Author: ken
Date: Thu Oct 15 18:17:10 2015
New Revision: 1329
Log:
First recorded vulnerability fix for BLFS-7.8
Modified:
html/trunk/blfs/errata/7.8/index.html
Modified: html/trunk/blfs/errata/7.8/index.html
==============================================================================
--- html/trunk/blfs/errata/7.8/index.html Sat Oct 10 10:51:43 2015
(r1328)
+++ html/trunk/blfs/errata/7.8/index.html Thu Oct 15 18:17:10 2015
(r1329)
@@ -35,8 +35,19 @@
-->
</ul>
- <!--
<h2>Known Security Vulnerabilities</h2>
+ <p>A few packages, such as openssl, are good at reporting that a new
+ release fixes a vulnerability. For some others, such as firefox, every
+ new release, and sometimes point releases (like firefox-41.0.2) include(s)
+ security fixes. But in many cases the fixes are not documented as security
+ issues.</pa>
+ <ul>
+ <li>firefox-41.0.2 fixes what is apparently CVE-2015-7184: the fetch()
API
+ did not correctly implement the Cross-Origin Resource Sharing (CORS)
+ specification, allowing a malicious page to access private data from
other
+ origins.</li>
+ </ul>
+ <!--
<ul>
<li><p>There is a security patch available for curl to fix
CVE_2015_3153.
Apply the patch below immediately after unpacking the curl source or
--
http://lists.linuxfromscratch.org/listinfo/website
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page
