Univention Bugzilla – Bug 46689
firefox-esr: Multiple issues (4.2)
Last modified: 2018-04-18 14:16:01 CEST
New Debian firefox-esr 52.7.1esr-1~deb8u1 fixes: This update addresses the following issues: * CVE-2018-5125: Memory safety bugs fixed in Firefox 59 and Firefox ESR 52.7 (MFSA 2018-07) * CVE-2018-5127: Buffer overflow manipulating SVG animatedPathSegList (MFSA 2018-07) * CVE-2018-5129: Out-of-bounds write with malformed IPC messages (MFSA 2018-07) * CVE-2018-5130: Mismatched RTP payload type can trigger memory corruption (MFSA 2018-07) * CVE-2018-5131: Fetch API improperly returns cached copies of no-store/no-cache resources (MFSA 2018-07) * CVE-2018-5144: Integer overflow during Unicode conversion (MFSA 2018-07) * CVE-2018-5145: Memory safety bugs fixed in Firefox ESR 52.7 (MFSA 2018-07) CVE-2018-5127 Mozilla: Buffer overflow manipulating SVG animatedPathSegList (MFSA 2018-07) CVE-2018-5129 Mozilla: Out-of-bounds write with malformed IPC messages (MFSA 2018-07) CVE-2018-5130 Mozilla: Mismatched RTP payload type can trigger memory corruption (MFSA 2018-07) CVE-2018-5131 Mozilla: Fetch API improperly returns cached copies of no-store/no-cache resources (MFSA 2018-07) CVE-2018-5144 Mozilla: Integer overflow during Unicode conversion (MFSA 2018-07) CVE-2018-5125 Mozilla: Memory safety bugs fixed in Firefox 59 and Firefox ESR 52.7 (MFSA 2018-07) CVE-2018-5145 Mozilla: Memory safety bugs fixed in Firefox ESR 52.7 (MFSA 2018-07)
[4.2-3] 68c208f302 Bug #46689: firefox-esr_52.7.1esr-1~deb8u1 doc/errata/staging/firefox-esr.yaml | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) Copied from Debian-Jessie
[4.2-3] 25ab231da5 Bug #46689: firefox-esr_52.7.2esr-1~deb8u1 doc/errata/staging/firefox-esr.yaml | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) Copied from Debian
[4.2-3] 89ed5aa9fe Bug #46689: firefox-esr 52.7.3esr-1~deb8u1
And the Advisory doesn't mention the CVEs fixed since 52.3.0esr-1~deb8u1 And repo-stat.py doesn't have up-to-date metadata: Version 52.6.0esr-1~deb8u1 Rev 123166 Date 2018-01-25 14:42:58 Release 4.2-0-0 Scope errata4.2-3 But otherwise it's verified: * Upstream binary imported into errata4.2-3 * No additional UCS patches in 4.2
(In reply to Arvid Requate from comment #4) > And the Advisory doesn't mention the CVEs fixed since 52.3.0esr-1~deb8u1 52.6 was already imported and releases: Bug #45611 <http://errata.software-univention.de/ucs/4.2/274.html> <http://xen1.knut.univention.de:8000/packages/source/firefox-esr/?since=4.2&before=4.3> So this only mentions the new CVE since than. Nothing more to do from my side.
Ok, thanks, I didn't see that.
<http://errata.software-univention.de/ucs/4.2/330.html>