Skip site navigation (1)Skip section navigation (2)
Date:      Sat, 8 Aug 2015 17:57:54 -0500
From:      Dutch Ingraham <stoa@gmx.us>
To:        Christian Weisgerber <naddy@mips.inka.de>
Cc:        freebsd-questions@freebsd.org
Subject:   Re: Firefox Vulnerabilities
Message-ID:  <20150808225754.GA975@slack>
In-Reply-To: <slrnmsd0qc.2jnn.naddy@lorvorc.mips.inka.de>
References:  <20150808204639.GA8567@slack> <slrnmsd0qc.2jnn.naddy@lorvorc.mips.inka.de>

next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, Aug 08, 2015 at 10:31:40PM +0000, Christian Weisgerber wrote:
> On 2015-08-08, Dutch Ingraham <stoa@gmx.us> wrote:
> 
> > As everyone knows, there was a vulnerability announced a few days ago 
> > related to the pdf viewer in Firefox.[1]
> >
> > Can someone comment on the status of [1] in the current "stable" 
> > Freebsd version of Firefox, 40.0,1?  Thanks.
> 
> The version of Firefox committed in r393690 (40.0-candidates/build4)
> is not vulnerable.
> 
> Presumably this was the reason a pre-release version of Firefox 40
> was committed in the first place.
> 
> You can verify it yourself.  Go and diff 39.0 and 39.0.3, then check
> that the relevant change is already in 40.0/build4.
> 
> -- 
> Christian "naddy" Weisgerber                          naddy@mips.inka.de

Thanks, naddy - I was looking through the svn logs, but couldn't seem 
to find the diff.

Just for learning purposes, can you (or anyone else) comment on why 
there was a beta committed when the stable 39.0.3 seems fine? (As far as 
I can tell, this beta version was committed to the tree after 39.03 was 
available.)

Thanks again.



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20150808225754.GA975>