Oops, mark bundled libvpx v1.4.0 in firefox as vulnerable again

libvpx v1.3.0-4418-g587ff64 in firefox-esr 38.x shouldn't be affected given Mozilla hasn't backported the update there. MFSA 2015-89 says otherwise though. https://bugzilla.mozilla.org/show_bug.cgi?id=1178215
author: jbeich <jbeich@FreeBSD.org> 2015-08-12 03:48:29 +0800
committer: jbeich <jbeich@FreeBSD.org> 2015-08-12 03:48:29 +0800
commit: 4230b7ded6601ae35413b46b9b2976795922ae7c (patch)
tree: b1d7798b578956c048bdcaa33c3d9d6652b555a4 /security
parent: 6513e067ac0c7efdeb7ba897ad83b0421bb435b6 (diff)
download: freebsd-ports-gnome-4230b7ded6601ae35413b46b9b2976795922ae7c.tar.gz
freebsd-ports-gnome-4230b7ded6601ae35413b46b9b2976795922ae7c.tar.zst
freebsd-ports-gnome-4230b7ded6601ae35413b46b9b2976795922ae7c.zip
1 files changed, 9 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml
index 7d4b11bf549b..ebd74b1779e3 100644
--- a/security/vuxml/vuln.xml
+++ b/security/vuxml/vuln.xml
@@ -65,6 +65,14 @@ Notes:
 	<name>libvpx</name>
 	<range><lt>1.5.0</lt></range>
       </package>
+      <package>
+	<name>firefox</name>
+	<range><lt>40.0,1</lt></range>
+      </package>
+      <package>
+	<name>linux-firefox</name>
+	<range><lt>40.0,1</lt></range>
+      </package>
     </affects>
     <description>
       <body xmlns="http://www.w3.org/1999/xhtml">
@@ -87,6 +95,7 @@ Notes:
     <dates>
       <discovery>2015-08-11</discovery>
       <entry>2015-08-11</entry>
+      <modified>2015-08-11</modified>
     </dates>
   </vuln>
author	jbeich <jbeich@FreeBSD.org>	2015-08-12 03:48:29 +0800
committer	jbeich <jbeich@FreeBSD.org>	2015-08-12 03:48:29 +0800
commit	4230b7ded6601ae35413b46b9b2976795922ae7c (patch)
tree	b1d7798b578956c048bdcaa33c3d9d6652b555a4 /security
parent	6513e067ac0c7efdeb7ba897ad83b0421bb435b6 (diff)
download	freebsd-ports-gnome-4230b7ded6601ae35413b46b9b2976795922ae7c.tar.gz freebsd-ports-gnome-4230b7ded6601ae35413b46b9b2976795922ae7c.tar.zst freebsd-ports-gnome-4230b7ded6601ae35413b46b9b2976795922ae7c.zip