On 2022-10-20 04:29:10, Alter Kim wrote:
> Package: firefox-esr
> Version: 91
>
> Hi !
> Since I read the firefox 91 have some serious bug/vuln issues
>
> I perform an update on my system
> :~$sudo apt update
> Get:1 http://deb.devuan.org/merged chimaera InRelease [33.5 kB]
> Fetched 33.5 kB in 3s (9,913 B/s)
> Reading package lists... Done
> Building dependency tree... Done
> Reading state information... Done
> 80 packages can be upgraded. Run 'apt list --upgradable' to see them.
> Ready to upgrade firefox
> $ sudo apt-get install firefox-esr
> Reading package lists... Done
> Building dependency tree... Done
> Reading state information... Done
> firefox-esr is already the newest version (91.13.0esr-1~deb11u1).
> firefox-esr set to manually installed.
> I notice the update only give me the 91.13.0esr version
> If I take a look on the site[1] the 91.13.0esr version is vulnerable
> [1]https://www.debian.org/security/2022/dsa-5259
> Also I see in this other site more info:
> https://security.gentoo.org/glsa/202209-27
> References
> CVE-2022-40956
> CVE-2022-40957
> CVE-2022-40958
> CVE-2022-40959
> CVE-2022-40960
> CVE-2022-40962
> Affected versions
> < 105.0
> < 102.3.0
>
> Unaffected versions
> >= 105.0
> >= 102.3.0
>
> An extra check in the sources.list
>
> $ cat /etc/apt/sources.list
> # Package repositories
> deb http://deb.devuan.org/merged chimaera main
> #deb http://deb.devuan.org/merged chimaera-updates main
> #deb http://deb.devuan.org/merged chimaera-security main
> #deb http://deb.devuan.org/merged chimaera-backports main
>
> In resume the update system can not delivery a safe version or a newer
> version of firefox-esr
>
> Thanks in advance for your time and for the time you take to solve this
> issue
>
> Cheers
Odd I did that update on Chimaera a couple of hours ago, and got
firefox-esr amd64 102.4.0esr-1~deb11u1 fine.
Maybe you hit a mirror while it was in the middle of updating? Try again?
--
A big old stinking pile of genius that no one wants
coz there are too many silver coated monkeys in the world.