Bug 36175

Summary:	Firefox: Security issues from 31.2 (3.2)
Product:	UCS	Reporter:	Moritz Muehlenhoff <jmm>
Component:	Security updates	Assignee:	Janek Walkenhorst <walkenhorst>
Status:	CLOSED FIXED	QA Contact:	Philipp Hahn <hahn>
Severity:	normal
Priority:	P5	CC:	gohmann
Version:	UCS 3.2
Target Milestone:	UCS 3.2-3-errata
Hardware:	Other
OS:	Linux
What kind of report is it?:	---	What type of bug is this?:	---
Who will be affected by this bug?:	---	How will those affected feel about the bug?:	---
User Pain:		Enterprise Customer affected?:
School Customer affected?:		ISV affected?:
Waiting Support:		Flags outvoted (downgraded) after PO Review:
Ticket number:		Bug group (optional):
Max CVSS v3 score:

Description Moritz Muehlenhoff

2014-10-15 14:20:24 CEST

We need to migrate to the new ESR31 series, ESR24 is no longer supported.

Memory corruption in the browser engine (CVE-2014-1574) 
Buffer overflow in CSS parsing (CVE-2014-1576)
Memory corruption in Web Audio (CVE-2014-1577)
Out-of-bounds write in WebM playback (CVE-2014-1578)
Use-after-free in text rendering (CVE-2014-1581)
Information leak in WebRTC (CVE-2014-1585, CVE-2014-1586)
Bypass of the same-origin policy (CVE-2014-1583)

Comment 1 Janek Walkenhorst

2014-10-28 17:09:55 CET

Imported 31.2.0 ESR
Tests (i386): OK
Advisories: 2014-10-28-firefox-{de,en}.yaml

Comment 2 Philipp Hahn

2014-10-28 17:52:51 CET

OK: apt-cache policy firefox-de firefox-en
OK: about: 31.2.0
OK: amd64 i386
OK: firefox-{en,de}
OK: http://google.de/
OK: http://univention.de/
OK: https://forge.univention.org/
OK: http://www.tagesschau.de/
OK: http://youtube.com/
OK: /usr/sbin/announce_errata -V 2014-10-28-firefox-de.yaml
OK: /usr/sbin/announce_errata -V 2014-10-28-firefox-en.yaml
OK: errata-test firefox-de
OK: Update, Replace, Install

Comment 3 Janek Walkenhorst

2014-10-30 14:14:25 CET

http://errata.univention.de/ucs/3.2/231.html

Comment 4 Janek Walkenhorst

2014-10-30 14:14:38 CET

http://errata.univention.de/ucs/3.2/232.html