Date: Fri, 29 Sep 2023 21:50:22 +0200 From: =?UTF-8?B?VMSzbA==?= Coosemans <tijl@FreeBSD.org> To: Christoph Moench-Tegeder <cmt@FreeBSD.org>, jbeich@FreeBSD.org, ports-secteam@FreeBSD.org Cc: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org Subject: Re: git: b38e8d5e38dc - main - www/firefox: update to 118.0.1 Message-ID: <20230929215022.521f66bb@hal.tijl.coosemans.org> In-Reply-To: <202309281729.38SHTn9M072773@gitrepo.freebsd.org> References: <202309281729.38SHTn9M072773@gitrepo.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 28 Sep 2023 17:29:49 GMT Christoph Moench-Tegeder <cmt@FreeBSD.org> wrote: > The branch main has been updated by cmt: > > URL: https://cgit.FreeBSD.org/ports/commit/?id=b38e8d5e38dcffdbe66ba023a0933ad322a23cd6 > > commit b38e8d5e38dcffdbe66ba023a0933ad322a23cd6 > Author: Christoph Moench-Tegeder <cmt@FreeBSD.org> > AuthorDate: 2023-09-28 17:29:00 +0000 > Commit: Christoph Moench-Tegeder <cmt@FreeBSD.org> > CommitDate: 2023-09-28 17:29:00 +0000 > > www/firefox: update to 118.0.1 > > Release Notes: > https://www.mozilla.org/en-US/firefox/118.0.1/releasenotes/ This fixes a critical vulnerability in the bundled libvpx, but this isn't used on FreeBSD. multimedia/libvpx needs to be patched. Following the bread crumbs from the release notes: This mentions bug 1855550: https://www.mozilla.org/en-US/security/advisories/mfsa2023-44/ Which leads to the following commit: https://hg.mozilla.org/mozilla-central/rev/c53f5ef77b62b79af86951a7f9130e1896b695d2 Which mentions this libvpx commit: https://github.com/webmproject/libvpx/commit/3fbd1dca6a4d2dad332a2110d646e4ffef36d590 Can you add that to multimedia/libvpx? The change to vp8/encoder/onyx_if.c is the relevant bit.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20230929215022.521f66bb>