From owner-freebsd-questions@freebsd.org Sat Aug 8 21:32:56 2015 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 7C2ED9B6F19 for ; Sat, 8 Aug 2015 21:32:56 +0000 (UTC) (envelope-from jd1008@gmail.com) Received: from mail-io0-x232.google.com (mail-io0-x232.google.com [IPv6:2607:f8b0:4001:c06::232]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 478401614 for ; Sat, 8 Aug 2015 21:32:56 +0000 (UTC) (envelope-from jd1008@gmail.com) Received: by ioii16 with SMTP id i16so140014531ioi.0 for ; Sat, 08 Aug 2015 14:32:55 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:subject:references :in-reply-to:content-type:content-transfer-encoding; bh=YbTn68UEfrlPo9WwDy/id0OX0ECGpLGKNamsYOlzWwI=; b=rOvYrFObPkws4BdLocdccg/z+BBGaEGlCfNtOgJf0tTVL72ZDp2PI2zqH68sTOCn7w V+sR3tClgPnfKJGWx4svVJ4UPDwOTCazr/KvIfpMXvOCAMddyMYQNwuariEYd9m7sYmm wxhDcGf9UkWqfNmpF81mgMpLd9PxPmJ4FnLRv9InYBEVfpCF0KYdrF6Q8GWl7uVHzvGD detU6qsr3SkqXGiQtETTr/UiSnxn5MBKw4MGMZcp9njFYZHBmth8RUyg+KxTumNoR6Uk fl91nDopyHjg49/qtXhMX7MtmTkekHKFgqBWuvu+OIiE+xa3eHXt2hAUy7IXM+44ZXWQ DBGA== X-Received: by 10.107.8.216 with SMTP id h85mr7049954ioi.89.1439069575578; Sat, 08 Aug 2015 14:32:55 -0700 (PDT) Received: from localhost.localdomain ([50.243.6.59]) by smtp.googlemail.com with ESMTPSA id f126sm9829485ioe.21.2015.08.08.14.32.54 for (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sat, 08 Aug 2015 14:32:54 -0700 (PDT) Message-ID: <55C6758E.8080607@gmail.com> Date: Sat, 08 Aug 2015 15:33:02 -0600 From: jd1008 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.7.0 MIME-Version: 1.0 To: freebsd-questions@freebsd.org Subject: Re: Firefox Vulnerabilities References: <20150808204639.GA8567@slack> In-Reply-To: <20150808204639.GA8567@slack> Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 08 Aug 2015 21:32:56 -0000 From the Fedora list, I see: update to Firefox 40 https://koji.fedoraproject.org/koji/buildinfo?buildID=676030 On 08/08/2015 02:46 PM, Dutch Ingraham wrote: > Hi all: > > I'm currently running amd64 version 10.1-RELEASE-p16. I update my > ports tree through svn. Yesterday, I updated the tree and subsequently > upgraded Firefox: > > $ pkg info firefox > firefox-40.0,1 > Name : firefox > Version : 40.0,1 > Installed on : Fri Aug 7 08:08:07 CDT 2015 > [snip] > > As everyone knows, there was a vulnerability announced a few days ago > related to the pdf viewer in Firefox.[1] This was fixed in the latest > stable version, which is apparently 39.0.3.[2] Version 40.*, which > started life prior to the date of the vulnerability, remains in beta.[3] > > I can't seem to find where this vulnerability [1] was fixed in the beta > version in the ports tree.[4] I don't see any comments in > /usr/ports/UPDATING nor in /usr/ports/CHANGES related to this issue. > > Can someone comment on the status of [1] in the current "stable" > Freebsd version of Firefox, 40.0,1? Thanks. > > > [1] https://www.mozilla.org/en-US/security/advisories/mfsa2015-78/ > [2] https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/ > [3] https://www.mozilla.org/en-US/firefox/40.0beta/releasenotes/ > [4] https://bugzilla.mozilla.org/buglist.cgi?j_top=OR&f1=target_milestone&\ > o3=equals&v3=Firefox%2040&o1=equals&resolution=FIXED&o2=anyexact&query_\ > format=advanced&f3=target_milestone&f2=cf_status_firefox40&bug_status=\ > RESOLVED&bug_status=VERIFIED&bug_status=CLOSED&v1=mozilla40&v2=fixed%\ > 2Cverified&limit=0 > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" >