Univention Bugzilla – Bug 54819
firefox-esr: Multiple issues (5.0)
Last modified: 2022-06-08 16:50:33 CEST
New Debian firefox-esr 91.10.0esr-1~deb10u1 fixes: This update addresses the following issues: * Cross-Origin resource's length leaked (CVE-2022-31736) * Heap buffer overflow in WebGL (CVE-2022-31737) * Browser window spoof using fullscreen mode (CVE-2022-31738) * Register allocation problem in WASM on arm64 (CVE-2022-31740) * Uninitialized variable leads to invalid memory read (CVE-2022-31741) * Querying a WebAuthn token with a large number of allowCredential entries may have leaked cross-origin information (CVE-2022-31742) * Memory safety bugs fixed in Firefox 101 and Firefox ESR 91.10 (CVE-2022-31747)
--- mirror/ftp/pool/main/f/firefox-esr/firefox-esr_91.9.1esr-1~deb10u1.dsc +++ apt/ucs_5.0-0-errata5.0-1/source/firefox-esr_91.10.0esr-1~deb10u1.dsc @@ -1,3 +1,10 @@ +91.10.0esr-1~deb10u1 [Wed, 01 Jun 2022 05:24:22 +0900] Mike Hommey <glandium@debian.org>: + + * New upstream release. + * Fixes for mfsa2022-21, also known as: + CVE-2022-31736, CVE-2022-31737, CVE-2022-31738, CVE-2022-31740, + CVE-2022-31741, CVE-2022-31742, CVE-2022-31747. + 91.9.1esr-1~deb10u1 [Sat, 21 May 2022 06:22:04 +0900] Mike Hommey <glandium@debian.org>: * New upstream release. <http://piuparts.knut.univention.de/5.0-1/#5129370392072572921>
OK: yaml OK: announce_errata OK: patch OK: piuparts [5.0-1] 202dca48ac Bug #54819: firefox-esr 91.10.0esr-1~deb10u1 doc/errata/staging/firefox-esr.yaml | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+)
<https://errata.software-univention.de/#/?erratum=5.0x326>