Re: [CVE-2019-17026] Firefox Security Advisory 2020-03

To: HacKurx <hackurx@gmail.com>
Cc: debian-lts@lists.debian.org
Subject: Re: [CVE-2019-17026] Firefox Security Advisory 2020-03
From: Hugo Lefeuvre <hle@debian.org>
Date: Sun, 26 Jan 2020 16:17:41 +0100
Message-id: <[🔎] 20200126151741.g6cooagx5jb4gg4i@behemoth.owl.eu.com.local>
In-reply-to: <[🔎] CAFwXZv8xOVOJ7atfFS2wLMKrOdDu0Dd9MRt-R96aTHDV3oCDnQ@mail.gmail.com>
References: <[🔎] CAFwXZv8xOVOJ7atfFS2wLMKrOdDu0Dd9MRt-R96aTHDV3oCDnQ@mail.gmail.com>

Hi,

> It seems urgent to me to correct a flaw exploited in firefox:
> https://www.mozilla.org/en-US/security/advisories/mfsa2020-03/
> 
> Here are the changes:
> https://raw.githubusercontent.com/HacKurx/public-sharing/master/firefox-68.4.0-1_js_src_jit_MIR.h.patch

AFAIK this has already been addressed in jessie via DLA-2061-1[0]
(firefox-esr) and DLA-2071-1 (thunderbird) on Jan, 09 2020.

thanks

cheers,
Hugo

[0] https://security-tracker.debian.org/tracker/CVE-2019-17026

-- 
                Hugo Lefeuvre (hle)    |    www.owl.eu.com
RSA4096_ 360B 03B3 BF27 4F4D 7A3F D5E8 14AA 1EB8 A247 3DFD
ed25519_ 37B2 6D38 0B25 B8A2 6B9F 3A65 A36F 5357 5F2D DC4C

Attachment: signature.asc
Description: PGP signature

Reply to:

Follow-Ups:
- Re: [CVE-2019-17026] Firefox Security Advisory 2020-03
  - From: Ben Hutchings <ben@decadent.org.uk>

References:
- [CVE-2019-17026] Firefox Security Advisory 2020-03
  - From: HacKurx <hackurx@gmail.com>

Prev by Date: [CVE-2019-17026] Firefox Security Advisory 2020-03
Next by Date: slirp security upload for Jessie
Previous by thread: [CVE-2019-17026] Firefox Security Advisory 2020-03
Next by thread: Re: [CVE-2019-17026] Firefox Security Advisory 2020-03
Index(es):
- Date
- Thread