CVS commit: pkgsrc/www/firefox140

To: pkgsrc-changes%NetBSD.org@localhost
Subject: CVS commit: pkgsrc/www/firefox140
From: "David H. Gutteridge" <gutteridge%netbsd.org@localhost>
Date: Thu, 9 Apr 2026 18:37:06 +0000

Module Name:    pkgsrc
Committed By:   gutteridge
Date:           Thu Apr  9 18:37:06 UTC 2026

Modified Files:
        pkgsrc/www/firefox140: Makefile distinfo

Log Message:
firefox140: update to 140.9.1

Mozilla Foundation Security Advisory 2026-27
Security Vulnerabilities fixed in Firefox ESR 140.9.1

Announced
    April 7, 2026
Impact
    high
Products
    Firefox ESR
Fixed in

        Firefox ESR 140.9.1

#CVE-2026-5732: Incorrect boundary conditions, integer overflow in the Graphics: Text component

Reporter
    Sajeeb Lohani
Impact
    high

References

    Bug 2017867

#CVE-2026-5731: Memory safety bugs fixed in Firefox ESR 115.34.1, Firefox ESR 140.9.1, Thunderbird ESR 140.9.1, Firefox 149.0.2 and Thunderbird 149.0.2

Reporter
    Brian Grinstead, Christian Holler, Tom Schuster and the Mozilla Fuzzing Team
Impact
    high

Description

Memory safety bugs present in Firefox ESR 115.34.0, Firefox ESR 140.9.0, Thunderbird ESR 140.9.0, Firefox 149.0.1 and Thunderbird 149.0.1. Some of these bugs showed evidence of memory corruption and 
we presume that with enough effort some of these could have been exploited to run arbitrary code.
References

    Memory safety bugs fixed in Firefox ESR 115.34.1, Firefox ESR 140.9.1, Thunderbird ESR 140.9.1, Firefox 149.0.2 and Thunderbird 149.0.2

#CVE-2026-5734: Memory safety bugs fixed in Firefox ESR 140.9.1, Thunderbird ESR 140.9.1, Firefox 149.0.2 and Thunderbird 149.0.2

Reporter
    Brian Grinstead, Christian Holler, Tom Schuster and the Mozilla Fuzzing Team
Impact
    high

Description

Memory safety bugs present in Firefox ESR 140.9.0, Thunderbird ESR 140.9.0, Firefox 149.0.1 and Thunderbird 149.0.1. Some of these bugs showed evidence of memory corruption and we presume that with 
enough effort some of these could have been exploited to run arbitrary code.
References

    Memory safety bugs fixed in Firefox ESR 140.9.1, Thunderbird ESR 140.9.1, Firefox 149.0.2 and Thunderbird 149.0.2


To generate a diff of this commit:
cvs rdiff -u -r1.12 -r1.13 pkgsrc/www/firefox140/Makefile
cvs rdiff -u -r1.11 -r1.12 pkgsrc/www/firefox140/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/www/firefox140/Makefile
diff -u pkgsrc/www/firefox140/Makefile:1.12 pkgsrc/www/firefox140/Makefile:1.13
--- pkgsrc/www/firefox140/Makefile:1.12 Tue Mar 24 13:11:35 2026
+++ pkgsrc/www/firefox140/Makefile      Thu Apr  9 18:37:06 2026
@@ -1,8 +1,8 @@
-# $NetBSD: Makefile,v 1.12 2026/03/24 13:11:35 gutteridge Exp $
+# $NetBSD: Makefile,v 1.13 2026/04/09 18:37:06 gutteridge Exp $
 
 FIREFOX_VER=           ${MOZ_BRANCH}${MOZ_BRANCH_MINOR}
 MOZ_BRANCH=            140.9
-MOZ_BRANCH_MINOR=      .0esr
+MOZ_BRANCH_MINOR=      .1esr
 
 DISTNAME=      firefox-${FIREFOX_VER}.source
 PKGNAME=       ${DISTNAME:S/.source//:S/b/beta/:S/esr//:S/firefox-/firefox140-/}

Index: pkgsrc/www/firefox140/distinfo
diff -u pkgsrc/www/firefox140/distinfo:1.11 pkgsrc/www/firefox140/distinfo:1.12
--- pkgsrc/www/firefox140/distinfo:1.11 Tue Mar 24 13:11:35 2026
+++ pkgsrc/www/firefox140/distinfo      Thu Apr  9 18:37:06 2026
@@ -1,8 +1,8 @@
-$NetBSD: distinfo,v 1.11 2026/03/24 13:11:35 gutteridge Exp $
+$NetBSD: distinfo,v 1.12 2026/04/09 18:37:06 gutteridge Exp $
 
-BLAKE2s (firefox-140.9.0esr.source.tar.xz) = 75f692405065815d77747a641f067694ec99a82548df0f326dada4f6963ccfa7
-SHA512 (firefox-140.9.0esr.source.tar.xz) = bc03fd2a73d00a88bd0a3c9eeaefe618ffb34226fb7bc2fac4a02246ff29fe038423bf77538273ee6fac25fb1e3e4fa98bb522026ae3427a0ad5f41d2ec6ba98
-Size (firefox-140.9.0esr.source.tar.xz) = 630445704 bytes
+BLAKE2s (firefox-140.9.1esr.source.tar.xz) = 0602c185e37132155cbd4b9bc9b795295b99bc81eb2bf7c282bf5b29b21aa0d9
+SHA512 (firefox-140.9.1esr.source.tar.xz) = 119a4e4e536fd4534adcc4a546a988e553285f9326bf16e9771854ec2dc7d039a729aedc5925623e172260a5e154172c56a011f131068736eb2a89a8de611840
+Size (firefox-140.9.1esr.source.tar.xz) = 634745800 bytes
 BLAKE2s (nodejs-output-140.0.4.tgz) = 7ebb5993c8c9d7d5492afdb9fa7fef74fec7753fb0b14673817f24faf4a7fca4
 SHA512 (nodejs-output-140.0.4.tgz) = e421b0b6be8b5b8dfda705eefcf4573a1270df9012dca5eac9ba0ac2af2bcc47dd66b1057106f8c2336a10bdcc39b9f852041dd33da9e7a8929d981dbb4e1fb4
 Size (nodejs-output-140.0.4.tgz) = 245385 bytes

Prev by Date: CVS commit: pkgsrc/doc
Next by Date: CVS commit: pkgsrc/doc
Previous by Thread: CVS commit: pkgsrc/doc
Next by Thread: CVS commit: pkgsrc/doc
Indexes:

Home | Main Index | Thread Index | Old Index