cvs commit: ports/security/vuxml vuln.xml
Martin Wilke
miwi at FreeBSD.org
Mon Apr 28 17:30:48 UTC 2008
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Mon, Apr 28, 2008 at 05:14:18PM +0000, Andrew Pantyukhin wrote:
> sat 2008-04-28 17:14:17 UTC
>
> FreeBSD ports repository
>
> Modified files:
> security/vuxml vuln.xml
> Log:
> - A new Firefox vulnerability currently affects 10 of our ports, on
> average. A new VuXML entry usually forgets about 8 of them.
>
Hi Andrew,
That's wrong, seamonkey and thunderbird is't affected,
http://www.mozilla.org/projects/security/known-vulnerabilities.html#Thunderbird
http://www.mozilla.org/projects/security/known-vulnerabilities.html#SeaMonkey
and Thunderbird 2.0.14 and Seamonkey 1.1.10 is't released.
Please revert back this.
> Wiki: http://wiki.freebsd.org/VuXML
>
> Revision Changes Path
> 1.1613 +29 -7 ports/security/vuxml/vuln.xml
> http://cvsweb.FreeBSD.org/ports/security/vuxml/vuln.xml.diff?r1=1.1612&r2=1.1613
> | --- ports/security/vuxml/vuln.xml 2008/04/28 07:34:38 1.1612
> | +++ ports/security/vuxml/vuln.xml 2008/04/28 17:14:17 1.1613
> | @@ -28,7 +28,7 @@ WHETHER IN CONTRACT, STRICT LIABILITY, O
> | OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,
> | EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
> |
> | - $FreeBSD: /usr/local/www/cvsroot/FreeBSD/ports/security/vuxml/vuln.xml,v 1.1612 2008/04/28 07:34:38 miwi Exp $
> | + $FreeBSD: /usr/local/www/cvsroot/FreeBSD/ports/security/vuxml/vuln.xml,v 1.1613 2008/04/28 17:14:17 sat Exp $
> |
> | Note: Please add new entries to the beginning of this file.
> |
> | @@ -212,7 +212,7 @@ Note: Please add new entries to the beg
> | </vuln>
> |
> | <vuln vid="67bd39ba-12b5-11dd-bab7-0016179b2dd5">
> | - <topic>firefox -- javascript harbage collector vulnerability</topic>
> | + <topic>firefox -- javascript garbage collector vulnerability</topic>
> | <affects>
> | <package>
> | <name>firefox</name>
> | @@ -222,17 +222,38 @@ Note: Please add new entries to the beg
> | <name>linux-firefox</name>
> | <range><lt>2.0.0.14</lt></range>
> | </package>
> | + <package>
> | + <name>seamonkey</name>
> | + <name>linux-seamonkey</name>
> | + <range><lt>1.1.10</lt></range>
> | + </package>
> | + <package>
> | + <name>flock</name>
> | + <name>linux-flock</name>
> | + <range><lt>1.1.2</lt></range>
> | + </package>
> | + <package>
> | + <name>linux-firefox-devel</name>
> | + <name>linux-seamonkey-devel</name>
> | + <range><gt>0</gt></range>
> | + </package>
> | + <package>
> | + <name>thunderbird</name>
> | + <name>linux-thunderbird</name>
> | + <range><lt>2.0.0.14</lt></range>
> | + </package>
> | </affects>
> | <description>
> | <body xmlns="http://www.w3.org/1999/xhtml">
> | <p>Mozilla Foundation reports:</p>
> | <blockquote cite="http://www.mozilla.org/security/announce/2008/mfsa2008-20.html">
> | <p>Fixes for security problems in the JavaScript engine described in
> | - MFSA 2008-15 introduced a stability problem, where some users experienced
> | - crashes during JavaScript garbage collection. This is being fixed primarily
> | - to address stability concerns. We have no demonstration that this particular
> | - crash is exploitable but are issuing this advisory because some crashes of this
> | - type have been shown to be exploitable in the past.</p>
> | + MFSA 2008-15 introduced a stability problem, where some users
> | + experienced crashes during JavaScript garbage collection. This is
> | + being fixed primarily to address stability concerns. We have no
> | + demonstration that this particular crash is exploitable but are
> | + issuing this advisory because some crashes of this type have been
> | + shown to be exploitable in the past.</p>
> | </blockquote>
> | </body>
> | </description>
> | @@ -246,6 +267,7 @@ Note: Please add new entries to the beg
> | <dates>
> | <discovery>2008-04-16</discovery>
> | <entry>2008-04-25</entry>
> | + <modified>2008-04-28</modified>
> | </dates>
> | </vuln>
> |
>
- --
+-----------------------+-------------------------------+
| PGP : 0x05682353 | Jabber : miwi(at)BSDCrew.de |
| ICQ : 169139903 | Mail : miwi(at)FreeBSD.org |
+-----------------------+-------------------------------+
| Mess with the Best, Die like the Rest! |
+-----------------------+-------------------------------+
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.4 (FreeBSD)
iD8DBQFIFgnCFwpycAVoI1MRAgS4AJ9FLmjdFnkdhvrRfO6d7uwccLDDagCfaXBm
Nt3nthxBIUdEFgMmoCg/j4U=
=JkyL
-----END PGP SIGNATURE-----
More information about the cvs-ports
mailing list