Opened 3 years ago

Closed 3 years ago

#15505 closed enhancement (fixed)

firefox-91.1.0esr and 78.14.0esr, JS-78.14.0

Reported by: ken@… Owned by: ken@…
Priority: elevated Milestone: 11.1
Component: BOOK Version: git
Severity: normal Keywords:


Now released.

The js/src part of 78.14.0 is identical to 78.13.0.

For 91.1.0 the glibc-2.34 patch is included upstream, and following Doug's comments re using system libvpx we can reinstate that for both (it was removed in early 2019 for FTBFS when we moved to 1.7.0 and firefox-60.3.0 was still on 1.6.1 - they are currently on 1.8.2 and we are on 1.10.0 but it builds ok).

Release notes due some time tomorrow, I assume their will probably be security fixes.

Change History (4)

comment:1 by ken@…, 3 years ago

Priority: normalelevated

Release notes now available, again the current esr notes are not linked from the main page but are at

91.1.0 - unspecified stability and functionality fixes, security fixes detailed at - one moderate windows-only bug, the usual 'memory safety bugs fixed' CVE-2021-38495 - but the advisory for 92.0 says the memory safety bugs fixed in 92.0, 91.1.0, 78.14 is CVE-2021-38493 and FWIW 92.0 had another similar CVE. Advisory for 78.14.0 also says it is CVE-2021-38493.

comment:2 by ken@…, 3 years ago

In reordering the recommended deps, I've moved nss from required to recommended.

comment:3 by ken@…, 3 years ago

Updated @ 569d33641ead1766f19567d808361e4a0945d625 11.0-15

I know Doug has an advisory pending, I'll do this after he's finished.

comment:4 by ken@…, 3 years ago

Resolution: fixed
Status: assignedclosed

Advisory 11.0-002 created.

Note: See TracTickets for help on using tickets.