Univention Bugzilla – Bug 50940
firefox-esr: Multiple issues (4.4)
Last modified: 2020-03-18 12:27:52 CET
New Debian firefox-esr 68.6.0esr-1~deb9u1 fixes: This update addresses the following issues: * Out of bounds reads in sctp_load_addresses_from_init (CVE-2019-20503) * Use-after-free when removing data about origins (CVE-2020-6805) * BodyStream::OnInputStreamReady was missing protections against state confusion (CVE-2020-6806) * Use-after-free in cubeb during stream destruction (CVE-2020-6807) * Devtools' 'Copy as cURL' feature did not fully escape website-controlled data, potentially leading to command injection (CVE-2020-6811) * The names of AirPods with personally identifiable information were exposed to websites with camera or microphone permission (CVE-2020-6812) * Memory safety bugs fixed in Firefox 74 and Firefox ESR 68.6 (CVE-2020-6814)
--- mirror/ftp/4.4/unmaintained/component/4.4-3-errata/source/firefox-esr_68.5.0esr-1~deb9u1.dsc +++ apt/ucs_4.4-0-errata4.4-3/source/firefox-esr_68.6.0esr-1~deb9u1.dsc @@ -1,3 +1,10 @@ +68.6.0esr-1~deb9u1 [Wed, 11 Mar 2020 06:59:57 +0900] Mike Hommey <glandium@debian.org>: + + * New upstream release + * Fixes for mfsa2020-09, also known as: + CVE-2020-6805, CVE-2020-6806, CVE-2020-6807, CVE-2020-6811, + CVE-2019-20503, CVE-2020-6812, CVE-2020-6814. + 68.5.0esr-1~deb9u1 [Wed, 12 Feb 2020 06:50:33 +0900] Mike Hommey <glandium@debian.org>: * New upstream release <http://10.200.17.11/4.4-3/#755121027648041002>
OK: yaml OK: announce_errata OK: patch OK: piuparts [4.4-3] 0baa9fc1da Bug #50940: yaml doc/errata/staging/firefox-esr.yaml | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+)
<http://errata.software-univention.de/ucs/4.4/483.html>