From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on sa.local.altlinux.org X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=ham autolearn_force=no version=3.4.1 Date: Tue, 21 Feb 2017 20:34:25 +0100 From: Alexey Gladkov To: ALT Linux Team development discussions Message-ID: <20170221193425.GD3279@comp-core-i7-2640m-0182e6.fortress> References: <20170221183312.GD8122@imap.altlinux.org> <20170221184433.GA27660@altlinux.org> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: Subject: Re: [devel] Vulnerability policy X-BeenThere: devel@lists.altlinux.org X-Mailman-Version: 2.1.12 Precedence: list Reply-To: ALT Linux Team development discussions List-Id: ALT Linux Team development discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 21 Feb 2017 19:26:52 -0000 Archived-At: List-Archive: List-Post: On Tue, Feb 21, 2017 at 10:02:57PM +0300, Anton Farygin wrote: > 21.02.2017 21:44, Dmitry V. Levin пишет: > > Но если кому-то существенно удобнее записывать это как-то иначе и без > > скобочек, то, наверное, это можно формализовать и включить в правила. > > Мне в последнее время нравится такая трактовка, предпочёл бы её, когда > есть время всё это описывать: elinks -dump-width 2000 "https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/" | grep '\]#CVE-' | sed -e 's,^.*#, + ,' :) > - Fixed: > + CVE-2017-5375: Excessive JIT code allocation allows bypass of ASLR and DEP > + CVE-2017-5376: Use-after-free in XSL > + CVE-2017-5377: Memory corruption with transforms to create gradients > in Skia > + CVE-2017-5378: Pointer and frame data leakage of Javascript objects > + CVE-2017-5379: Use-after-free in Web Animations > + CVE-2017-5380: Potential use-after-free during DOM manipulations > + CVE-2017-5390: Insecure communication methods in Developer Tools JSON > viewer > + CVE-2017-5389: WebExtensions can install additional add-ons via > modified host requests > + CVE-2017-5396: Use-after-free with Media Decoder > + CVE-2017-5381: Certificate Viewer exporting can be used to navigate > and save to arbitrary filesystem locations > + CVE-2017-5382: Feed preview can expose privileged content errors and > exceptions > + CVE-2017-5383: Location bar spoofing with unicode characters > + CVE-2017-5384: Information disclosure via Proxy Auto-Config (PAC) > + CVE-2017-5385: Data sent in multipart channels ignores referrer-policy > response headers > + CVE-2017-5386: WebExtensions can use data: protocol to affect other > extensions > + CVE-2017-5394: Android location bar spoofing using fullscreen and > JavaScript events > + CVE-2017-5391: Content about: pages can load privileged about: pages > + CVE-2017-5392: Weak references using multiple threads on weak proxy > objects lead to unsafe memory usage > + CVE-2017-5393: Remove addons.mozilla.org CDN from whitelist for > mozAddonManager > + CVE-2017-5395: Android location bar spoofing during scrolling > + CVE-2017-5387: Disclosure of local file existence through TRACK tag > error messages > + CVE-2017-5388: WebRTC can be used to generate a large amount of UDP > traffic for DDOS attacks > + CVE-2017-5374: Memory safety bugs fixed in Firefox 51 > + CVE-2017-5373: Memory safety bugs fixed in Firefox 51 and Firefox ESR 45.7 > _______________________________________________ > Devel mailing list > Devel@lists.altlinux.org > https://lists.altlinux.org/mailman/listinfo/devel -- Rgrds, legion