firefox-esr in /community vulnerable to 12 CVEs (6 critical, 4 high, 2 moderate) (#10150) · Issues · alpine / aports

firefox-esr in /community vulnerable to 12 CVEs (6 critical, 4 high, 2 moderate)

The current firefox-esr binary distributed by Alpine is highly insecure.

Summary of security vulnerabilities: 6 critical, 5 high, 2 moderate.

https://www.mozilla.org/en-US/security/advisories/mfsa2019-08/
https://www.mozilla.org/en-US/security/advisories/mfsa2019-10/

Food for thought: how can Alpine react faster to security vulnerabilities and keep users safe?

(from redmine: issue id 10150, created on 2019-03-23, closed on 2019-04-08)

Changesets:
- Revision 5f447859 on 2019-03-25T10:49:35Z:

community/firefox-esr: upgrade to 60.6.1

See:

* https://www.mozilla.org/en-US/security/advisories/mfsa2019-08/
* https://www.mozilla.org/en-US/security/advisories/mfsa2019-10/

fixes #10150

(cherry picked from commit 985780d336a595bbba269e8d1c32715d70dbee68)

To upload designs, you'll need to enable LFS and have admin enable hashed storage. More information