Navigation:
Browse pkgsrc
(this page)| 2022-06-28 13:38:00 by Thomas Klausner | Files touched by this commit (3952) |
Log message: *: recursive bump for perl 5.36 |
2022-06-14 11:17:20 by Nia Alarie | Files touched by this commit (4) |  |
Log message:
firefox91: update to 91.10.0
Security Vulnerabilities fixed in Firefox ESR 91.10
#CVE-2022-31736: Cross-Origin resource's length leaked
#CVE-2022-31737: Heap buffer overflow in WebGL
#CVE-2022-31738: Browser window spoof using fullscreen mode
#CVE-2022-31739: Attacker-influenced path traversal when saving downloaded
files
#CVE-2022-31740: Register allocation problem in WASM on arm64
#CVE-2022-31741: Uninitialized variable leads to invalid memory read
#CVE-2022-31742: Querying a WebAuthn token with a large number of
allowCredential entries may have leaked cross-origin information
#CVE-2022-31747: Memory safety bugs fixed in Firefox 101 and Firefox ESR
91.10
|
| 2022-05-16 23:16:00 by Nia Alarie | Files touched by this commit (3) | |
Log message:
firefox91: update to 91.9.0
Security Vulnerabilities fixed in Firefox ESR 91.9
#CVE-2022-29914: Fullscreen notification bypass using popups
#CVE-2022-29909: Bypassing permission prompt in nested browsing contexts
#CVE-2022-29916: Leaking browser history with CSS variables
#CVE-2022-29911: iframe Sandbox bypass
#CVE-2022-29912: Reader mode bypassed SameSite cookies
#CVE-2022-29917: Memory safety bugs fixed in Firefox 100 and Firefox ESR
91.9
|
| 2022-05-05 10:21:34 by Nia Alarie | Files touched by this commit (5) |
Log message: firefox*: Use OPSYS_VERSION to numerically compare NetBSD versions |
| 2022-04-18 21:12:27 by Adam Ciarcinski | Files touched by this commit (1798) | |
Log message: revbump for textproc/icu update |
| 2022-04-10 15:43:44 by Nia Alarie | Files touched by this commit (4) | |
Log message: firefox91: update to 91.8.0 Security Vulnerabilities fixed in Firefox ESR 91.8 #CVE-2022-1097: Use-after-free in NSSToken objects #CVE-2022-28281: Out of bounds write due to unexpected WebAuthN Extensions #CVE-2022-1196: Use-after-free after VR Process destruction #CVE-2022-28282: Use-after-free in DocumentL10n::TranslateDocument #CVE-2022-28285: Incorrect AliasSet used in JIT Codegen #CVE-2022-28286: iframe contents could be rendered outside the border #CVE-2022-24713: Denial of Service via complex regular expressions #CVE-2022-28289: Memory safety bugs fixed in Firefox 99 and Firefox ESR 91.8 |
| 2022-03-28 12:59:32 by Tobias Nygren | Files touched by this commit (54) |
Log message:
{s,t,w}*/*: revbump(1) for libsndfile
|
| 2022-03-10 17:22:47 by Nia Alarie | Files touched by this commit (2) | |
Log message:
firefox91: update to 91.7.0
Security Vulnerabilities fixed in Firefox ESR 91.7
#CVE-2022-26383: Browser window spoof using fullscreen mode
#CVE-2022-26384: iframe allow-scripts sandbox bypass
#CVE-2022-26387: Time-of-check time-of-use bug when verifying add-on
signatures
#CVE-2022-26381: Use-after-free in text reflows
#CVE-2022-26386: Temporary files downloaded to /tmp and accessible by other
local users
|
| 2022-02-21 04:43:56 by Nia Alarie | Files touched by this commit (2) | |
Log message:
firefox91: update to 91.6.0
Security Vulnerabilities fixed in Firefox ESR 91.6
#CVE-2022-22753: Privilege Escalation to SYSTEM on Windows via Maintenance
Service
#CVE-2022-22754: Extensions could have bypassed permission confirmation
during update
#CVE-2022-22756: Drag and dropping an image could have resulted in the
dropped object being an executable
#CVE-2022-22759: Sandboxed iframes could have executed script if the parent
appended elements
#CVE-2022-22760: Cross-Origin responses could be distinguished between
script and non-script content-types
#CVE-2022-22761: frame-ancestors Content Security Policy directive was not
enforced for framed extension pages
#CVE-2022-22763: Script Execution during invalid object state
#CVE-2022-22764: Memory safety bugs fixed in Firefox 97 and Firefox ESR 91.6
|
| 2022-01-26 14:38:07 by Ryo ONODERA | Files touched by this commit (3) |
Log message: firefox91: Update to 91.5.0 Changelog: Security fixes: #CVE-2022-22746: Calling into reportValidity could have lead to fullscreen #CVE-2022-22743: Browser window spoof using fullscreen mode #CVE-2022-22742: Out-of-bounds memory access when inserting text in edit mode #CVE-2022-22741: Browser window spoof using fullscreen mode #CVE-2022-22740: Use-after-free of ChannelEventQueue::mOwner #CVE-2022-22738: Heap-buffer-overflow in blendGaussianBlur #CVE-2022-22737: Race condition when playing audio files #CVE-2021-4140: Iframe sandbox bypass with XSLT #CVE-2022-22748: Spoofed origin on external protocol launch dialog #CVE-2022-22745: Leaking cross-origin URLs through securitypolicyviolation event #CVE-2022-22744: The 'Copy as curl' feature in DevTools did not fully escape website-controlled data, potentially leading to command injection #CVE-2022-22747: Crash when handling empty pkcs7 sequence #CVE-2022-22739: Missing throttling on external protocol launch dialog #CVE-2022-22751: Memory safety bugs fixed in Firefox 96 and Firefox ESR 91.5 |
New packages: