From owner-freebsd-ports-bugs@FreeBSD.ORG Thu Sep 25 13:10:19 2014 Return-Path: Delivered-To: freebsd-ports-bugs@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 445B1CE9 for ; Thu, 25 Sep 2014 13:10:19 +0000 (UTC) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 29C29AE6 for ; Thu, 25 Sep 2014 13:10:19 +0000 (UTC) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.14.9/8.14.9) with ESMTP id s8PDAJpN029824 for ; Thu, 25 Sep 2014 13:10:19 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-ports-bugs@FreeBSD.org Subject: [Bug 193922] New: security/vuxml: belatedly add Mozilla entry for CVE-2014-155[34] and CVE-2014-156[2-7] Date: Thu, 25 Sep 2014 13:10:18 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: new X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Ports Tree X-Bugzilla-Component: Individual Port(s) X-Bugzilla-Version: Latest X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: jbeich@vfemail.net X-Bugzilla-Status: Needs Triage X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: ports-secteam@FreeBSD.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: maintainer-feedback? X-Bugzilla-Changed-Fields: bug_id short_desc product version rep_platform op_sys bug_status bug_severity priority component assigned_to reporter flagtypes.name Message-ID: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 7bit X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-ports-bugs@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: Ports bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 25 Sep 2014 13:10:19 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=193922 Bug ID: 193922 Summary: security/vuxml: belatedly add Mozilla entry for CVE-2014-155[34] and CVE-2014-156[2-7] Product: Ports Tree Version: Latest Hardware: Any OS: Any Status: Needs Triage Severity: Affects Only Me Priority: --- Component: Individual Port(s) Assignee: ports-secteam@FreeBSD.org Reporter: jbeich@vfemail.net Assignee: ports-secteam@FreeBSD.org Flags: maintainer-feedback?(ports-secteam@FreeBSD.org) SeaMonkey and XULRunner are likely affected as well but not listed in MFSAs. Taking discovery date as the commit date of the latest fix in the series under esr24 branch. mozilla -- multiple vulnerabilities firefox 32.0,1 linux-firefox 32.0,1 firefox-esr 31.1.0,1 linux-thunderbird 31.1.0 thunderbird 31.1.0 linux-seamonkey 2.29 seamonkey 2.29 libxul 24.8.0

The Mozilla Project reports:

MFSA 2014-72 Use-after-free setting text directionality

MFSA 2014-71 Profile directory file access through file: protocol

MFSA 2014-70 Out-of-bounds read in Web Audio audio timeline

MFSA 2014-69 Uninitialized memory use during GIF rendering

MFSA 2014-68 Use-after-free during DOM interactions with SVG

MFSA 2014-67 Miscellaneous memory safety hazards (rv:32.0 / rv:31.1 / rv:24.8)

CVE-2014-1553 CVE-2014-1554 CVE-2014-1562 CVE-2014-1563 CVE-2014-1564 CVE-2014-1565 CVE-2014-1566 CVE-2014-1567 https://www.mozilla.org/security/announce/2014/mfsa2014-67.html https://www.mozilla.org/security/announce/2014/mfsa2014-68.html https://www.mozilla.org/security/announce/2014/mfsa2014-69.html https://www.mozilla.org/security/announce/2014/mfsa2014-70.html https://www.mozilla.org/security/announce/2014/mfsa2014-71.html https://www.mozilla.org/security/announce/2014/mfsa2014-72.html https://www.mozilla.org/security/announce/ 2014-08-18 2014-09-02 --- Comment #1 from Bugzilla Automation --- Auto-assigned to maintainer ports-secteam@FreeBSD.org -- You are receiving this mail because: You are the assignee for the bug.