Subject: CVS commit: [pkgsrc-2022Q4] pkgsrc/www
From: Benny Siegert
Date: 2023-01-26 20:58:25
Message id: 20230126195825.82F6BFA90@cvs.NetBSD.org
Log Message:
Pullup ticket #6725 - requested by nia
www/firefox102: security fix
www/firefox102-l10n: dependent update

Revisions pulled up:
- www/firefox102-l10n/Makefile                                  1.9
- www/firefox102-l10n/distinfo                                  1.8
- www/firefox102/Makefile                                       1.15
- www/firefox102/distinfo                                       1.10

---
   Module Name:	pkgsrc
   Committed By:	nia
   Date:		Tue Jan 24 17:59:28 UTC 2023

   Modified Files:
   	pkgsrc/www/firefox102: Makefile distinfo
   	pkgsrc/www/firefox102-l10n: Makefile distinfo

   Log Message:
   firefox102: Update to 102.7.0

   Security Vulnerabilities fixed in Firefox ESR 102.7

       #CVE-2022-46871: libusrsctp library out of date

       #CVE-2023-23598: Arbitrary file read from GTK drag and drop on Linux

       #CVE-2023-23599: Malicious command could be hidden in devtools output on
       Windows

       #CVE-2023-23601: URL being dragged from cross-origin iframe into same tab
       triggers navigation

       #CVE-2023-23602: Content Security Policy wasn't being correctly applied to
       WebSockets in WebWorkers

       #CVE-2022-46877: Fullscreen notification bypass

       #CVE-2023-23603: Calls to <code>console.log</code> allowed \ 
bypasing Content
       Security Policy via format directive

       #CVE-2023-23605: Memory safety bugs fixed in Firefox 109 and Firefox ESR
       102.7
Files:
RevisionActionfile
1.13.2.1modifypkgsrc/www/firefox102/Makefile
1.9.2.1modifypkgsrc/www/firefox102/distinfo
1.8.2.1modifypkgsrc/www/firefox102-l10n/Makefile
1.7.2.1modifypkgsrc/www/firefox102-l10n/distinfo