[Bug 212463] mail/thunderbird: update to 45.3.0

[bugzilla-noreply at freebsd.org]

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=212463

Jan Beich <jbeich at FreeBSD.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
 Attachment #174541|                            |maintainer-approval+
              Flags|                            |

--- Comment #8 from Jan Beich <jbeich at FreeBSD.org> ---
Comment on attachment 174541
  --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=174541
vuln.xml fragment for mozilla 48/45.3esr

Looks good enough to land but some things can be improved.

>	<blockquote cite="https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox-esr/#firefoxesr45.3">

This one lacks MFSA 2016-{66,68,69,71,74,75,81..84} better cite one of the
following:

https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/#firefox48
https://www.mozilla.org/en-US/security/advisories/

>    <dates>
>      <discovery>2016-08-30</discovery>

According to the cited page and "Announced" field within those MFSAs it should
be 2016-08-02. Have I missed something?

(In reply to Christoph Moench-Tegeder from comment #6)
>>>  <vuln vid="aa1aefe3-6e37-47db-bfda-343ef4acb1b5">
>> Unless you want to keep this specific to MFSA 2016-62 use same VID as in ports > r419401.
> If it did exist...

Apologies, I did reserve VID (ahead of the announcement) but haven't found time
to fill it in. The intent was to warn users about security impact regardless of
VuXML.

-- 
You are receiving this mail because:
You are the assignee for the bug.