28JjBNV098210@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: jbeich set sender to jbeich@FreeBSD.org using -f From: Jan Beich Date: Tue, 8 Mar 2016 19:45:11 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r410651 - head/security/vuxml X-SVN-Group: ports-head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-ports-all@freebsd.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: SVN commit messages for the ports tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 08 Mar 2016 19:45:12 -0000 Author: jbeich Date: Tue Mar 8 19:45:11 2016 New Revision: 410651 URL: https://svnweb.freebsd.org/changeset/ports/410651 Log: Document recent Firefox vulnerabilities Modified: head/security/vuxml/vuln.xml (contents, props changed) Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Tue Mar 8 19:37:36 2016 (r410650) +++ head/security/vuxml/vuln.xml Tue Mar 8 19:45:11 2016 (r410651) @@ -58,6 +58,292 @@ Notes: * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) --> + + mozilla -- multiple vulnerabilities + + + firefox + linux-firefox + 45.0,1 + + + seamonkey + linux-seamonkey + 2.42 + + + firefox-esr + 38.7.0,1 + + + libxul + thunderbird + linux-thunderbird + 38.7.0 + + + + +

Mozilla Foundation reports:

+
+

MFSA 2016-16 Miscellaneous memory safety hazards (rv:45.0 + / rv:38.7)

+

MFSA 2016-17 Local file overwriting and potential + privilege escalation through CSP reports

+

MFSA 2016-18 CSP reports fail to strip location + information for embedded iframe pages

+

MFSA 2016-19 Linux video memory DOS with Intel + drivers

+

MFSA 2016-20 Memory leak in libstagefright when deleting + an array during MP4 processing

+

MFSA 2016-21 Displayed page address can be overridden

+

MFSA 2016-22 Service Worker Manager out-of-bounds read in + Service Worker Manager

+

MFSA 2016-23 Use-after-free in HTML5 string parser

+

MFSA 2016-24 Use-after-free in SetBody

+

MFSA 2016-25 Use-after-free when using multiple WebRTC + data channels

+

MFSA 2016-26 Memory corruption when modifying a file + being read by FileReader

+

MFSA 2016-27 Use-after-free during XML + transformations

+

MFSA 2016-28 Addressbar spoofing though history + navigation and Location protocol property

+

MFSA 2016-29 Same-origin policy violation using + perfomance.getEntries and history navigation with session + restore

+

MFSA 2016-30 Buffer overflow in Brotli decompression

+

MFSA 2016-31 Memory corruption with malicious NPAPI + plugin

+

MFSA 2016-32 WebRTC and LibVPX vulnerabilities found + through code inspection

+

MFSA 2016-33 Use-after-free in GetStaticInstance in + WebRTC

+

MFSA 2016-34 Out-of-bounds read in HTML parser following + a failed allocation

+
+ + + + CVE-2016-1952 + CVE-2016-1953 + CVE-2016-1954 + CVE-2016-1955 + CVE-2016-1956 + CVE-2016-1957 + CVE-2016-1958 + CVE-2016-1959 + CVE-2016-1960 + CVE-2016-1961 + CVE-2016-1962 + CVE-2016-1963 + CVE-2016-1964 + CVE-2016-1965 + CVE-2016-1966 + CVE-2016-1967 + CVE-2016-1968 + CVE-2016-1970 + CVE-2016-1971 + CVE-2016-1972 + CVE-2016-1973 + CVE-2016-1974 + CVE-2016-1975 + CVE-2016-1976 + https://www.mozilla.org/security/advisories/mfsa2016-16/ + https://www.mozilla.org/security/advisories/mfsa2016-17/ + https://www.mozilla.org/security/advisories/mfsa2016-18/ + https://www.mozilla.org/security/advisories/mfsa2016-19/ + https://www.mozilla.org/security/advisories/mfsa2016-20/ + https://www.mozilla.org/security/advisories/mfsa2016-21/ + https://www.mozilla.org/security/advisories/mfsa2016-22/ + https://www.mozilla.org/security/advisories/mfsa2016-23/ + https://www.mozilla.org/security/advisories/mfsa2016-24/ + https://www.mozilla.org/security/advisories/mfsa2016-25/ + https://www.mozilla.org/security/advisories/mfsa2016-26/ + https://www.mozilla.org/security/advisories/mfsa2016-27/ + https://www.mozilla.org/security/advisories/mfsa2016-28/ + https://www.mozilla.org/security/advisories/mfsa2016-29/ + https://www.mozilla.org/security/advisories/mfsa2016-30/ + https://www.mozilla.org/security/advisories/mfsa2016-31/ + https://www.mozilla.org/security/advisories/mfsa2016-32/ + https://www.mozilla.org/security/advisories/mfsa2016-33/ + https://www.mozilla.org/security/advisories/mfsa2016-34/ + + + 2016-03-08 + 2016-03-08 + + + + + graphite2 -- multiple vulnerabilities + + + graphite2 + 1.3.6 + + + linux-firefox + 45.0,1 + + + linux-thunderbird + 38.7.0 + + + linux-seamonkey + 2.42 + + + + +

Mozilla Foundation reports:

+
+

Security researcher Holger Fuhrmannek and Mozilla + security engineer Tyson Smith reported a number of security + vulnerabilities in the Graphite 2 library affecting version + 1.3.5. + + The issue reported by Holger Fuhrmannek is a mechanism to + induce stack corruption with a malicious graphite font. This + leads to a potentially exploitable crash when the font is + loaded. + + Tyson Smith used the Address Sanitizer tool in concert with + a custom software fuzzer to find a series of uninitialized + memory, out-of-bounds read, and out-of-bounds write errors + when working with fuzzed graphite fonts.

+
+ + + + https://www.mozilla.org/security/advisories/mfsa2016-37/ + CVE-2016-1977 + CVE-2016-2790 + CVE-2016-2791 + CVE-2016-2792 + CVE-2016-2793 + CVE-2016-2794 + CVE-2016-2795 + CVE-2016-2796 + CVE-2016-2797 + CVE-2016-2798 + CVE-2016-2799 + CVE-2016-2800 + CVE-2016-2801 + CVE-2016-2802 + + + 2016-03-08 + 2016-03-08 + + + + + NSS -- multiple vulnerabilities + + + nss + linux-c6-nss + 3.203.21.1 + 3.19.2.3 + + + linux-firefox + 45.0,1 + + + linux-thunderbird + 38.7.0 + + + linux-seamonkey + 2.42 + + + + +

Mozilla Foundation reports:

+
+

Security researcher Francis Gabriel reported a heap-based + buffer overflow in the way the Network Security Services + (NSS) libraries parsed certain ASN.1 structures. An attacker + could create a specially-crafted certificate which, when + parsed by NSS, would cause it to crash or execute arbitrary + code with the permissions of the user.

+
+
+

Mozilla developer Tim Taubert used the Address Sanitizer + tool and software fuzzing to discover a use-after-free + vulnerability while processing DER encoded keys in the + Network Security Services (NSS) libraries. The vulnerability + overwrites the freed memory with zeroes.

+
+ + + + CVE-2016-1950 + CVE-2016-1979 + https://www.mozilla.org/security/advisories/mfsa2016-35/ + https://www.mozilla.org/security/advisories/mfsa2016-36/ + https://hg.mozilla.org/projects/nss/rev/b9a31471759d + https://hg.mozilla.org/projects/nss/rev/7033b1193c94 + + + 2016-03-08 + 2016-03-08 + + + + + NSS -- multiple vulnerabilities + + + nss + linux-c6-nss + 3.21 + + + linux-firefox + 44.0,1 + + + linux-seamonkey + 2.41 + + + + +

Mozilla Foundation reports:

+
+

Security researcher Hanno Böck reported that calculations + with mp_div and mp_exptmod in Network Security Services + (NSS) can produce wrong results in some circumstances. These + functions are used within NSS for a variety of cryptographic + division functions, leading to potential cryptographic + weaknesses.

+
+
+

Mozilla developer Eric Rescorla reported that a failed + allocation during DHE and ECDHE handshakes would lead to a + use-after-free vulnerability.

+
+ + + + CVE-2016-1938 + CVE-2016-1978 + https://www.mozilla.org/security/advisories/mfsa2016-07/ + https://www.mozilla.org/security/advisories/mfsa2016-15/ + https://hg.mozilla.org/projects/nss/rev/a555bf0fc23a + https://hg.mozilla.org/projects/nss/rev/a245a4ccd354 + + + 2016-01-26 + 2016-03-08 + + + django -- multiple vulnerabilies @@ -1903,6 +2189,10 @@ Notes: silgraphite 2.3.1_4 + + linux-thunderbird + 38.6.0 + @@ -1926,6 +2216,7 @@ Notes: http://blog.talosintel.com/2016/02/vulnerability-spotlight-libgraphite.html http://www.talosintel.com/reports/TALOS-2016-0061/ + https://www.mozilla.org/security/advisories/mfsa2016-14/ CVE-2016-1521 CVE-2016-1522 CVE-2016-1523 @@ -1934,7 +2225,7 @@ Notes: 2016-02-05 2016-02-09 - 2016-03-02 + 2016-03-08 @@ -2533,8 +2824,6 @@ Notes: set in cookie names

MFSA 2016-06 Missing delay following user click events in protocol handler dialog

-

MFSA 2016-07 Errors in mp_div and mp_exptmod - cryptographic functions in NSS

MFSA 2016-09 Addressbar spoofing attacks

MFSA 2016-10 Unsafe memory manipulation found through code inspection

@@ -2550,7 +2839,6 @@ Notes: CVE-2016-1933 CVE-2016-1935 CVE-2016-1937 - CVE-2016-1938 CVE-2016-1939 CVE-2016-1942 CVE-2016-1943 @@ -2563,7 +2851,6 @@ Notes: https://www.mozilla.org/security/advisories/mfsa2016-03/ https://www.mozilla.org/security/advisories/mfsa2016-04/ https://www.mozilla.org/security/advisories/mfsa2016-06/ - https://www.mozilla.org/security/advisories/mfsa2016-07/ https://www.mozilla.org/security/advisories/mfsa2016-09/ https://www.mozilla.org/security/advisories/mfsa2016-10/ https://www.mozilla.org/security/advisories/mfsa2016-11/ @@ -2571,6 +2858,7 @@ Notes: 2016-01-26 2016-02-01 + 2016-03-08