Re: firefox/thunderbird/seamonkey/xulrunner/nss bugfix updates
On Thu, Oct 21, 2010 at 7:10 AM, Dawe dawed...@gmx.de wrote: On Oct 20, 2010 17:24, Landry Breuil wrote: Hi, here's a bunch of mozilla updates (tb 3.1.5, sm 2.0.9, ffx 3.5.14/3.6.11, xl 1.9.2.11), be sure to update nss first as it's a requirement for all (hence the mozilla.port.mk diff). nss' major has been bumped, API changed. While here i refixed xulrunner WANTLIB. Fixes: MFSA 2010-72 Insecure Diffie-Hellman key exchange MFSA 2010-71 Unsafe library loading vulnerabilities MFSA 2010-70 SSL wildcard certificate matching IP addresses MFSA 2010-69 Cross-site information disclosure via modal calls MFSA 2010-68 XSS in gopher parser when parsing hrefs MFSA 2010-67 Dangling pointer vulnerability in LookupGetterOrSetter MFSA 2010-66 Use-after-free error in nsBarProp MFSA 2010-65 Buffer overflow and memory corruption using document.write MFSA 2010-64 Miscellaneous memory safety hazards (rv:1.9.2.11/ 1.9.1.14) If you use any of those, test. Landry Firefox 3.6.11 seems to be fine on amd64. seems to be OK on macppc as well. Thanks, --patrick
Re: firefox/thunderbird/seamonkey/xulrunner/nss bugfix updates
On Oct 20, 2010 17:24, Landry Breuil wrote: Hi, here's a bunch of mozilla updates (tb 3.1.5, sm 2.0.9, ffx 3.5.14/3.6.11, xl 1.9.2.11), be sure to update nss first as it's a requirement for all (hence the mozilla.port.mk diff). nss' major has been bumped, API changed. While here i refixed xulrunner WANTLIB. Fixes: MFSA 2010-72 Insecure Diffie-Hellman key exchange MFSA 2010-71 Unsafe library loading vulnerabilities MFSA 2010-70 SSL wildcard certificate matching IP addresses MFSA 2010-69 Cross-site information disclosure via modal calls MFSA 2010-68 XSS in gopher parser when parsing hrefs MFSA 2010-67 Dangling pointer vulnerability in LookupGetterOrSetter MFSA 2010-66 Use-after-free error in nsBarProp MFSA 2010-65 Buffer overflow and memory corruption using document.write MFSA 2010-64 Miscellaneous memory safety hazards (rv:1.9.2.11/ 1.9.1.14) If you use any of those, test. Landry Firefox 3.6.11 seems to be fine on amd64.