MIME-Version: 1.0
Content-Disposition: inline
Content-Transfer-Encoding: binary
Content-Type: text/plain
Date: Sun, 20 Dec 2009 19:41:08 +0000
From: "S.P.Zeidler" <spz@netbsd.org>
Subject: CVS commit: [pkgsrc-2009Q3] pkgsrc
To: pkgsrc-changes@NetBSD.org
Reply-To: spz@netbsd.org
Message-Id: <20091220194108.E247B175DD@cvs.netbsd.org>
Sender: pkgsrc-changes-owner@NetBSD.org
Precedence: list

Module Name:	pkgsrc
Committed By:	spz
Date:		Sun Dec 20 19:41:08 UTC 2009

Modified Files:
	pkgsrc/devel/xulrunner [pkgsrc-2009Q3]: Makefile distinfo
	    mozilla-common.mk
	pkgsrc/www/firefox [pkgsrc-2009Q3]: Makefile

Log Message:
Pullup ticket 2953 - requested by tnn
security update

Revisions pulled up:
- pkgsrc/devel/xulrunner/Makefile               by patch
- pkgsrc/devel/xulrunner/distinfo               by patch
- pkgsrc/devel/xulrunner/mozilla-common.mk      by patch
- pkgsrc/www/firefox/Makefile                   by patch

   -------------------------------------------------------------------------
   firefox-3.5.6 & xulrunner-1.9.1.6 fix the following vulnerabilities:

   MFSA 2009-71 GeckoActiveXObject exception messages can be used to
                enumerate installed COM objects
   MFSA 2009-70 Privilege escalation via chrome window.opener
   MFSA 2009-69 Location bar spoofing vulnerabilities
   MFSA 2009-68 NTLM reflection vulnerability
   MFSA 2009-67 Integer overflow, crash in libtheora video library
   MFSA 2009-66 Memory safety fixes in liboggplay media library
   MFSA 2009-65 Crashes with evidence of memory corruption


To generate a diff of this commit:
cvs rdiff -u -r1.23.2.1 -r1.23.2.2 pkgsrc/devel/xulrunner/Makefile
cvs rdiff -u -r1.12.2.1 -r1.12.2.2 pkgsrc/devel/xulrunner/distinfo
cvs rdiff -u -r1.1.2.1 -r1.1.2.2 pkgsrc/devel/xulrunner/mozilla-common.mk
cvs rdiff -u -r1.59.2.1 -r1.59.2.2 pkgsrc/www/firefox/Makefile

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.