On Wed, Oct 12, 2016 at 01:42:26AM -0400, Mark H Weaver wrote: > Hello Guix, > > I'm pleased to announce the availability of GNU IceCat 45.3.0-gnu1-beta > with selected fixes cherry-picked from upstream, including all security > fixes introduced in Firefox ESR 45.4.0, specifically: > > CVE-2016-5250 - Resource Timing API is storing resources sent by > the previous page > CVE-2016-5257 - Memory safety bugs fixed in Firefox 49 and Firefox ESR 45.4 > CVE-2016-5261 - Integer overflow and memory corruption in WebSocketChannel > CVE-2016-5270 - Heap-buffer-overflow in > nsCaseTransformTextRunFactory::TransformString > CVE-2016-5272 - Bad cast in nsImageGeometryMixin > CVE-2016-5274 - use-after-free in nsFrameManager::CaptureFrameState > CVE-2016-5276 - Heap-use-after-free in > mozilla::a11y::DocAccessible::ProcessInvalidationList > CVE-2016-5277 - Heap-use-after-free in nsRefreshDriver::Tick > CVE-2016-5278 - Heap-buffer-overflow in nsBMPEncoder::AddImageFrame > CVE-2016-5280 - Use-after-free in > mozilla::nsTextNodeDirectionalityMap::RemoveElementFromMap > CVE-2016-5281 - use-after-free in DOMSVGLength > CVE-2016-5284 - Add-on update site certificate pin expiration
Thanks a lot for your work on this!
