Univention Bugzilla – Bug 51265
firefox-esr: Multiple issues (4.4)
Last modified: 2020-05-13 15:28:35 CEST
New Debian firefox-esr 68.8.0esr-1~deb9u1 fixes: This update addresses the following issues: * Buffer overflow in AUTH chunk input validation (CVE-2020-6831) * Use-after-free during worker shutdown (CVE-2020-12387) * Arbitrary local file access with 'Copy as cURL' (CVE-2020-12392) * Memory safety bugs fixed in Firefox 76 and Firefox ESR 68.8 (CVE-2020-12395)
--- mirror/ftp/4.4/unmaintained/component/4.4-4-errata/source/firefox-esr_68.7.0esr-1~deb9u1.dsc +++ apt/ucs_4.4-0-errata4.4-4/source/firefox-esr_68.8.0esr-1~deb9u1.dsc @@ -1,3 +1,9 @@ +68.8.0esr-1~deb9u1 [Wed, 06 May 2020 05:29:30 +0900] Mike Hommey <glandium@debian.org>: + + * New upstream release + * Fixes for mfsa2020-17, also known as: + CVE-2020-12387, CVE-2020-6831, CVE-2020-12392, CVE-2020-12395. + 68.7.0esr-1~deb9u1 [Wed, 08 Apr 2020 07:54:16 +0900] Mike Hommey <glandium@debian.org>: * New upstream release <http://10.200.17.11/4.4-4/#3256865953282699432>
OK: yaml OK: announce_errata OK: patch FAIL: piuparts; iceweasel-l10n-he installation failed, omar was not reachable. Minor issue with unused translation package. [4.4-4] 567361ba16 Bug #51265: firefox-esr 68.8.0esr-1~deb9u1 doc/errata/staging/firefox-esr.yaml | 31 +++++++++++++++++++++++++++++++ 1 file changed, 31 insertions(+)
<http://errata.software-univention.de/ucs/4.4/590.html>