#39497 – обновление до версии 78.6.0

Bug 39497 - обновление до версии 78.6.0

Summary: обновление до версии 78.6.0

Status:	CLOSED FIXED

Alias:	None

Product:	Branch p9
Classification:	Distributions
Component:	firefox-esr (show other bugs)
Version:	не указана
Hardware:	x86_64 Linux

Importance:	P5 normal
Assignee:	qa-team@altlinux.org
QA Contact:	qa-p9@altlinux.org

URL:
Keywords:

Depends on:
Blocks:

Reported:	2021-01-02 12:09 MSK by saber716rus
Modified:	2021-01-26 19:10 MSK (History)
CC List:	3 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description saber716rus 2021-01-02 12:09:01 MSK

Comment 1 Repository Robot 2021-01-26 19:10:35 MSK

firefox-esr-78.6.1-alt0.1.p9 -> p9:

 Thu Jan 07 2021 Andrey Cherepanov <cas@altlinux> 78.6.1-alt0.1.p9
 - Backport new version to p9 branch (ALT #39497).
 Wed Jan 06 2021 Andrey Cherepanov <cas@altlinux> 78.6.1-alt1
 - New version (78.6.1).
 - Security fixes:
   + CVE-2020-16044 Use-after-free write when handling a malicious COOKIE-ECHO SCTP chunk
 Mon Dec 14 2020 Andrey Cherepanov <cas@altlinux> 78.6.0-alt1
 - New version (78.6.0).
 - Fixes:
   + CVE-2020-16042 Operations on a BigInt could have caused uninitialized memory to be exposed
   + CVE-2020-26971 Heap buffer overflow in WebGL
   + CVE-2020-26973 CSS Sanitizer performed incorrect sanitization
   + CVE-2020-26974 Incorrect cast of StyleGenericFlexBasis resulted in a heap use-after-free
   + CVE-2020-26978 Internal network hosts could have been probed by a malicious webpage
   + CVE-2020-35111 The proxy.onRequest API did not catch view-source URLs
   + CVE-2020-35112 Opening an extension-less download may have inadvertently launched an executable instead
   + CVE-2020-35113 Memory safety bugs fixed in Firefox 84 and Firefox ESR 78.6
 Thu Dec 03 2020 Andrey Cherepanov <cas@altlinux> 78.5.0-alt2
 - Fix build against rust-1.48.