cvs commit: ports/security/vuxml vuln.xml

Martin Wilke miwi at FreeBSD.org
Mon Apr 28 17:30:48 UTC 2008 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Mon, Apr 28, 2008 at 05:14:18PM +0000, Andrew Pantyukhin wrote:
> sat         2008-04-28 17:14:17 UTC
> 
>   FreeBSD ports repository
> 
>   Modified files:
>     security/vuxml       vuln.xml 
>   Log:
>   - A new Firefox vulnerability currently affects 10 of our ports, on
>     average. A new VuXML entry usually forgets about 8 of them.
>   

Hi Andrew,

That's wrong, seamonkey and thunderbird is't affected, 

http://www.mozilla.org/projects/security/known-vulnerabilities.html#Thunderbird
http://www.mozilla.org/projects/security/known-vulnerabilities.html#SeaMonkey

and Thunderbird 2.0.14 and Seamonkey 1.1.10 is't released.

Please revert back this.

>   Wiki:           http://wiki.freebsd.org/VuXML
>   
>   Revision  Changes    Path
>   1.1613    +29 -7     ports/security/vuxml/vuln.xml
> http://cvsweb.FreeBSD.org/ports/security/vuxml/vuln.xml.diff?r1=1.1612&r2=1.1613
> | --- ports/security/vuxml/vuln.xml	2008/04/28 07:34:38	1.1612
> | +++ ports/security/vuxml/vuln.xml	2008/04/28 17:14:17	1.1613
> | @@ -28,7 +28,7 @@ WHETHER IN CONTRACT, STRICT LIABILITY, O
> |  OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,
> |  EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
> |  
> | -  $FreeBSD: /usr/local/www/cvsroot/FreeBSD/ports/security/vuxml/vuln.xml,v 1.1612 2008/04/28 07:34:38 miwi Exp $
> | +  $FreeBSD: /usr/local/www/cvsroot/FreeBSD/ports/security/vuxml/vuln.xml,v 1.1613 2008/04/28 17:14:17 sat Exp $
> |  
> |  Note:  Please add new entries to the beginning of this file.
> |  
> | @@ -212,7 +212,7 @@ Note:  Please add new entries to the beg
> |    </vuln>
> |  
> |    <vuln vid="67bd39ba-12b5-11dd-bab7-0016179b2dd5">
> | -    <topic>firefox -- javascript harbage collector vulnerability</topic>
> | +    <topic>firefox -- javascript garbage collector vulnerability</topic>
> |      <affects>
> |        <package>
> |  	<name>firefox</name>
> | @@ -222,17 +222,38 @@ Note:  Please add new entries to the beg
> |          <name>linux-firefox</name>
> |  	<range><lt>2.0.0.14</lt></range>
> |        </package>
> | +      <package>
> | +	<name>seamonkey</name>
> | +	<name>linux-seamonkey</name>
> | +	<range><lt>1.1.10</lt></range>
> | +      </package>
> | +      <package>
> | +	<name>flock</name>
> | +	<name>linux-flock</name>
> | +	<range><lt>1.1.2</lt></range>
> | +      </package>
> | +      <package>
> | +	<name>linux-firefox-devel</name>
> | +	<name>linux-seamonkey-devel</name>
> | +	<range><gt>0</gt></range>
> | +      </package>
> | +      <package>
> | +	<name>thunderbird</name>
> | +	<name>linux-thunderbird</name>
> | +	<range><lt>2.0.0.14</lt></range>
> | +      </package>
> |      </affects>
> |      <description>
> |        <body xmlns="http://www.w3.org/1999/xhtml">
> |  	<p>Mozilla Foundation reports:</p>
> |  	<blockquote cite="http://www.mozilla.org/security/announce/2008/mfsa2008-20.html">
> |  	  <p>Fixes for security problems in the JavaScript engine described in
> | -	    MFSA 2008-15 introduced a stability problem, where some users experienced
> | -	    crashes during JavaScript garbage collection. This is being fixed primarily
> | -	    to address stability concerns. We have no demonstration that this particular
> | -	    crash is exploitable but are issuing this advisory because some crashes of this
> | -	    type have been shown to be exploitable in the past.</p>
> | +	    MFSA 2008-15 introduced a stability problem, where some users
> | +	    experienced crashes during JavaScript garbage collection. This is
> | +	    being fixed primarily to address stability concerns. We have no
> | +	    demonstration that this particular crash is exploitable but are
> | +	    issuing this advisory because some crashes of this type have been
> | +	    shown to be exploitable in the past.</p>
> |  	</blockquote>
> |        </body>
> |      </description>
> | @@ -246,6 +267,7 @@ Note:  Please add new entries to the beg
> |      <dates>
> |        <discovery>2008-04-16</discovery>
> |        <entry>2008-04-25</entry>
> | +      <modified>2008-04-28</modified>
> |      </dates>
> |    </vuln>
> |  
> 

- -- 

+-----------------------+-------------------------------+
|  PGP    : 0x05682353  |  Jabber : miwi(at)BSDCrew.de  |
|  ICQ    : 169139903   |  Mail   : miwi(at)FreeBSD.org |
+-----------------------+-------------------------------+
|	Mess with the Best, Die like the Rest!		|
+-----------------------+-------------------------------+
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.4 (FreeBSD)

iD8DBQFIFgnCFwpycAVoI1MRAgS4AJ9FLmjdFnkdhvrRfO6d7uwccLDDagCfaXBm
Nt3nthxBIUdEFgMmoCg/j4U=
=JkyL
-----END PGP SIGNATURE-----

More information about the cvs-ports mailing list