From owner-freebsd-questions@freebsd.org  Sat Aug  8 23:03:27 2015
Return-Path: <owner-freebsd-questions@freebsd.org>
Delivered-To: freebsd-questions@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id C31119B6E17
 for <freebsd-questions@mailman.ysv.freebsd.org>;
 Sat,  8 Aug 2015 23:03:27 +0000 (UTC) (envelope-from stoa@gmx.us)
Received: from mout.gmx.net (mout.gmx.net [212.227.15.19])
 (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "mout.gmx.net", Issuer "TeleSec ServerPass DE-1" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 3C154CA2
 for <freebsd-questions@freebsd.org>; Sat,  8 Aug 2015 23:03:26 +0000 (UTC)
 (envelope-from stoa@gmx.us)
Received: from slack ([24.116.197.15]) by mail.gmx.com (mrgmx001) with ESMTPSA
 (Nemesis) id 0MLNpK-1ZNf6E2SNG-000dMC;
 Sun, 09 Aug 2015 00:58:04 +0200
Date: Sat, 8 Aug 2015 17:57:54 -0500
From: Dutch Ingraham <stoa@gmx.us>
To: Christian Weisgerber <naddy@mips.inka.de>
Cc: freebsd-questions@freebsd.org
Subject: Re: Firefox Vulnerabilities
Message-ID: <20150808225754.GA975@slack>
References: <20150808204639.GA8567@slack>
 <slrnmsd0qc.2jnn.naddy@lorvorc.mips.inka.de>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <slrnmsd0qc.2jnn.naddy@lorvorc.mips.inka.de>
User-Agent: Mutt/1.5.23 (2014-03-12)
X-Provags-ID: V03:K0:UcDvxCtMK9PkGD/VRWt5YLroqHPmUFIoMVjP7sZbEOyNuHboxcX
 oEv1fgbpIW97vkuqr54bL1ZEVlyXUxVgYv1d4Zp/mEojwLMzZFvA3D1ZrMScKoCkETJHUoR
 IGfXA7qdXHepbLZAVtauQmK8b3DbXgRTlL9Ra/WuZvVGajwUJt8VMWmhDiQk1CFHTNK/LP1
 mNH0MNvJvK3ffBh50JP9g==
X-UI-Out-Filterresults: notjunk:1;V01:K0:oIYYuEjctBg=:+KWgv0YtEeIJrTNmAFDre+
 EuWInRUOJrJXORZaWhi7A4JkQCwzLQUkH4b25qFsXPjZXt8iHLekCGHOsLM5a4Va4fwPu43Yn
 PJjJMqk4cj18krmZTBQH9CYN8JMeTEBk54XidDQTTfehsZT+oOUWTG7FnoiftNZl13Mf3dfvr
 lQgxDbTB3C9wwctZzL3GMISsCjNgxXx3iTeArl7N/HJL7748+AxuaFZ9+D/2TnFTevMiaZmli
 rdSFs3tsMIxyH1xQv811VuoZgLpaDec5Bv1x5B/psSaB9fwkuwpDSW+ECg1ugPHIIpQFAKSUD
 PH8W/HRcqEpQYEZGxpBZEWtsijekPsnFG5DYgLv0LJFGVY4Ko0HQkH6L4YqsLeguYuZEzpiC3
 5a5dwGrNSocnpmQTKYOzb5ecgsot35ZohWNSvwY0fIaBLPJpWtXezXhk8L58m+c5ZTTKN0+Ue
 99j41fANScVtDFWvMOrfP49JWZzTPMvK8zSH1F4JPbnoDBKozwRgG36P1QA9qU2RKwubc0dht
 7hEVz/ysp2zsEU1C8rPzghCw+9vFUyx/CV8TL2NLAOSQ6aIA5Z3HrqW8D2RwyTHuIWClSnYVK
 2FrU9wZmfI68JHfAyR6U3/qjZOUgU19kN+DjFjWS4QDwg7DKKZQ3EthbNoPifzawzMxTmTAqH
 0u3WdTvh78+HZf+jHrdRMpZW1/uQ5z3ctmQGCvX1xfK+szqSEoGPHMLXNkbPd8QxNgtODGA3K
 2SaH81MMi+F9GBLO
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions/>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 08 Aug 2015 23:03:27 -0000

On Sat, Aug 08, 2015 at 10:31:40PM +0000, Christian Weisgerber wrote:
> On 2015-08-08, Dutch Ingraham <stoa@gmx.us> wrote:
> 
> > As everyone knows, there was a vulnerability announced a few days ago 
> > related to the pdf viewer in Firefox.[1]
> >
> > Can someone comment on the status of [1] in the current "stable" 
> > Freebsd version of Firefox, 40.0,1?  Thanks.
> 
> The version of Firefox committed in r393690 (40.0-candidates/build4)
> is not vulnerable.
> 
> Presumably this was the reason a pre-release version of Firefox 40
> was committed in the first place.
> 
> You can verify it yourself.  Go and diff 39.0 and 39.0.3, then check
> that the relevant change is already in 40.0/build4.
> 
> -- 
> Christian "naddy" Weisgerber                          naddy@mips.inka.de

Thanks, naddy - I was looking through the svn logs, but couldn't seem 
to find the diff.

Just for learning purposes, can you (or anyone else) comment on why 
there was a beta committed when the stable 39.0.3 seems fine? (As far as 
I can tell, this beta version was committed to the tree after 39.03 was 
available.)

Thanks again.