Subject: PR/33333 CVS commit: pkgsrc/www
To: None <,,,>
From: Bernd Ernesti <>
List: pkgsrc-bugs
Date: 04/24/2006 16:55:05
The following reply was made to PR pkg/33333; it has been noted by GNATS.

From: Bernd Ernesti <>
Subject: PR/33333 CVS commit: pkgsrc/www
Date: Mon, 24 Apr 2006 16:52:58 +0000 (UTC)

 Module Name:	pkgsrc
 Committed By:	veego
 Date:		Mon Apr 24 16:52:58 UTC 2006
 Modified Files:
 	pkgsrc/www/mozilla: Makefile distinfo
 	pkgsrc/www/mozilla-gtk2: Makefile
 Added Files:
 	pkgsrc/www/mozilla/patches: patch-cn
 Log Message:
 Update "mozilla" packages to version 1.7.13. Changes since 1.7.12:
 - stability fixes
 - security fixes
  - MFSA 2006-27 Table Rebuilding Code Execution Vulnerability
  - MFSA 2006-25 Privilege escalation through Print Preview
  - MFSA 2006-24 Privilege escalation using crypto.generateCRMFRequest
  - MFSA 2006-23 File stealing by changing input type
  - MFSA 2006-22 CSS Letter-Spacing Heap Overflow Vulnerability
  - MFSA 2006-21 JavaScript execution in mail when forwarding in-line
  - MFSA 2006-19 Cross-site scripting using
  - MFSA 2006-18 Mozilla Firefox Tag Order Vulnerability
  - MFSA 2006-17 cross-site scripting through window.controllers
  - MFSA 2006-16 Accessing XBL compilation scope via
  - MFSA 2006-15 Privilege escalation using a JavaScript function's cloned
  - MFSA 2006-14 Privilege escalation via XBL.method.eval
  - MFSA 2006-13 Downloading executables with "Save Image As..."
  - MFSA 2006-12 Secure-site spoof (requires security warning dialog)
  - MFSA 2006-11 Crashes with evidence of memory corruption (rv:1.8)
  - MFSA 2006-10 JavaScript garbage-collection hazard audit
  - MFSA 2006-09 Cross-site JavaScript injection using event handlers
  - MFSA 2006-05 Localstore.rdf XML injection through XULDocument.persist()
  - MFSA 2006-03 Long document title causes startup denial of Service
  - MFSA 2006-01 JavaScript garbage-collection hazards
 - additional patch to fix pr#33333
 Shin'ichiro TAYA told me that i can do this update.
 To generate a diff of this commit:
 cvs rdiff -r1.157 -r1.158 pkgsrc/www/mozilla/Makefile
 cvs rdiff -r1.19 -r1.20 pkgsrc/www/mozilla/
 cvs rdiff -r1.88 -r1.89 pkgsrc/www/mozilla/distinfo
 cvs rdiff -r1.36 -r1.37 pkgsrc/www/mozilla-gtk2/Makefile
 cvs rdiff -r1.17 -r1.18 pkgsrc/www/mozilla-gtk2/
 cvs rdiff -r0 -r1.1 pkgsrc/www/mozilla/patches/patch-cn
 Please note that diffs are not public domain; they are subject to the
 copyright notices on the relevant files.