Mail archive
alpine-aports

Re: [alpine-aports] [PATCH edge] community/firefox-esr: security upgrade to 45.7.0 - fixes #6746

From: Natanael Copa <ncopa_at_alpinelinux.org>
Date: Thu, 26 Jan 2017 14:11:35 +0100

On Thu, 26 Jan 2017 12:18:24 +0000
Sergei Lukin <sergej.lukin_at_gmail.com> wrote:

> CVE-2017-5373: Memory safety bugs fixed in Firefox 51 and Firefox ESR 45.7
> CVE-2017-5375: Excessive JIT code allocation allows bypass of ASLR and DEP
> CVE-2017-5376: Use-after-free in XSL
> CVE-2017-5378: Pointer and frame data leakage of Javascript objects
> CVE-2017-5380: Potential use-after-free during DOM manipulations
> CVE-2017-5383: Location bar spoofing with unicode characters
> CVE-2017-5386: WebExtensions can use data: protocol to affect other extensions
> CVE-2017-5390: Insecure communication methods in Developer Tools JSON viewer
> CVE-2017-5396: Use-after-free with Media Decoder
> ---
> community/firefox-esr/APKBUILD | 11 ++++++-----
> 1 file changed, 6 insertions(+), 5 deletions(-)

Please hold this off a bit. i want upgrade hunspell while we do
rebuilds of firefox.

We need upgrade the kernel on the build servers though, due to the
recent paxmark changes.

-nc


---
Unsubscribe:  alpine-aports+unsubscribe_at_lists.alpinelinux.org
Help:         alpine-aports+help_at_lists.alpinelinux.org
---
Received on Thu Jan 26 2017 - 14:11:35 GMT