---
- branch: MAIN
  date: Sat Mar 12 03:47:20 UTC 2016
  files:
  - new: '1.16'
    old: '1.15'
    path: pkgsrc/www/firefox38/Makefile
    pathrev: pkgsrc/www/firefox38/Makefile@1.16
    type: modified
  - new: '1.15'
    old: '1.14'
    path: pkgsrc/www/firefox38/distinfo
    pathrev: pkgsrc/www/firefox38/distinfo@1.15
    type: modified
  - new: '0'
    old: '1.1'
    path: pkgsrc/www/firefox38/patches/patch-gfx_graphite2_moz-gr-update.sh
    pathrev: pkgsrc/www/firefox38/patches/patch-gfx_graphite2_moz-gr-update.sh@0
    type: deleted
  id: 20160312T034720Z.7ac1a95a0c374912480dea6a2fabc4d2841087cc
  log: |
    Update to 38.7.0

    Changelog:
    Fixed in Firefox ESR 38.7
        2016-37 Font vulnerabilities in the Graphite 2 library
        2016-35 Buffer overflow during ASN.1 decoding in NSS
        2016-34 Out-of-bounds read in HTML parser following a failed allocation
        2016-31 Memory corruption with malicious NPAPI plugin
        2016-28 Addressbar spoofing though history navigation and Location protocol property
        2016-27 Use-after-free during XML transformations
        2016-25 Use-after-free when using multiple WebRTC data channels
        2016-24 Use-after-free in SetBody
        2016-23 Use-after-free in HTML5 string parser
        2016-21 Displayed page address can be overridden
        2016-20 Memory leak in libstagefright when deleting an array during MP4 processing
        2016-17 Local file overwriting and potential privilege escalation through CSP reports
        2016-16 Miscellaneous memory safety hazards (rv:45.0 / rv:38.7)
        2015-136 Same-origin policy violation using performance.getEntries and history navigation
        2015-81 Use-after-free in MediaStream playback
  module: pkgsrc
  subject: 'CVS commit: pkgsrc/www/firefox38'
  unixtime: '1457754440'
  user: ryoon