Mozilla has released Firefox 68.2.0 today (October 22): https://www.mozilla.org/en-US/firefox/68.2.0/releasenotes/ As well as updated rootcerts, nspr (4.23), and NSS 3.47 on October 18: https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.47_release_notes rootcerts, nspr, and nss updates checked into Mageia 7 and Cauldron SVN. nss still needs to be pushed in Cauldron. firefox and firefox-l10n still need to be updated in SVN in Mageia 7. All five packages (in order) still need to be pushed in Mageia 7.
Nicolas pushed nss to Cauldron and rootcerts and nspr to Mageia 7 (still needs nss). Hopefully he'll beat me to the firefox update too since I can't do it from work.
CC: (none) => nicolas.salguero
Blocks: (none) => 25597
Firefox has no dedicated maintainer, so rather than assigning this bug globally, could one of you possibly assign the bug to yourself pending the new packages in core/updates_testing? TIA
Assignee: bugsquad => nicolas.salguero
RedHat has issued an advisory for this today (October 23): https://access.redhat.com/errata/RHSA-2019:3193
What are we waiting for, exactly?
CC: (none) => bjarne.thomsen
Suggested advisory: ======================== The updated packages fix several bugs and some security issues: Heap overflow in expat library in XML_GetCurrentLineNumber. (CVE-2019-15903) Use-after-free when creating index updates in IndexedDB. (CVE-2019-11757) Potentially exploitable crash due to 360 Total Security. (CVE-2019-11758) Stack buffer overflow in HKDF output. (CVE-2019-11759) Stack buffer overflow in WebRTC networking. (CVE-2019-11760) Unintended access to a privileged JSONView object. (CVE-2019-11761) document.domain-based origin isolation has same-origin-property violation. (CVE-2019-11762) Incorrect HTML parsing results in XSS bypass technique. (CVE-2019-11763) Memory safety bugs fixed in Firefox 70 and Firefox ESR 68.2. (CVE-2019-11764) References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15903 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11757 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11758 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11759 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11760 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11761 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11762 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11763 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11764 https://www.mozilla.org/en-US/firefox/68.2.0/releasenotes/ https://www.mozilla.org/en-US/security/advisories/mfsa2019-33/ https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.47_release_notes https://access.redhat.com/errata/RHSA-2019:3193 ======================== Updated packages in core/updates_testing: ======================== firefox-68.2.0-1.mga7 firefox-devel-68.2.0-1.mga7 firefox-af-68.2.0-1.mga7 firefox-an-68.2.0-1.mga7 firefox-ar-68.2.0-1.mga7 firefox-ast-68.2.0-1.mga7 firefox-az-68.2.0-1.mga7 firefox-bg-68.2.0-1.mga7 firefox-bn-68.2.0-1.mga7 firefox-br-68.2.0-1.mga7 firefox-bs-68.2.0-1.mga7 firefox-ca-68.2.0-1.mga7 firefox-cs-68.2.0-1.mga7 firefox-cy-68.2.0-1.mga7 firefox-da-68.2.0-1.mga7 firefox-de-68.2.0-1.mga7 firefox-el-68.2.0-1.mga7 firefox-en_GB-68.2.0-1.mga7 firefox-en_US-68.2.0-1.mga7 firefox-eo-68.2.0-1.mga7 firefox-es_AR-68.2.0-1.mga7 firefox-es_CL-68.2.0-1.mga7 firefox-es_ES-68.2.0-1.mga7 firefox-es_MX-68.2.0-1.mga7 firefox-et-68.2.0-1.mga7 firefox-eu-68.2.0-1.mga7 firefox-fa-68.2.0-1.mga7 firefox-ff-68.2.0-1.mga7 firefox-fi-68.2.0-1.mga7 firefox-fr-68.2.0-1.mga7 firefox-fy_NL-68.2.0-1.mga7 firefox-ga_IE-68.2.0-1.mga7 firefox-gd-68.2.0-1.mga7 firefox-gl-68.2.0-1.mga7 firefox-gu_IN-68.2.0-1.mga7 firefox-he-68.2.0-1.mga7 firefox-hi_IN-68.2.0-1.mga7 firefox-hr-68.2.0-1.mga7 firefox-hsb-68.2.0-1.mga7 firefox-hu-68.2.0-1.mga7 firefox-hy_AM-68.2.0-1.mga7 firefox-id-68.2.0-1.mga7 firefox-is-68.2.0-1.mga7 firefox-it-68.2.0-1.mga7 firefox-ja-68.2.0-1.mga7 firefox-kk-68.2.0-1.mga7 firefox-km-68.2.0-1.mga7 firefox-kn-68.2.0-1.mga7 firefox-ko-68.2.0-1.mga7 firefox-lij-68.2.0-1.mga7 firefox-lt-68.2.0-1.mga7 firefox-lv-68.2.0-1.mga7 firefox-mk-68.2.0-1.mga7 firefox-mr-68.2.0-1.mga7 firefox-ms-68.2.0-1.mga7 firefox-nb_NO-68.2.0-1.mga7 firefox-nl-68.2.0-1.mga7 firefox-nn_NO-68.2.0-1.mga7 firefox-pa_IN-68.2.0-1.mga7 firefox-pl-68.2.0-1.mga7 firefox-pt_BR-68.2.0-1.mga7 firefox-pt_PT-68.2.0-1.mga7 firefox-ro-68.2.0-1.mga7 firefox-ru-68.2.0-1.mga7 firefox-si-68.2.0-1.mga7 firefox-sk-68.2.0-1.mga7 firefox-sl-68.2.0-1.mga7 firefox-sq-68.2.0-1.mga7 firefox-sr-68.2.0-1.mga7 firefox-sv_SE-68.2.0-1.mga7 firefox-ta-68.2.0-1.mga7 firefox-te-68.2.0-1.mga7 firefox-th-68.2.0-1.mga7 firefox-tr-68.2.0-1.mga7 firefox-uk-68.2.0-1.mga7 firefox-uz-68.2.0-1.mga7 firefox-vi-68.2.0-1.mga7 firefox-xh-68.2.0-1.mga7 firefox-zh_CN-68.2.0-1.mga7 firefox-zh_TW-68.2.0-1.mga7 rootcerts-20191011.00-1.mga7 rootcerts-java-20191011.00-1.mga7 libnspr4-4.23-1.mga7 libnspr-devel-4.23-1.mga7 nss-3.47.0-1.mga7 nss-doc-3.47.0-1.mga7 libnss3-3.47.0-1.mga7 libnss-devel-3.47.0-1.mga7 libnss-static-devel-3.47.0-1.mga7 from SRPMS: firefox-68.2.0-1.mga7.src.rpm firefox-l10n-68.2.0-1.mga7.src.rpm rootcerts-20191011.00-1.mga7.src.rpm nspr-4.23-1.mga7.src.rpm nss-3.47.0-1.mga7.src.rpm
Assignee: nicolas.salguero => qa-bugsStatus: NEW => ASSIGNED
MGA7-64 Plasma on Lenovo B50 No installation issues. Tested with newspaper site (text, video, pictures) all OK. Tested also access using my eid card for authentication to governement site: OK Good enough for me.
Whiteboard: (none) => MGA7-64-OKCC: (none) => herman.viaene
Confirming the OK, as it seemed to me that just one test was insufficient fopr this application. MGA7-64 Plasma. i5, Intel graphics. Updated packages using the qarepo tool. No installation issues. Checked various sites, including this one, no problems. Validating. Advisory in Comment 5.
Keywords: (none) => validated_updateCC: (none) => andrewsfarm, sysadmin-bugs
CC: (none) => tmbKeywords: (none) => advisory
It works for me on several boxes
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2019-0315.html
Resolution: (none) => FIXEDStatus: ASSIGNED => RESOLVED
The nss 3.47 update in this bug also fixed CVE-2019-11756: https://access.redhat.com/errata/RHSA-2020:3280