Univention Bugzilla – Bug 54285
firefox-esr: Multiple issues (4.4)
Last modified: 2022-01-05 17:58:56 CET
New Debian firefox-esr 91.4.1esr-1~deb9u1 fixes: This update addresses the following issues: * iframe sandbox rules did not apply to XSLT stylesheets (CVE-2021-38503) * Use-after-free in file picker dialog (CVE-2021-38504) * Firefox could be coaxed into going into fullscreen mode without notification or warning (CVE-2021-38506) * Opportunistic Encryption in HTTP2 could be used to bypass the Same-Origin-Policy on services hosted on other ports (CVE-2021-38507) * Permission Prompt could be overlaid, resulting in user confusion and potential spoofing (CVE-2021-38508) * Javascript alert box could have been spoofed onto an arbitrary domain (CVE-2021-38509) * Mozilla developers and community members reported memory safety bugs present in Firefox 93 and Firefox ESR 91.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3. (CVE-2021-43534) * A use-after-free could have occured when an HTTP2 session object was released on a different thread, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 93, Thunderbird < 91.3, and Firefox ESR < 91.3. (CVE-2021-43535) * URL leakage when navigating while executing asynchronous function (CVE-2021-43536) * Heap buffer overflow when using structured clone (CVE-2021-43537) * Missing fullscreen and pointer lock notification when requesting both (CVE-2021-43538) * GC rooting failure when calling wasm instance methods (CVE-2021-43539) * External protocol handler parameters were unescaped (CVE-2021-43541) * XMLHttpRequest error codes could have leaked the existence of an external protocol handler (CVE-2021-43542) * Bypass of CSP sandbox directive when embedding (CVE-2021-43543) * Denial of Service when using the Location API in a loop (CVE-2021-43545) * Cursor spoofing could overlay user interface when native cursor is zoomed (CVE-2021-43546)
--- mirror/ftp/4.4/unmaintained/component/4.4-8-errata/source/firefox-esr_78.15.0esr-1~deb9u1.dsc +++ apt/ucs_4.4-0-errata4.4-8/source/firefox-esr_91.4.1esr-1~deb9u1.dsc @@ -1,154 +1,248 @@ -78.15.0esr-1~deb9u1 [Mon, 11 Oct 2021 11:05:56 +0200] Emilio Pozuelo Monfort <pochu@debian.org>: - - * New upstream release. - * Fixes for mfsa2021-44, also known as CVE-2021-38496, CVE-2021-38500. - -78.14.0esr-1~deb9u1 [Wed, 08 Sep 2021 13:37:36 +0200] Emilio Pozuelo Monfort <pochu@debian.org>: +91.4.1esr-1~deb9u1 [Mon, 27 Dec 2021 20:03:39 +0100] Emilio Pozuelo Monfort <pochu@debian.org>: * Backport to stretch. - -78.14.0esr-1 [Wed, 08 Sep 2021 06:35:55 +0900] Mike Hommey <glandium@debian.org>: - - * New upstream release. - * Fixes for mfsa2021-39, also known as CVE-2021-38493. + * Build with gcc-mozilla. + * Build with LLVM 11. + * Revert python3.6 build requirement and add patches to build with + python 3.5. + * Fix type mismatch in telemetry test at least on i386. + +91.4.1esr-1~deb11u1 [Sun, 19 Dec 2021 06:44:45 +0900] Mike Hommey <glandium@debian.org>: + + * New upstream release. + + * debian/rules: Build against embedded nspr and nss on bullseye. + * debian/control*: Build against rustc-mozilla/cargo-mozilla on relevant + older release. + * debian/upstream.mk: Add definitions for newer releases of Debian. + +91.4.0esr-1 [Wed, 08 Dec 2021 06:38:58 +0900] Mike Hommey <glandium@debian.org>: + + * New upstream release. + * Fixes cubeb deadlock. Closes: #998679. + * Fixes for mfsa2021-53, also known as: + CVE-2021-43536, CVE-2021-43537, CVE-2021-43538, CVE-2021-43539, + CVE-2021-43541, CVE-2021-43542, CVE-2021-43543, CVE-2021-43545, + CVE-2021-43546, MOZ-2021-0009. + +91.3.0esr-2 [Sat, 27 Nov 2021 06:50:56 +0900] Mike Hommey <glandium@debian.org>: + + * debian/firefox.in: Use `command -v` instead of `which`. Closes: #996455. + + * modules/fdlibm/src/math_private.h: Fix FTBFS on i386. bz#1729459. + * .cargo/config.in, Cargo.lock, Cargo.toml, + third_party/rust/cc/.cargo-checksum.json, + third_party/rust/cc/Cargo.toml, third_party/rust/cc/src/lib.rs, + third_party/rust/cc/src/windows_registry.rs: Update cc crate to + b2f6b146b75299c444e05bbde50d03705c7c4b6e, aka 1.0.71 + GCC-11 fix for + armhf. bz#1739040. + +91.3.0esr-1 [Wed, 03 Nov 2021 06:04:59 +0900] Mike Hommey <glandium@debian.org>: + + * New upstream release. + * Fixes for mfsa2021-49, also known as: + CVE-2021-38503, CVE-2021-38504, CVE-2021-38506, CVE-2021-38507, + MOZ-2021-0008, CVE-2021-38508, CVE-2021-38509, MOZ-2021-0007. + (MOZ-* pending CVE assignment) + +91.2.0esr-1 [Wed, 06 Oct 2021 06:29:51 +0900] Mike Hommey <glandium@debian.org>: + + * New upstream release. + * Fixes for mfsa2021-45, also known as: + CVE-2021-38496, CVE-2021-38497, CVE-2021-38498, CVE-2021-32810, + CVE-2021-38500, CVE-2021-38501. + +91.1.0esr-1 [Wed, 08 Sep 2021 07:46:16 +0900] Mike Hommey <glandium@debian.org>: + + * New upstream release. + * Fixes for mfsa2021-40, also known as CVE-2021-38495. + +91.0.1esr-1 [Wed, 18 Aug 2021 10:28:37 +0900] Mike Hommey <glandium@debian.org>: + + * New upstream release. + * Fixes for mfsa2021-37, also known as CVE-2021-29991. * debian/import-tar.py, debian/repack.py: Fixed for python 3.9. -78.13.0esr-1~deb9u1 [Thu, 12 Aug 2021 10:38:40 +0200] Emilio Pozuelo Monfort <pochu@debian.org>: - - * Backport to stretch. - -78.13.0esr-1 [Wed, 11 Aug 2021 07:51:13 +0900] Mike Hommey <glandium@debian.org>: - - * New upstream release. - * Fixes for mfsa2021-34, also known as: - CVE-2021-29986, CVE-2021-29988, CVE-2021-29984, CVE-2021-29980, - CVE-2021-29985, CVE-2021-29989. - -78.12.0esr-1~deb9u1 [Wed, 14 Jul 2021 14:09:45 +0200] Emilio Pozuelo Monfort <pochu@debian.org>: - - * Backport to stretch. - -78.12.0esr-1 [Wed, 14 Jul 2021 05:58:36 +0900] Mike Hommey <glandium@debian.org>: - - * New upstream release. - * Fixes for mfsa2021-29, also known as: - CVE-2021-29970, CVE-2021-30547, CVE-2021-29976. - -78.11.0esr-1~deb9u1 [Wed, 02 Jun 2021 10:17:13 +0200] Emilio Pozuelo Monfort <pochu@debian.org>: - - * Backport to stretch. - -78.11.0esr-1 [Wed, 02 Jun 2021 05:18:07 +0900] Mike Hommey <glandium@debian.org>: - - * New upstream release. - * Fixes for mfsa2021-24, also known as CVE-2021-29967. - -78.10.0esr-1~deb9u1 [Wed, 21 Apr 2021 23:29:18 +0200] Emilio Pozuelo Monfort <pochu@debian.org>: - - * Backport to stretch. - -78.10.0esr-1 [Tue, 20 Apr 2021 06:36:15 +0900] Mike Hommey <glandium@debian.org>: - - * New upstream release. - * Fixes for mfsa2021-15, also known as: - CVE-2021-23994, CVE-2021-23995, CVE-2021-23998, CVE-2021-23961, - CVE-2021-23999, CVE-2021-24002, CVE-2021-29945, CVE-2021-29946. - -78.9.0esr-1~deb9u1 [Wed, 24 Mar 2021 10:52:26 +0100] Emilio Pozuelo Monfort <pochu@debian.org>: - - * Backport to stretch. - -78.9.0esr-1 [Wed, 24 Mar 2021 05:46:46 +0900] Mike Hommey <glandium@debian.org>: - - * New upstream release. - * Fixes for mfsa2021-11, also known as: - CVE-2021-23981, CVE-2021-23982, CVE-2021-23984, CVE-2021-23987. - -78.8.0esr-1~deb9u1 [Wed, 24 Feb 2021 11:23:49 +0100] Emilio Pozuelo Monfort <pochu@debian.org>: - - * Backport to stretch. - -78.8.0esr-1 [Wed, 24 Feb 2021 06:29:25 +0900] Mike Hommey <glandium@debian.org>: - - * New upstream release. - * Fixes for mfsa2021-08, also known as: - CVE-2021-23969, CVE-2021-23968, CVE-2021-23973, CVE-2021-23978. - -78.7.0esr-1~deb9u1 [Thu, 28 Jan 2021 13:20:54 +0100] Emilio Pozuelo Monfort <pochu@debian.org>: - - * Backport to stretch. - -78.7.0esr-1 [Wed, 27 Jan 2021 08:57:31 +0900] Mike Hommey <glandium@debian.org>: - - * New upstream release. - * Fixes for mfsa2021-04, also known as: - CVE-2021-23953, CVE-2021-23954, CVE-2020-26976, CVE-2021-23960, - CVE-2021-23964. - -78.6.1esr-1~deb9u1 [Thu, 07 Jan 2021 10:38:06 +0100] Emilio Pozuelo Monfort <pochu@debian.org>: - - * Backport to stretch. - -78.6.1esr-1 [Thu, 07 Jan 2021 07:38:33 +0900] Mike Hommey <glandium@debian.org>: +91.0esr-1 [Wed, 11 Aug 2021 11:05:38 +0900] Mike Hommey <glandium@debian.org>: + + * New upstream release. + +91.0-1 [Wed, 11 Aug 2021 07:18:22 +0900] Mike Hommey <glandium@debian.org>: + + * New upstream release. + * Fixes for mfsa2021-33, also known as: + CVE-2021-29986, CVE-2021-29981, CVE-2021-29988, CVE-2021-29984, + CVE-2021-29980, CVE-2021-29987, CVE-2021-29985, CVE-2021-29982, + CVE-2021-29989, CVE-2021-29990. + + * debian/control*: Bump nspr, nss and rustc build dependencies. + +90.0-1 [Wed, 14 Jul 2021 06:07:27 +0900] Mike Hommey <glandium@debian.org>: + + * New upstream release. + * Fixes for mfsa2021-28, also known as: + CVE-2021-29970, CVE-2021-29971, CVE-2021-29972, CVE-2021-29974, + CVE-2021-29975, CVE-2021-29976, CVE-2021-29977. + + * debian/control*: + - Bump nss build dependency. + - Remove libgtk2 build dependency. + * debian/browser.install.in: Don't install gtk2/libmozgtk.so. + + * widget/gtk/mozgtk/moz.build: Remove old workaround for bug #844357, which + was fixed in binutils a long time ago. + +89.0.2-1 [Thu, 24 Jun 2021 07:57:24 +0900] Mike Hommey <glandium@debian.org>: + + * New upstream release. + +89.0.1-1 [Fri, 18 Jun 2021 06:03:11 +0900] Mike Hommey <glandium@debian.org>: + + * New upstream release. + +89.0-1 [Wed, 02 Jun 2021 05:36:18 +0900] Mike Hommey <glandium@debian.org>: + + * New upstream release. + * Fixes for mfsa2021-23, also known as: + CVE-2021-29960, CVE-2021-29961, CVE-2021-29959, CVE-2021-29967, + CVE-2021-29966. + + * debian/control*: Bump nss and cbindgen build dependency. + +88.0.1-1 [Thu, 06 May 2021 07:01:54 +0900] Mike Hommey <glandium@debian.org>: + + * New upstream release. + * Fixes for mfsa2021-20, also known as CVE-2021-29952. + +88.0-1 [Tue, 20 Apr 2021 07:54:02 +0900] Mike Hommey <glandium@debian.org>: + + * New upstream release. + * Fixes for mfsa2021-16, also known as: + CVE-2021-23994, CVE-2021-23995, CVE-2021-23996, CVE-2021-23997, + CVE-2021-23998, CVE-2021-23999, CVE-2021-24000, CVE-2021-24001, + CVE-2021-24002, CVE-2021-29945, CVE-2021-29944, CVE-2021-29946, + CVE-2021-29947. + + * debian/control*: Bump nss build dependency. + +87.0-2 [Wed, 31 Mar 2021 10:12:40 +0900] Mike Hommey <glandium@debian.org>: + + * js/src/jit/mips-shared/CodeGenerator-mips-shared.cpp, + js/src/jit/mips-shared/MacroAssembler-mips-shared*, + js/src/jit/mips*/MacroAssembler-mips*: Add missing JIT functions. + * js/src/jit/mips64/MacroAssembler-mips64.cpp: Fix register conflict + in ma_addPtrTestOverflow. bz#1685662. + * gfx/wr/swgl/src/blend.h, gfx/wr/swgl/src/gl.cc: Don't use always_inline + on large SWGL functions. bz#1700520. + +87.0-1 [Wed, 24 Mar 2021 06:06:10 +0900] Mike Hommey <glandium@debian.org>: + + * New upstream release. + * Fixes for mfsa2021-10, also known as: + CVE-2021-23981, CVE-2021-23982, CVE-2021-23983, CVE-2021-23984, + CVE-2021-23985, CVE-2021-23986, CVE-2021-23987, CVE-2021-23988. + + * debian/control*: Bump nss build dependency. + +86.0.1-1 [Fri, 12 Mar 2021 10:30:34 +0900] Mike Hommey <glandium@debian.org>: + + * New upstream release. + +86.0-2 [Tue, 09 Mar 2021 07:24:46 +0900] Mike Hommey <glandium@debian.org>: + + * gfx/qcms/src/iccread.rs: Fix startup crash with malformed ICC profiles. + bz#1694670. + +86.0-1 [Wed, 24 Feb 2021 06:57:42 +0900] Mike Hommey <glandium@debian.org>: + + * New upstream release. + * Fixes for mfsa2021-07, also known as: + CVE-2021-23969, CVE-2021-23970, CVE-2021-23968, CVE-2021-23974, + CVE-2021-23971, CVE-2021-23972, CVE-2021-23975, CVE-2021-23973, + CVE-2021-23978, CVE-2021-23979. + + * debian/control*: Bump nss and cbindgen build dependencies. + +85.0.1-1 [Sat, 06 Feb 2021 07:54:04 +0900] Mike Hommey <glandium@debian.org>: + + * New upstream release. + + * build/moz.configure/rust.configure, debian/control*: Allow to build with + cargo in unstable. + +85.0-1 [Wed, 27 Jan 2021 09:06:28 +0900] Mike Hommey <glandium@debian.org>: + + * New upstream release. + * Fixes for mfsa2021-03, also known as: + CVE-2021-23953, CVE-2021-23954, CVE-2021-23955, CVE-2021-23956, + CVE-2021-23958, CVE-2021-23960, CVE-2021-23961, CVE-2021-23962, + CVE-2021-23963, CVE-2021-23964, CVE-2021-23965. + + * debian/control*: Bump rustc, cargo and nss build dependencies. + +84.0.2-1 [Thu, 07 Jan 2021 07:27:55 +0900] Mike Hommey <glandium@debian.org>: * New upstream release. * Fixes for mfsa2021-01, also known as CVE-2020-16044. -78.6.0esr-1~deb9u1 [Wed, 16 Dec 2020 08:55:43 +0100] Emilio Pozuelo Monfort <pochu@debian.org>: - - * Backport to stretch. - -78.6.0esr-1 [Wed, 16 Dec 2020 05:57:15 +0900] Mike Hommey <glandium@debian.org>: - - * New upstream release. - * Fixes for mfsa2020-55, also known as: - CVE-2020-16042, CVE-2020-26971, CVE-2020-26973, CVE-2020-26974, - CVE-2020-26978, CVE-2020-35111, CVE-2020-35113. - -78.5.0esr-1~deb9u1 [Wed, 18 Nov 2020 11:59:31 +0100] Emilio Pozuelo Monfort <pochu@debian.org>: - - * Backport to stretch. - -78.5.0esr-1 [Wed, 18 Nov 2020 06:23:03 +0900] Mike Hommey <glandium@debian.org>: - - * New upstream release. - * Fixes for mfsa2020-51, also known as: - CVE-2020-26951, CVE-2020-16012, CVE-2020-26953, CVE-2020-26956, - CVE-2020-26958, CVE-2020-26959, CVE-2020-26960, CVE-2020-26961, - CVE-2020-26965, CVE-2020-26968. - -78.4.1esr-2 [Tue, 10 Nov 2020 10:23:12 +0900] Mike Hommey <glandium@debian.org>: - - * Cargo.lock, third_party/rust/proc-macro2, third_party/rust/syn: Update - to fix FTBFS with rustc 1.47. bz#1663715. - -78.4.1esr-1~deb9u1 [Wed, 11 Nov 2020 12:21:29 -0500] Roberto C. Sánchez <roberto@debian.org>: + * debian/control*: Bump nss build dependency. + +84.0-3 [Fri, 18 Dec 2020 10:09:12 +0900] Mike Hommey <glandium@debian.org>: + + * debian/browser.install.in: s/aarch64/arm64/, facepalm. + +84.0-2 [Fri, 18 Dec 2020 05:59:54 +0900] Mike Hommey <glandium@debian.org>: + + * debian/browser.install.in: Install libmozsandbox.so on aarch64 and arm*. + +84.0-1 [Wed, 16 Dec 2020 06:30:02 +0900] Mike Hommey <glandium@debian.org>: + + * New upstream release. + * Fixes for mfsa2020-54, also known as: + CVE-2020-16042, CVE-2020-26971, CVE-2020-26972, CVE-2020-26973, + CVE-2020-26974, CVE-2020-26976, CVE-2020-26978, CVE-2020-26979, + CVE-2020-35111, CVE-2020-35113, CVE-2020-35114. + + * debian/control*: Bump nss build dependency. + + * build/moz.configure/rust.configure, debian/control*: Revert changes from + 79.0-1 allowing to build with cargo in unstable as of 2020-07-29 because + we have the right version now. + * intl/icu_sources_data.py: Revert changes from 72.0-1 to avoid building + ICU in parallel because we don't build ICU using this script anymore. + +83.0-1 [Wed, 18 Nov 2020 07:06:09 +0900] Mike Hommey <glandium@debian.org>: + + * New upstream release. + * Fixes for mfsa2020-50, also known as: + CVE-2020-26951, CVE-2020-26952, CVE-2020-16012, CVE-2020-26953, + CVE-2020-26956, CVE-2020-26958, CVE-2020-26959, CVE-2020-26960, + CVE-2020-26961, CVE-2020-26962, CVE-2020-26963, CVE-2020-26965, + CVE-2020-26967, CVE-2020-26968, CVE-2020-26969. + + * debian/control*: Bump nss and cbindgen build dependencies. + +82.0.3-1 [Tue, 10 Nov 2020 07:32:32 +0900] Mike Hommey <glandium@debian.org>: * New upstream release. * Fixes for mfsa2020-49, also known as CVE-2020-26950. -78.4.1esr-1 [Tue, 10 Nov 2020 07:27:07 +0900] Mike Hommey <glandium@debian.org>: - - * New upstream release. - * Fixes for mfsa2020-49, also known as CVE-2020-26950. - -78.4.0esr-2 [Wed, 21 Oct 2020 13:19:24 +0900] Mike Hommey <glandium@debian.org>: - - * debian/rules: Restore parts of debian/rules that were removed by mistake - in 78.4.0esr-1, causing FTBFS on at least amd64. - -78.4.0esr-1~deb9u1 [Wed, 21 Oct 2020 10:07:45 +0200] Emilio Pozuelo Monfort <pochu@debian.org>: - - * Backport to stretch. - * Re-add debian-hacks/build-with-libstdc++-7.patch. - * debian/rules: add missing LDFLAGS, accidentally removed in 78.4.0esr-1. - -78.4.0esr-1 [Wed, 21 Oct 2020 06:35:35 +0900] Mike Hommey <glandium@debian.org>: - - * New upstream release. - * Fixes for mfsa2020-46, also known as: - CVE-2020-15969, CVE-2020-15683. +82.0.2-1 [Fri, 30 Oct 2020 06:03:59 +0900] Mike Hommey <glandium@debian.org>: + + * New upstream release. + + * debian/control*: Remove autoconf2.13 build dependency. + + * config/external/icu/data/moz.build: Use the right data file for ICU on + big endians. bz#1673769. + +82.0-1 [Wed, 21 Oct 2020 11:53:39 +0900] Mike Hommey <glandium@debian.org>: + + * New upstream release. + * Fixes for mfsa2020-45, also known as: + CVE-2020-15969, CVE-2020-15254, CVE-2020-15680, CVE-2020-15681, + CVE-2020-15682, CVE-2020-15683, CVE-2020-15684. [Emilio Pozuelo Monfort] * debian/browser.bug-presubj.in, debian/control.in, debian/rules, @@ -163,29 +257,62 @@ in stretch when opening the iso-codes files. - stretch: don't set NASM on !x86. -78.3.0esr-2 [Wed, 23 Sep 2020 12:53:29 +0900] Mike Hommey <glandium@debian.org>: - - * third-party/rust/authenticator/src/linux/ioctl_mips*.rs: Add missing - bindings for mips*. - -78.3.0esr-1 [Wed, 23 Sep 2020 07:25:27 +0900] Mike Hommey <glandium@debian.org>: - - * New upstream release. - * Fixes for mfsa2020-43, also known as: - CVE-2020-15677, CVE-2020-15676, CVE-2020-15678, CVE-2020-15673. - - * js/src/jit/mips-shared/CodeGenerator-mips-shared.cpp: Add - CodeGenerator::visitWasmRegisterResult function. bz#1649655. + [Mike Hommey] + * debian/control*: Bump nss build dependency. + + * build/unix/elfhack/elf.cpp, build/unix/elfhack/elfxx.h: Fix elfhack + for files > 2GiB and < 4GiB. bz#1495733. + +81.0-2 [Thu, 24 Sep 2020 16:22:35 +0900] Mike Hommey <glandium@debian.org>: + + * dom/media/AsyncLogger.h: Fix AsyncLogger::TracePayload's mName + size calculation. bz#1667007. + +81.0-1 [Wed, 23 Sep 2020 07:56:45 +0900] Mike Hommey <glandium@debian.org>: + + * New upstream release. + * Fixes for mfsa2020-42, also known as: + CVE-2020-15675, CVE-2020-15677, CVE-2020-15676, CVE-2020-15678, + CVE-2020-15673, CVE-2020-15674. + + * debian/control*: Bump nss build dependency. + * debian/rules: Change l10n build integration: + - it is not necessary to override LOCALE_MERGEDIR anymore + - it is not necessary to call compare-locales manually + - set MACH_USE_SYSTEM_PYTHON=1 + * js/src/jit/none/MacroAssembler-none.h: Bump CodeAlignment to 8. bz#1666646. -78.2.0esr-1 [Thu, 03 Sep 2020 09:30:52 +0900] Mike Hommey <glandium@debian.org>: - - * New upstream release. - * Fixes for mfsa2020-32 and mfsa2020-38, also known as: +80.0.1-1 [Thu, 03 Sep 2020 09:36:06 +0900] Mike Hommey <glandium@debian.org>: + + * New upstream release. + +80.0-1 [Wed, 26 Aug 2020 07:24:49 +0900] Mike Hommey <glandium@debian.org>: + + * New upstream release. + * Fixes for mfsa2020-36, also known as: + CVE-2020-15664, CVE-2020-12401, CVE-2020-6829, CVE-2020-12400, + CVE-2020-15665, CVE-2020-15666, CVE-2020-15667, CVE-2020-15668, + CVE-2020-15670. + + * debian/control*: Bump nss build dependency. + +79.0-1 [Wed, 29 Jul 2020 13:45:30 +0900] Mike Hommey <glandium@debian.org>: + + * New upstream release. + * Fixes for mfsa2020-30, also known as: CVE-2020-15652, CVE-2020-6514, CVE-2020-15655, CVE-2020-15653, CVE-2020-6463, CVE-2020-15656, CVE-2020-15658, CVE-2020-15654, - CVE-2020-15659, CVE-2020-15664, CVE-2020-15670. + CVE-2020-15659. + + * debian/control*: Bump cbindgen, rustc, cargo, nss and python3 build + dependencies. + * debian/rules: Add -Cembed-bitcode=yes to rust command lines when + using rustc >= 1.45.0. + + * build/moz.configure/rust.configure, debian/control*: Allow to build with + cargo in unstable as of 2020-07-29. 78.0.2-1 [Fri, 10 Jul 2020 09:37:04 +0900] Mike Hommey <glandium@debian.org>: <http://piuparts.knut.univention.de/4.4-8/#4688587973430255467>
OK: yaml OK: announce_errata OK: patch ~OK: piuparts new language packages `sco` and `szl` [4.4-8] 5f3dab2d68 Bug #54285: firefox-esr 91.4.1esr-1~deb9u1 doc/errata/staging/firefox-esr.yaml | 24 ++++++++++-------------- 1 file changed, 10 insertions(+), 14 deletions(-) [4.4-8] d3a6202ee7 Bug #54285: firefox-esr 91.4.1esr-1~deb9u1 doc/errata/staging/firefox-esr.yaml | 60 +++++++++++++++++++++++++++++++++++++ 1 file changed, 60 insertions(+)
<https://errata.software-univention.de/#/?erratum=4.4x1135>