[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: GNU IceCat 45 beta now available in Guix
From: |
Leo Famulari |
Subject: |
Re: GNU IceCat 45 beta now available in Guix |
Date: |
Wed, 12 Oct 2016 10:32:21 -0400 |
User-agent: |
Mutt/1.7.0 (2016-08-17) |
On Wed, Oct 12, 2016 at 01:42:26AM -0400, Mark H Weaver wrote:
> Hello Guix,
>
> I'm pleased to announce the availability of GNU IceCat 45.3.0-gnu1-beta
> with selected fixes cherry-picked from upstream, including all security
> fixes introduced in Firefox ESR 45.4.0, specifically:
>
> CVE-2016-5250 - Resource Timing API is storing resources sent by
> the previous page
> CVE-2016-5257 - Memory safety bugs fixed in Firefox 49 and Firefox ESR 45.4
> CVE-2016-5261 - Integer overflow and memory corruption in WebSocketChannel
> CVE-2016-5270 - Heap-buffer-overflow in
> nsCaseTransformTextRunFactory::TransformString
> CVE-2016-5272 - Bad cast in nsImageGeometryMixin
> CVE-2016-5274 - use-after-free in nsFrameManager::CaptureFrameState
> CVE-2016-5276 - Heap-use-after-free in
> mozilla::a11y::DocAccessible::ProcessInvalidationList
> CVE-2016-5277 - Heap-use-after-free in nsRefreshDriver::Tick
> CVE-2016-5278 - Heap-buffer-overflow in nsBMPEncoder::AddImageFrame
> CVE-2016-5280 - Use-after-free in
> mozilla::nsTextNodeDirectionalityMap::RemoveElementFromMap
> CVE-2016-5281 - use-after-free in DOMSVGLength
> CVE-2016-5284 - Add-on update site certificate pin expiration
Thanks a lot for your work on this!