Univention Bugzilla – Bug 55349
firefox-esr: Multiple issues (5.0)
Last modified: 2022-11-02 16:47:14 CET
New Debian firefox-esr 102.4.0esr-1~deb10u1 fixes: This update addresses the following issues: * Same-origin policy violation could have leaked cross-origin URLs (CVE-2022-42927) * Memory Corruption in JS Engine (CVE-2022-42928) * Denial of Service via window.print (CVE-2022-42929) * Memory safety bugs fixed in Firefox ESR 102.4 and Thunderbird 102.4 (CVE-2022-42932)
--- mirror/ftp/pool/main/f/firefox-esr/firefox-esr_102.3.0esr-1~deb10u2.dsc +++ apt/ucs_5.0-0-errata5.0-2/source/firefox-esr_102.4.0esr-1~deb10u1.dsc @@ -1,3 +1,16 @@ +102.4.0esr-1~deb10u1 [Wed, 19 Oct 2022 16:25:38 +0200] Emilio Pozuelo Monfort <pochu@debian.org>: + + * Backport to buster. Remaining changes: + - Use internal libevent, the system one is too old. + - Build swgl with -fno-inline on arm* and i386, due to ICEs with GCC 8. + - Fix build failure on at least i386 on TestCombinedStacks.cpp. + +102.4.0esr-1 [Wed, 19 Oct 2022 05:04:39 +0900] Mike Hommey <glandium@debian.org>: + + * New upstream release. + * Fixes for mfsa2022-45, also known as: + CVE-2022-42927, CVE-2022-42928, CVE-2022-42929, CVE-2022-42932. + 102.3.0esr-1~deb10u2 [Mon, 26 Sep 2022 13:14:57 +0200] Emilio Pozuelo Monfort <pochu@debian.org>: * Build swgl with -fno-inline on arm* and i386, due to ICEs with GCC 8. <http://piuparts.knut.univention.de/5.0-2/#8404621448866274963>
OK: yaml OK: announce_errata OK: patch OK: piuparts [5.0-2] ba88f6b1e8 Bug #55349: firefox-esr 102.4.0esr-1~deb10u1 doc/errata/staging/firefox-esr.yaml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) [5.0-2] 53b3f155c6 Bug #55349: firefox-esr 102.4.0esr-1~deb10u1 doc/errata/staging/firefox-esr.yaml | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+)
<https://errata.software-univention.de/#/?erratum=5.0x473>