Subject: CVS commit: [pkgsrc-2022Q1] pkgsrc/www
From: Benny Siegert
Date: 2022-04-13 09:16:37
Message id: 20220413071637.3C840FB24@cvs.NetBSD.org
Log Message:
Pullup ticket #6612 - requested by nia
www/firefox91: security fix
www/firefox91-l10n: dependent update

Revisions pulled up:
- www/firefox91-l10n/Makefile                                   1.10
- www/firefox91-l10n/distinfo                                   1.12
- www/firefox91/Makefile                                        1.16
- www/firefox91/distinfo                                        1.12

---
   Module Name:	pkgsrc
   Committed By:	nia
   Date:		Sun Apr 10 13:43:44 UTC 2022

   Modified Files:
   	pkgsrc/www/firefox91: Makefile distinfo
   	pkgsrc/www/firefox91-l10n: Makefile distinfo

   Log Message:
   firefox91: update to 91.8.0

   Security Vulnerabilities fixed in Firefox ESR 91.8

   #CVE-2022-1097: Use-after-free in NSSToken objects

   #CVE-2022-28281: Out of bounds write due to unexpected WebAuthN Extensions

   #CVE-2022-1196: Use-after-free after VR Process destruction

   #CVE-2022-28282: Use-after-free in DocumentL10n::TranslateDocument

   #CVE-2022-28285: Incorrect AliasSet used in JIT Codegen

   #CVE-2022-28286: iframe contents could be rendered outside the border

   #CVE-2022-24713: Denial of Service via complex regular expressions

   #CVE-2022-28289: Memory safety bugs fixed in Firefox 99 and Firefox ESR 91.8
Files:
RevisionActionfile
1.15.2.1modifypkgsrc/www/firefox91/Makefile
1.11.2.1modifypkgsrc/www/firefox91/distinfo
1.9.2.1modifypkgsrc/www/firefox91-l10n/Makefile
1.11.2.1modifypkgsrc/www/firefox91-l10n/distinfo