[Bug 193922] New: security/vuxml: belatedly add Mozilla entry for CVE-2014-155[34] and CVE-2014-156[2-7]

[bugzilla-noreply at freebsd.org]

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=193922

            Bug ID: 193922
           Summary: security/vuxml: belatedly add Mozilla entry for
                    CVE-2014-155[34] and CVE-2014-156[2-7]
           Product: Ports Tree
           Version: Latest
          Hardware: Any
                OS: Any
            Status: Needs Triage
          Severity: Affects Only Me
          Priority: ---
         Component: Individual Port(s)
          Assignee: ports-secteam at FreeBSD.org
          Reporter: jbeich at vfemail.net
          Assignee: ports-secteam at FreeBSD.org
             Flags: maintainer-feedback?(ports-secteam at FreeBSD.org)

SeaMonkey and XULRunner are likely affected as well but not listed in MFSAs.
Taking discovery date as the commit date of the latest fix in the series under
esr24 branch.

  <vuln vid="da2e025f-a78d-46e4-83ee-7c65f9897f11">
    <topic>mozilla -- multiple vulnerabilities</topic>
    <affects>
      <package>
    <name>firefox</name>
    <range><lt>32.0,1</lt></range>
      </package>
      <package>
    <name>linux-firefox</name>
    <range><lt>32.0,1</lt></range>
      </package>
      <package>
    <name>firefox-esr</name>
    <range><lt>31.1.0,1</lt></range>
      </package>
      <package>
    <name>linux-thunderbird</name>
    <range><lt>31.1.0</lt></range>
      </package>
      <package>
    <name>thunderbird</name>
    <range><lt>31.1.0</lt></range>
      </package>
      <package>
    <name>linux-seamonkey</name>
    <range><lt>2.29</lt></range>
      </package>
      <package>
    <name>seamonkey</name>
    <range><lt>2.29</lt></range>
      </package>
      <package>
    <name>libxul</name>
    <range><lt>24.8.0</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
    <p>The Mozilla Project reports:</p>
    <blockquote cite="http://www.mozilla.org/security/known-vulnerabilities/">
      <p>MFSA 2014-72 Use-after-free setting text directionality</p>
      <p>MFSA 2014-71 Profile directory file access through file:
       protocol</p>
      <p>MFSA 2014-70 Out-of-bounds read in Web Audio audio timeline</p>
      <p>MFSA 2014-69 Uninitialized memory use during GIF rendering</p>
      <p>MFSA 2014-68 Use-after-free during DOM interactions with SVG</p>
      <p>MFSA 2014-67 Miscellaneous memory safety hazards
       (rv:32.0 / rv:31.1 / rv:24.8)</p>
    </blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2014-1553</cvename>
      <cvename>CVE-2014-1554</cvename>
      <cvename>CVE-2014-1562</cvename>
      <cvename>CVE-2014-1563</cvename>
      <cvename>CVE-2014-1564</cvename>
      <cvename>CVE-2014-1565</cvename>
      <cvename>CVE-2014-1566</cvename>
      <cvename>CVE-2014-1567</cvename>
     
<url>https://www.mozilla.org/security/announce/2014/mfsa2014-67.html</url>
     
<url>https://www.mozilla.org/security/announce/2014/mfsa2014-68.html</url>
     
<url>https://www.mozilla.org/security/announce/2014/mfsa2014-69.html</url>
     
<url>https://www.mozilla.org/security/announce/2014/mfsa2014-70.html</url>
     
<url>https://www.mozilla.org/security/announce/2014/mfsa2014-71.html</url>
     
<url>https://www.mozilla.org/security/announce/2014/mfsa2014-72.html</url>
      <url>https://www.mozilla.org/security/announce/</url>
    </references>
    <dates>
      <discovery>2014-08-18</discovery>
      <entry>2014-09-02</entry>
    </dates>
  </vuln>

--- Comment #1 from Bugzilla Automation <bugzilla at FreeBSD.org> ---
Auto-assigned to maintainer ports-secteam at FreeBSD.org

-- 
You are receiving this mail because:
You are the assignee for the bug.