---
- branch: MAIN
  date: Mon Jan  2 17:45:12 UTC 2017
  files:
  - new: '1.14'
    old: '1.13'
    path: pkgsrc/www/firefox45/Makefile
    pathrev: pkgsrc/www/firefox45/Makefile@1.14
    type: modified
  - new: '1.9'
    old: '1.8'
    path: pkgsrc/www/firefox45/distinfo
    pathrev: pkgsrc/www/firefox45/distinfo@1.9
    type: modified
  id: 20170102T174512Z.57264d1d07f5dafa3e71b92a4bb51c4ab4774940
  log: |
    Update to 45.6.0

    Chagnelog:
    Security vulnerabilities fixed in Firefox ESR 45.6
     #CVE-2016-9899: Use-after-free while manipulating DOM events and audio elements
     #CVE-2016-9895: CSP bypass using marquee tag
     #CVE-2016-9897: Memory corruption in libGLES
     #CVE-2016-9898: Use-after-free in Editor while manipulating DOM subtrees
     #CVE-2016-9900: Restricted external resources can be loaded by SVG images through data URLs
     #CVE-2016-9904: Cross-origin information leak in shared atoms
     #CVE-2016-9905: Crash in EnumerateSubDocuments
     #CVE-2016-9901: Data from Pocket server improperly sanitized before execution
     #CVE-2016-9902: Pocket extension does not validate the origin of events
     #CVE-2016-9893: Memory safety bugs fixed in Firefox 50.1 and Firefox ESR 45.6
  module: pkgsrc
  subject: 'CVS commit: pkgsrc/www/firefox45'
  unixtime: '1483379112'
  user: ryoon