Date: Thu, 25 Sep 2014 13:10:18 +0000 From: bugzilla-noreply@freebsd.org To: freebsd-ports-bugs@FreeBSD.org Subject: [Bug 193922] New: security/vuxml: belatedly add Mozilla entry for CVE-2014-155[34] and CVE-2014-156[2-7] Message-ID: <bug-193922-13@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=193922 Bug ID: 193922 Summary: security/vuxml: belatedly add Mozilla entry for CVE-2014-155[34] and CVE-2014-156[2-7] Product: Ports Tree Version: Latest Hardware: Any OS: Any Status: Needs Triage Severity: Affects Only Me Priority: --- Component: Individual Port(s) Assignee: ports-secteam@FreeBSD.org Reporter: jbeich@vfemail.net Assignee: ports-secteam@FreeBSD.org Flags: maintainer-feedback?(ports-secteam@FreeBSD.org) SeaMonkey and XULRunner are likely affected as well but not listed in MFSAs. Taking discovery date as the commit date of the latest fix in the series under esr24 branch. <vuln vid="da2e025f-a78d-46e4-83ee-7c65f9897f11"> <topic>mozilla -- multiple vulnerabilities</topic> <affects> <package> <name>firefox</name> <range><lt>32.0,1</lt></range> </package> <package> <name>linux-firefox</name> <range><lt>32.0,1</lt></range> </package> <package> <name>firefox-esr</name> <range><lt>31.1.0,1</lt></range> </package> <package> <name>linux-thunderbird</name> <range><lt>31.1.0</lt></range> </package> <package> <name>thunderbird</name> <range><lt>31.1.0</lt></range> </package> <package> <name>linux-seamonkey</name> <range><lt>2.29</lt></range> </package> <package> <name>seamonkey</name> <range><lt>2.29</lt></range> </package> <package> <name>libxul</name> <range><lt>24.8.0</lt></range> </package> </affects> <description> <body xmlns="http://www.w3.org/1999/xhtml">; <p>The Mozilla Project reports:</p> <blockquote cite="http://www.mozilla.org/security/known-vulnerabilities/">; <p>MFSA 2014-72 Use-after-free setting text directionality</p> <p>MFSA 2014-71 Profile directory file access through file: protocol</p> <p>MFSA 2014-70 Out-of-bounds read in Web Audio audio timeline</p> <p>MFSA 2014-69 Uninitialized memory use during GIF rendering</p> <p>MFSA 2014-68 Use-after-free during DOM interactions with SVG</p> <p>MFSA 2014-67 Miscellaneous memory safety hazards (rv:32.0 / rv:31.1 / rv:24.8)</p> </blockquote> </body> </description> <references> <cvename>CVE-2014-1553</cvename> <cvename>CVE-2014-1554</cvename> <cvename>CVE-2014-1562</cvename> <cvename>CVE-2014-1563</cvename> <cvename>CVE-2014-1564</cvename> <cvename>CVE-2014-1565</cvename> <cvename>CVE-2014-1566</cvename> <cvename>CVE-2014-1567</cvename> <url>https://www.mozilla.org/security/announce/2014/mfsa2014-67.html</url>; <url>https://www.mozilla.org/security/announce/2014/mfsa2014-68.html</url>; <url>https://www.mozilla.org/security/announce/2014/mfsa2014-69.html</url>; <url>https://www.mozilla.org/security/announce/2014/mfsa2014-70.html</url>; <url>https://www.mozilla.org/security/announce/2014/mfsa2014-71.html</url>; <url>https://www.mozilla.org/security/announce/2014/mfsa2014-72.html</url>; <url>https://www.mozilla.org/security/announce/</url>; </references> <dates> <discovery>2014-08-18</discovery> <entry>2014-09-02</entry> </dates> </vuln> --- Comment #1 from Bugzilla Automation <bugzilla@FreeBSD.org> --- Auto-assigned to maintainer ports-secteam@FreeBSD.org -- You are receiving this mail because: You are the assignee for the bug.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-193922-13>