Univention Bugzilla – Bug 55502
firefox-esr: Multiple issues (5.0)
Last modified: 2022-12-21 20:23:38 CET
New Debian firefox-esr 102.6.0esr-1~deb10u1 fixes: This update addresses the following issues: * Arbitrary file read from a compromised content process (CVE-2022-46872) * Drag and Dropped Filenames could have been truncated to malicious extensions (CVE-2022-46874) * Memory safety bugs fixed in Firefox ESR 102.6 and Thunderbird 102.6 (CVE-2022-46878) * Use-after-free in WebGL (CVE-2022-46880) * Memory corruption in WebGL (CVE-2022-46881) * Use-after-free in WebGL (CVE-2022-46882)
--- mirror/ftp/pool/main/f/firefox-esr/firefox-esr_102.5.0esr-1~deb10u1.dsc +++ apt/ucs_5.0-0-errata5.0-2/source/firefox-esr_102.6.0esr-1~deb10u1.dsc @@ -1,3 +1,14 @@ +102.6.0esr-1~deb10u1 [Wed, 14 Dec 2022 10:53:37 +0100] Emilio Pozuelo Monfort <pochu@debian.org>: + + * Backport to buster. + +102.6.0esr-1 [Wed, 14 Dec 2022 07:48:39 +0900] Mike Hommey <glandium@debian.org>: + + * New upstream release. + * Fixes for mfsa2022-52, also known as: + CVE-2022-46880, CVE-2022-46872, CVE-2022-46881, CVE-2022-46874, + CVE-2022-46882, CVE-2022-46878. + 102.5.0esr-1~deb10u1 [Wed, 16 Nov 2022 09:39:25 +0100] Emilio Pozuelo Monfort <pochu@debian.org>: * Backport to buster. <http://piuparts.knut.univention.de/5.0-2/#3608772332941359057>
OK: bug OK: yaml OK: announce_errata OK: patch OK: piuparts [5.0-2] fd78f4aa7c Bug #55502: firefox-esr 102.6.0esr-1~deb10u1 doc/errata/staging/firefox-esr.yaml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) [5.0-2] e308577d7b Bug #55502: firefox-esr 102.6.0esr-1~deb10u1 doc/errata/staging/firefox-esr.yaml | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+)
<https://errata.software-univention.de/#/?erratum=5.0x516>