[devel] Vulnerability policy
Alexey Gladkov
legion на altlinux.ru
Вт Фев 21 22:34:25 MSK 2017
On Tue, Feb 21, 2017 at 10:02:57PM +0300, Anton Farygin wrote:
> 21.02.2017 21:44, Dmitry V. Levin пишет:
> > Но если кому-то существенно удобнее записывать это как-то иначе и без
> > скобочек, то, наверное, это можно формализовать и включить в правила.
>
> Мне в последнее время нравится такая трактовка, предпочёл бы её, когда
> есть время всё это описывать:
elinks -dump-width 2000 "https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/" |
grep '\]#CVE-' |
sed -e 's,^.*#, + ,'
:)
> - Fixed:
> + CVE-2017-5375: Excessive JIT code allocation allows bypass of ASLR and DEP
> + CVE-2017-5376: Use-after-free in XSL
> + CVE-2017-5377: Memory corruption with transforms to create gradients
> in Skia
> + CVE-2017-5378: Pointer and frame data leakage of Javascript objects
> + CVE-2017-5379: Use-after-free in Web Animations
> + CVE-2017-5380: Potential use-after-free during DOM manipulations
> + CVE-2017-5390: Insecure communication methods in Developer Tools JSON
> viewer
> + CVE-2017-5389: WebExtensions can install additional add-ons via
> modified host requests
> + CVE-2017-5396: Use-after-free with Media Decoder
> + CVE-2017-5381: Certificate Viewer exporting can be used to navigate
> and save to arbitrary filesystem locations
> + CVE-2017-5382: Feed preview can expose privileged content errors and
> exceptions
> + CVE-2017-5383: Location bar spoofing with unicode characters
> + CVE-2017-5384: Information disclosure via Proxy Auto-Config (PAC)
> + CVE-2017-5385: Data sent in multipart channels ignores referrer-policy
> response headers
> + CVE-2017-5386: WebExtensions can use data: protocol to affect other
> extensions
> + CVE-2017-5394: Android location bar spoofing using fullscreen and
> JavaScript events
> + CVE-2017-5391: Content about: pages can load privileged about: pages
> + CVE-2017-5392: Weak references using multiple threads on weak proxy
> objects lead to unsafe memory usage
> + CVE-2017-5393: Remove addons.mozilla.org CDN from whitelist for
> mozAddonManager
> + CVE-2017-5395: Android location bar spoofing during scrolling
> + CVE-2017-5387: Disclosure of local file existence through TRACK tag
> error messages
> + CVE-2017-5388: WebRTC can be used to generate a large amount of UDP
> traffic for DDOS attacks
> + CVE-2017-5374: Memory safety bugs fixed in Firefox 51
> + CVE-2017-5373: Memory safety bugs fixed in Firefox 51 and Firefox ESR 45.7
> _______________________________________________
> Devel mailing list
> Devel на lists.altlinux.org
> https://lists.altlinux.org/mailman/listinfo/devel
--
Rgrds, legion
Подробная информация о списке рассылки Devel