Mozilla has released Firefox 60.6.1 today (March 22): https://www.mozilla.org/en-US/firefox/60.6.1/releasenotes/ It fixes two security issues. Advisory: ======================== Updated firefox packages fix security vulnerabilities: Incorrect alias information in IonMonkey JIT compiler for Array.prototype.slice method may lead to missing bounds check and a buffer overflow (CVE-2019-9810). Incorrect handling of __proto__ mutations may lead to type confusion in IonMonkey JIT code and can be leveraged for arbitrary memory read and write (CVE-2019-9813). References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9810 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9813 https://www.mozilla.org/en-US/security/advisories/mfsa2019-10/ https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox-esr/ ======================== Updated packages in core/updates_testing: ======================== firefox-60.6.0-2.mga6 firefox-devel-60.6.0-2.mga6 firefox-af-60.6.1-1.mga6 firefox-an-60.6.1-1.mga6 firefox-ar-60.6.1-1.mga6 firefox-as-60.6.1-1.mga6 firefox-ast-60.6.1-1.mga6 firefox-az-60.6.1-1.mga6 firefox-bg-60.6.1-1.mga6 firefox-bn_IN-60.6.1-1.mga6 firefox-bn_BD-60.6.1-1.mga6 firefox-br-60.6.1-1.mga6 firefox-bs-60.6.1-1.mga6 firefox-ca-60.6.1-1.mga6 firefox-cs-60.6.1-1.mga6 firefox-cy-60.6.1-1.mga6 firefox-da-60.6.1-1.mga6 firefox-de-60.6.1-1.mga6 firefox-el-60.6.1-1.mga6 firefox-en_GB-60.6.1-1.mga6 firefox-en_US-60.6.1-1.mga6 firefox-en_ZA-60.6.1-1.mga6 firefox-eo-60.6.1-1.mga6 firefox-es_AR-60.6.1-1.mga6 firefox-es_CL-60.6.1-1.mga6 firefox-es_ES-60.6.1-1.mga6 firefox-es_MX-60.6.1-1.mga6 firefox-et-60.6.1-1.mga6 firefox-eu-60.6.1-1.mga6 firefox-fa-60.6.1-1.mga6 firefox-ff-60.6.1-1.mga6 firefox-fi-60.6.1-1.mga6 firefox-fr-60.6.1-1.mga6 firefox-fy_NL-60.6.1-1.mga6 firefox-ga_IE-60.6.1-1.mga6 firefox-gd-60.6.1-1.mga6 firefox-gl-60.6.1-1.mga6 firefox-gu_IN-60.6.1-1.mga6 firefox-he-60.6.1-1.mga6 firefox-hi_IN-60.6.1-1.mga6 firefox-hr-60.6.1-1.mga6 firefox-hsb-60.6.1-1.mga6 firefox-hu-60.6.1-1.mga6 firefox-hy_AM-60.6.1-1.mga6 firefox-id-60.6.1-1.mga6 firefox-is-60.6.1-1.mga6 firefox-it-60.6.1-1.mga6 firefox-ja-60.6.1-1.mga6 firefox-kk-60.6.1-1.mga6 firefox-km-60.6.1-1.mga6 firefox-kn-60.6.1-1.mga6 firefox-ko-60.6.1-1.mga6 firefox-lij-60.6.1-1.mga6 firefox-lt-60.6.1-1.mga6 firefox-lv-60.6.1-1.mga6 firefox-mai-60.6.1-1.mga6 firefox-mk-60.6.1-1.mga6 firefox-ml-60.6.1-1.mga6 firefox-mr-60.6.1-1.mga6 firefox-ms-60.6.1-1.mga6 firefox-nb_NO-60.6.1-1.mga6 firefox-nl-60.6.1-1.mga6 firefox-nn_NO-60.6.1-1.mga6 firefox-or-60.6.1-1.mga6 firefox-pa_IN-60.6.1-1.mga6 firefox-pl-60.6.1-1.mga6 firefox-pt_BR-60.6.1-1.mga6 firefox-pt_PT-60.6.1-1.mga6 firefox-ro-60.6.1-1.mga6 firefox-ru-60.6.1-1.mga6 firefox-si-60.6.1-1.mga6 firefox-sk-60.6.1-1.mga6 firefox-sl-60.6.1-1.mga6 firefox-sq-60.6.1-1.mga6 firefox-sr-60.6.1-1.mga6 firefox-sv_SE-60.6.1-1.mga6 firefox-ta-60.6.1-1.mga6 firefox-te-60.6.1-1.mga6 firefox-th-60.6.1-1.mga6 firefox-tr-60.6.1-1.mga6 firefox-uk-60.6.1-1.mga6 firefox-uz-60.6.1-1.mga6 firefox-vi-60.6.1-1.mga6 firefox-xh-60.6.1-1.mga6 firefox-zh_CN-60.6.1-1.mga6 firefox-zh_TW-60.6.1-1.mga6 from SRPMS: firefox-60.6.0-2.mga6.src.rpm firefox-l10n-60.6.0-1.mga6.src.rpm
@ David Is this list corrrect? As far as I can see is firefox-60.6.0-2.mga6 the current version in our repo.
CC: (none) => herman.viaene
(In reply to Herman Viaene from comment #1) > @ David > Is this list corrrect? As far as I can see is firefox-60.6.0-2.mga6 the > current version in our repo. Yes, that's what my list shows.
(In reply to David Walser from comment #2) > (In reply to Herman Viaene from comment #1) > > @ David > > Is this list corrrect? As far as I can see is firefox-60.6.0-2.mga6 the > > current version in our repo. > > Yes, that's what my list shows. Oh I see the typo now. Sorry.
Updated packages in core/updates_testing: ======================== firefox-60.6.1-2.mga6 firefox-devel-60.6.1-2.mga6 firefox-af-60.6.1-1.mga6 firefox-an-60.6.1-1.mga6 firefox-ar-60.6.1-1.mga6 firefox-as-60.6.1-1.mga6 firefox-ast-60.6.1-1.mga6 firefox-az-60.6.1-1.mga6 firefox-bg-60.6.1-1.mga6 firefox-bn_IN-60.6.1-1.mga6 firefox-bn_BD-60.6.1-1.mga6 firefox-br-60.6.1-1.mga6 firefox-bs-60.6.1-1.mga6 firefox-ca-60.6.1-1.mga6 firefox-cs-60.6.1-1.mga6 firefox-cy-60.6.1-1.mga6 firefox-da-60.6.1-1.mga6 firefox-de-60.6.1-1.mga6 firefox-el-60.6.1-1.mga6 firefox-en_GB-60.6.1-1.mga6 firefox-en_US-60.6.1-1.mga6 firefox-en_ZA-60.6.1-1.mga6 firefox-eo-60.6.1-1.mga6 firefox-es_AR-60.6.1-1.mga6 firefox-es_CL-60.6.1-1.mga6 firefox-es_ES-60.6.1-1.mga6 firefox-es_MX-60.6.1-1.mga6 firefox-et-60.6.1-1.mga6 firefox-eu-60.6.1-1.mga6 firefox-fa-60.6.1-1.mga6 firefox-ff-60.6.1-1.mga6 firefox-fi-60.6.1-1.mga6 firefox-fr-60.6.1-1.mga6 firefox-fy_NL-60.6.1-1.mga6 firefox-ga_IE-60.6.1-1.mga6 firefox-gd-60.6.1-1.mga6 firefox-gl-60.6.1-1.mga6 firefox-gu_IN-60.6.1-1.mga6 firefox-he-60.6.1-1.mga6 firefox-hi_IN-60.6.1-1.mga6 firefox-hr-60.6.1-1.mga6 firefox-hsb-60.6.1-1.mga6 firefox-hu-60.6.1-1.mga6 firefox-hy_AM-60.6.1-1.mga6 firefox-id-60.6.1-1.mga6 firefox-is-60.6.1-1.mga6 firefox-it-60.6.1-1.mga6 firefox-ja-60.6.1-1.mga6 firefox-kk-60.6.1-1.mga6 firefox-km-60.6.1-1.mga6 firefox-kn-60.6.1-1.mga6 firefox-ko-60.6.1-1.mga6 firefox-lij-60.6.1-1.mga6 firefox-lt-60.6.1-1.mga6 firefox-lv-60.6.1-1.mga6 firefox-mai-60.6.1-1.mga6 firefox-mk-60.6.1-1.mga6 firefox-ml-60.6.1-1.mga6 firefox-mr-60.6.1-1.mga6 firefox-ms-60.6.1-1.mga6 firefox-nb_NO-60.6.1-1.mga6 firefox-nl-60.6.1-1.mga6 firefox-nn_NO-60.6.1-1.mga6 firefox-or-60.6.1-1.mga6 firefox-pa_IN-60.6.1-1.mga6 firefox-pl-60.6.1-1.mga6 firefox-pt_BR-60.6.1-1.mga6 firefox-pt_PT-60.6.1-1.mga6 firefox-ro-60.6.1-1.mga6 firefox-ru-60.6.1-1.mga6 firefox-si-60.6.1-1.mga6 firefox-sk-60.6.1-1.mga6 firefox-sl-60.6.1-1.mga6 firefox-sq-60.6.1-1.mga6 firefox-sr-60.6.1-1.mga6 firefox-sv_SE-60.6.1-1.mga6 firefox-ta-60.6.1-1.mga6 firefox-te-60.6.1-1.mga6 firefox-th-60.6.1-1.mga6 firefox-tr-60.6.1-1.mga6 firefox-uk-60.6.1-1.mga6 firefox-uz-60.6.1-1.mga6 firefox-vi-60.6.1-1.mga6 firefox-xh-60.6.1-1.mga6 firefox-zh_CN-60.6.1-1.mga6 firefox-zh_TW-60.6.1-1.mga6 from SRPMS: firefox-60.6.1-2.mga6.src.rpm firefox-l10n-60.6.0-1.mga6.src.rpm
mga6, x86_64 Installed and relaunched firefox (English language packs) Existing tabs preserved and all bookmarks. Played videos on Vevo and Youtube. General browsing and searching OK. localhost port addressing works fine. localhost:631 for CUPS printing Started a php server on port 8080 and ran a couple of simple php scripts in the browser. Two of the acid tests failed. They always do.
CC: (none) => tarazed25
MGA6-32 MATE on IBM Thinkpad R50e No installation issues (dutch pack) Nothing obvious wrong with usual newspaper site and this Mageia updates pages and webmin: OK for me.
Leaving the OKs for other testers - i.e. other lang-packs.
RedHat has issued an advisory for this today (March 27): https://access.redhat.com/errata/RHSA-2019:0671
Tested in portuguese, 32 bit laptop, ublock extension. No problem.
Whiteboard: (none) => MGA6-32-OKCC: (none) => lists.jjorge
Tested in English, 64-bit. Tried several websites, including one known to *still* use Flash. Everything looks OK. I think we can move this one along.
Keywords: (none) => validated_updateWhiteboard: MGA6-32-OK => MGA6-32-OK MGA6-64-OKCC: (none) => andrewsfarm, sysadmin-bugs
Keywords: (none) => advisoryCC: (none) => davidwhodgins
OK: swedish, plasma, 64 bit. Been running it with no problem since it appeared in repo. - Seems i forgot to report...
CC: (none) => fri
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2019-0131.html
Status: NEW => RESOLVEDResolution: (none) => FIXED