Univention Bugzilla – Bug 55974
firefox-esr: Multiple issues (5.0)
Last modified: 2023-04-19 12:59:52 CEST
New Debian firefox-esr 102.10.0esr-1~deb10u1 fixes: This update addresses the following issues: * Memory Corruption in Safe Browsing Code (CVE-2023-1945) * Fullscreen notification obscured (CVE-2023-29533) * Potential Memory Corruption following Garbage Collector compaction (CVE-2023-29535) * Invalid free from JavaScript code (CVE-2023-29536) * Content-Disposition filename truncation leads to Reflected File Download (CVE-2023-29539) * Files with malicious extensions could have been downloaded unsafely on Linux (CVE-2023-29541) * Incorrect optimization result on ARM64 (CVE-2023-29548) * Memory safety bugs fixed in Firefox 112 and Firefox ESR 102.10 (CVE-2023-29550)
--- mirror/ftp/pool/main/f/firefox-esr/firefox-esr_102.9.0esr-1~deb10u1.dsc +++ apt/ucs_5.0-0-errata5.0-3/source/firefox-esr_102.10.0esr-1~deb10u1.dsc @@ -1,3 +1,19 @@ +102.10.0esr-1~deb10u1 [Wed, 12 Apr 2023 12:00:41 +0200] Emilio Pozuelo Monfort <pochu@debian.org>: + + * Backport to buster. + +102.10.0esr-1 [Wed, 12 Apr 2023 06:37:17 +0900] Mike Hommey <glandium@debian.org>: + + * New upstream release. + * Fixes for mfsa2023-14, also known as: + CVE-2023-29533, CVE-2023-29535, CVE-2023-29536, CVE-2023-29539, + CVE-2023-29541, CVE-2023-1945, CVE-2023-29548, CVE-2023-29550. + +102.9.0esr-2 [Sat, 18 Mar 2023 06:53:38 +0900] Mike Hommey <glandium@debian.org>: + + * gfx/skia/generate_mozbuild.py, gfx/skia/moz.build: Remove explicit NEON + flags from skia build. Closes: #982794. Thanks Emanuele Rocca. + 102.9.0esr-1~deb10u1 [Wed, 15 Mar 2023 12:53:54 +0100] Emilio Pozuelo Monfort <pochu@debian.org>: * Backport to buster. <http://piuparts.knut.univention.de/5.0-3/#8999900976144177321>
OK: bug OK: yaml OK: announce_errata OK: patch OK: piuparts [5.0-3] 180c19d032 Bug #55974: firefox-esr 102.10.0esr-1~deb10u1 doc/errata/staging/firefox-esr.yaml | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) [5.0-3] 11504fc041 Bug #55974: firefox-esr 102.10.0esr-1~deb10u1 doc/errata/staging/firefox-esr.yaml | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+)
<https://errata.software-univention.de/#/?erratum=5.0x643>