Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 29 Sep 2023 21:50:22 +0200
From:      =?UTF-8?B?VMSzbA==?= Coosemans <tijl@FreeBSD.org>
To:        Christoph Moench-Tegeder <cmt@FreeBSD.org>, jbeich@FreeBSD.org, ports-secteam@FreeBSD.org
Cc:        ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org
Subject:   Re: git: b38e8d5e38dc - main - www/firefox: update to 118.0.1
Message-ID:  <20230929215022.521f66bb@hal.tijl.coosemans.org>
In-Reply-To: <202309281729.38SHTn9M072773@gitrepo.freebsd.org>
References:  <202309281729.38SHTn9M072773@gitrepo.freebsd.org>

next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 28 Sep 2023 17:29:49 GMT Christoph Moench-Tegeder <cmt@FreeBSD.org> wrote:
> The branch main has been updated by cmt:
> 
> URL: https://cgit.FreeBSD.org/ports/commit/?id=b38e8d5e38dcffdbe66ba023a0933ad322a23cd6
> 
> commit b38e8d5e38dcffdbe66ba023a0933ad322a23cd6
> Author:     Christoph Moench-Tegeder <cmt@FreeBSD.org>
> AuthorDate: 2023-09-28 17:29:00 +0000
> Commit:     Christoph Moench-Tegeder <cmt@FreeBSD.org>
> CommitDate: 2023-09-28 17:29:00 +0000
> 
>     www/firefox: update to 118.0.1
>     
>     Release Notes:
>       https://www.mozilla.org/en-US/firefox/118.0.1/releasenotes/

This fixes a critical vulnerability in the bundled libvpx, but this
isn't used on FreeBSD.  multimedia/libvpx needs to be patched.

Following the bread crumbs from the release notes:

This mentions bug 1855550:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-44/

Which leads to the following commit:
https://hg.mozilla.org/mozilla-central/rev/c53f5ef77b62b79af86951a7f9130e1896b695d2

Which mentions this libvpx commit:
https://github.com/webmproject/libvpx/commit/3fbd1dca6a4d2dad332a2110d646e4ffef36d590

Can you add that to multimedia/libvpx?  The change to
vp8/encoder/onyx_if.c is the relevant bit.



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20230929215022.521f66bb>