From owner-freebsd-questions@freebsd.org  Sat Aug  8 22:35:08 2015
Return-Path: <owner-freebsd-questions@freebsd.org>
Delivered-To: freebsd-questions@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id AB98D9B69F8
 for <freebsd-questions@mailman.ysv.freebsd.org>;
 Sat,  8 Aug 2015 22:35:08 +0000 (UTC)
 (envelope-from news@mips.inka.de)
Received: from mail.inka.de (quechua.inka.de
 [IPv6:2001:7c0:407:1001:217:a4ff:fe3b:e77c])
 (using TLSv1 with cipher AES256-SHA (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 72A2F1D9F
 for <freebsd-questions@freebsd.org>; Sat,  8 Aug 2015 22:35:08 +0000 (UTC)
 (envelope-from news@mips.inka.de)
Received: from mips.inka.de (news@[127.0.0.1])
 by mail.inka.de with uucp (rmailwrap 0.5) 
 id 1ZOChk-0003hq-VA; Sun, 09 Aug 2015 00:35:05 +0200
Received: from lorvorc.mips.inka.de (localhost [127.0.0.1])
 by lorvorc.mips.inka.de (8.15.2/8.15.2) with ESMTP id t78MVf2k086575
 for <freebsd-questions@freebsd.org>; Sun, 9 Aug 2015 00:31:41 +0200 (CEST)
 (envelope-from news@lorvorc.mips.inka.de)
Received: (from news@localhost)
 by lorvorc.mips.inka.de (8.15.2/8.15.2/Submit) id t78MVfnd086574
 for freebsd-questions@freebsd.org; Sun, 9 Aug 2015 00:31:41 +0200 (CEST)
 (envelope-from news)
To: freebsd-questions@freebsd.org
From: Christian Weisgerber <naddy@mips.inka.de>
Newsgroups: list.freebsd.questions
Subject: Re: Firefox Vulnerabilities
Date: Sat, 8 Aug 2015 22:31:40 +0000 (UTC)
Lines: 19
Message-ID: <slrnmsd0qc.2jnn.naddy@lorvorc.mips.inka.de>
References: <20150808204639.GA8567@slack>
X-Trace: lorvorc.mips.inka.de 1439073100 85752 ::1 (8 Aug 2015 22:31:40 GMT)
X-Complaints-To: usenet@mips.inka.de
User-Agent: slrn/1.0.2 (FreeBSD)
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions/>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 08 Aug 2015 22:35:08 -0000

On 2015-08-08, Dutch Ingraham <stoa@gmx.us> wrote:

> As everyone knows, there was a vulnerability announced a few days ago 
> related to the pdf viewer in Firefox.[1]
>
> Can someone comment on the status of [1] in the current "stable" 
> Freebsd version of Firefox, 40.0,1?  Thanks.

The version of Firefox committed in r393690 (40.0-candidates/build4)
is not vulnerable.

Presumably this was the reason a pre-release version of Firefox 40
was committed in the first place.

You can verify it yourself.  Go and diff 39.0 and 39.0.3, then check
that the relevant change is already in 40.0/build4.

-- 
Christian "naddy" Weisgerber                          naddy@mips.inka.de