From owner-svn-ports-head@freebsd.org Tue Sep 20 17:01:31 2016 Return-Path: Delivered-To: svn-ports-head@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id B26BCBE2F02; Tue, 20 Sep 2016 17:01:31 +0000 (UTC) (envelope-from jbeich@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 74A5E10CC; Tue, 20 Sep 2016 17:01:31 +0000 (UTC) (envelope-from jbeich@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id u8KH1UU1002491; Tue, 20 Sep 2016 17:01:30 GMT (envelope-from jbeich@FreeBSD.org) Received: (from jbeich@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id u8KH1Uh7002489; Tue, 20 Sep 2016 17:01:30 GMT (envelope-from jbeich@FreeBSD.org) Message-Id: <201609201701.u8KH1Uh7002489@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: jbeich set sender to jbeich@FreeBSD.org using -f From: Jan Beich Date: Tue, 20 Sep 2016 17:01:30 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r422522 - head/security/vuxml X-SVN-Group: ports-head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-ports-head@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: SVN commit messages for the ports tree for head List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 20 Sep 2016 17:01:31 -0000 Author: jbeich Date: Tue Sep 20 17:01:30 2016 New Revision: 422522 URL: https://svnweb.freebsd.org/changeset/ports/422522 Log: Document recent Firefox vulnerabilities Modified: head/security/vuxml/vuln.xml Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Tue Sep 20 17:00:58 2016 (r422521) +++ head/security/vuxml/vuln.xml Tue Sep 20 17:01:30 2016 (r422522) @@ -58,6 +58,86 @@ Notes: * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) --> + + mozilla -- multiple vulnerabilities + + + firefox + 49.0,1 + + + seamonkey + linux-seamonkey + 2.46 + + + firefox-esr + 45.4.0,1 + + + linux-firefox + 45.4.0,2 + + + libxul + thunderbird + linux-thunderbird + 45.4.0 + + + + +

Mozilla Foundation reports:

+
CVE-2016-2827 - Out-of-bounds read in mozilla::net::IsValidReferrerPolicy [low]
+
CVE-2016-5256 - Memory safety bugs fixed in Firefox 49 [critical]
+
CVE-2016-5257 - Memory safety bugs fixed in Firefox 49 and Firefox ESR 45.4 [critical]
+
CVE-2016-5270 - Heap-buffer-overflow in nsCaseTransformTextRunFactory::TransformString [high]
+
CVE-2016-5271 - Out-of-bounds read in PropertyProvider::GetSpacingInternal [low]
+
CVE-2016-5272 - Bad cast in nsImageGeometryMixin [high]
+
CVE-2016-5273 - crash in mozilla::a11y::HyperTextAccessible::GetChildOffset [high]
+
CVE-2016-5274 - use-after-free in nsFrameManager::CaptureFrameState [high]
+
CVE-2016-5275 - global-buffer-overflow in mozilla::gfx::FilterSupport::ComputeSourceNeededRegions [critical]
+
CVE-2016-5276 - Heap-use-after-free in mozilla::a11y::DocAccessible::ProcessInvalidationList [high]
+
CVE-2016-5277 - Heap-use-after-free in nsRefreshDriver::Tick [high]
+
CVE-2016-5278 - Heap-buffer-overflow in nsBMPEncoder::AddImageFrame [critical]
+
CVE-2016-5279 - Full local path of files is available to web pages after drag and drop [moderate]
+
CVE-2016-5280 - Use-after-free in mozilla::nsTextNodeDirectionalityMap::RemoveElementFromMap [high]
+
CVE-2016-5281 - use-after-free in DOMSVGLength [high]
+
CVE-2016-5282 - Don't allow content to request favicons from non-whitelisted schemes [moderate]
+
CVE-2016-5283 - <iframe src> fragment timing attack can reveal cross-origin data [high]
+
CVE-2016-5284 - Add-on update site certificate pin expiration [high]
+

+ + + + CVE-2016-2827 + CVE-2016-5256 + CVE-2016-5257 + CVE-2016-5270 + CVE-2016-5271 + CVE-2016-5272 + CVE-2016-5273 + CVE-2016-5274 + CVE-2016-5275 + CVE-2016-5276 + CVE-2016-5277 + CVE-2016-5278 + CVE-2016-5279 + CVE-2016-5280 + CVE-2016-5281 + CVE-2016-5282 + CVE-2016-5283 + CVE-2016-5284 + https://www.mozilla.org/security/advisories/mfsa2016-85/ + https://www.mozilla.org/security/advisories/mfsa2016-86/ + + + 2016-09-13 + 2016-09-20 + + + chromium -- multiple vulnerabilities @@ -537,6 +617,11 @@ Notes: 48.0,1 + seamonkey + linux-seamonkey + 2.45 + + firefox-esr 45.3.0,1 @@ -653,6 +738,7 @@ Notes: 2016-08-02 2016-09-07 + 2016-09-20