Univention Bugzilla – Bug 47904
firefox-esr: Multiple issues (4.3)
Last modified: 2018-10-10 12:31:40 CEST
New Debian firefox-esr 60.2.2esr-1~deb9u1 fixes: This update addresses the following issues: * Type confusion in JavaScript (CVE-2018-12386) * stack out-of-bounds read in Array.prototype.push (CVE-2018-12387)
--- mirror/ftp/4.3/unmaintained/component/4.3-2-errata/source/firefox-esr_60.2.1esr-1~deb9u1.dsc +++ apt/ucs_4.3-0-errata4.3-2/source/firefox-esr_60.2.2esr-1~deb9u1.dsc @@ -1,3 +1,14 @@ +60.2.2esr-1~deb9u1 [Wed, 03 Oct 2018 07:28:38 +0900] Mike Hommey <glandium@debian.org>: + + * New upstream release. + * Fixes for mfsa2018-24, also known as: + CVE-2018-12386, CVE-2018-12387. + + * debian/extra-stuff/addonsInfo.js: Fixes to work with recent versions + of Firefox. Closes: #909056. + * debian/control*, debian/browser.mozconfig.in: Build ALSA support. + Closes: #864987, #900062, #908349 + 60.2.1esr-1~deb9u1 [Sat, 22 Sep 2018 08:10:27 +0900] Mike Hommey <glandium@debian.org>: * New upstream release. <http://10.200.17.11/4.3-2/#8994835608296154392>
OK: yaml OK: announce_errata OK: patch OK: piuparts [4.3-2] c8bff8b97c Bug #47904: firefox-esr 60.2.2esr-1~deb9u1 doc/errata/staging/firefox-esr.yaml | 14 ++++++++++++++ 1 file changed, 14 insertions(+)
<http://errata.software-univention.de/ucs/4.3/270.html>