Subject: CVS commit: [pkgsrc-2012Q4] pkgsrc/devel/xulrunner
From: Matthias Scheler
Date: 2013-01-13 18:44:59
Message id: 20130113174459.30B09175DD@cvs.netbsd.org

Log Message:
Apply patch submitted by Ryo ONODERA in ticket #4010:
Update "firefox" and "xulrunner" package to version 17.0.2. \ 
This fixes
the following security vulnerabilities:
- MFSA 2013-20 Mis-issued TURKTRUST certificates
- MFSA 2013-19 Use-after-free in Javascript Proxy objects
- MFSA 2013-18 Use-after-free in Vibrate
- MFSA 2013-17 Use-after-free in ListenerManager
- MFSA 2013-16 Use-after-free in serializeToStream
- MFSA 2013-15 Privilege escalation through plugin objects
- MFSA 2013-14 Chrome Object Wrapper (COW) bypass through changing prototype
- MFSA 2013-13 Memory corruption in XBL with XML bindings containing SVG
- MFSA 2013-12 Buffer overflow in Javascript string concatenation
- MFSA 2013-11 Address space layout leaked in XBL objects
- MFSA 2013-10 Event manipulation in plugin handler to bypass same-origin
  policy
- MFSA 2013-09 Compartment mismatch with quickstubs returned values
- MFSA 2013-08 AutoWrapperChanger fails to keep objects alive during
  garbage collection
- MFSA 2013-07 Crash due to handling of SSL on threads
- MFSA 2013-05 Use-after-free when displaying table with many columns and
  column groups
- MFSA 2013-04 URL spoofing in addressbar during page loads
- MFSA 2013-03 Buffer Overflow in Canvas
- MFSA 2013-02 Use-after-free and buffer overflow issues found using
  Address Sanitizer
- MFSA 2013-01 Miscellaneous memory safety hazards (rv:18.0/
  rv:10.0.12 / rv:17.0.2)
- MFSA 2012-98 Firefox installer DLL hijacking

Files:
RevisionActionfile
1.39.2.1modifypkgsrc/devel/xulrunner/dist.mk
1.87.2.1modifypkgsrc/devel/xulrunner/distinfo
1.1.4.1modifypkgsrc/devel/xulrunner/patches/patch-ipc_chromium_src_base_debug__util__posix.cc