Univention Bugzilla – Bug 51453
firefox-esr: Multiple issues (4.4)
Last modified: 2020-06-10 14:43:02 CEST
New Debian firefox-esr 68.9.0esr-1~deb9u1 fixes: This update addresses the following issues: * Timing attack on DSA signature generation (CVE-2020-12399) * Use-after-free in SharedWorkerService (CVE-2020-12405) * JavaScript Type confusion with NativeTypes (CVE-2020-12406) * Memory safety bugs fixed in Firefox 77 and Firefox ESR 68.9 (CVE-2020-12410)
--- mirror/ftp/4.4/unmaintained/component/4.4-4-errata/source/firefox-esr_68.8.0esr-1~deb9u1.dsc +++ apt/ucs_4.4-0-errata4.4-4/source/firefox-esr_68.9.0esr-1~deb9u1.dsc @@ -1,3 +1,13 @@ +68.9.0esr-1~deb9u1 [Wed, 03 Jun 2020 06:11:28 +0900] Mike Hommey <glandium@debian.org>: + + * New upstream release + * Fixes for mfsa2020-21, also known as: + CVE-2020-12399, CVE-2020-12405, CVE-2020-12406, CVE-2020-12410. + + * debian/rules: Force using old PKCS11 API when building against newer NSS + releases. Closes: #961762. + * debian/control*: Bump nss build dependencies. + 68.8.0esr-1~deb9u1 [Wed, 06 May 2020 05:29:30 +0900] Mike Hommey <glandium@debian.org>: * New upstream release <http://10.200.17.11/4.4-4/#2163041912413527939>
OK: yaml OK: announce_errata OK: patch FAIL: piuparts, minor issue with unused translation package. [4.4-4] eb89fa04c5 Bug #51453: yaml doc/errata/staging/firefox-esr.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) [4.4-4] 9173b2aed0 Bug #51453: yaml doc/errata/staging/firefox-esr.yaml | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+)
<http://errata.software-univention.de/ucs/4.4/621.html>