Univention Bugzilla – Bug 52998
firefox-esr: Multiple issues (4.4)
Last modified: 2021-03-31 18:36:52 CEST
New Debian firefox-esr 78.9.0esr-1~deb9u1 fixes: This update addresses the following issues: * Texture upload into an unbound backing buffer resulted in an out-of-bound read (CVE-2021-23981) * Internal network hosts could have been probed by a malicious webpage (CVE-2021-23982) * Malicious extensions could have spoofed popup information (CVE-2021-23984) * Memory safety bugs fixed in Firefox 87 and Firefox ESR 78.9 (CVE-2021-23987)
--- mirror/ftp/4.4/unmaintained/component/4.4-7-errata/source/firefox-esr_78.8.0esr-1~deb9u1.dsc +++ apt/ucs_4.4-0-errata4.4-7/source/firefox-esr_78.9.0esr-1~deb9u1.dsc @@ -1,3 +1,13 @@ +78.9.0esr-1~deb9u1 [Wed, 24 Mar 2021 10:52:26 +0100] Emilio Pozuelo Monfort <pochu@debian.org>: + + * Backport to stretch. + +78.9.0esr-1 [Wed, 24 Mar 2021 05:46:46 +0900] Mike Hommey <glandium@debian.org>: + + * New upstream release. + * Fixes for mfsa2021-11, also known as: + CVE-2021-23981, CVE-2021-23982, CVE-2021-23984, CVE-2021-23987. + 78.8.0esr-1~deb9u1 [Wed, 24 Feb 2021 11:23:49 +0100] Emilio Pozuelo Monfort <pochu@debian.org>: * Backport to stretch. <http://piuparts.knut.univention.de/4.4-7/#3713166026231908814>
OK: yaml OK: announce_errata OK: patch OK: piuparts [4.4-7] 6150685f35 Bug #52998: firefox-esr 78.9.0esr-1~deb9u1 doc/errata/staging/firefox-esr.yaml | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+)
<https://errata.software-univention.de/#/?erratum=4.4x938>