Univention Bugzilla – Bug 51273
firefox-esr: Multiple issues (4.3)
Last modified: 2020-05-13 15:45:03 CEST
New Debian firefox-esr 68.8.0esr-1~deb9u1 fixes: This update addresses the following issues: * Buffer overflow in AUTH chunk input validation (CVE-2020-6831) * Use-after-free during worker shutdown (CVE-2020-12387) * Arbitrary local file access with 'Copy as cURL' (CVE-2020-12392) * Memory safety bugs fixed in Firefox 76 and Firefox ESR 68.8 (CVE-2020-12395)
--- mirror/ftp/4.3/unmaintained/component/4.3-5-errata/source/firefox-esr_68.7.0esr-1~deb9u1.dsc +++ apt/ucs_4.3-0-errata4.3-5/source/firefox-esr_68.8.0esr-1~deb9u1.dsc @@ -1,3 +1,9 @@ +68.8.0esr-1~deb9u1 [Wed, 06 May 2020 05:29:30 +0900] Mike Hommey <glandium@debian.org>: + + * New upstream release + * Fixes for mfsa2020-17, also known as: + CVE-2020-12387, CVE-2020-6831, CVE-2020-12392, CVE-2020-12395. + 68.7.0esr-1~deb9u1 [Wed, 08 Apr 2020 07:54:16 +0900] Mike Hommey <glandium@debian.org>: * New upstream release <http://10.200.17.11/4.3-5/#3256865953282699432>
OK: yaml OK: announce_errata OK: patch OK: piuparts [4.3-5] 687c089eed Bug #51273: firefox-esr 68.8.0esr-1~deb9u1 doc/errata/staging/firefox-esr.yaml | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+)
<http://errata.software-univention.de/ucs/4.3/676.html>