Univention Bugzilla – Full Text Bug Listing |
Summary: | firefox-esr: Multiple issues (4.2) | ||
---|---|---|---|
Product: | UCS | Reporter: | Quality Assurance <qa> |
Component: | Security updates | Assignee: | Quality Assurance <qa> |
Status: | CLOSED FIXED | QA Contact: | Philipp Hahn <hahn> |
Severity: | normal | ||
Priority: | P3 | ||
Version: | UCS 4.2 | ||
Target Milestone: | UCS 4.2-5-errata | ||
Hardware: | All | ||
OS: | Linux | ||
What kind of report is it?: | Security Issue | What type of bug is this?: | --- |
Who will be affected by this bug?: | --- | How will those affected feel about the bug?: | --- |
User Pain: | Enterprise Customer affected?: | ||
School Customer affected?: | ISV affected?: | ||
Waiting Support: | Flags outvoted (downgraded) after PO Review: | ||
Ticket number: | Bug group (optional): | ||
Max CVSS v3 score: | 8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) |
Description
Quality Assurance
2018-12-18 08:45:28 CET
--- mirror/ftp/4.2/unmaintained/component/4.2-5-errata/source/firefox-esr_60.3.0esr-1~deb8u1.dsc +++ apt/ucs_4.2-0-errata4.2-5/source/firefox-esr_60.4.0esr-1~deb8u1.dsc @@ -1,10 +1,37 @@ -60.3.0esr-1~deb8u1 [Wed, 31 Oct 2018 10:24:02 +0100] Emilio Pozuelo Monfort <pochu@debian.org>: +60.4.0esr-1~deb8u1 [Wed, 12 Dec 2018 10:43:12 +0100] Emilio Pozuelo Monfort <pochu@debian.org>: - * Backport to jessie. + * Non-maintainer upload by the LTS team. * Build against the embedded jsoncpp, jessie's one is too old. - * Disable elf hack. -60.3.0esr-1~deb9u1 [Wed, 24 Oct 2018 07:17:22 +0900] Mike Hommey <glandium@debian.org>: +60.4.0esr-1 [Wed, 12 Dec 2018 08:29:04 +0900] Mike Hommey <glandium@debian.org>: + + * New upstream release. + * Fixes for mfsa2018-30, also known as: + CVE-2018-17466, CVE-2018-18492, CVE-2018-18493, CVE-2018-18494, + CVE-2018-18498, CVE-2018-12405. + +60.3.0esr-3 [Wed, 28 Nov 2018 14:28:56 +0900] Mike Hommey <glandium@debian.org>: + + * debian/browser.install.in, debian/rules: Properly copy the watermark to + /usr/share/icons/hicolor/symbolic/apps. + * debian/rules: Pass compiler and compiler flags environment variables + down to ICU configure. That will make it use GCC instead of defaulting + to clang now it's in PATH, avoiding the failing to build the ICU data + file on big endian platforms because clang doesn't know some of the GCC + flags it somehow got from the environment. + +60.3.0esr-2 [Mon, 26 Nov 2018 10:42:42 +0900] Mike Hommey <glandium@debian.org>: + + * debian/control*: Build depend on unversioned clang/llvm. + Closes: #912804. + * debian/rules: Use embedded libevent in backports. Closes: #910397. + + * build/unix/elfhack/test.c: Try to ensure the bss section of the + elfhack testcase stays large enough. bz#1505608. + * memory/build/mozjemalloc.cpp: Fix run sizes for size classes >= 16KB + on systems with large pages. bz#1507035. Closes: #911898. + +60.3.0esr-1 [Wed, 24 Oct 2018 07:08:43 +0900] Mike Hommey <glandium@debian.org>: * New upstream release. * Fixes for mfsa2018-27, also known as: @@ -14,7 +41,7 @@ * debian/rules: Work around armel FTBFS from conflicting __sync_* symbols between libgcc and rust's compiler_builtins. -60.2.2esr-1~deb9u1 [Wed, 03 Oct 2018 07:28:38 +0900] Mike Hommey <glandium@debian.org>: +60.2.2esr-1 [Wed, 03 Oct 2018 07:28:38 +0900] Mike Hommey <glandium@debian.org>: * New upstream release. * Fixes for mfsa2018-24, also known as: @@ -25,13 +52,15 @@ * debian/control*, debian/browser.mozconfig.in: Build ALSA support. Closes: #864987, #900062, #908349 -60.2.1esr-1~deb9u1 [Sat, 22 Sep 2018 08:10:27 +0900] Mike Hommey <glandium@debian.org>: +60.2.1esr-1 [Sat, 22 Sep 2018 08:10:27 +0900] Mike Hommey <glandium@debian.org>: * New upstream release. * Fixes for mfsa2018-23, also known as: CVE-2018-12385, CVE-2018-12383. * debian/control*: + - Remove the sqlite and nss dependencies when not building against the + system libraries. - Enforce nss, nspr and sqlite dependencies to the same versions as build dependencies. There are subtle non-ABI differences between versions that Firefox might be relying on (be it features, behavior @@ -46,12 +75,7 @@ * gfx/2d/Swizzle.cpp: Use Swizzle fallback when SSE2 is not supported. bz#1492065. Closes: #877445. -60.2.0esr-1~deb9u2 [Fri, 07 Sep 2018 18:21:32 +0900] Mike Hommey <glandium@debian.org>: - - * debian/control*: Remove the sqlite and nss dependencies when not building - against the system libraries. - -60.2.0esr-1~deb9u1 [Thu, 06 Sep 2018 06:18:15 +0900] Mike Hommey <glandium@debian.org>: +60.2.0esr-1 [Thu, 06 Sep 2018 06:18:15 +0900] Mike Hommey <glandium@debian.org>: * New upstream release. * Fixes for mfsa2018-21, also known as: <http://10.200.17.11/4.2-5/#6810162067911418211> OK: yaml OK: announce_errata OK: patch OK: piuparts [4.2-5] b470e40698 Bug #48366: firefox-esr 60.4.0esr-1~deb8u1 doc/errata/staging/firefox-esr.yaml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) [4.2-5] a20d49d47c Bug #48366: firefox-esr 60.4.0esr-1~deb8u1 doc/errata/staging/firefox-esr.yaml | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) |