Navigation:
Browse pkgsrc
(this page) 2022-03-13 19:34:40 by Benny Siegert | Files touched by this commit (2) |  |
Log message:
Pullup ticket #6598 - requested by nia
www/firefox91: security fix
Revisions pulled up:
- www/firefox91/Makefile 1.14
- www/firefox91/distinfo 1.11
---
Module Name: pkgsrc
Committed By: nia
Date: Thu Mar 10 16:22:47 UTC 2022
Modified Files:
pkgsrc/www/firefox91: Makefile distinfo
Log message:
firefox91: update to 91.7.0
Security Vulnerabilities fixed in Firefox ESR 91.7
#CVE-2022-26383: Browser window spoof using fullscreen mode
#CVE-2022-26384: iframe allow-scripts sandbox bypass
#CVE-2022-26387: Time-of-check time-of-use bug when verifying add-on
signatures
#CVE-2022-26381: Use-after-free in text reflows
#CVE-2022-26386: Temporary files downloaded to /tmp and accessible by other
local users
|
| 2022-02-21 14:34:26 by Benny Siegert | Files touched by this commit (2) | |
Log message:
Pullup ticket #6582 - requested by nia
www/firefox91: security fix
Revisions pulled up:
- www/firefox91/Makefile 1.13
- www/firefox91/distinfo 1.10
---
Module Name: pkgsrc
Committed By: nia
Date: Mon Feb 21 03:43:56 UTC 2022
Modified Files:
pkgsrc/www/firefox91: Makefile distinfo
Log message:
firefox91: update to 91.6.0
Security Vulnerabilities fixed in Firefox ESR 91.6
#CVE-2022-22753: Privilege Escalation to SYSTEM on Windows via Maintenance
Service
#CVE-2022-22754: Extensions could have bypassed permission confirmation
during update
#CVE-2022-22756: Drag and dropping an image could have resulted in the
dropped object being an executable
#CVE-2022-22759: Sandboxed iframes could have executed script if the parent
appended elements
#CVE-2022-22760: Cross-Origin responses could be distinguished between
script and non-script content-types
#CVE-2022-22761: frame-ancestors Content Security Policy directive was not
enforced for framed extension pages
#CVE-2022-22763: Script Execution during invalid object state
#CVE-2022-22764: Memory safety bugs fixed in Firefox 97 and Firefox ESR 91.6
|
| 2022-02-20 11:20:22 by Benny Siegert | Files touched by this commit (3) |
Log message:
Pullup ticket #6580 - requested by nia
www/firefox91: security fix
Revisions pulled up:
- www/firefox91/Makefile 1.12
- www/firefox91/distinfo 1.9
- \
www/firefox91/patches/patch-gfx_angle_checkout_src_compiler_translator_InfoSink.h \
1.2
---
Module Name: pkgsrc
Committed By: ryoon
Date: Wed Jan 26 13:38:07 UTC 2022
Modified Files:
pkgsrc/www/firefox91: Makefile distinfo
pkgsrc/www/firefox91/patches:
patch-gfx_angle_checkout_src_compiler_translator_InfoSink.h
Log message:
firefox91: Update to 91.5.0
Changelog:
Security fixes:
#CVE-2022-22746: Calling into reportValidity could have lead to fullscreen
#CVE-2022-22743: Browser window spoof using fullscreen mode
#CVE-2022-22742: Out-of-bounds memory access when inserting text in edit mode
#CVE-2022-22741: Browser window spoof using fullscreen mode
#CVE-2022-22740: Use-after-free of ChannelEventQueue::mOwner
#CVE-2022-22738: Heap-buffer-overflow in blendGaussianBlur
#CVE-2022-22737: Race condition when playing audio files
#CVE-2021-4140: Iframe sandbox bypass with XSLT
#CVE-2022-22748: Spoofed origin on external protocol launch dialog
#CVE-2022-22745: Leaking cross-origin URLs through securitypolicyviolation
event
#CVE-2022-22744: The 'Copy as curl' feature in DevTools did not fully escape
website-controlled data, potentially leading to command injection
#CVE-2022-22747: Crash when handling empty pkcs7 sequence
#CVE-2022-22739: Missing throttling on external protocol launch dialog
#CVE-2022-22751: Memory safety bugs fixed in Firefox 96 and Firefox ESR 91.5
|
New packages: