Re: CVE-2023-5217 unimportant for firefox?
hede wrote:
> Hi,
>
> does anyone know why CVE-2023-5217 (critical vp8 encoder bug) is rated as an "open unimportant issue" for firefox-esr? Currently it is not fixed in bookworm and newer [1]. Mozilla itself rates it as "critical" [2].
That's fixed in Debian Bullseye.
If I look into /usr/share/doc/firefox-esr/changelog.Debian.gz, I find this entry on top:
---------------------------------------------------------------------
firefox-esr (115.3.1esr-1~deb11u1) bullseye-security; urgency=medium
* New upstream release.
* Fix for mfsa2023-44, also known as CVE-2023-5217.
---------------------------------------------------------------------
Best regards,
Klaus.
--
Klaus Singvogel
GnuPG-Key-ID: 1024R/5068792D 1994-06-27
Reply to: