Bug #3535
[iceweasel] Security Update for Firefox source code in the version 118.0.1
0%
Description
The Firefox source code in the version 118.0.1 contains a hotfix related to the libvpx library that causes a heap buffer overflow.
For more information, please go to the links below:
-https://www.mozilla.org/en-US/security/advisories/mfsa2023-44/
-https://www.cve.org/CVERecord?id=CVE-2023-5217
Thanks.
History
Updated by bill-auger 7 months ago
- Assignee set to bill-auger
- Status changed from unconfirmed to fixed
it does no good to report these ordinary mozilla bugs - every mozilla release has bugs, but the shelf-life is so short, that the proper fix for every bug is to simply replace it with the next release (which no doubt introduces more bugs) - every mozilla release could have an identical bug report: "version N has a bug - version N+1 fixes it"
these are not the sort of bug which can be tracked, as is the purpose of a bug tracker - these bugs are an absurd treadmill and are always expected - distros are not likely to literally fix any mozilla bug, unless the bug is in the branding
so for iceweasel, the 'out-of-date' flag is sufficient - naturally, it also signifies the same as this bug report "the current version has bugs; and those are fixed in the next version"; cause thats just how mozzila rolls - minor releases are usually a simple rebuild - for major releases, i usually wait for grizzlyuser to send patches - for this release, those came in yesterday