ALT Linux Team development discussions
 help / color / mirror / Atom feed
From: Alexey Gladkov <legion@altlinux.ru>
To: ALT Linux Team development discussions <devel@lists.altlinux.org>
Subject: Re: [devel] Vulnerability policy
Date: Tue, 21 Feb 2017 20:34:25 +0100
Message-ID: <20170221193425.GD3279@comp-core-i7-2640m-0182e6.fortress> (raw)
In-Reply-To: <dc205f5b-86a9-c6ec-4243-6d8b242c5aea@altlinux.com>

On Tue, Feb 21, 2017 at 10:02:57PM +0300, Anton Farygin wrote:
> 21.02.2017 21:44, Dmitry V. Levin пишет:
> > Но если кому-то существенно удобнее записывать это как-то иначе и без
> > скобочек, то, наверное, это можно формализовать и включить в правила.
> 
> Мне в последнее время нравится такая трактовка, предпочёл бы её, когда 
> есть время всё это описывать:

elinks -dump-width 2000 "https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/" |
	grep '\]#CVE-' |
	sed -e 's,^.*#,  + ,'

:)

> - Fixed:
> + CVE-2017-5375: Excessive JIT code allocation allows bypass of ASLR and DEP
> + CVE-2017-5376: Use-after-free in XSL
> + CVE-2017-5377: Memory corruption with transforms to create gradients 
> in Skia
> + CVE-2017-5378: Pointer and frame data leakage of Javascript objects
> + CVE-2017-5379: Use-after-free in Web Animations
> + CVE-2017-5380: Potential use-after-free during DOM manipulations
> + CVE-2017-5390: Insecure communication methods in Developer Tools JSON 
> viewer
> + CVE-2017-5389: WebExtensions can install additional add-ons via 
> modified host requests
> + CVE-2017-5396: Use-after-free with Media Decoder
> + CVE-2017-5381: Certificate Viewer exporting can be used to navigate 
> and save to arbitrary filesystem locations
> + CVE-2017-5382: Feed preview can expose privileged content errors and 
> exceptions
> + CVE-2017-5383: Location bar spoofing with unicode characters
> + CVE-2017-5384: Information disclosure via Proxy Auto-Config (PAC)
> + CVE-2017-5385: Data sent in multipart channels ignores referrer-policy 
> response headers
> + CVE-2017-5386: WebExtensions can use data: protocol to affect other 
> extensions
> + CVE-2017-5394: Android location bar spoofing using fullscreen and 
> JavaScript events
> + CVE-2017-5391: Content about: pages can load privileged about: pages
> + CVE-2017-5392: Weak references using multiple threads on weak proxy 
> objects lead to unsafe memory usage
> + CVE-2017-5393: Remove addons.mozilla.org CDN from whitelist for 
> mozAddonManager
> + CVE-2017-5395: Android location bar spoofing during scrolling
> + CVE-2017-5387: Disclosure of local file existence through TRACK tag 
> error messages
> + CVE-2017-5388: WebRTC can be used to generate a large amount of UDP 
> traffic for DDOS attacks
> + CVE-2017-5374: Memory safety bugs fixed in Firefox 51
> + CVE-2017-5373: Memory safety bugs fixed in Firefox 51 and Firefox ESR 45.7
> _______________________________________________
> Devel mailing list
> Devel@lists.altlinux.org
> https://lists.altlinux.org/mailman/listinfo/devel

-- 
Rgrds, legion



  parent reply	other threads:[~2017-02-21 19:34 UTC|newest]

Thread overview: 24+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2017-02-21 17:29 lineprinter
2017-02-21 17:49 ` Anton Farygin
2017-02-21 18:33   ` Michael Shigorin
2017-02-21 18:44     ` Dmitry V. Levin
2017-02-21 19:02       ` Anton Farygin
2017-02-21 19:32         ` Michael Shigorin
2017-02-21 19:34         ` Alexey Gladkov [this message]
2017-02-22  7:31       ` Sergey V Turchin
2017-02-22  7:34         ` Michael Shigorin
2017-02-21 19:09   ` Dmitry Derjavin
2017-02-22 10:07     ` Igor Zubkov
2017-02-22 11:20       ` Andrew Clark
2017-02-28 17:04   ` lineprinter
2017-03-06 17:08     ` Anton Farygin
2017-02-28 17:06 ` lineprinter
2017-02-28 17:39   ` Alexey Tourbin
2017-02-28 17:51     ` Евгений Терешков
2017-02-28 18:12       ` Alexey Tourbin
2017-03-04  1:03         ` [devel] needrestart (was: Vulnerability policy) Dmitry V. Levin
2017-03-02  6:57   ` [devel] Vulnerability policy Alexey Tourbin
2017-03-03  5:35   ` Alexey Tourbin
2017-03-03 15:00     ` Sergey Afonin
2017-03-03 15:06       ` Alexey Tourbin
2017-05-02 15:31   ` Dmitry V. Levin

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20170221193425.GD3279@comp-core-i7-2640m-0182e6.fortress \
    --to=legion@altlinux.ru \
    --cc=devel@lists.altlinux.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

ALT Linux Team development discussions

This inbox may be cloned and mirrored by anyone:

	git clone --mirror http://lore.altlinux.org/devel/0 devel/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 devel devel/ http://lore.altlinux.org/devel \
		devel@altlinux.org devel@altlinux.ru devel@lists.altlinux.org devel@lists.altlinux.ru devel@linux.iplabs.ru mandrake-russian@linuxteam.iplabs.ru sisyphus@linuxteam.iplabs.ru
	public-inbox-index devel

Example config snippet for mirrors.
Newsgroup available over NNTP:
	nntp://lore.altlinux.org/org.altlinux.lists.devel


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git