From owner-svn-ports-head@FreeBSD.ORG Tue Apr 29 17:00:47 2014 Return-Path: Delivered-To: svn-ports-head@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 2441B521; Tue, 29 Apr 2014 17:00:47 +0000 (UTC) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 107311DB3; Tue, 29 Apr 2014 17:00:47 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.8/8.14.8) with ESMTP id s3TH0kZw035996; Tue, 29 Apr 2014 17:00:46 GMT (envelope-from beat@svn.freebsd.org) Received: (from beat@localhost) by svn.freebsd.org (8.14.8/8.14.8/Submit) id s3TH0k4E035992; Tue, 29 Apr 2014 17:00:46 GMT (envelope-from beat@svn.freebsd.org) Message-Id: <201404291700.s3TH0k4E035992@svn.freebsd.org> From: Beat Gaetzi Date: Tue, 29 Apr 2014 17:00:46 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r352634 - head/security/vuxml X-SVN-Group: ports-head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-ports-head@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: SVN commit messages for the ports tree for head List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 29 Apr 2014 17:00:47 -0000 Author: beat Date: Tue Apr 29 17:00:46 2014 New Revision: 352634 URL: http://svnweb.freebsd.org/changeset/ports/352634 QAT: https://qat.redports.org/buildarchive/r352634/ Log: Document mozilla vulnerabilities Modified: head/security/vuxml/vuln.xml Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Tue Apr 29 16:57:07 2014 (r352633) +++ head/security/vuxml/vuln.xml Tue Apr 29 17:00:46 2014 (r352634) @@ -51,6 +51,104 @@ Note: Please add new entries to the beg --> + + mozilla -- multiple vulnerabilities + + + firefox + 29.0,1 + + + firefox-esr + 24.5.0,1 + + + linux-firefox + 29.0,1 + + + linux-seamonkey + 2.26 + + + linux-thunderbird + 24.5.0 + + + seamonkey + 2.26 + + + thunderbird + 24.5.0 + + + + +

The Mozilla Project reports:

+
MFSA 2014-34 Miscellaneous memory safety hazards + (rv:29.0 / rv:24.5)
+
MFSA 2014-35 Privilege escalation through Mozilla Maintenance + Service Installer
+
MFSA 2014-36 Web Audio memory corruption issues
+
MFSA 2014-37 Out of bounds read while decoding JPG images
+
MFSA 2014-38 Buffer overflow when using non-XBL object as + XBL
+
MFSA 2014-39 Use-after-free in the Text Track Manager + for HTML video
+
MFSA 2014-41 Out-of-bounds write in Cairo
+
MFSA 2014-42 Privilege escalation through Web Notification + API
+
MFSA 2014-43 Cross-site scripting (XSS) using history + navigations
+
MFSA 2014-44 Use-after-free in imgLoader while resizing + images
+
MFSA 2014-45 Incorrect IDNA domain name matching for + wildcard certificates
+
MFSA 2014-46 Use-after-free in nsHostResolve
+
MFSA 2014-47 Debugger can bypass XrayWrappers + with JavaScript
+

+ + + + CVE-2014-1492 + CVE-2014-1518 + CVE-2014-1519 + CVE-2014-1520 + CVE-2014-1522 + CVE-2014-1523 + CVE-2014-1524 + CVE-2014-1525 + CVE-2014-1526 + CVE-2014-1527 + CVE-2014-1528 + CVE-2014-1529 + CVE-2014-1530 + CVE-2014-1531 + CVE-2014-1532 + https://www.mozilla.org/security/announce/2014/mfsa2014-34.html + https://www.mozilla.org/security/announce/2014/mfsa2014-35.html + https://www.mozilla.org/security/announce/2014/mfsa2014-36.html + https://www.mozilla.org/security/announce/2014/mfsa2014-37.html + https://www.mozilla.org/security/announce/2014/mfsa2014-38.html + https://www.mozilla.org/security/announce/2014/mfsa2014-39.html + https://www.mozilla.org/security/announce/2014/mfsa2014-41.html + https://www.mozilla.org/security/announce/2014/mfsa2014-42.html + https://www.mozilla.org/security/announce/2014/mfsa2014-43.html + https://www.mozilla.org/security/announce/2014/mfsa2014-44.html + https://www.mozilla.org/security/announce/2014/mfsa2014-45.html + https://www.mozilla.org/security/announce/2014/mfsa2014-46.html + https://www.mozilla.org/security/announce/2014/mfsa2014-47.html + http://www.mozilla.org/security/known-vulnerabilities/ + + + 2014-04-29 + 2014-04-29 + + + django -- multiple vulnerabilities