Univention Bugzilla – Bug 52266
firefox-esr: Multiple issues (4.4)
Last modified: 2020-10-28 12:49:27 CET
New Debian firefox-esr 78.4.0esr-1~deb9u1 fixes: This update addresses the following issues: * Memory safety bugs fixed in Firefox 82 and Firefox ESR 78.4 (CVE-2020-15683) * Use after free in WebRTC (CVE-2020-15969)
--- mirror/ftp/4.4/unmaintained/component/4.4-6-errata/source/firefox-esr_78.3.0esr-1~deb9u2.dsc +++ apt/ucs_4.4-0-errata4.4-6/source/firefox-esr_78.4.0esr-1~deb9u1.dsc @@ -1,14 +1,32 @@ -78.3.0esr-1~deb9u2 [Tue, 29 Sep 2020 10:01:59 +0200] Emilio Pozuelo Monfort <pochu@debian.org>: +78.4.0esr-1~deb9u1 [Wed, 21 Oct 2020 10:07:45 +0200] Emilio Pozuelo Monfort <pochu@debian.org>: - * Don't set NASM on non-x86. + * Backport to stretch. + * Re-add debian-hacks/build-with-libstdc++-7.patch. + * debian/rules: add missing LDFLAGS, accidentally removed in 78.4.0esr-1. -78.3.0esr-1~deb9u1 [Wed, 23 Sep 2020 11:03:28 +0200] Emilio Pozuelo Monfort <pochu@debian.org>: +78.4.0esr-1 [Wed, 21 Oct 2020 06:35:35 +0900] Mike Hommey <glandium@debian.org>: - * Non-maintainer upload. - * Backport to stretch. - * debian/l10n/gen: open iso-codes files as unicode. - * Build with LLVM 7, 4.0 doesn't support -std=gnu++17. - * Build with GCC 7 from gcc-mozilla. + * New upstream release. + * Fixes for mfsa2020-46, also known as: + CVE-2020-15969, CVE-2020-15683. + + [Emilio Pozuelo Monfort] + * debian/browser.bug-presubj.in, debian/control.in, debian/rules, + debian/symbols.mk, debian/upstream.mk: Remove support for jessie. + * debian/control.in, debian/rules: stretch: build with LLVM 7, 4.0 doesn't + support -std=gnu++17. + * debian/rules: + - stretch: build with GCC 7 from gcc-mozilla. + - Call python with -B when regenerating the control files, so as to not + generate bytecode files. + - Call debian/l10n/gen with C.UTF-8 as the locale, otherwise it fails + in stretch when opening the iso-codes files. + - stretch: don't set NASM on !x86. + +78.3.0esr-2 [Wed, 23 Sep 2020 12:53:29 +0900] Mike Hommey <glandium@debian.org>: + + * third-party/rust/authenticator/src/linux/ioctl_mips*.rs: Add missing + bindings for mips*. 78.3.0esr-1 [Wed, 23 Sep 2020 07:25:27 +0900] Mike Hommey <glandium@debian.org>: <http://10.200.17.11/4.4-6/#462842615476549>
OK: yaml OK: announce_errata OK: patch OK: piuparts [4.4-6] 65fcc579a2 Bug #52266: firefox-esr 78.4.0esr-1~deb9u1 doc/errata/staging/firefox-esr.yaml | 15 +++++++++++++++ 1 file changed, 15 insertions(+)
<https://errata.software-univention.de/#/?erratum=4.4x782>