Opened 3 years ago
Closed 3 years ago
#15505 closed enhancement (fixed)
firefox-91.1.0esr and 78.14.0esr, JS-78.14.0
| Reported by: | Owned by: | ||
|---|---|---|---|
| Priority: | elevated | Milestone: | 11.1 |
| Component: | BOOK | Version: | git |
| Severity: | normal | Keywords: | |
| Cc: |
Description
Now released.
The js/src part of 78.14.0 is identical to 78.13.0.
For 91.1.0 the glibc-2.34 patch is included upstream, and following Doug's comments re using system libvpx we can reinstate that for both (it was removed in early 2019 for FTBFS when we moved to 1.7.0 and firefox-60.3.0 was still on 1.6.1 - they are currently on 1.8.2 and we are on 1.10.0 but it builds ok).
Release notes due some time tomorrow, I assume their will probably be security fixes.
Change History (4)
comment:1 by , 3 years ago
| Priority: | normal → elevated |
|---|
comment:2 by , 3 years ago
In reordering the recommended deps, I've moved nss from required to recommended.
comment:3 by , 3 years ago
Updated @ 569d33641ead1766f19567d808361e4a0945d625 11.0-15
I know Doug has an advisory pending, I'll do this after he's finished.
Note:
See TracTickets
for help on using tickets.
Release notes now available, again the current esr notes are not linked from the main page https://www.mozilla.org/en-US/firefox/releases/ but are at https://www.mozilla.org/en-US/firefox/91.1.0/releasenotes/.
91.1.0 - unspecified stability and functionality fixes, security fixes detailed at https://www.mozilla.org/en-US/security/advisories/mfsa2021-40/ - one moderate windows-only bug, the usual 'memory safety bugs fixed' CVE-2021-38495 - but the advisory for 92.0 https://www.mozilla.org/en-US/security/advisories/mfsa2021-38/ says the memory safety bugs fixed in 92.0, 91.1.0, 78.14 is CVE-2021-38493 and FWIW 92.0 had another similar CVE. Advisory for 78.14.0 https://www.mozilla.org/en-US/security/advisories/mfsa2021-39/ also says it is CVE-2021-38493.