---
- branch: MAIN
  date: Wed Oct  3 18:58:23 UTC 2018
  files:
  - new: '1.10'
    old: '1.9'
    path: pkgsrc/lang/spidermonkey52/Makefile
    pathrev: pkgsrc/lang/spidermonkey52/Makefile@1.10
    type: modified
  - new: '1.5'
    old: '1.4'
    path: pkgsrc/lang/spidermonkey52/distinfo
    pathrev: pkgsrc/lang/spidermonkey52/distinfo@1.5
    type: modified
  - new: '1.1'
    old: '0'
    path: pkgsrc/lang/spidermonkey52/patches/patch-CVE-2018-12387
    pathrev: pkgsrc/lang/spidermonkey52/patches/patch-CVE-2018-12387@1.1
    type: added
  id: 20181003T185823Z.345de55501dd3a399626b5635d560408b7767aed
  log: |
    spidermonkey52: backport patch for CVE-2018-12387

    Don't inline push with more than 1 argument

    A vulnerability where the JavaScript JIT compiler inlines Array.prototype.push with multiple arguments that results in the stack pointer being off by 8 bytes after a bailout. This leaks a memory address to the calling function which can be used as part of an exploit inside the sandboxed content process.

    Bump PKGREVISION
  module: pkgsrc
  subject: 'CVS commit: pkgsrc/lang/spidermonkey52'
  unixtime: '1538593103'
  user: maya