X-Original-To: alpine-aports@lists.alpinelinux.org Received: from newmail.tetrasec.net (unknown [172.21.74.12]) by lists.alpinelinux.org (Postfix) with ESMTP id A43DC5C49D6 for ; Thu, 26 Jan 2017 13:11:41 +0000 (GMT) Received: from ncopa-desktop.copa.dup.pw (15.63.200.37.customer.cdi.no [37.200.63.15]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) (Authenticated sender: n@tanael.org) by newmail.tetrasec.net (Postfix) with ESMTPSA id 166125A0831; Thu, 26 Jan 2017 13:11:40 +0000 (GMT) Date: Thu, 26 Jan 2017 14:11:35 +0100 From: Natanael Copa To: Sergei Lukin Cc: alpine-aports@lists.alpinelinux.org Subject: Re: [alpine-aports] [PATCH edge] community/firefox-esr: security upgrade to 45.7.0 - fixes #6746 Message-ID: <20170126141135.0f76f9c5@ncopa-desktop.copa.dup.pw> In-Reply-To: <20170126121824.15782-1-sergej.lukin@gmail.com> References: <20170126121824.15782-1-sergej.lukin@gmail.com> X-Mailer: Claws Mail 3.13.2 (GTK+ 2.24.28; x86_64-alpine-linux-musl) X-Mailinglist: alpine-aports Precedence: list List-Id: Alpine Development List-Unsubscribe: List-Post: List-Help: List-Subscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit On Thu, 26 Jan 2017 12:18:24 +0000 Sergei Lukin wrote: > CVE-2017-5373: Memory safety bugs fixed in Firefox 51 and Firefox ESR 45.7 > CVE-2017-5375: Excessive JIT code allocation allows bypass of ASLR and DEP > CVE-2017-5376: Use-after-free in XSL > CVE-2017-5378: Pointer and frame data leakage of Javascript objects > CVE-2017-5380: Potential use-after-free during DOM manipulations > CVE-2017-5383: Location bar spoofing with unicode characters > CVE-2017-5386: WebExtensions can use data: protocol to affect other extensions > CVE-2017-5390: Insecure communication methods in Developer Tools JSON viewer > CVE-2017-5396: Use-after-free with Media Decoder > --- > community/firefox-esr/APKBUILD | 11 ++++++----- > 1 file changed, 6 insertions(+), 5 deletions(-) Please hold this off a bit. i want upgrade hunspell while we do rebuilds of firefox. We need upgrade the kernel on the build servers though, due to the recent paxmark changes. -nc --- Unsubscribe: alpine-aports+unsubscribe@lists.alpinelinux.org Help: alpine-aports+help@lists.alpinelinux.org ---