From mboxrd@z Thu Jan 1 00:00:00 1970 From: Leo Famulari Subject: Re: GNU IceCat 45 beta now available in Guix Date: Wed, 12 Oct 2016 10:32:21 -0400 Message-ID: <20161012143221.GD18017@jasmine> References: <87lh0dz106.fsf@netris.org> <87shs2unr1.fsf@netris.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:40442) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1buKaC-00039m-FQ for guix-devel@gnu.org; Wed, 12 Oct 2016 10:32:37 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1buKa7-0007oM-Fj for guix-devel@gnu.org; Wed, 12 Oct 2016 10:32:36 -0400 Received: from out5-smtp.messagingengine.com ([66.111.4.29]:45792) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1buKa6-0007ma-9z for guix-devel@gnu.org; Wed, 12 Oct 2016 10:32:31 -0400 Content-Disposition: inline In-Reply-To: <87shs2unr1.fsf@netris.org> List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: "Guix-devel" To: Mark H Weaver Cc: guix-devel@gnu.org On Wed, Oct 12, 2016 at 01:42:26AM -0400, Mark H Weaver wrote: > Hello Guix, > > I'm pleased to announce the availability of GNU IceCat 45.3.0-gnu1-beta > with selected fixes cherry-picked from upstream, including all security > fixes introduced in Firefox ESR 45.4.0, specifically: > > CVE-2016-5250 - Resource Timing API is storing resources sent by > the previous page > CVE-2016-5257 - Memory safety bugs fixed in Firefox 49 and Firefox ESR 45.4 > CVE-2016-5261 - Integer overflow and memory corruption in WebSocketChannel > CVE-2016-5270 - Heap-buffer-overflow in > nsCaseTransformTextRunFactory::TransformString > CVE-2016-5272 - Bad cast in nsImageGeometryMixin > CVE-2016-5274 - use-after-free in nsFrameManager::CaptureFrameState > CVE-2016-5276 - Heap-use-after-free in > mozilla::a11y::DocAccessible::ProcessInvalidationList > CVE-2016-5277 - Heap-use-after-free in nsRefreshDriver::Tick > CVE-2016-5278 - Heap-buffer-overflow in nsBMPEncoder::AddImageFrame > CVE-2016-5280 - Use-after-free in > mozilla::nsTextNodeDirectionalityMap::RemoveElementFromMap > CVE-2016-5281 - use-after-free in DOMSVGLength > CVE-2016-5284 - Add-on update site certificate pin expiration Thanks a lot for your work on this!