Skip to content

GitLab

  • Projects
  • Groups
  • Snippets
  • Help
    • Loading...
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in / Register
aports
aports
  • Project overview
    • Project overview
    • Details
    • Activity
    • Releases
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
  • Issues 647
    • Issues 647
    • List
    • Boards
    • Labels
    • Service Desk
    • Milestones
  • Merge Requests 171
    • Merge Requests 171
  • CI / CD
    • CI / CD
    • Pipelines
    • Jobs
    • Schedules
  • Operations
    • Operations
    • Environments
  • Analytics
    • Analytics
    • CI / CD
    • Repository
    • Value Stream
  • Members
    • Members
  • Collapse sidebar
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
  • alpine
  • aportsaports
  • Issues
  • #10150

Closed
Open
Opened Mar 23, 2019 by Bob Ryan@bob
  • Report abuse
  • New issue
Report abuse New issue

firefox-esr in /community vulnerable to 12 CVEs (6 critical, 4 high, 2 moderate)

The current firefox-esr binary distributed by Alpine is highly insecure.

Summary of security vulnerabilities: 6 critical, 5 high, 2 moderate.

https://www.mozilla.org/en-US/security/advisories/mfsa2019-08/
https://www.mozilla.org/en-US/security/advisories/mfsa2019-10/

Food for thought: how can Alpine react faster to security vulnerabilities and keep users safe?

(from redmine: issue id 10150, created on 2019-03-23, closed on 2019-04-08)

  • Changesets:
    • Revision 5f447859 on 2019-03-25T10:49:35Z:
community/firefox-esr: upgrade to 60.6.1

See:

* https://www.mozilla.org/en-US/security/advisories/mfsa2019-08/
* https://www.mozilla.org/en-US/security/advisories/mfsa2019-10/

fixes #10150

(cherry picked from commit 985780d336a595bbba269e8d1c32715d70dbee68)
To upload designs, you'll need to enable LFS and have admin enable hashed storage. More information
Assignee
Assign to
3.9.3
Milestone
3.9.3 (Past due)
Assign milestone
Time tracking
None
Due date
None
3
Labels
High tag:security type:bug
Assign labels
  • View project labels
Reference: alpine/aports#10150