Univention Bugzilla – Bug 55143
firefox-esr: Multiple issues (5.0)
Last modified: 2022-08-31 12:19:39 CEST
New Debian firefox-esr 91.13.0esr-1~deb10u1 fixes: This update addresses the following issues: * Address bar spoofing via XSLT error handling (CVE-2022-38472) * Cross-origin XSLT Documents would have inherited the parent's permissions (CVE-2022-38473) * Memory safety bugs fixed in Firefox 104, Firefox ESR 102.2, and Firefox ESR 91.13 (CVE-2022-38478)
--- mirror/ftp/pool/main/f/firefox-esr/firefox-esr_91.12.0esr-1~deb10u1.dsc +++ apt/ucs_5.0-0-errata5.0-2/source/firefox-esr_91.13.0esr-1~deb10u1.dsc @@ -1,3 +1,9 @@ +91.13.0esr-1~deb10u1 [Wed, 24 Aug 2022 06:09:13 +0900] Mike Hommey <glandium@debian.org>: + + * New upstream release. + * Fixes for mfsa2022-35, also known as: + CVE-2022-38472, CVE-2022-38473, CVE-2022-38478. + 91.12.0esr-1~deb10u1 [Wed, 27 Jul 2022 09:08:20 +0900] Mike Hommey <glandium@debian.org>: * New upstream release. <http://piuparts.knut.univention.de/5.0-2/#3740372075370730426>
OK: yaml OK: announce_errata OK: patch OK: piuparts [5.0-2] f8e4e41844 Bug #55143: firefox-esr 91.13.0esr-1~deb10u1 doc/errata/staging/firefox-esr.yaml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) [5.0-2] f1e8634505 Bug #55143: firefox-esr 91.13.0esr-1~deb10u1 doc/errata/staging/firefox-esr.yaml | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+)
<https://errata.software-univention.de/#/?erratum=5.0x396>