Bug 193922 - security/vuxml: belatedly add Mozilla entry for CVE-2014-155[34] and CVE-2014-156[2-7]
Summary: security/vuxml: belatedly add Mozilla entry for CVE-2014-155[34] and CVE-2014...
Status: Closed Not Accepted
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Only Me
Assignee: freebsd-gecko (Nobody)
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2014-09-25 13:10 UTC by Jan Beich
Modified: 2016-01-17 12:06 UTC (History)
1 user (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Jan Beich freebsd_committer freebsd_triage 2014-09-25 13:10:18 UTC 
SeaMonkey and XULRunner are likely affected as well but not listed in MFSAs. Taking discovery date as the commit date of the latest fix in the series under esr24 branch.

  <vuln vid="da2e025f-a78d-46e4-83ee-7c65f9897f11">
    <topic>mozilla -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>firefox</name>
	<range><lt>32.0,1</lt></range>
      </package>
      <package>
	<name>linux-firefox</name>
	<range><lt>32.0,1</lt></range>
      </package>
      <package>
	<name>firefox-esr</name>
	<range><lt>31.1.0,1</lt></range>
      </package>
      <package>
	<name>linux-thunderbird</name>
	<range><lt>31.1.0</lt></range>
      </package>
      <package>
	<name>thunderbird</name>
	<range><lt>31.1.0</lt></range>
      </package>
      <package>
	<name>linux-seamonkey</name>
	<range><lt>2.29</lt></range>
      </package>
      <package>
	<name>seamonkey</name>
	<range><lt>2.29</lt></range>
      </package>
      <package>
	<name>libxul</name>
	<range><lt>24.8.0</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The Mozilla Project reports:</p>
	<blockquote cite="http://www.mozilla.org/security/known-vulnerabilities/">
	  <p>MFSA 2014-72 Use-after-free setting text directionality</p>
	  <p>MFSA 2014-71 Profile directory file access through file:
	   protocol</p>
	  <p>MFSA 2014-70 Out-of-bounds read in Web Audio audio timeline</p>
	  <p>MFSA 2014-69 Uninitialized memory use during GIF rendering</p>
	  <p>MFSA 2014-68 Use-after-free during DOM interactions with SVG</p>
	  <p>MFSA 2014-67 Miscellaneous memory safety hazards
	   (rv:32.0 / rv:31.1 / rv:24.8)</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2014-1553</cvename>
      <cvename>CVE-2014-1554</cvename>
      <cvename>CVE-2014-1562</cvename>
      <cvename>CVE-2014-1563</cvename>
      <cvename>CVE-2014-1564</cvename>
      <cvename>CVE-2014-1565</cvename>
      <cvename>CVE-2014-1566</cvename>
      <cvename>CVE-2014-1567</cvename>
      <url>https://www.mozilla.org/security/announce/2014/mfsa2014-67.html</url>
      <url>https://www.mozilla.org/security/announce/2014/mfsa2014-68.html</url>
      <url>https://www.mozilla.org/security/announce/2014/mfsa2014-69.html</url>
      <url>https://www.mozilla.org/security/announce/2014/mfsa2014-70.html</url>
      <url>https://www.mozilla.org/security/announce/2014/mfsa2014-71.html</url>
      <url>https://www.mozilla.org/security/announce/2014/mfsa2014-72.html</url>
      <url>https://www.mozilla.org/security/announce/</url>
    </references>
    <dates>
      <discovery>2014-08-18</discovery>
      <entry>2014-09-02</entry>
    </dates>
  </vuln>
Comment 1 Bugzilla Automation freebsd_committer freebsd_triage 2014-09-25 13:10:18 UTC 
Auto-assigned to maintainer ports-secteam@FreeBSD.org
Comment 2 Jan Beich freebsd_committer freebsd_triage 2014-11-01 13:16:39 UTC 
Moving to gecko@. Probably not worth to bother this late unless VuXML is supposed to be precise about all vulnerabilities.
Comment 3 Martin Wilke freebsd_committer freebsd_triage 2016-01-17 12:06:21 UTC 
Hi,

Not worth to bother about this late.