From owner-svn-ports-all@freebsd.org Mon Feb 1 07:38:00 2016 Return-Path: Delivered-To: svn-ports-all@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 685B9A97981; Mon, 1 Feb 2016 07:38:00 +0000 (UTC) (envelope-from jbeich@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 40008964; Mon, 1 Feb 2016 07:38:00 +0000 (UTC) (envelope-from jbeich@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id u117bxpP084776; Mon, 1 Feb 2016 07:37:59 GMT (envelope-from jbeich@FreeBSD.org) Received: (from jbeich@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id u117bx6q084774; Mon, 1 Feb 2016 07:37:59 GMT (envelope-from jbeich@FreeBSD.org) Message-Id: <201602010737.u117bx6q084774@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: jbeich set sender to jbeich@FreeBSD.org using -f From: Jan Beich Date: Mon, 1 Feb 2016 07:37:59 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r407689 - head/security/vuxml X-SVN-Group: ports-head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-ports-all@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: SVN commit messages for the ports tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 01 Feb 2016 07:38:00 -0000 Author: jbeich Date: Mon Feb 1 07:37:58 2016 New Revision: 407689 URL: https://svnweb.freebsd.org/changeset/ports/407689 Log: Document recent Mozilla vulnerabilities PR: 206637 Submitted by: Christoph Moench-Tegeder Modified: head/security/vuxml/vuln.xml (contents, props changed) Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Mon Feb 1 07:08:15 2016 (r407688) +++ head/security/vuxml/vuln.xml Mon Feb 1 07:37:58 2016 (r407689) @@ -58,6 +58,85 @@ Notes: --> + + mozilla -- multiple vulnerabilities + + + firefox + linux-firefox + 44.0,1 + + + seamonkey + linux-seamonkey + 2.41 + + + firefox-esr + 38.6.0,1 + + + libxul + thunderbird + linux-thunderbird + 38.6.0 + + + + +

Mozilla Foundation reports:

+
MFSA 2016-01 Miscellaneous memory safety hazards (rv:44.0 + / rv:38.6)
+
MFSA 2016-02 Out of Memory crash when parsing GIF format + images
+
MFSA 2016-03 Buffer overflow in WebGL after out of memory + allocation
+
MFSA 2016-04 Firefox allows for control characters to be + set in cookie names
+
MFSA 2016-06 Missing delay following user click events in + protocol handler dialog
+
MFSA 2016-07 Errors in mp_div and mp_exptmod + cryptographic functions in NSS
+
MFSA 2016-09 Addressbar spoofing attacks
+
MFSA 2016-10 Unsafe memory manipulation found through + code inspection
+
MFSA 2016-11 Application Reputation service disabled in + Firefox 43
+

+ + + + CVE-2015-7208 + CVE-2016-1930 + CVE-2016-1931 + CVE-2016-1933 + CVE-2016-1935 + CVE-2016-1937 + CVE-2016-1938 + CVE-2016-1939 + CVE-2016-1942 + CVE-2016-1943 + CVE-2016-1944 + CVE-2016-1945 + CVE-2016-1946 + CVE-2016-1947 + https://www.mozilla.org/security/advisories/mfsa2016-01/ + https://www.mozilla.org/security/advisories/mfsa2016-02/ + https://www.mozilla.org/security/advisories/mfsa2016-03/ + https://www.mozilla.org/security/advisories/mfsa2016-04/ + https://www.mozilla.org/security/advisories/mfsa2016-06/ + https://www.mozilla.org/security/advisories/mfsa2016-07/ + https://www.mozilla.org/security/advisories/mfsa2016-09/ + https://www.mozilla.org/security/advisories/mfsa2016-10/ + https://www.mozilla.org/security/advisories/mfsa2016-11/ + + + 2016-01-26 + 2016-02-01 + + + gdcm -- multiple vulnerabilities