Opened 3 months ago

Closed 3 months ago

#15505 closed enhancement (fixed)

firefox-91.1.0esr and 78.14.0esr, JS-78.14.0

Reported by: ken@… Owned by: ken@…
Priority: elevated Milestone: 11.1
Component: BOOK Version: git
Severity: normal Keywords:
Cc:

Description

Now released.

The js/src part of 78.14.0 is identical to 78.13.0.

For 91.1.0 the glibc-2.34 patch is included upstream, and following Doug's comments re using system libvpx we can reinstate that for both (it was removed in early 2019 for FTBFS when we moved to 1.7.0 and firefox-60.3.0 was still on 1.6.1 - they are currently on 1.8.2 and we are on 1.10.0 but it builds ok).

Release notes due some time tomorrow, I assume their will probably be security fixes.

Change History (4)

comment:1 by ken@…, 3 months ago

Priority: normalelevated

Release notes now available, again the current esr notes are not linked from the main page https://www.mozilla.org/en-US/firefox/releases/ but are at https://www.mozilla.org/en-US/firefox/91.1.0/releasenotes/.

91.1.0 - unspecified stability and functionality fixes, security fixes detailed at https://www.mozilla.org/en-US/security/advisories/mfsa2021-40/ - one moderate windows-only bug, the usual 'memory safety bugs fixed' CVE-2021-38495 - but the advisory for 92.0 https://www.mozilla.org/en-US/security/advisories/mfsa2021-38/ says the memory safety bugs fixed in 92.0, 91.1.0, 78.14 is CVE-2021-38493 and FWIW 92.0 had another similar CVE. Advisory for 78.14.0 https://www.mozilla.org/en-US/security/advisories/mfsa2021-39/ also says it is CVE-2021-38493.

comment:2 by ken@…, 3 months ago

In reordering the recommended deps, I've moved nss from required to recommended.

comment:3 by ken@…, 3 months ago

Updated @ 569d33641ead1766f19567d808361e4a0945d625 11.0-15

I know Doug has an advisory pending, I'll do this after he's finished.

comment:4 by ken@…, 3 months ago

Resolution: fixed
Status: assignedclosed

Advisory 11.0-002 created.

Note: See TracTickets for help on using tickets.