Date: Mon, 28 Apr 2008 19:30:44 +0200 From: Martin Wilke <miwi@FreeBSD.org> To: Andrew Pantyukhin <sat@FreeBSD.org> Cc: cvs-ports@FreeBSD.org, cvs-all@FreeBSD.org, ports-committers@FreeBSD.org Subject: Re: cvs commit: ports/security/vuxml vuln.xml Message-ID: <20080428173044.GA3241@bsdcrew.de> In-Reply-To: <200804281714.m3SHEIo9043053@repoman.freebsd.org> References: <200804281714.m3SHEIo9043053@repoman.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Mon, Apr 28, 2008 at 05:14:18PM +0000, Andrew Pantyukhin wrote: > sat 2008-04-28 17:14:17 UTC > > FreeBSD ports repository > > Modified files: > security/vuxml vuln.xml > Log: > - A new Firefox vulnerability currently affects 10 of our ports, on > average. A new VuXML entry usually forgets about 8 of them. > Hi Andrew, That's wrong, seamonkey and thunderbird is't affected, http://www.mozilla.org/projects/security/known-vulnerabilities.html#Thunderbird http://www.mozilla.org/projects/security/known-vulnerabilities.html#SeaMonkey and Thunderbird 2.0.14 and Seamonkey 1.1.10 is't released. Please revert back this. > Wiki: http://wiki.freebsd.org/VuXML > > Revision Changes Path > 1.1613 +29 -7 ports/security/vuxml/vuln.xml > http://cvsweb.FreeBSD.org/ports/security/vuxml/vuln.xml.diff?r1=1.1612&r2=1.1613 > | --- ports/security/vuxml/vuln.xml 2008/04/28 07:34:38 1.1612 > | +++ ports/security/vuxml/vuln.xml 2008/04/28 17:14:17 1.1613 > | @@ -28,7 +28,7 @@ WHETHER IN CONTRACT, STRICT LIABILITY, O > | OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION, > | EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. > | > | - $FreeBSD: /usr/local/www/cvsroot/FreeBSD/ports/security/vuxml/vuln.xml,v 1.1612 2008/04/28 07:34:38 miwi Exp $ > | + $FreeBSD: /usr/local/www/cvsroot/FreeBSD/ports/security/vuxml/vuln.xml,v 1.1613 2008/04/28 17:14:17 sat Exp $ > | > | Note: Please add new entries to the beginning of this file. > | > | @@ -212,7 +212,7 @@ Note: Please add new entries to the beg > | </vuln> > | > | <vuln vid="67bd39ba-12b5-11dd-bab7-0016179b2dd5"> > | - <topic>firefox -- javascript harbage collector vulnerability</topic> > | + <topic>firefox -- javascript garbage collector vulnerability</topic> > | <affects> > | <package> > | <name>firefox</name> > | @@ -222,17 +222,38 @@ Note: Please add new entries to the beg > | <name>linux-firefox</name> > | <range><lt>2.0.0.14</lt></range> > | </package> > | + <package> > | + <name>seamonkey</name> > | + <name>linux-seamonkey</name> > | + <range><lt>1.1.10</lt></range> > | + </package> > | + <package> > | + <name>flock</name> > | + <name>linux-flock</name> > | + <range><lt>1.1.2</lt></range> > | + </package> > | + <package> > | + <name>linux-firefox-devel</name> > | + <name>linux-seamonkey-devel</name> > | + <range><gt>0</gt></range> > | + </package> > | + <package> > | + <name>thunderbird</name> > | + <name>linux-thunderbird</name> > | + <range><lt>2.0.0.14</lt></range> > | + </package> > | </affects> > | <description> > | <body xmlns="http://www.w3.org/1999/xhtml">; > | <p>Mozilla Foundation reports:</p> > | <blockquote cite="http://www.mozilla.org/security/announce/2008/mfsa2008-20.html">; > | <p>Fixes for security problems in the JavaScript engine described in > | - MFSA 2008-15 introduced a stability problem, where some users experienced > | - crashes during JavaScript garbage collection. This is being fixed primarily > | - to address stability concerns. We have no demonstration that this particular > | - crash is exploitable but are issuing this advisory because some crashes of this > | - type have been shown to be exploitable in the past.</p> > | + MFSA 2008-15 introduced a stability problem, where some users > | + experienced crashes during JavaScript garbage collection. This is > | + being fixed primarily to address stability concerns. We have no > | + demonstration that this particular crash is exploitable but are > | + issuing this advisory because some crashes of this type have been > | + shown to be exploitable in the past.</p> > | </blockquote> > | </body> > | </description> > | @@ -246,6 +267,7 @@ Note: Please add new entries to the beg > | <dates> > | <discovery>2008-04-16</discovery> > | <entry>2008-04-25</entry> > | + <modified>2008-04-28</modified> > | </dates> > | </vuln> > | > - -- +-----------------------+-------------------------------+ | PGP : 0x05682353 | Jabber : miwi(at)BSDCrew.de | | ICQ : 169139903 | Mail : miwi(at)FreeBSD.org | +-----------------------+-------------------------------+ | Mess with the Best, Die like the Rest! | +-----------------------+-------------------------------+ -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4 (FreeBSD) iD8DBQFIFgnCFwpycAVoI1MRAgS4AJ9FLmjdFnkdhvrRfO6d7uwccLDDagCfaXBm Nt3nthxBIUdEFgMmoCg/j4U= =JkyL -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20080428173044.GA3241>