Errata for BLFS Version 7.8
- In firefox, the new GConf dependency was omitted. To build without
that package, add the following line to the mozconfig:
- If you have installed yelp, but in gnome applications 'help' cannot find the contents (e.g. using the F1 key), run 'update-desktop-database'.
- For anybody building the biblatex-biber perl module dependencies by hand, List::MoreUtils (and therefore Mozilla::CA) and LWP::Protocol::https were omitted from the dependencies in error, although they are all mentioned on the perl modules page.
Known Security Vulnerabilities
A few packages, such as openssl, are good at reporting that a new release fixes a vulnerability. For some others, such as firefox, every new release, and sometimes point releases (like firefox-41.0.2) include(s) security fixes. But in many cases the fixes are not documented as security issues.
- firefox-41.0.2 fixes what is apparently CVE-2015-7184: the fetch() API did not correctly implement the Cross-Origin Resource Sharing (CORS) specification, allowing a malicious page to access private data from other origins.