Univention Bugzilla – Bug 49886
firefox-esr: Multiple issues (4.4)
Last modified: 2019-07-24 15:03:15 CEST
New Debian firefox-esr 60.8.0esr-1~deb9u1 fixes: This update addresses the following issues: * Sandbox escape via installation of malicious language pack (CVE-2019-9811) * Memory safety bugs fixed in Firefox 68 and Firefox ESR 60.8 (CVE-2019-11709) * Script injection within domain through inner window reuse (CVE-2019-11711) * Cross-origin POST requests can be made with NPAPI plugins by following 308 redirects (CVE-2019-11712) * Use-after-free with HTTP/2 cached stream (CVE-2019-11713) * HTML parsing error can contribute to content XSS (CVE-2019-11715) * Caret character improperly escaped in origins (CVE-2019-11717) * Out-of-bounds read when importing curve25519 private key (CVE-2019-11719) * Empty or malformed p256-ECDH public keys may trigger a segmentation fault (CVE-2019-11729) * Same-origin policy treats all files in a directory as having the same-origin (CVE-2019-11730)
--- mirror/ftp/4.4/unmaintained/component/4.4-0-errata/source/firefox-esr_60.7.2esr-1~deb9u1.dsc +++ apt/ucs_4.4-0-errata4.4-0/source/firefox-esr_60.8.0esr-1~deb9u1.dsc @@ -1,5 +1,13 @@ +60.8.0esr-1~deb9u1 [Wed, 10 Jul 2019 07:13:23 +0900] Mike Hommey <glandium@debian.org>: + + * New upstream release. + * Fixes for mfsa2019-22, also known as: + CVE-2019-9811, CVE-2019-11711, CVE-2019-11712, CVE-2019-11713, + CVE-2019-11729, CVE-2019-11715, CVE-2019-11717, CVE-2019-11719, + CVE-2019-11730, CVE-2019-11709. + 60.7.2esr-1~deb9u1 [Thu, 20 Jun 2019 10:48:50 -0700] Mike Hommey <glandium@debian.org>: * New upstream release. - * Fixes for mfsa219-19, also known as CVE-2019-11708. + * Fixes for mfsa2019-19, also known as CVE-2019-11708. <http://10.200.17.11/4.4-0/#4404829774143027728>
OK: yaml OK: announce_errata OK: patch OK: piuparts [4.4-1] 24d5a525bf Bug #49886, Bug #49890, Bug #49888, Bug #49889, Bug #49887, Bug #49885: 4.4-1 Errata doc/errata/staging/firefox-esr.yaml | 34 ++++++++++++++++++++++++++++++++++ 1 file changed, 34 insertions(+)
<http://errata.software-univention.de/ucs/4.4/187.html>