From owner-cvs-ports@FreeBSD.ORG Mon Apr 28 17:30:48 2008 Return-Path: Delivered-To: cvs-ports@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id CD8D61065676; Mon, 28 Apr 2008 17:30:48 +0000 (UTC) (envelope-from miwi@bsdcrew.de) Received: from bsdcrew.de (duro.unixfreunde.de [85.214.90.4]) by mx1.freebsd.org (Postfix) with ESMTP id 6644C8FC20; Mon, 28 Apr 2008 17:30:48 +0000 (UTC) (envelope-from miwi@bsdcrew.de) Received: by bsdcrew.de (Postfix, from userid 1001) id 514154AC97; Mon, 28 Apr 2008 19:30:44 +0200 (CEST) Date: Mon, 28 Apr 2008 19:30:44 +0200 From: Martin Wilke To: Andrew Pantyukhin Message-ID: <20080428173044.GA3241@bsdcrew.de> References: <200804281714.m3SHEIo9043053@repoman.freebsd.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii; x-action=pgp-signed Content-Disposition: inline In-Reply-To: <200804281714.m3SHEIo9043053@repoman.freebsd.org> User-Agent: Mutt/1.5.17 (2007-11-01) Cc: cvs-ports@FreeBSD.org, cvs-all@FreeBSD.org, ports-committers@FreeBSD.org Subject: Re: cvs commit: ports/security/vuxml vuln.xml X-BeenThere: cvs-ports@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: CVS commit messages for the ports tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 28 Apr 2008 17:30:48 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Mon, Apr 28, 2008 at 05:14:18PM +0000, Andrew Pantyukhin wrote: > sat 2008-04-28 17:14:17 UTC > > FreeBSD ports repository > > Modified files: > security/vuxml vuln.xml > Log: > - A new Firefox vulnerability currently affects 10 of our ports, on > average. A new VuXML entry usually forgets about 8 of them. > Hi Andrew, That's wrong, seamonkey and thunderbird is't affected, http://www.mozilla.org/projects/security/known-vulnerabilities.html#Thunderbird http://www.mozilla.org/projects/security/known-vulnerabilities.html#SeaMonkey and Thunderbird 2.0.14 and Seamonkey 1.1.10 is't released. Please revert back this. > Wiki: http://wiki.freebsd.org/VuXML > > Revision Changes Path > 1.1613 +29 -7 ports/security/vuxml/vuln.xml > http://cvsweb.FreeBSD.org/ports/security/vuxml/vuln.xml.diff?r1=1.1612&r2=1.1613 > | --- ports/security/vuxml/vuln.xml 2008/04/28 07:34:38 1.1612 > | +++ ports/security/vuxml/vuln.xml 2008/04/28 17:14:17 1.1613 > | @@ -28,7 +28,7 @@ WHETHER IN CONTRACT, STRICT LIABILITY, O > | OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION, > | EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. > | > | - $FreeBSD: /usr/local/www/cvsroot/FreeBSD/ports/security/vuxml/vuln.xml,v 1.1612 2008/04/28 07:34:38 miwi Exp $ > | + $FreeBSD: /usr/local/www/cvsroot/FreeBSD/ports/security/vuxml/vuln.xml,v 1.1613 2008/04/28 17:14:17 sat Exp $ > | > | Note: Please add new entries to the beginning of this file. > | > | @@ -212,7 +212,7 @@ Note: Please add new entries to the beg > | > | > | > | - firefox -- javascript harbage collector vulnerability > | + firefox -- javascript garbage collector vulnerability > | > | > | firefox > | @@ -222,17 +222,38 @@ Note: Please add new entries to the beg > | linux-firefox > | 2.0.0.14 > | > | + > | + seamonkey > | + linux-seamonkey > | + 1.1.10 > | + > | + > | + flock > | + linux-flock > | + 1.1.2 > | + > | + > | + linux-firefox-devel > | + linux-seamonkey-devel > | + 0 > | + > | + > | + thunderbird > | + linux-thunderbird > | + 2.0.0.14 > | + > | > | > | > |

Mozilla Foundation reports:

> |
> |

Fixes for security problems in the JavaScript engine described in > | - MFSA 2008-15 introduced a stability problem, where some users experienced > | - crashes during JavaScript garbage collection. This is being fixed primarily > | - to address stability concerns. We have no demonstration that this particular > | - crash is exploitable but are issuing this advisory because some crashes of this > | - type have been shown to be exploitable in the past.

> | + MFSA 2008-15 introduced a stability problem, where some users > | + experienced crashes during JavaScript garbage collection. This is > | + being fixed primarily to address stability concerns. We have no > | + demonstration that this particular crash is exploitable but are > | + issuing this advisory because some crashes of this type have been > | + shown to be exploitable in the past.

> |
> | > | > | @@ -246,6 +267,7 @@ Note: Please add new entries to the beg > | > | 2008-04-16 > | 2008-04-25 > | + 2008-04-28 > | > | > | > - -- +-----------------------+-------------------------------+ | PGP : 0x05682353 | Jabber : miwi(at)BSDCrew.de | | ICQ : 169139903 | Mail : miwi(at)FreeBSD.org | +-----------------------+-------------------------------+ | Mess with the Best, Die like the Rest! | +-----------------------+-------------------------------+ -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4 (FreeBSD) iD8DBQFIFgnCFwpycAVoI1MRAgS4AJ9FLmjdFnkdhvrRfO6d7uwccLDDagCfaXBm Nt3nthxBIUdEFgMmoCg/j4U= =JkyL -----END PGP SIGNATURE-----