---
- branch: pkgsrc-2021Q4
  date: Sun Feb 20 10:20:22 UTC 2022
  files:
  - new: 1.11.2.1
    old: '1.11'
    path: pkgsrc/www/firefox91/Makefile
    pathrev: pkgsrc/www/firefox91/Makefile@1.11.2.1
    type: modified
  - new: 1.8.2.1
    old: '1.8'
    path: pkgsrc/www/firefox91/distinfo
    pathrev: pkgsrc/www/firefox91/distinfo@1.8.2.1
    type: modified
  - new: 1.1.4.1
    old: '1.1'
    path: pkgsrc/www/firefox91/patches/patch-gfx_angle_checkout_src_compiler_translator_InfoSink.h
    pathrev: pkgsrc/www/firefox91/patches/patch-gfx_angle_checkout_src_compiler_translator_InfoSink.h@1.1.4.1
    type: modified
  id: 20220220T102022Z.104acb83bdd09b9fb2e0472de1c3315cb1819878
  log: "Pullup ticket #6580 - requested by nia\nwww/firefox91: security fix\n\nRevisions
    pulled up:\n- www/firefox91/Makefile                                        1.12\n-
    www/firefox91/distinfo                                        1.9\n- www/firefox91/patches/patch-gfx_angle_checkout_src_compiler_translator_InfoSink.h
    1.2\n\n---\n   Module Name:\tpkgsrc\n   Committed By:\tryoon\n   Date:\t\tWed
    Jan 26 13:38:07 UTC 2022\n\n   Modified Files:\n   \tpkgsrc/www/firefox91: Makefile
    distinfo\n   \tpkgsrc/www/firefox91/patches:\n   \t    patch-gfx_angle_checkout_src_compiler_translator_InfoSink.h\n\n
    \  Log Message:\n   firefox91: Update to 91.5.0\n\n   Changelog:\n   Security
    fixes:\n   #CVE-2022-22746: Calling into reportValidity could have lead to fullscreen\n
    \  #CVE-2022-22743: Browser window spoof using fullscreen mode\n   #CVE-2022-22742:
    Out-of-bounds memory access when inserting text in edit mode\n   #CVE-2022-22741:
    Browser window spoof using fullscreen mode\n   #CVE-2022-22740: Use-after-free
    of ChannelEventQueue::mOwner\n   #CVE-2022-22738: Heap-buffer-overflow in blendGaussianBlur\n
    \  #CVE-2022-22737: Race condition when playing audio files\n   #CVE-2021-4140:
    Iframe sandbox bypass with XSLT\n   #CVE-2022-22748: Spoofed origin on external
    protocol launch dialog\n   #CVE-2022-22745: Leaking cross-origin URLs through
    securitypolicyviolation\n    event\n   #CVE-2022-22744: The 'Copy as curl' feature
    in DevTools did not fully escape\n    website-controlled data, potentially leading
    to command injection\n   #CVE-2022-22747: Crash when handling empty pkcs7 sequence\n
    \  #CVE-2022-22739: Missing throttling on external protocol launch dialog\n   #CVE-2022-22751:
    Memory safety bugs fixed in Firefox 96 and Firefox ESR 91.5\n"
  module: pkgsrc
  subject: 'CVS commit: [pkgsrc-2021Q4] pkgsrc/www/firefox91'
  unixtime: '1645352422'
  user: bsiegert