Univention Bugzilla – Bug 53659
firefox-esr: Multiple issues (4.4)
Last modified: 2021-08-18 17:58:26 CEST
New Debian firefox-esr 78.13.0esr-1~deb9u1 fixes: This update addresses the following issues: * Uninitialized memory in a canvas object could have led to memory corruption (CVE-2021-29980) * Incorrect instruction reordering during JIT optimization (CVE-2021-29984) * Use-after-free media channels (CVE-2021-29985) * Race condition when resolving DNS names could have led to memory corruption (CVE-2021-29986) * Memory corruption as a result of incorrect style treatment (CVE-2021-29988) * Memory safety bugs fixed in Thunderbird 78.13 (CVE-2021-29989)
--- mirror/ftp/4.4/unmaintained/component/4.4-8-errata/source/firefox-esr_78.12.0esr-1~deb9u1.dsc +++ apt/ucs_4.4-0-errata4.4-8/source/firefox-esr_78.13.0esr-1~deb9u1.dsc @@ -1,3 +1,14 @@ +78.13.0esr-1~deb9u1 [Thu, 12 Aug 2021 10:38:40 +0200] Emilio Pozuelo Monfort <pochu@debian.org>: + + * Backport to stretch. + +78.13.0esr-1 [Wed, 11 Aug 2021 07:51:13 +0900] Mike Hommey <glandium@debian.org>: + + * New upstream release. + * Fixes for mfsa2021-34, also known as: + CVE-2021-29986, CVE-2021-29988, CVE-2021-29984, CVE-2021-29980, + CVE-2021-29985, CVE-2021-29989. + 78.12.0esr-1~deb9u1 [Wed, 14 Jul 2021 14:09:45 +0200] Emilio Pozuelo Monfort <pochu@debian.org>: * Backport to stretch. <http://piuparts.knut.univention.de/4.4-8/#4275942195498631436>
OK: yaml OK: announce_errata OK: patch OK: piuparts [4.4-8] 9091dc7e08 Bug #53659: firefox-esr 78.13.0esr-1~deb9u1 doc/errata/staging/firefox-esr.yaml | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+)
<https://errata.software-univention.de/#/?erratum=4.4x1028>