pkgsrc-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[pkgsrc/trunk]: pkgsrc/www/firefox52 Update to 52.5.0



details:   https://anonhg.NetBSD.org/pkgsrc/rev/2ba61b2b579f
branches:  trunk
changeset: 371673:2ba61b2b579f
user:      ryoon <ryoon%pkgsrc.org@localhost>
date:      Fri Nov 17 00:19:01 2017 +0000

description:
Update to 52.5.0

Changelog:
Security fixes:
#CVE-2017-7828: Use-after-free of PressShell while restyling layout

Reporter
    Nils
Impact
    critical

Description

A use-after-free vulnerability can occur when flushing and resizing
layout because the PressShell object has been freed while still
in use. This results in a potentially exploitable crash during
these operations.

References

    Bug 1406750
    Bug 1412252

#CVE-2017-7830: Cross-origin URL information leak through Resource Timing API

Reporter
    Jun Kokatsu
Impact
    high

Description

The Resource Timing API incorrectly revealed navigations in cross-origin
iframes. This is a same-origin policy violation and could allow for
data theft of URLs loaded by users.

References

    Memory safety bugs fixed in Firefox 57

#CVE-2017-7826: Memory safety bugs fixed in Firefox 57 and Firefox ESR 52.5

Reporter
    Mozilla developers and community
Impact
    critical

Description

Mozilla developers and community members Christian Holler, David
Keeler, Jon Coppeard, Julien Cristau, Jan de Mooij, Jason Kratzer,
Philipp, Nicholas Nethercote, Oriol Brufau, Andr? Bargull, Bob Clary,
Jet Villegas, Randell Jesup, Tyson Smith, Gary Kwong, and Ryan VanderMeulen
reported memory safety bugs present in Firefox 56 and Firefox ESR 52.4.
Some of these bugs showed evidence of memory corruption and we presume
that with enough effort that some of these could be exploited to
run arbitrary code.

References

    Memory safety bugs fixed in Firefox 57 and Firefox ESR 52.5

diffstat:

 www/firefox52/Makefile |   6 +++---
 www/firefox52/distinfo |  10 +++++-----
 2 files changed, 8 insertions(+), 8 deletions(-)

diffs (33 lines):

diff -r 0db01c459c6f -r 2ba61b2b579f www/firefox52/Makefile
--- a/www/firefox52/Makefile    Thu Nov 16 22:36:34 2017 +0000
+++ b/www/firefox52/Makefile    Fri Nov 17 00:19:01 2017 +0000
@@ -1,8 +1,8 @@
-# $NetBSD: Makefile,v 1.10 2017/11/09 19:17:19 ryoon Exp $
+# $NetBSD: Makefile,v 1.11 2017/11/17 00:19:01 ryoon Exp $
 
 FIREFOX_VER=           ${MOZ_BRANCH}${MOZ_BRANCH_MINOR}
-MOZ_BRANCH=            52.4
-MOZ_BRANCH_MINOR=      .1esr
+MOZ_BRANCH=            52.5
+MOZ_BRANCH_MINOR=      .0esr
 
 DISTNAME=      firefox-${FIREFOX_VER}.source
 PKGNAME=       firefox52-${MOZ_BRANCH}${MOZ_BRANCH_MINOR:S/b/beta/:S/esr//}
diff -r 0db01c459c6f -r 2ba61b2b579f www/firefox52/distinfo
--- a/www/firefox52/distinfo    Thu Nov 16 22:36:34 2017 +0000
+++ b/www/firefox52/distinfo    Fri Nov 17 00:19:01 2017 +0000
@@ -1,9 +1,9 @@
-$NetBSD: distinfo,v 1.8 2017/11/09 19:17:19 ryoon Exp $
+$NetBSD: distinfo,v 1.9 2017/11/17 00:19:01 ryoon Exp $
 
-SHA1 (firefox-52.4.1esr.source.tar.xz) = c9ab3441780518ed9a57206d5f88445e38adb4f5
-RMD160 (firefox-52.4.1esr.source.tar.xz) = ca192f10ba393eecc023c55cfcfbc11a7d18dcf9
-SHA512 (firefox-52.4.1esr.source.tar.xz) = d80c7219548391d8a47b6e404662ea41e6acfa264a67d69365e76dd8943077e388ab24b030850919f8fc6681c11486bdbaaf170d441c861f4a12cedbe08955ab
-Size (firefox-52.4.1esr.source.tar.xz) = 211950124 bytes
+SHA1 (firefox-52.5.0esr.source.tar.xz) = 4941f498f8ec838b1bdc70fc8f13c8fde379ddce
+RMD160 (firefox-52.5.0esr.source.tar.xz) = c451c1c7cbb5ba8cdf1e35d48f08725cc8bd329c
+SHA512 (firefox-52.5.0esr.source.tar.xz) = fe724108ba538e590b87a5c1b817471d3cca9b038ba2755642e4d7b8ebb6174322be1fe074f24ef181946f9a027106b50b500d2fa541d8a99ef44905822eda18
+Size (firefox-52.5.0esr.source.tar.xz) = 214241184 bytes
 SHA1 (patch-aa) = c1084caa275e57b716c3499301f7fc3f99ef5026
 SHA1 (patch-ao) = 8b7125ef3b193fca4d03386142887b2f8d5015c5
 SHA1 (patch-as) = 632ebd35287f8f97d18721d39a0514d4cdbb12cc



Home | Main Index | Thread Index | Old Index