svn commit: r421609 - head/security/vuxml
Christoph Moench-Tegeder
cmt at FreeBSD.org
Fri Sep 9 11:02:06 UTC 2016
Author: cmt
Date: Fri Sep 9 11:02:05 2016
New Revision: 421609
URL: https://svnweb.freebsd.org/changeset/ports/421609
Log:
document mozilla vulnerabilities (<48, <45.3esr)
PR: 212463
Approved by: jbeich (maintainer), rene (mentor)
Modified:
head/security/vuxml/vuln.xml
Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml Fri Sep 9 10:57:45 2016 (r421608)
+++ head/security/vuxml/vuln.xml Fri Sep 9 11:02:05 2016 (r421609)
@@ -58,6 +58,133 @@ Notes:
* Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+ <vuln vid="aa1aefe3-6e37-47db-bfda-343ef4acb1b5">
+ <topic>Mozilla -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>firefox</name>
+ <range><lt>48.0,1</lt></range>
+ </package>
+ <package>
+ <name>firefox-esr</name>
+ <range><lt>45.3.0,1</lt></range>
+ </package>
+ <package>
+ <name>linux-firefox</name>
+ <range><lt>45.3.0,2</lt></range>
+ </package>
+ <package>
+ <name>libxul</name>
+ <name>thunderbird</name>
+ <name>linux-thunderbird</name>
+ <range><lt>45.3.0</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Mozilla Foundation reports:</p>
+ <blockquote cite="https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/#firefox48">
+ <p>MFSA2016-84 Information disclosure through Resource Timing API \
+ during page navigation</p>
+ <p>MFSA2016-83 Spoofing attack through text injection into \
+ internal error pages</p>
+ <p>MFSA2016-82 Addressbar spoofing with right-to-left characters \
+ on Firefox for Android</p>
+ <p>MFSA2016-81 Information disclosure and local file \
+ manipulation through drag and drop</p>
+ <p>MFSA2016-80 Same-origin policy violation using local HTML
+ file and saved shortcut file</p>
+ <p>MFSA2016-79 Use-after-free when applying SVG effects</p>
+ <p>MFSA2016-78 Type confusion in display transformation</p>
+ <p>MFSA2016-77 Buffer overflow in ClearKey Content Decryption
+ Module (CDM) during video playback</p>
+ <p>MFSA2016-76 Scripts on marquee tag can execute in sandboxed
+ iframes</p>
+ <p>MFSA2016-75 Integer overflow in WebSockets during data \
+ buffering</p>
+ <p>MFSA2016-74 Form input type change from password to text \
+ can store plain text password in session restore file</p>
+ <p>MFSA2016-73 Use-after-free in service workers with nested
+ sync events</p>
+ <p>MFSA2016-72 Use-after-free in DTLS during WebRTC session
+ shutdown</p>
+ <p>MFSA2016-71 Crash in incremental garbage collection in \
+ JavaScript</p>
+ <p>MFSA2016-70 Use-after-free when using alt key and toplevel
+ menus</p>
+ <p>MFSA2016-69 Arbitrary file manipulation by local user through \
+ Mozilla updater and callback application path parameter</p>
+ <p>MFSA2016-68 Out-of-bounds read during XML parsing in \
+ Expat library</p>
+ <p>MFSA2016-67 Stack underflow during 2D graphics rendering</p>
+ <p>MFSA2016-66 Location bar spoofing via data URLs with \
+ malformed/invalid mediatypes</p>
+ <p>MFSA2016-65 Cairo rendering crash due to memory allocation
+ issue with FFmpeg 0.10</p>
+ <p>MFSA2016-64 Buffer overflow rendering SVG with bidirectional
+ content</p>
+ <p>MFSA2016-63 Favicon network connection can persist when page
+ is closed</p>
+ <p>MFSA2016-62 Miscellaneous memory safety hazards (rv:48.0 /
+ rv:45.3)</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2016-0718</cvename>
+ <cvename>CVE-2016-2830</cvename>
+ <cvename>CVE-2016-2835</cvename>
+ <cvename>CVE-2016-2836</cvename>
+ <cvename>CVE-2016-2837</cvename>
+ <cvename>CVE-2016-2838</cvename>
+ <cvename>CVE-2016-2839</cvename>
+ <cvename>CVE-2016-5250</cvename>
+ <cvename>CVE-2016-5251</cvename>
+ <cvename>CVE-2016-5252</cvename>
+ <cvename>CVE-2016-5253</cvename>
+ <cvename>CVE-2016-5254</cvename>
+ <cvename>CVE-2016-5255</cvename>
+ <cvename>CVE-2016-5258</cvename>
+ <cvename>CVE-2016-5259</cvename>
+ <cvename>CVE-2016-5260</cvename>
+ <cvename>CVE-2016-5261</cvename>
+ <cvename>CVE-2016-5262</cvename>
+ <cvename>CVE-2016-5263</cvename>
+ <cvename>CVE-2016-5264</cvename>
+ <cvename>CVE-2016-5265</cvename>
+ <cvename>CVE-2016-5266</cvename>
+ <cvename>CVE-2016-5267</cvename>
+ <cvename>CVE-2016-5268</cvename>
+ <url>https://www.mozilla.org/en-US/security/advisories/mfsa2016-62/</url>
+ <url>https://www.mozilla.org/en-US/security/advisories/mfsa2016-63/</url>
+ <url>https://www.mozilla.org/en-US/security/advisories/mfsa2016-64/</url>
+ <url>https://www.mozilla.org/en-US/security/advisories/mfsa2016-65/</url>
+ <url>https://www.mozilla.org/en-US/security/advisories/mfsa2016-66/</url>
+ <url>https://www.mozilla.org/en-US/security/advisories/mfsa2016-67/</url>
+ <url>https://www.mozilla.org/en-US/security/advisories/mfsa2016-68/</url>
+ <url>https://www.mozilla.org/en-US/security/advisories/mfsa2016-69/</url>
+ <url>https://www.mozilla.org/en-US/security/advisories/mfsa2016-70/</url>
+ <url>https://www.mozilla.org/en-US/security/advisories/mfsa2016-71/</url>
+ <url>https://www.mozilla.org/en-US/security/advisories/mfsa2016-72/</url>
+ <url>https://www.mozilla.org/en-US/security/advisories/mfsa2016-73/</url>
+ <url>https://www.mozilla.org/en-US/security/advisories/mfsa2016-74/</url>
+ <url>https://www.mozilla.org/en-US/security/advisories/mfsa2016-75/</url>
+ <url>https://www.mozilla.org/en-US/security/advisories/mfsa2016-76/</url>
+ <url>https://www.mozilla.org/en-US/security/advisories/mfsa2016-77/</url>
+ <url>https://www.mozilla.org/en-US/security/advisories/mfsa2016-78/</url>
+ <url>https://www.mozilla.org/en-US/security/advisories/mfsa2016-79/</url>
+ <url>https://www.mozilla.org/en-US/security/advisories/mfsa2016-80/</url>
+ <url>https://www.mozilla.org/en-US/security/advisories/mfsa2016-81/</url>
+ <url>https://www.mozilla.org/en-US/security/advisories/mfsa2016-82/</url>
+ <url>https://www.mozilla.org/en-US/security/advisories/mfsa2016-83/</url>
+ <url>https://www.mozilla.org/en-US/security/advisories/mfsa2016-84/</url>
+ </references>
+ <dates>
+ <discovery>2016-08-02</discovery>
+ <entry>2016-09-07</entry>
+ </dates>
+ </vuln>
+
<vuln vid="5cb18881-7604-11e6-b362-001999f8d30b">
<topic>asterisk -- RTP Resource Exhaustion</topic>
<affects>
More information about the svn-ports-head
mailing list