Log Message:
Pullup ticket #6113 - requested by nia
www/firefox68: security fix (zero-day)

Revisions pulled up:
- www/firefox68/Makefile                                        1.7-1.8
- www/firefox68/distinfo                                        1.6-1.7
- www/firefox68/patches/patch-rust-1.39.0                       deleted

---
   Module Name:	pkgsrc
   Committed By:	nia
   Date:		Wed Jan  8 21:49:32 UTC 2020

   Modified Files:
   	pkgsrc/www/firefox68: Makefile distinfo
   Removed Files:
   	pkgsrc/www/firefox68/patches: patch-rust-1.39.0

   Log Message:
   firefox68: Update to 68.4.0

   Security Vulnerabilities fixed in Firefox ESR 68.4:

   # CVE-2019-17015: Memory corruption in parent process during new content \ 
process initialization on Windows
   # CVE-2019-17016: Bypass of @namespace CSS sanitization during pasting
   # CVE-2019-17017: Type Confusion in XPCVariant.cpp
   # CVE-2019-17021: Heap address disclosure in parent process during content \ 
process initialization on Windows
   # CVE-2019-17022: CSS sanitization does not escape HTML tags
   # CVE-2019-17024: Memory safety bugs fixed in Firefox 72 and Firefox ESR 68.4

---
   Module Name:	pkgsrc
   Committed By:	nia
   Date:		Thu Jan  9 20:51:59 UTC 2020

   Modified Files:
   	pkgsrc/www/firefox68: Makefile distinfo

   Log Message:
   firefox68: Update to 68.4.1

   This release fixes one zero-day vulnerability:

   CVE-2019-17026: IonMonkey type confusion with StoreElementHole and \ 
FallibleStoreElement

   Incorrect alias information in IonMonkey JIT compiler for setting array \ 
elements could lead to a type confusion.
   We are aware of targeted attacks in the wild abusing this flaw