Univention Bugzilla – Bug 48049
firefox-esr: Multiple issues (4.3)
Last modified: 2018-11-01 13:44:11 CET
New Debian firefox-esr 60.3.0esr-1~deb9u1 fixes: This update addresses the following issues: * Memory safety bugs fixed in Firefox ESR 60.3 (CVE-2018-12389) * Memory safety bugs fixed in Firefox 63 and Firefox ESR 60.3 (CVE-2018-12390) * Crash with nested event loops (CVE-2018-12392) * Integer overflow during Unicode conversion while loading JavaScript (CVE-2018-12393) * WebExtension bypass of domain restrictions through header rewriting (CVE-2018-12395) * WebExtension content scripts can execute in disallowed contexts (CVE-2018-12396) * WebExtension local file permission check bypass (CVE-2018-12397)
--- mirror/ftp/4.3/unmaintained/component/4.3-2-errata/source/firefox-esr_60.2.2esr-1~deb9u1.dsc +++ apt/ucs_4.3-0-errata4.3-2/source/firefox-esr_60.3.0esr-1~deb9u1.dsc @@ -1,3 +1,13 @@ +60.3.0esr-1~deb9u1 [Wed, 24 Oct 2018 07:17:22 +0900] Mike Hommey <glandium@debian.org>: + + * New upstream release. + * Fixes for mfsa2018-27, also known as: + CVE-2018-12392, CVE-2018-12393, CVE-2018-12395, CVE-2018-12396, + CVE-2018-12397, CVE-2018-12389, CVE-2018-12390. + + * debian/rules: Work around armel FTBFS from conflicting __sync_* symbols + between libgcc and rust's compiler_builtins. + 60.2.2esr-1~deb9u1 [Wed, 03 Oct 2018 07:28:38 +0900] Mike Hommey <glandium@debian.org>: * New upstream release. <http://10.200.17.11/4.3-2/#1697829517318821257>
OK: yaml OK: announce_errata OK: patch OK: piuparts [4.3-2] 18d013f836 Bug #48049: firefox-esr 60.3.0esr-1~deb9u1 doc/errata/staging/firefox-esr.yaml | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+)
<http://errata.software-univention.de/ucs/4.3/293.html>