Bug 26433

Summary: Firefox 68.6.1
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: QA Team <qa-bugs>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: critical    
Priority: Normal CC: andrewsfarm, joselp, nicolas.salguero, sysadmin-bugs, tmb
Version: 7Keywords: advisory, validated_update
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard: MGA7-64-OK
Source RPM: firefox, firefox-l10n CVE:
Status comment:

Description David Walser 2020-04-04 05:20:52 CEST 
Mozilla has released Firefox 68.6.0 today (April 4):
https://www.mozilla.org/en-US/firefox/68.6.1/releasenotes/
https://www.mozilla.org/en-US/security/advisories/mfsa2020-11/

Other than firefox-l10n, nothing else has to be updated.  Updated packages are building now.

References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6819
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6820
https://www.mozilla.org/en-US/security/advisories/mfsa2020-11/
========================

Updated packages in core/updates_testing:
========================
firefox-68.6.1-1.mga7
firefox-devel-68.6.1-1.mga7
firefox-af-68.6.1-1.mga7
firefox-an-68.6.1-1.mga7
firefox-ar-68.6.1-1.mga7
firefox-ast-68.6.1-1.mga7
firefox-az-68.6.1-1.mga7
firefox-bg-68.6.1-1.mga7
firefox-bn-68.6.1-1.mga7
firefox-br-68.6.1-1.mga7
firefox-bs-68.6.1-1.mga7
firefox-ca-68.6.1-1.mga7
firefox-cs-68.6.1-1.mga7
firefox-cy-68.6.1-1.mga7
firefox-da-68.6.1-1.mga7
firefox-de-68.6.1-1.mga7
firefox-el-68.6.1-1.mga7
firefox-en_GB-68.6.1-1.mga7
firefox-en_US-68.6.1-1.mga7
firefox-eo-68.6.1-1.mga7
firefox-es_AR-68.6.1-1.mga7
firefox-es_CL-68.6.1-1.mga7
firefox-es_ES-68.6.1-1.mga7
firefox-es_MX-68.6.1-1.mga7
firefox-et-68.6.1-1.mga7
firefox-eu-68.6.1-1.mga7
firefox-fa-68.6.1-1.mga7
firefox-ff-68.6.1-1.mga7
firefox-fi-68.6.1-1.mga7
firefox-fr-68.6.1-1.mga7
firefox-fy_NL-68.6.1-1.mga7
firefox-ga_IE-68.6.1-1.mga7
firefox-gd-68.6.1-1.mga7
firefox-gl-68.6.1-1.mga7
firefox-gu_IN-68.6.1-1.mga7
firefox-he-68.6.1-1.mga7
firefox-hi_IN-68.6.1-1.mga7
firefox-hr-68.6.1-1.mga7
firefox-hsb-68.6.1-1.mga7
firefox-hu-68.6.1-1.mga7
firefox-hy_AM-68.6.1-1.mga7
firefox-id-68.6.1-1.mga7
firefox-is-68.6.1-1.mga7
firefox-it-68.6.1-1.mga7
firefox-ja-68.6.1-1.mga7
firefox-kk-68.6.1-1.mga7
firefox-km-68.6.1-1.mga7
firefox-kn-68.6.1-1.mga7
firefox-ko-68.6.1-1.mga7
firefox-lij-68.6.1-1.mga7
firefox-lt-68.6.1-1.mga7
firefox-lv-68.6.1-1.mga7
firefox-mk-68.6.1-1.mga7
firefox-mr-68.6.1-1.mga7
firefox-ms-68.6.1-1.mga7
firefox-nb_NO-68.6.1-1.mga7
firefox-nl-68.6.1-1.mga7
firefox-nn_NO-68.6.1-1.mga7
firefox-pa_IN-68.6.1-1.mga7
firefox-pl-68.6.1-1.mga7
firefox-pt_BR-68.6.1-1.mga7
firefox-pt_PT-68.6.1-1.mga7
firefox-ro-68.6.1-1.mga7
firefox-ru-68.6.1-1.mga7
firefox-si-68.6.1-1.mga7
firefox-sk-68.6.1-1.mga7
firefox-sl-68.6.1-1.mga7
firefox-sq-68.6.1-1.mga7
firefox-sr-68.6.1-1.mga7
firefox-sv_SE-68.6.1-1.mga7
firefox-ta-68.6.1-1.mga7
firefox-te-68.6.1-1.mga7
firefox-th-68.6.1-1.mga7
firefox-tr-68.6.1-1.mga7
firefox-uk-68.6.1-1.mga7
firefox-uz-68.6.1-1.mga7
firefox-vi-68.6.1-1.mga7
firefox-xh-68.6.1-1.mga7
firefox-zh_CN-68.6.1-1.mga7
firefox-zh_TW-68.6.1-1.mga7

from SRPMS:
firefox-68.6.1-1.mga7.src.rpm
firefox-l10n-68.6.1-1.mga7.src.rpm
Nicolas Salguero 2020-04-04 13:44:23 CEST

Source RPM: firefox => firefox, firefox-l10n
Status: NEW => ASSIGNED
CC: (none) => nicolas.salguero
Assignee: bugsquad => qa-bugs

Comment 1 Jose Manuel López 2020-04-04 19:46:24 CEST 
I installed in MGA7-Kde 64, all ok, addons, preferences, languaje.

Greetings.

CC: (none) => joselp

Comment 2 Thomas Andrews 2020-04-05 15:42:21 CEST 
Updated the 64-bit US-English version, Looks good here. 

I would OK it, but I think we should really hear from another language or two.

CC: (none) => andrewsfarm

Comment 3 David Walser 2020-04-05 15:54:05 CEST 
These security issues are apparently being actively exploited.  We should get it pushed ASAP.
Comment 4 Thomas Andrews 2020-04-05 18:03:25 CEST 
Done, then. Validating.

Whiteboard: (none) => MGA7-64-OK
CC: (none) => sysadmin-bugs
Keywords: (none) => validated_update

Thomas Backlund 2020-04-05 18:42:34 CEST

Keywords: (none) => advisory
CC: (none) => tmb

Comment 5 Mageia Robot 2020-04-05 19:08:22 CEST 
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2020-0161.html

Status: ASSIGNED => RESOLVED
Resolution: (none) => FIXED

Comment 6 David Walser 2020-04-07 15:48:10 CEST 
RedHat has issued an advisory for this today (April 7):
https://access.redhat.com/errata/RHSA-2020:1341