Univention Bugzilla – Bug 51615
firefox-esr: Multiple issues (4.4)
Last modified: 2020-07-08 15:09:09 CEST
New Debian firefox-esr 68.10.0esr-1~deb9u1 fixes: This update addresses the following issues: * Memory corruption due to missing sign-extension for ValueTags on ARM64 (CVE-2020-12417) * Information disclosure due to manipulated URL object (CVE-2020-12418) * Use-after-free in nsGlobalWindowInner (CVE-2020-12419) * Use-After-Free when trying to connect to a STUN server (CVE-2020-12420) * Add-On updates did not respect the same certificate trust rules as software updates (CVE-2020-12421)
--- mirror/ftp/4.4/unmaintained/component/4.4-4-errata/source/firefox-esr_68.9.0esr-1~deb9u1.dsc +++ apt/ucs_4.4-0-errata4.4-4/source/firefox-esr_68.10.0esr-1~deb9u1.dsc @@ -1,3 +1,10 @@ +68.10.0esr-1~deb9u1 [Wed, 01 Jul 2020 09:08:58 +0900] Mike Hommey <glandium@debian.org>: + + * New upstream release + * Fixes for mfsa2020-25, also known as: + CVE-2020-12417, CVE-2020-12418, CVE-2020-12419, CVE-2020-12420, + CVE-2020-12421. + 68.9.0esr-1~deb9u1 [Wed, 03 Jun 2020 06:11:28 +0900] Mike Hommey <glandium@debian.org>: * New upstream release <http://10.200.17.11/4.4-4/#426127680745575454>
OK: yaml OK: announce_errata OK: patch OK: piuparts [4.4-4] 69e019c79f Bug #51615: firefox-esr 68.10.0esr-1~deb9u1 doc/errata/staging/firefox-esr.yaml | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+)
<http://errata.software-univention.de/ucs/4.4/649.html>