---
- branch: MAIN
  date: Sat Dec  3 10:19:29 UTC 2016
  files:
  - new: '1.12'
    old: '1.11'
    path: pkgsrc/www/firefox45/Makefile
    pathrev: pkgsrc/www/firefox45/Makefile@1.12
    type: modified
  - new: '1.8'
    old: '1.7'
    path: pkgsrc/www/firefox45/distinfo
    pathrev: pkgsrc/www/firefox45/distinfo@1.8
    type: modified
  id: 20161203T101929Z.41871018ef07f113e344b941eb7c7f77915d5364
  log: |
    Update to 45.5.1

    Changelog:
    45.5.1:
     #CVE-2016-9079: Use-after-free in SVG Animation

    45.5.0:
     #CVE-2016-5296: Heap-buffer-overflow WRITE in rasterize_edges_1
     #CVE-2016-5293: Write to arbitrary file with Mozilla Updater and Maintenance Service using updater.log hardlink
     #CVE-2016-5294: Arbitrary target directory for result files of update process
     #CVE-2016-5297: Incorrect argument length checking in JavaScript
     #CVE-2016-9064: Add-ons update must verify IDs match between current and new versions
     #CVE-2016-9066: Integer overflow leading to a buffer overflow in nsScriptLoadHandler
     #CVE-2016-5291: Same-origin policy violation using local HTML file and saved shortcut file
     #CVE-2016-9074: Insufficient timing side-channel resistance in divSpoiler
     #CVE-2016-5290: Memory safety bugs fixed in Firefox 50 and Firefox ESR 45.5
  module: pkgsrc
  subject: 'CVS commit: pkgsrc/www/firefox45'
  unixtime: '1480760369'
  user: ryoon