Univention Bugzilla – Bug 47851
firefox-esr: Multiple issues (4.3)
Last modified: 2018-09-26 13:24:53 CEST
New Debian firefox-esr 60.2.1esr-1~deb9u1 fixes: This update addresses the following issues: * Crash in TransportSecurityInfo due to cached data (CVE-2018-12385) * Setting a master password post-Firefox 58 does not delete unencrypted previously stored passwords (CVE-2018-12383)
--- mirror/ftp/4.3/unmaintained/component/4.3-2-errata/source/firefox-esr_60.2.0esr-1~deb9u2.dsc +++ apt/ucs_4.3-0-errata4.3-2/source/firefox-esr_60.2.1esr-1~deb9u1.dsc @@ -1,3 +1,24 @@ +60.2.1esr-1~deb9u1 [Sat, 22 Sep 2018 08:10:27 +0900] Mike Hommey <glandium@debian.org>: + + * New upstream release. + * Fixes for mfsa2018-23, also known as: + CVE-2018-12385, CVE-2018-12383. + + * debian/control*: + - Enforce nss, nspr and sqlite dependencies to the same versions as + build dependencies. There are subtle non-ABI differences between + versions that Firefox might be relying on (be it features, behavior + changes/fixes, etc.) and can cause subtle problems when older + versions are used. + - Add a suggestion for pulseaudio. + * debian/rules, debian/control: Add libavcodec-extra* packages to the list + of recommends. Closes: #909130 + + * js/src/jit/BaselineJIT.h: Disable baseline JIT when SSE2 is not supported + at runtime. bz#1492064. Closes: #908396, #908449. + * gfx/2d/Swizzle.cpp: Use Swizzle fallback when SSE2 is not supported. + bz#1492065. Closes: #877445. + 60.2.0esr-1~deb9u2 [Fri, 07 Sep 2018 18:21:32 +0900] Mike Hommey <glandium@debian.org>: * debian/control*: Remove the sqlite and nss dependencies when not building <http://10.200.17.11/4.3-2/#1301660834786703565>
OK: yaml OK: announce_errata OK: patch FAIL: piuparts [4.3-2] 0450123910 Bug #47851: firefox-esr_60.2.1esr-1~deb9u1 doc/errata/staging/firefox-esr.yaml | 15 +++++++++++++++ 1 file changed, 15 insertions(+)
<http://errata.software-univention.de/ucs/4.3/238.html>