Next | Query returned 2 messages, browsing 1 to 10 | previous

History of commit frequency

CVS Commit History:


   2017-12-03 12:41:34 by Benny Siegert | Files touched by this commit (4) | Package updated
Log message:
Pullup ticket #5655 - requested by khorben
www/firefox52: security fix
www/firefox52-l10n: update

Revisions pulled up:
- www/firefox52-l10n/Makefile                                   1.7
- www/firefox52-l10n/distinfo                                   1.7
- www/firefox52/Makefile                                        1.11
- www/firefox52/distinfo                                        1.9

---
   Module Name:	pkgsrc
   Committed By:	ryoon
   Date:		Fri Nov 17 00:19:01 UTC 2017

   Modified Files:
   	pkgsrc/www/firefox52: Makefile distinfo

   Log message:
   Update to 52.5.0

   Changelog:
   Security fixes:
   #CVE-2017-7828: Use-after-free of PressShell while restyling layout

   Reporter
       Nils
   Impact
       critical

   Description

   A use-after-free vulnerability can occur when flushing and resizing
   layout because the PressShell object has been freed while still
   in use. This results in a potentially exploitable crash during
   these operations.

   References

       Bug 1406750
       Bug 1412252

   #CVE-2017-7830: Cross-origin URL information leak through Resource
   Timing API

   Reporter
       Jun Kokatsu
   Impact
       high

   Description

   The Resource Timing API incorrectly revealed navigations in cross-origin
   iframes. This is a same-origin policy violation and could allow for
   data theft of URLs loaded by users.

   References

       Memory safety bugs fixed in Firefox 57

   #CVE-2017-7826: Memory safety bugs fixed in Firefox 57 and Firefox ESR 52.5

   Reporter
       Mozilla developers and community
   Impact
       critical

   Description

   Mozilla developers and community members Christian Holler, David
   Keeler, Jon Coppeard, Julien Cristau, Jan de Mooij, Jason Kratzer,
   Philipp, Nicholas Nethercote, Oriol Brufau, André Bargull, Bob Clary,
   Jet Villegas, Randell Jesup, Tyson Smith, Gary Kwong, and Ryan VanderMeulen
   reported memory safety bugs present in Firefox 56 and Firefox ESR 52.4.
   Some of these bugs showed evidence of memory corruption and we presume
   that with enough effort that some of these could be exploited to
   run arbitrary code.

   References

       Memory safety bugs fixed in Firefox 57 and Firefox ESR 52.5

---
   Module Name:	pkgsrc
   Committed By:	ryoon
   Date:		Fri Nov 17 00:53:53 UTC 2017

   Modified Files:
   	pkgsrc/www/firefox52-l10n: Makefile distinfo

   Log message:
   Update to 52.5.0

   * Sync with www/firefox52-52.5.0
   2017-11-25 10:41:45 by Benny Siegert | Files touched by this commit (5)
Log message:
Pullup ticket #5652 - requested by khorben
www/firefox52: security fix
www/firefox52-l10n: security fix

Revisions pulled up:
- www/firefox52-l10n/Makefile                                   1.5-1.6
- www/firefox52-l10n/distinfo                                   1.5-1.6
- www/firefox52/Makefile                                        1.9-1.10
- www/firefox52/distinfo                                        1.7-1.8
- \ 
www/firefox52/patches/patch-extensions_spellcheck_hunspell_glue_mozHunspell.cpp \ 
deleted

---
   Module Name:	pkgsrc
   Committed By:	ryoon
   Date:		Sat Sep 30 11:19:10 UTC 2017

   Modified Files:
   	pkgsrc/www/firefox52: Makefile distinfo
   Removed Files:
   	pkgsrc/www/firefox52/patches:
   	    patch-extensions_spellcheck_hunspell_glue_mozHunspell.cpp

   Log message:
   Update to 52.4.0

   * Remove an unnecessary patch

   Changelog:
   Fixed
       Various security fixes
       Various stability and regression fixes

   Security fixes:
   #CVE-2017-7793: Use-after-free with Fetch API

   Reporter
       Abhishek Arya
   Impact
       high

   Description

   A use-after-free vulnerability can occur in the Fetch API when the
   worker or the associated window are freed when still in use, resulting
   in a potentially exploitable crash.
   References

       Bug 1371889

   #CVE-2017-7818: Use-after-free during ARIA array manipulation

   Reporter
       Nils
   Impact
       high

   Description

   A use-after-free vulnerability can occur when manipulating arrays of
   Accessible Rich Internet Applications (ARIA) elements within containers
   through the DOM. This results in a potentially exploitable crash.
   References

       Bug 1363723

   #CVE-2017-7819: Use-after-free while resizing images in design mode

   Reporter
       Nils
   Impact
       high

   Description

   A use-after-free vulnerability can occur in design mode when image
   objects are resized if objects referenced during the resizing have been
   freed from memory. This results in a potentially exploitable crash.
   References

       Bug 1380292

   #CVE-2017-7824: Buffer overflow when drawing and validating elements
   with ANGLE

   Reporter
       Omair, Andre Weissflog
   Impact
       high

   Description

   A buffer overflow occurs when drawing and validating elements with the
   ANGLE graphics library, used for WebGL content. This is due to an
   incorrect value being passed within the library during checks and
   results in a potentially exploitable crash.
   References

       Bug 1398381

   #CVE-2017-7805: Use-after-free in TLS 1.2 generating handshake hashes

   Reporter
       Martin Thomson
   Impact
       high

   Description

   During TLS 1.2 exchanges, handshake hashes are generated which point to
   a message buffer. This saved data is used for later messages but in some
   cases, the handshake transcript can exceed the space available in the
   current buffer, causing the allocation of a new buffer. This leaves a
   pointer pointing to the old, freed buffer, resulting in a use-after-free
   when handshake hashes are then calculated afterwards. This can result in
   a potentially exploitable crash.
   References

       Bug 1377618

   #CVE-2017-7814: Blob and data URLs bypass phishing and malware
   protection warnings

   Reporter
       Francois Marier
   Impact
       moderate

   Description

   File downloads encoded with blob: and data: URL elements bypassed normal
   file download checks though the Phishing and Malware Protection feature
   and its block lists of suspicious sites and files. This would allow
   malicious sites to lure users into downloading executables that would
   otherwise be detected as suspicious.
   References

       Bug 1376036

   #CVE-2017-7825: OS X fonts render some Tibetan and Arabic unicode
   characters as spaces

   Reporter
       Khalil Zhani
   Impact
       moderate

   Description

   Several fonts on OS X display some Tibetan and Arabic characters as
   whitespace. When used in the addressbar as part of an IDN this can be
   used for domain name spoofing attacks.
   Note: This attack only affects OS X operating systems. Other operating
   systems are unaffected.
   References

       Bug 1393624
       Bug 1390980

   #CVE-2017-7823: CSP sandbox directive did not create a unique origin

   Reporter
       Jun Kokatsu
   Impact
       moderate

   Description

   The content security policy (CSP) sandbox directive did not create a
   unique origin for the document, causing it to behave as if the
   allow-same-origin keyword were always specified. This could allow a
   Cross-Site Scripting (XSS) attack to be launched from unsafe content.
   References

       Bug 1396320

   #CVE-2017-7810: Memory safety bugs fixed in Firefox 56 and Firefox ESR 52.4

   Reporter
       Mozilla developers and community
   Impact
       critical

   Description

   Mozilla developers and community members Christoph Diehl, Jan de Mooij,
   Jason Kratzer, Randell Jesup, Tom Ritter, Tyson Smith, and Sebastian
   Hengst reported memory safety bugs present in Firefox 55 and Firefox ESR
   52.3. Some of these bugs showed evidence of memory corruption and we
   presume that with enough effort that some of these could be exploited to
   run arbitrary code.
   References

       Memory safety bugs fixed in Firefox 56 and Firefox ESR 52.4

---
   Module Name:	pkgsrc
   Committed By:	ryoon
   Date:		Sat Sep 30 11:21:00 UTC 2017

   Modified Files:
   	pkgsrc/www/firefox52-l10n: Makefile distinfo

   Log message:
   Update to 52.4.0

   * Sync with firefox52-52.4.0

---
   Module Name:	pkgsrc
   Committed By:	ryoon
   Date:		Thu Nov  9 19:17:19 UTC 2017

   Modified Files:
   	pkgsrc/www/firefox52: Makefile distinfo

   Log message:
   Update to 52.4.1

   Changelog:
   Fixed
       Fixed a crash when playing videos on macOS 10.13

       Fixed a crash when using the color picker on macOS 10.13

---
   Module Name:	pkgsrc
   Committed By:	ryoon
   Date:		Thu Nov  9 19:24:37 UTC 2017

   Modified Files:
   	pkgsrc/www/firefox52-l10n: Makefile distinfo

   Log message:
   Update to 52.4.1

   * Sync with www/firefox52-52.4.1

Next | Query returned 2 messages, browsing 1 to 10 | previous