Univention Bugzilla – Bug 48602
firefox-esr: Multiple issues (4.2)
Last modified: 2019-02-06 12:56:12 CET
New Debian firefox-esr 60.5.0esr-1~deb8u1 fixes: This update addresses the following issues: * Use-after-free parsing HTML5 stream (CVE-2018-18500) * Memory safety bugs fixed in Firefox 65 and Firefox ESR 60.5 (CVE-2018-18501) * Privilege escalation through IPC channel messages (CVE-2018-18505)
--- mirror/ftp/4.2/unmaintained/component/4.2-5-errata/source/firefox-esr_60.4.0esr-1~deb8u1.dsc +++ apt/ucs_4.2-0-errata4.2-5/source/firefox-esr_60.5.0esr-1~deb8u1.dsc @@ -1,7 +1,16 @@ -60.4.0esr-1~deb8u1 [Wed, 12 Dec 2018 10:43:12 +0100] Emilio Pozuelo Monfort <pochu@debian.org>: +60.5.0esr-1~deb8u1 [Wed, 30 Jan 2019 09:04:05 +0100] Emilio Pozuelo Monfort <pochu@debian.org>: * Non-maintainer upload by the LTS team. + * Backport to jessie. + * Pick arm-unknown-linux-gnueabi as rust target on armel. armv4t and + armv5te don't have the standard library available on jessie. * Build against the embedded jsoncpp, jessie's one is too old. + +60.5.0esr-1 [Wed, 30 Jan 2019 09:53:01 +0900] Mike Hommey <glandium@debian.org>: + + * New upstream release. + * Fixes for mfsa2019-02, also known as: + CVE-2018-18500, CVE-2018-18505, CVE-2018-18501. 60.4.0esr-1 [Wed, 12 Dec 2018 08:29:04 +0900] Mike Hommey <glandium@debian.org>: <http://10.200.17.11/4.2-5/#7217888014526302608>
OK: yaml OK: announce_errata OK: patch OK: piuparts [4.2-5] 9d23047753 Bug #48602: firefox-esr 60.5.0esr-1~deb8u1 doc/errata/staging/firefox-esr.yaml | 17 +++++++++++++++++ 1 file changed, 17 insertions(+)
<http://errata.software-univention.de/ucs/4.2/590.html>