Univention Bugzilla – Bug 50702
firefox-esr: Multiple issues (4.4)
Last modified: 2020-01-15 17:00:08 CET
New Debian firefox-esr 68.4.1esr-1~deb9u1 fixes: This update addresses the following issues: * Bypass of @namespace CSS sanitization during pasting (CVE-2019-17016) * Type Confusion in XPCVariant.cpp (CVE-2019-17017) * CSS sanitization does not escape HTML tags (CVE-2019-17022) * Memory safety bugs fixed in Firefox 72 and Firefox ESR 68.4 (CVE-2019-17024) * IonMonkey type confusion with StoreElementHole and FallibleStoreElement (CVE-2019-17026)
--- mirror/ftp/4.4/unmaintained/component/4.4-3-errata/source/firefox-esr_68.3.0esr-1~deb9u1.dsc +++ apt/ucs_4.4-0-errata4.4-3/source/firefox-esr_68.4.1esr-1~deb9u1.dsc @@ -1,3 +1,19 @@ +68.4.1esr-1~deb9u1 [Thu, 09 Jan 2020 06:40:28 +0900] Mike Hommey <glandium@debian.org>: + + * New upstream release. + * Fix for mfsa2020-03, also known as CVE-2019-17026. + +68.4.0esr-1~deb9u1 [Wed, 08 Jan 2020 08:54:04 +0900] Mike Hommey <glandium@debian.org>: + + * New upstream release. + * Fixes for mfsa2020-02, also known as: + CVE-2019-17016, CVE-2019-17017, CVE-2019-17022, CVE-2019-17024. + + * debian/rules: Don't build with --compress-debug-sections on jessie. + * debian/rules: Use sourcestamp.txt for MOZ_BUILD_DATE. Closes: #946193. + + * sourcestamp.txt: Fill with the missing info. + 68.3.0esr-1~deb9u1 [Sat, 07 Dec 2019 08:58:01 +0900] Mike Hommey <glandium@debian.org>: * New upstream release. <http://10.200.17.11/4.4-3/#1041555630831067307>
OK: yaml OK: announce_errata OK: patch OK: piuparts [4.4-3] e8eae9183e Bug #50702: firefox-esr 68.4.1esr-1~deb9u1 doc/errata/staging/firefox-esr.yaml | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+)
<http://errata.software-univention.de/ucs/4.4/416.html>