Univention Bugzilla – Bug 50941
firefox-esr: Multiple issues (4.3)
Last modified: 2020-03-18 13:06:59 CET
New Debian firefox-esr 68.6.0esr-1~deb9u1 fixes: This update addresses the following issues: * Out of bounds reads in sctp_load_addresses_from_init (CVE-2019-20503) * Use-after-free when removing data about origins (CVE-2020-6805) * BodyStream::OnInputStreamReady was missing protections against state confusion (CVE-2020-6806) * Use-after-free in cubeb during stream destruction (CVE-2020-6807) * Devtools' 'Copy as cURL' feature did not fully escape website-controlled data, potentially leading to command injection (CVE-2020-6811) * The names of AirPods with personally identifiable information were exposed to websites with camera or microphone permission (CVE-2020-6812) * Memory safety bugs fixed in Firefox 74 and Firefox ESR 68.6 (CVE-2020-6814)
--- mirror/ftp/4.3/unmaintained/component/4.3-5-errata/source/firefox-esr_68.5.0esr-1~deb9u1.dsc +++ apt/ucs_4.3-0-errata4.3-5/source/firefox-esr_68.6.0esr-1~deb9u1.dsc @@ -1,3 +1,10 @@ +68.6.0esr-1~deb9u1 [Wed, 11 Mar 2020 06:59:57 +0900] Mike Hommey <glandium@debian.org>: + + * New upstream release + * Fixes for mfsa2020-09, also known as: + CVE-2020-6805, CVE-2020-6806, CVE-2020-6807, CVE-2020-6811, + CVE-2019-20503, CVE-2020-6812, CVE-2020-6814. + 68.5.0esr-1~deb9u1 [Wed, 12 Feb 2020 06:50:33 +0900] Mike Hommey <glandium@debian.org>: * New upstream release <http://10.200.17.11/4.3-5/#755121027648041002>
OK: yaml OK: announce_errata OK: patch OK: piuparts [4.3-5] cb6228e62c Bug #50941: firefox-esr 68.6.0esr-1~deb9u1 doc/errata/staging/firefox-esr.yaml | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+)
<http://errata.software-univention.de/ucs/4.3/661.html>