On 03/11/2017 16:26, Richmond wrote: > How do I tell if, for example, CVE-2017-7810 has been addressed in > Seamonkey? I see it is fixed in Firefox ESR 52.4. So if I recompile will > it be in Seamonkey comm-esr52?
https://www.mozilla.org/en-US/security/advisories/mfsa2017-22/#CVE-2017-7810 Mozilla developers and community members Christoph Diehl, Jan de Mooij, Jason Kratzer, Randell Jesup, Tom Ritter, Tyson Smith, and Sebastian Hengst reported memory safety bugs present in Firefox 55 and Firefox ESR 52.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. References: Memory safety bugs fixed in Firefox 56 and Firefox ESR 52.4 https://bugzilla.mozilla.org/buglist.cgi?bug_id=1386787%2C1389974%2C1371657%2C1360334%2C1390550%2C1380824%2C1387918%2C1395598 NONE of these bugs are public, despite the CVE entry being created over 6 months ago, and the fix being announced a month ago. I don't know who's running the show at moz org, but someone needs to give them a good kick in the bottom, if you ask me. Regards. _______________________________________________ support-seamonkey mailing list support-seamonkey@lists.mozilla.org https://lists.mozilla.org/listinfo/support-seamonkey
