Univention Bugzilla – Bug 52528
firefox-esr: Multiple issues (4.4)
Last modified: 2021-01-06 16:53:43 CET
New Debian firefox-esr 78.6.0esr-1~deb9u1 fixes: This update addresses the following issues: * Uninitialized Use in V8 (CVE-2020-16042) * Heap buffer overflow in WebGL (CVE-2020-26971) * CSS Sanitizer performed incorrect sanitization (CVE-2020-26973) * Incorrect cast of StyleGenericFlexBasis resulted in a heap use-after-free (CVE-2020-26974) * Internal network hosts could have been probed by a malicious webpage (CVE-2020-26978) * The proxy.onRequest API did not catch view-source URLs (CVE-2020-35111) * Memory safety bugs fixed in Firefox 84 and Firefox ESR 78.6 (CVE-2020-35113)
--- mirror/ftp/4.4/unmaintained/4.4-7/source/firefox-esr_78.5.0esr-1~deb9u1.dsc +++ apt/ucs_4.4-0-errata4.4-7/source/firefox-esr_78.6.0esr-1~deb9u1.dsc @@ -1,3 +1,14 @@ +78.6.0esr-1~deb9u1 [Wed, 16 Dec 2020 08:55:43 +0100] Emilio Pozuelo Monfort <pochu@debian.org>: + + * Backport to stretch. + +78.6.0esr-1 [Wed, 16 Dec 2020 05:57:15 +0900] Mike Hommey <glandium@debian.org>: + + * New upstream release. + * Fixes for mfsa2020-55, also known as: + CVE-2020-16042, CVE-2020-26971, CVE-2020-26973, CVE-2020-26974, + CVE-2020-26978, CVE-2020-35111, CVE-2020-35113. + 78.5.0esr-1~deb9u1 [Wed, 18 Nov 2020 11:59:31 +0100] Emilio Pozuelo Monfort <pochu@debian.org>: * Backport to stretch. <http://10.200.17.11/4.4-7/#1374386957790192975>
OK: yaml OK: announce_errata OK: patch OK: piuparts [4.4-7] 675965f259 Bug #52528: firefox-esr 78.6.0esr-1~deb9u1 doc/errata/staging/firefox-esr.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) [4.4-7] ba158bda15 Bug #52528: firefox-esr 78.6.0esr-1~deb9u1 doc/errata/staging/firefox-esr.yaml | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+)
<https://errata.software-univention.de/#/?erratum=4.4x852>