Univention Bugzilla – Bug 48766
firefox-esr: Multiple issues (4.2)
Last modified: 2019-02-27 14:06:44 CET
New Debian firefox-esr 60.5.1esr-1~deb8u1 fixes: This update addresses the following issues: * Use after free in Skia (CVE-2018-18356) * Integer overflow in Skia (CVE-2019-5785)
--- mirror/ftp/4.2/unmaintained/component/4.2-5-errata/source/firefox-esr_60.5.0esr-1~deb8u1.dsc +++ apt/ucs_4.2-0-errata4.2-5/source/firefox-esr_60.5.1esr-1~deb8u1.dsc @@ -1,4 +1,4 @@ -60.5.0esr-1~deb8u1 [Wed, 30 Jan 2019 09:04:05 +0100] Emilio Pozuelo Monfort <pochu@debian.org>: +60.5.1esr-1~deb8u1 [Thu, 14 Feb 2019 12:22:56 +0100] Emilio Pozuelo Monfort <pochu@debian.org>: * Non-maintainer upload by the LTS team. * Backport to jessie. @@ -6,6 +6,17 @@ armv5te don't have the standard library available on jessie. * Build against the embedded jsoncpp, jessie's one is too old. +60.5.1esr-1 [Thu, 14 Feb 2019 18:35:06 +0900] Mike Hommey <glandium@debian.org>: + + * New upstream release. + * Fixes for mfsa2019-05, also known as: + CVE-2018-18356, CVE-2019-5785. + + * debian/rules, debian/upstream.mk: Manually set the update channel. + Closes: #921381, #921121, #921654. + * debian/rules: Disable ion JIT on mips and mipsel. This should fix the + FTBFS. + 60.5.0esr-1 [Wed, 30 Jan 2019 09:53:01 +0900] Mike Hommey <glandium@debian.org>: * New upstream release. <http://10.200.17.11/4.2-5/#7073556401428285087>
OK: yaml OK: announce_errata OK: patch OK: piuparts [4.2-5] cebe8faed3 Bug #48766: firefox-esr 60.5.1esr-1~deb8u1 doc/errata/staging/firefox-esr.yaml | 14 ++++++++++++++ 1 file changed, 14 insertions(+)
<http://errata.software-univention.de/ucs/4.2/600.html>