[CVE-2019-17026] Firefox Security Advisory 2020-03

2020-01-26 Thread HacKurx 
Hi,

It seems urgent to me to correct a flaw exploited in firefox:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-03/

Here are the changes:
https://raw.githubusercontent.com/HacKurx/public-sharing/master/firefox-68.4.0-1_js_src_jit_MIR.h.patch

Thank you.

Best regards,

Loic

Re: [CVE-2019-17026] Firefox Security Advisory 2020-03

2020-01-26 Thread Hugo Lefeuvre 
Hi,

> It seems urgent to me to correct a flaw exploited in firefox:
> https://www.mozilla.org/en-US/security/advisories/mfsa2020-03/
> 
> Here are the changes:
> https://raw.githubusercontent.com/HacKurx/public-sharing/master/firefox-68.4.0-1_js_src_jit_MIR.h.patch

AFAIK this has already been addressed in jessie via DLA-2061-1[0]
(firefox-esr) and DLA-2071-1 (thunderbird) on Jan, 09 2020.

thanks

cheers,
Hugo

[0] https://security-tracker.debian.org/tracker/CVE-2019-17026

-- 
Hugo Lefeuvre (hle)|www.owl.eu.com
RSA4096_ 360B 03B3 BF27 4F4D 7A3F D5E8 14AA 1EB8 A247 3DFD
ed25519_ 37B2 6D38 0B25 B8A2 6B9F 3A65 A36F 5357 5F2D DC4C


signature.asc
Description: PGP signature

slirp security upload for Jessie

2020-01-26 Thread Roberto Lumbreras 
Hi,

I'm the maintainer for package slirp. There is a security bug, already made
public:
CVE-2020-7039
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=949085

I uploaded on Friday a fix for unstable, and I've prepared security upload
for Jessie, Buster and Stretch, you can find attached the Jessie debdiff.

I built it with pbuilder, you can find all the files here:
https://software.imdea.org/cloud/index.php/s/IEsPwHWEWb6S8Kg

Please tell me if everything is ok, then if you do the upload or I have to
do anything else.

This is my first time doing this, sorry if I'm missing something.

Regards,
-- 
Roberto Lumbreras
Debian developer


debdiff-jessie.diff
Description: Binary data

Re: slirp security upload for Jessie

2020-01-26 Thread Thorsten Alteholz 

Hi everybody,

I am already in contact with Roberto and I will take care of the upload.

  Thorsten

iperf3 security upload for Jessie

2020-01-26 Thread Roberto Lumbreras 
Hello Team,

I've worked on the Jessie security fix for another of my packages, iperf3.
https://security-tracker.debian.org/tracker/CVE-2016-4303

Fixed packages:
https://software.imdea.org/cloud/index.php/s/ymyk2HGwQkNByZv


Regards,
-- 
Roberto Lumbreras
Debian developer


debdiff-iperf3-jessie.diff
Description: Binary data

Re: iperf3 security upload for Jessie

2020-01-26 Thread Thorsten Alteholz 




On Sun, 26 Jan 2020, Roberto Lumbreras wrote:

I've worked on the Jessie security fix for another of my packages, iperf3.


... I will take care of this as well.

  Thorsten