Subject: CVS commit: [pkgsrc-2020Q1] pkgsrc/www/firefox68
From: Benny Siegert
Date: 2020-05-13 15:40:17
Message id: 20200513134017.2CF01FB27@cvs.NetBSD.org
Log Message:
Pullup ticket #6190 - requested by nia
www/firefox68: security fix

Revisions pulled up:
- www/firefox68/Makefile                                        1.20
- www/firefox68/PLIST                                           1.6
- www/firefox68/distinfo                                        1.15

---
   Module Name:	pkgsrc
   Committed By:	nia
   Date:		Sat May  9 13:08:01 UTC 2020

   Modified Files:
   	pkgsrc/www/firefox68: Makefile PLIST distinfo

   Log Message:
   firefox68: Update to 68.8.0

   Security Vulnerabilities fixed in Firefox ESR 68.8

       #CVE-2020-12387: Use-after-free during worker shutdown

       #CVE-2020-12388: Sandbox escape with improperly guarded Access Tokens

       #CVE-2020-12389: Sandbox escape with improperly separated process types

       #CVE-2020-6831: Buffer overflow in SCTP chunk input validation

       #CVE-2020-12392: Arbitrary local file access with 'Copy as cURL'

       #CVE-2020-12393: Devtools' 'Copy as cURL' feature did not fully escape
       website-controlled data, potentially leading to command injection

       #CVE-2020-12395: Memory safety bugs fixed in Firefox 76 and Firefox ESR 68.8
Files:
RevisionActionfile
1.15.2.3modifypkgsrc/www/firefox68/Makefile
1.5.2.1modifypkgsrc/www/firefox68/PLIST
1.11.2.3modifypkgsrc/www/firefox68/distinfo