Fix Firefox version in ESR advisory #134
Closed
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This is to specifically reference the 115.5 ESR version as "fixed in" not implicitly the 115.5 Release version Please see https://bugzilla.mozilla.org/show_bug.cgi?id=1866012 for the original report
|
@freddyb Does this correction look OK to you, please? |
|
Duplicate of #133. We already have a patch under review in the private review that will be merged here by the end of the day. |
|
Out of curiosity, the source code in the archives is in 115.5.0esr directory, but the version here is 115.5. Is that intentional? Historically it used to match up I believe. |
|
Yes. The patch that I hope to merge later today looks like that. Waiting for review in our internal repo. Will be merged here asap. diff --git a/announce/2023/mfsa2023-49.yml b/announce/2023/mfsa2023-49.yml
index 247a77f0..f5e1ed6b 100644
--- a/announce/2023/mfsa2023-49.yml
+++ b/announce/2023/mfsa2023-49.yml
@@ -81,14 +81,14 @@ advisories:
bugs:
- url: 1850200
CVE-2023-6212:
- title: Memory safety bugs fixed in Firefox 120, Firefox ESR 115.5, and Thunderbird 115.5
+ title: Memory safety bugs fixed in Firefox 120, Firefox ESR 115.5.0, and Thunderbird 115.5
impact: high
reporter: Mozilla Developers
description: |
Memory safety bugs present in Firefox 119, Firefox ESR 115.4, and Thunderbird 115.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.
bugs:
- url: 1658432, 1820983, 1829252, 1856072, 1856091, 1859030, 1860943, 1862782
- desc: Memory safety bugs fixed in Firefox 120, Firefox ESR 115.5, and Thunderbird 115.5
+ desc: Memory safety bugs fixed in Firefox 120, Firefox ESR 115.5.0, and Thunderbird 115.5
CVE-2023-6213:
title: Memory safety bugs fixed in Firefox 120
impact: high
diff --git a/announce/2023/mfsa2023-50.yml b/announce/2023/mfsa2023-50.yml
index 18199d49..74a8b4f9 100644
--- a/announce/2023/mfsa2023-50.yml
+++ b/announce/2023/mfsa2023-50.yml
@@ -2,8 +2,8 @@
announced: November 21, 2023
impact: high
fixed_in:
-- Firefox 115.5
-title: Security Vulnerabilities fixed in Firefox ESR 115.5
+- Firefox ESR 115.5.0
+title: Security Vulnerabilities fixed in Firefox ESR 115.5.0
advisories:
CVE-2023-6204:
title: Out-of-bound memory access in WebGL2 blitFramebuffer
@@ -60,11 +60,11 @@ advisories:
bugs:
- url: 1858570
CVE-2023-6212:
- title: Memory safety bugs fixed in Firefox 120, Firefox ESR 115.5, and Thunderbird 115.5
+ title: Memory safety bugs fixed in Firefox 120, Firefox ESR 115.5.0, and Thunderbird 115.5.0
impact: high
reporter: Mozilla Developers
description: |
Memory safety bugs present in Firefox 119, Firefox ESR 115.4, and Thunderbird 115.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.
bugs:
- url: 1658432, 1820983, 1829252, 1856072, 1856091, 1859030, 1860943, 1862782
- desc: Memory safety bugs fixed in Firefox 120, Firefox ESR 115.5, and Thunderbird 115.5
+ desc: Memory safety bugs fixed in Firefox 120, Firefox ESR 115.5.0, and Thunderbird 115.5.0
diff --git a/announce/2023/mfsa2023-52.yml b/announce/2023/mfsa2023-52.yml
index 39658141..d0a78f5e 100644
--- a/announce/2023/mfsa2023-52.yml
+++ b/announce/2023/mfsa2023-52.yml
@@ -66,7 +66,7 @@ advisories:
impact: high
reporter: Mozilla Developers
description: |
- Memory safety bugs present in Firefox 119, Firefox 115.4, and Thunderbird 115.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.
+ Memory safety bugs present in Firefox 119, Firefox ESR 115.4, and Thunderbird 115.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.
bugs:
- url: 1658432, 1820983, 1829252, 1856072, 1856091, 1859030, 1860943, 1862782
- desc: Memory safety bugs fixed in Firefox 120, Firefox 115.5, and Thunderbird 115.5.0
+ desc: Memory safety bugs fixed in Firefox 120, Firefox ESR 115.5.0, and Thunderbird 115.5.0 |
|
Awesome, thank you :) |
|
great, Thanks |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This is to specifically reference the 115.5 ESR version as "fixed in" not implicitly the 115.5 Release version
Please see https://bugzilla.mozilla.org/show_bug.cgi?id=1866012 for the original report