CVE-2016-9893: Memory safety bugs
CVE-2016-9895: CSP bypass using marquee tag
CVE-2016-9897: Memory corruption in libGLES
CVE-2016-9898: Use-after-free in Editor while manipulating DOM subtrees
CVE-2016-9899: Use-after-free while manipulating DOM events and audio elements
CVE-2016-9900: Restricted external resources can be loaded by SVG images through data URLs
CVE-2016-9901: Data from Pocket server improperly sanitized before execution
CVE-2016-9902: Pocket extension does not validate the origin of events
CVE-2016-9904: Cross-origin information leak in shared atoms
CVE-2016-9905: Crash in EnumerateSubDocuments
---
community/firefox-esr/APKBUILD | 23 +++++++++++++++++++----
1 file changed, 19 insertions(+), 4 deletions(-)
diff --git a/community/firefox-esr/APKBUILD b/community/firefox-esr/APKBUILD
index e403d4b..a80d15c 100644
--- a/community/firefox-esr/APKBUILD
@@ -1,7 +1,8 @@
+# Contributor: Sergei Lukin <sergej.lukin@gmail.com>
# Contributor: William Pitcock <nenolod@dereferenced.org>
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=firefox-esr
-pkgver=45.4.0
+pkgver=45.6.0
_pkgver=$pkgver
_xulver=$pkgver
pkgrel=0
@@ -74,6 +75,20 @@ source="http://ftp.mozilla.org/pub/firefox/releases/${pkgver}esr/source/firefox-
firefox.desktop
firefox-safe.desktop"
+# secfixes:
+# 45.6.0:
+# - CVE-2016-9893
+# - CVE-2016-9895
+# - CVE-2016-9897
+# - CVE-2016-9898
+# - CVE-2016-9899
+# - CVE-2016-9900
+# - CVE-2016-9901
+# - CVE-2016-9902
+# - CVE-2016-9904
+# - CVE-2016-9905
+
+
_builddir="${srcdir}/firefox-${pkgver}esr"
_mozappdir=/usr/lib/firefox-$pkgver
_mozappdirdev=/usr/lib/firefox-devel-$pkgver
@@ -169,7 +184,7 @@ dev() {
default_dev
}
-md5sums="20358acfbb9e11782940c180fd2b1528 firefox-45.4.0esr.source.tar.xz
+md5sums="ee3cf2401a5716cebacaae5fb70d133f firefox-45.6.0esr.source.tar.xz
1f4c60e662ed93784431bd06c5141719 mozconfig
99b27aeac58923f318d083e5e71879ba vendor.js
6ab77b80c8c7d6fd07ab53c54561f4df 0002-Use-C99-math-isfinite.patch
@@ -188,7 +203,7 @@ b8b2a3cdb38f402e4eb4885908233811 libavutil.patch
0db0cce8350d59a91ae2c4f0400f7146 mallinfo.patch
ba96924ece1d77453e462429037a2ce5 firefox.desktop
6f38a5899034b7786cb1f75ad42032b8 firefox-safe.desktop"
-sha256sums="cfd90096b9e1019b9de4fe061ece8c65f668b8a24bcbb657ce6b3c940ef83ad0 firefox-45.4.0esr.source.tar.xz
+sha256sums="c1e7ddf6efb0f54c8071131b6395f4942a422c2ab70f2e9a81b588373d6fbf5b firefox-45.6.0esr.source.tar.xz
23c2b4535ce83c92ba978e15ce328c9f140def155d12523c00df30baf41b98dc mozconfig
afecb8c17a2bedafe600dd572d24eff24e540cda02f675705d11168040379ce6 vendor.js
080a55182b865471a86fa4b70a66ed9495f1e536f7fdc4060cb8c675b4749c6e 0002-Use-C99-math-isfinite.patch
@@ -207,7 +222,7 @@ a1ba79ec0c50c19edcfb24bb2686a718a77b02035e412989b9208b9b818abe14 allow-utf8-fal
2f564fa5f347f3c7f20d589ef273f000ca9c9aeca2c6ad0fb5b15bfc715d8b81 mallinfo.patch
b571c4a49884a3c98806246c9cc3e60c73d5a8f4aeb7f96217db0be1d6210eda firefox.desktop
4b6de45753856a890f4482055666e77f9b01bdfb7e0df08bafaa3a4d9937eed3 firefox-safe.desktop"
-sha512sums="2955e02f829a10186a8b22320fb97d4b0fc2b45721fcffa6295653fd760d516ae72b5656547685ba1e0699b381e28044996d9ee12a8738842b4e6b8acd296715 firefox-45.4.0esr.source.tar.xz
+sha512sums="b96c71aeed8a1185a085512f33d454a1735237cd9ddf37c8caa9cc91892eafab0615fc0ca6035f282ca8101489fa84c0de1087d1963c05b64df32b0c86446610 firefox-45.6.0esr.source.tar.xz
e14b4a646230f7a752ef864b0e6a074fdac74d6c4abde2c31656eb10ac6f002a5c664d257bf3f4bd22544f10103e38d5fae49f84fcaae402b81940e72bcfe0e5 mozconfig
cc10dba32d9c7faf1d99b8fdebc71bf0200ad10b976105edb45df696bf64a668b2b7aa8c3892a8056eb71fb071b0e0ae51c3ce2fb75acfb7e7035104c0e4fce3 vendor.js
7e123144bc2b1efed149dfb41b255c447d43ea93a63ebe114d01945e6a6d69edc2f2a3c36980a93279106c1842355851b8b6c1d96679ee6be7b9b30513e0b1a8 0002-Use-C99-math-isfinite.patch
--
2.8.3
---
Unsubscribe: alpine-aports+unsubscribe@lists.alpinelinux.org
Help: alpine-aports+help@lists.alpinelinux.org
---