Univention Bugzilla – Bug 52414
firefox-esr: Multiple issues (4.4)
Last modified: 2020-11-25 12:08:12 CET
New Debian firefox-esr 78.5.0esr-1~deb9u1 fixes: This update addresses the following issues: * 78.5.0esr-1~deb9u1 (Wed, 18 Nov 2020 11:59:31 +0100) * Backport to stretch. * 78.4.1esr-2 (Tue, 10 Nov 2020 10:23:12 +0900) * Cargo.lock, third_party/rust/proc-macro2, third_party/rust/syn: Update to fix FTBFS with rustc 1.47. bz#1663715. * Variable time processing of cross-origin images during drawImage calls (CVE-2020-16012) * Parsing mismatches could confuse and bypass security sanitizer for chrome privileged code (CVE-2020-26951) * Fullscreen could be enabled without displaying the security UI (CVE-2020-26953) * XSS through paste (manual and clipboard API) (CVE-2020-26956) * Requests intercepted through ServiceWorkers lacked MIME type restrictions (CVE-2020-26958) * Use-after-free in WebRequestService (CVE-2020-26959) * Potential use-after-free in uses of nsTArray (CVE-2020-26960) * DoH did not filter IPv4 mapped IP Addresses (CVE-2020-26961) * Software keyboards may have remembered typed passwords (CVE-2020-26965) * Memory safety bugs fixed in Firefox 83 and Firefox ESR 78.5 (CVE-2020-26968)
--- mirror/ftp/4.4/unmaintained/component/4.4-6-errata/source/firefox-esr_78.4.1esr-1~deb9u1.dsc +++ apt/ucs_4.4-0-errata4.4-6/source/firefox-esr_78.5.0esr-1~deb9u1.dsc @@ -1,3 +1,20 @@ +78.5.0esr-1~deb9u1 [Wed, 18 Nov 2020 11:59:31 +0100] Emilio Pozuelo Monfort <pochu@debian.org>: + + * Backport to stretch. + +78.5.0esr-1 [Wed, 18 Nov 2020 06:23:03 +0900] Mike Hommey <glandium@debian.org>: + + * New upstream release. + * Fixes for mfsa2020-51, also known as: + CVE-2020-26951, CVE-2020-16012, CVE-2020-26953, CVE-2020-26956, + CVE-2020-26958, CVE-2020-26959, CVE-2020-26960, CVE-2020-26961, + CVE-2020-26965, CVE-2020-26968. + +78.4.1esr-2 [Tue, 10 Nov 2020 10:23:12 +0900] Mike Hommey <glandium@debian.org>: + + * Cargo.lock, third_party/rust/proc-macro2, third_party/rust/syn: Update + to fix FTBFS with rustc 1.47. bz#1663715. + 78.4.1esr-1~deb9u1 [Wed, 11 Nov 2020 12:21:29 -0500] Roberto C. Sánchez <roberto@debian.org>: * New upstream release. <http://10.200.17.11/4.4-6/#2468995243885403778>
OK: yaml OK: announce_errata OK: patch OK: piuparts [4.4-6] 74dcd4272a Bug #52414: firefox-esr 78.5.0esr-1~deb9u1 doc/errata/staging/firefox-esr.yaml | 6 ------ 1 file changed, 6 deletions(-) [4.4-6] 80e738fc89 Bug #52414: firefox-esr 78.5.0esr-1~deb9u1 doc/errata/staging/firefox-esr.yaml | 41 +++++++++++++++++++++++++++++++++++++ 1 file changed, 41 insertions(+)
<https://errata.software-univention.de/#/?erratum=4.4x815>