From owner-svn-ports-head@freebsd.org Tue Aug 11 18:51:58 2015 Return-Path: Delivered-To: svn-ports-head@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 9A7A199F44F; Tue, 11 Aug 2015 18:51:58 +0000 (UTC) (envelope-from jbeich@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 7FA6B3E4; Tue, 11 Aug 2015 18:51:58 +0000 (UTC) (envelope-from jbeich@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.70]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id t7BIpw0S082109; Tue, 11 Aug 2015 18:51:58 GMT (envelope-from jbeich@FreeBSD.org) Received: (from jbeich@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id t7BIpwjG082108; Tue, 11 Aug 2015 18:51:58 GMT (envelope-from jbeich@FreeBSD.org) Message-Id: <201508111851.t7BIpwjG082108@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: jbeich set sender to jbeich@FreeBSD.org using -f From: Jan Beich Date: Tue, 11 Aug 2015 18:51:58 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r393961 - head/security/vuxml X-SVN-Group: ports-head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-ports-head@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: SVN commit messages for the ports tree for head List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 11 Aug 2015 18:51:58 -0000 Author: jbeich Date: Tue Aug 11 18:51:57 2015 New Revision: 393961 URL: https://svnweb.freebsd.org/changeset/ports/393961 Log: Document recent mozilla vulnerabilities Modified: head/security/vuxml/vuln.xml Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Tue Aug 11 18:51:13 2015 (r393960) +++ head/security/vuxml/vuln.xml Tue Aug 11 18:51:57 2015 (r393961) @@ -58,6 +58,116 @@ Notes: --> + + mozilla -- multiple vulnerabilities + + + firefox + 40.0,1 + + + linux-firefox + 40.0,1 + + + seamonkey + 2.37 + + + linux-seamonkey + 2.37 + + + firefox-esr + 38.2.0,1 + + + libxul + 38.2.0 + + + thunderbird + 38.2.0 + + + linux-thunderbird + 38.2.0 + + + + +

The Mozilla Project reports:

+
MFSA 2015-79 Miscellaneous memory safety hazards (rv:40.0 + / rv:38.2)
+
MFSA 2015-80 Out-of-bounds read with malformed MP3 + file
+
MFSA 2015-81 Use-after-free in MediaStream playback
+
MFSA 2015-82 Redefinition of non-configurable JavaScript object properties
+
MFSA 2015-83 Overflow issues in libstagefright
+
MFSA 2015-84 Arbitrary file overwriting through Mozilla + Maintenance Service with hard links
+
MFSA 2015-85 Out-of-bounds write with Updater and + malicious MAR file
+
MFSA 2015-86 Feed protocol with POST bypasses mixed + content protections
+
MFSA 2015-87 Crash when using shared memory in + JavaScript
+
MFSA 2015-88 Heap overflow in gdk-pixbuf when scaling + bitmap images
+
MFSA 2015-89 Buffer overflows on Libvpx when decoding + WebM video
+
MFSA 2015-90 Vulnerabilities found through code + inspection
+
MFSA 2015-91 Mozilla Content Security Policy allows for + asterisk wildcards in violation of CSP specification
+
MFSA 2015-92 Use-after-free in XMLHttpRequest with shared + workers
+

+ + + + CVE-2015-4473 + CVE-2015-4474 + CVE-2015-4475 + CVE-2015-4477 + CVE-2015-4478 + CVE-2015-4479 + CVE-2015-4480 + CVE-2015-4481 + CVE-2015-4482 + CVE-2015-4483 + CVE-2015-4484 + CVE-2015-4485 + CVE-2015-4486 + CVE-2015-4487 + CVE-2015-4488 + CVE-2015-4489 + CVE-2015-4490 + CVE-2015-4491 + CVE-2015-4492 + CVE-2015-4493 + https://www.mozilla.org/security/advisories/mfsa2015-79/ + https://www.mozilla.org/security/advisories/mfsa2015-80/ + https://www.mozilla.org/security/advisories/mfsa2015-81/ + https://www.mozilla.org/security/advisories/mfsa2015-82/ + https://www.mozilla.org/security/advisories/mfsa2015-83/ + https://www.mozilla.org/security/advisories/mfsa2015-84/ + https://www.mozilla.org/security/advisories/mfsa2015-85/ + https://www.mozilla.org/security/advisories/mfsa2015-86/ + https://www.mozilla.org/security/advisories/mfsa2015-87/ + https://www.mozilla.org/security/advisories/mfsa2015-88/ + https://www.mozilla.org/security/advisories/mfsa2015-89/ + https://www.mozilla.org/security/advisories/mfsa2015-90/ + https://www.mozilla.org/security/advisories/mfsa2015-91/ + https://www.mozilla.org/security/advisories/mfsa2015-92/ + + + 2015-08-11 + 2015-08-11 + + + lighttpd -- Log injection vulnerability in mod_auth