ports/187725: www/firefox-esr should be updated, 24.4.0 has been released fixing 10 vulnerabilities

Matthew Rezny matthew at reztek.cz
Wed Mar 19 09:10:01 UTC 2014 

>Number:         187725
>Category:       ports
>Synopsis:       www/firefox-esr should be updated, 24.4.0 has been released fixing 10 vulnerabilities
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          update
>Submitter-Id:   current-users
>Arrival-Date:   Wed Mar 19 09:10:00 UTC 2014
>Closed-Date:
>Last-Modified:
>Originator:     Matthew Rezny
>Release:        10-STABLE
>Organization:
RezTek, s.r.o.
>Environment:
FreeBSD desktop.reztek 10.0-STABLE FreeBSD 10.0-STABLE #0 r263274: Tue Mar 18 00:14:00 CET 2014     root at desktop.reztek:/usr/obj/usr/src/sys/DESKTOP  amd64
>Description:
Firefox-ESR 24.4.0 has been released with fixes for the following security vulnerabilities (5 Critical, 3 High, 2 Moderate):
MFSA 2014-32 Out-of-bounds write through TypedArrayObject after neutering
MFSA 2014-31 Out-of-bounds read/write through neutering ArrayBuffer objects
MFSA 2014-30 Use-after-free in TypeObject
MFSA 2014-29 Privilege escalation using WebIDL-implemented APIs
MFSA 2014-28 SVG filters information disclosure through feDisplacementMap
MFSA 2014-27 Memory corruption in Cairo during PDF font rendering
MFSA 2014-26 Information disclosure through polygon rendering in MathML
MFSA 2014-17 Out of bounds read during WAV file decoding
MFSA 2014-16 Files extracted during updates are not always read only
MFSA 2014-15 Miscellaneous memory safety hazards (rv:28.0 / rv:24.4)

All our patches apply clean after bumping the version and pkg doesn't complain about the plist, so it appears to be an easy update.

>How-To-Repeat:
install www/firefox-esr and use it on the Internet

>Fix:
Index: Makefile
===================================================================
--- Makefile    (revision 348606)
+++ Makefile    (working copy)
@@ -2,8 +2,7 @@
 # $FreeBSD$
 
 PORTNAME=      firefox
-DISTVERSION=   24.3.0
-PORTREVISION=  2
+DISTVERSION=   24.4.0
 PORTEPOCH=     1
 CATEGORIES=    www ipv6
 MASTER_SITES=  MOZILLA/${PORTNAME}/releases/${DISTVERSION}esr/source
Index: distinfo
===================================================================
--- distinfo    (revision 348606)
+++ distinfo    (working copy)
@@ -1,2 +1,2 @@
-SHA256 (firefox-24.3.0esr.source.tar.bz2) = 0d38dd50beffff640cfea67fcf8f44bb95c3c927ccfa225f2b937b9a4ba262b9
-SIZE (firefox-24.3.0esr.source.tar.bz2) = 119391302
+SHA256 (firefox-24.4.0esr.source.tar.bz2) = b56fb5f16e0fe42bdf9ba560a64bca3633cdea5d264f7e9beca01b7a355efd6e
+SIZE (firefox-24.4.0esr.source.tar.bz2) = 119614180


>Release-Note:
>Audit-Trail:
>Unformatted:

More information about the freebsd-ports-bugs mailing list