---
- branch: pkgsrc-2021Q4
  date: Mon Feb 21 13:34:26 UTC 2022
  files:
  - new: 1.11.2.2
    old: 1.11.2.1
    path: pkgsrc/www/firefox91/Makefile
    pathrev: pkgsrc/www/firefox91/Makefile@1.11.2.2
    type: modified
  - new: 1.8.2.2
    old: 1.8.2.1
    path: pkgsrc/www/firefox91/distinfo
    pathrev: pkgsrc/www/firefox91/distinfo@1.8.2.2
    type: modified
  id: 20220221T133426Z.6e90d6529ed07eb16538dbef38fb698e4322abf6
  log: "Pullup ticket #6582 - requested by nia\nwww/firefox91: security fix\n\nRevisions
    pulled up:\n- www/firefox91/Makefile                                        1.13\n-
    www/firefox91/distinfo                                        1.10\n\n---\n   Module
    Name:\tpkgsrc\n   Committed By:\tnia\n   Date:\t\tMon Feb 21 03:43:56 UTC 2022\n\n
    \  Modified Files:\n   \tpkgsrc/www/firefox91: Makefile distinfo\n\n   Log Message:\n
    \  firefox91: update to 91.6.0\n\n   Security Vulnerabilities fixed in Firefox
    ESR 91.6\n\n       #CVE-2022-22753: Privilege Escalation to SYSTEM on Windows
    via Maintenance\n       Service\n\n       #CVE-2022-22754: Extensions could have
    bypassed permission confirmation\n       during update\n\n       #CVE-2022-22756:
    Drag and dropping an image could have resulted in the\n       dropped object being
    an executable\n\n       #CVE-2022-22759: Sandboxed iframes could have executed
    script if the parent\n       appended elements\n\n       #CVE-2022-22760: Cross-Origin
    responses could be distinguished between\n       script and non-script content-types\n\n
    \      #CVE-2022-22761: frame-ancestors Content Security Policy directive was
    not\n       enforced for framed extension pages\n\n       #CVE-2022-22763: Script
    Execution during invalid object state\n\n       #CVE-2022-22764: Memory safety
    bugs fixed in Firefox 97 and Firefox ESR 91.6\n"
  module: pkgsrc
  subject: 'CVS commit: [pkgsrc-2021Q4] pkgsrc/www/firefox91'
  unixtime: '1645450466'
  user: bsiegert