Subject: CVS commit: [pkgsrc-2005Q1] pkgsrc/www/firefox
To: None <pkgsrc-changes@NetBSD.org>
From: Soren Jacobsen <snj@netbsd.org>
List: pkgsrc-changes
Date: 04/22/2005 06:48:13
Module Name: pkgsrc
Committed By: snj
Date: Fri Apr 22 06:48:13 UTC 2005
Modified Files:
pkgsrc/www/firefox [pkgsrc-2005Q1]: Makefile-firefox.common distinfo
Removed Files:
pkgsrc/www/firefox/patches [pkgsrc-2005Q1]: patch-bugzilla288688
Log Message:
Pullup ticket 459 - requested by Shin'ichiro TAYA
security fix for firefox and firefox-gtk1
Revisions pulled up:
- pkgsrc/www/firefox/Makefile-firefox.common 1.15
- pkgsrc/www/firefox/distinfo 1.28
- pkgsrc/www/firefox/patches/patch-bugzilla28868 removed
Module Name: pkgsrc
Committed By: taya
Date: Sun Apr 17 02:19:39 UTC 2005
Modified Files:
pkgsrc/www/firefox: Makefile-firefox.common distinfo
Removed Files:
pkgsrc/www/firefox/patches: patch-bugzilla288688
Log Message:
Update firefox & firefox-gtk1 to 1.0.3.
This is a security fix release.
Fixed vulnerabilities are follows:
MFSA 2005-33 Javascript "lambda" replace exposes memory contents
MFSA 2005-34 javascript: PLUGINSPAGE code execution
MFSA 2005-35 Showing blocked javascript: popup uses wrong privilege context
MFSA 2005-36 Cross-site scripting through global scope pollution
MFSA 2005-37 Code execution through javascript: favicons
MFSA 2005-38 Search plugin cross-site scripting
MFSA 2005-39 Arbitrary code execution from Firefox sidebar panel II
MFSA 2005-40 Missing Install object instance checks
MFSA 2005-41 Privilege escalation via DOM property overrides
To generate a diff of this commit:
cvs rdiff -r1.11.2.2 -r1.11.2.3 pkgsrc/www/firefox/Makefile-firefox.common
cvs rdiff -r1.25.2.2 -r1.25.2.3 pkgsrc/www/firefox/distinfo
cvs rdiff -r1.1.2.1 -r0 pkgsrc/www/firefox/patches/patch-bugzilla288688
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.