svn commit: r373807 - head/security/vuxml
Beat Gaetzi
beat at FreeBSD.org
Wed Dec 3 11:20:53 UTC 2014
Author: beat
Date: Wed Dec 3 11:20:51 2014
New Revision: 373807
URL: https://svnweb.freebsd.org/changeset/ports/373807
QAT: https://qat.redports.org/buildarchive/r373807/
Log:
Document mozilla vulnerabilities
PR: 195559
Submitted by: Jan Beich
Modified:
head/security/vuxml/vuln.xml
Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml Wed Dec 3 09:54:37 2014 (r373806)
+++ head/security/vuxml/vuln.xml Wed Dec 3 11:20:51 2014 (r373807)
@@ -57,6 +57,94 @@ Notes:
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+ <vuln vid="7ae61870-9dd2-4884-a2f2-f19bb5784d09">
+ <topic>mozilla -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>firefox</name>
+ <range><lt>34.0,1</lt></range>
+ </package>
+ <package>
+ <name>firefox-esr</name>
+ <range><lt>31.3.0,1</lt></range>
+ </package>
+ <package>
+ <name>linux-firefox</name>
+ <range><lt>34.0,1</lt></range>
+ </package>
+ <package>
+ <name>linux-seamonkey</name>
+ <range><lt>2.31</lt></range>
+ </package>
+ <package>
+ <name>linux-thunderbird</name>
+ <range><lt>31.3.0</lt></range>
+ </package>
+ <package>
+ <name>seamonkey</name>
+ <range><lt>2.31</lt></range>
+ </package>
+ <package>
+ <name>thunderbird</name>
+ <range><lt>31.3.0</lt></range>
+ </package>
+ <package>
+ <name>libxul</name>
+ <range><lt>31.3.0</lt></range>
+ </package>
+ <package>
+ <name>nss</name>
+ <range><lt>3.17.3</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The Mozilla Project reports:</p>
+ <blockquote cite="http://www.mozilla.org/security/known-vulnerabilities/">
+ <p>ASN.1 DER decoding of lengths is too permissive, allowing
+ undetected smuggling of arbitrary data</p>
+ <p>MSFA-2014-90 Apple CoreGraphics framework on OS X 10.10
+ logging input data to /tmp directory</p>
+ <p>MSFA-2014-89 Bad casting from the BasicThebesLayer to
+ BasicContainerLayer</p>
+ <p>MSFA-2014-88 Buffer overflow while parsing media content</p>
+ <p>MSFA-2014-87 Use-after-free during HTML5 parsing</p>
+ <p>MSFA-2014-86 CSP leaks redirect data via violation reports</p>
+ <p>MSFA-2014-85 XMLHttpRequest crashes with some input streams</p>
+ <p>MSFA-2014-84 XBL bindings accessible via improper CSS
+ declarations</p>
+ <p>MSFA-2014-83 Miscellaneous memory safety hazards (rv:34.0
+ / rv:31.3)</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2014-1587</cvename>
+ <cvename>CVE-2014-1588</cvename>
+ <cvename>CVE-2014-1589</cvename>
+ <cvename>CVE-2014-1590</cvename>
+ <cvename>CVE-2014-1591</cvename>
+ <cvename>CVE-2014-1592</cvename>
+ <cvename>CVE-2014-1593</cvename>
+ <cvename>CVE-2014-1594</cvename>
+ <cvename>CVE-2014-1595</cvename>
+ <cvename>CVE-2014-1569</cvename>
+ <url>https://www.mozilla.org/security/advisories/mfsa2014-83</url>
+ <url>https://www.mozilla.org/security/advisories/mfsa2014-84</url>
+ <url>https://www.mozilla.org/security/advisories/mfsa2014-85</url>
+ <url>https://www.mozilla.org/security/advisories/mfsa2014-86</url>
+ <url>https://www.mozilla.org/security/advisories/mfsa2014-87</url>
+ <url>https://www.mozilla.org/security/advisories/mfsa2014-88</url>
+ <url>https://www.mozilla.org/security/advisories/mfsa2014-89</url>
+ <url>https://www.mozilla.org/security/advisories/mfsa2014-90</url>
+ <url>https://www.mozilla.org/security/advisories/</url>
+ </references>
+ <dates>
+ <discovery>2014-12-01</discovery>
+ <entry>2014-12-02</entry>
+ </dates>
+ </vuln>
+
<vuln vid="23ab5c3e-79c3-11e4-8b1e-d050992ecde8">
<topic>OpenVPN -- denial of service security vulnerability</topic>
<affects>
More information about the svn-ports-head
mailing list