GNU bug report logs - #78487
[PATCH] gnu: librewolf: Update to 138.0.4-1 [security fixes].

Previous Next

Package: guix-patches;

Reported by: Ian Eure <ian <at> retrospec.tv>

Date: Sun, 18 May 2025 21:44:02 UTC

Severity: normal

Tags: patch

Done: Ian Eure <ian <at> retrospec.tv>

Bug is archived. No further changes may be made.

To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 78487 in the body.
You can then email your comments to 78487 AT debbugs.gnu.org in the normal way.

Toggle the display of automated, internal messages from the tracker.

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to guix-patches <at> gnu.org:
bug#78487; Package guix-patches. (Sun, 18 May 2025 21:44:02 GMT) Full text and rfc822 format available.
Acknowledgement sent to Ian Eure <ian <at> retrospec.tv>:
New bug report received and forwarded. Copy sent to guix-patches <at> gnu.org. (Sun, 18 May 2025 21:44:02 GMT) Full text and rfc822 format available.

Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):

From: Ian Eure <ian <at> retrospec.tv>
To: guix-patches <at> gnu.org
Cc: Ian Eure <ian <at> retrospec.tv>
Subject: [PATCH] gnu: librewolf: Update to 138.0.4-1 [security fixes].
Date: Sun, 18 May 2025 14:43:21 -0700

Fixes:

CVE-2025-4918: Out-of-bounds access when resolving Promise objects
CVE-2025-4919: Out-of-bounds access when optimizing linear sums

* gnu/packages/librewolf.scm (librewolf): Update to 138.0.4-1.

Change-Id: I2c2b7b5a043b37b60f0378f115f0f31fa3993618
---
 gnu/packages/librewolf.scm | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/gnu/packages/librewolf.scm b/gnu/packages/librewolf.scm
index 063a89420fe..db4a7673858 100644
--- a/gnu/packages/librewolf.scm
+++ b/gnu/packages/librewolf.scm
@@ -207,17 +207,17 @@ (define rust-librewolf rust-1.82)
 ;; Update this id with every update to its release date.
 ;; It's used for cache validation and therefore can lead to strange bugs.
 ;; ex: date '+%Y%m%d%H%M%S'
-(define %librewolf-build-id "20250502155055")
+(define %librewolf-build-id "20250518101454")
 
 (define-public librewolf
   (package
     (name "librewolf")
-    (version "138.0.3-1")
+    (version "138.0.4-1")
     (source
      (make-librewolf-source
       #:version version
-      #:firefox-hash "1r0kam26cz5rz39n6zcc2hrbav6dxlfrsa0qhhfjlnv33ns3lzx2"
-      #:librewolf-hash "1bf9sa5radjr7g6ng7kqy2ss13c0q6vkq9dfzj5y998ifxw19s4c"
+      #:firefox-hash "0mjh2if31ibx68a66cvxh5sa20xb78gdn9wdw0wv745dinq0vlrz"
+      #:librewolf-hash "1g4r2k8z5i25gcc8gfspixbi21dddyk4yg6wv7nya44swy51j7r9"
       #:l10n firefox-l10n))
     (build-system gnu-build-system)
     (arguments
-- 
2.49.0
bug closed, send any further explanations to 78487 <at> debbugs.gnu.org and Ian Eure <ian <at> retrospec.tv> Request was from Ian Eure <ian <at> retrospec.tv> to control <at> debbugs.gnu.org. (Fri, 23 May 2025 04:37:02 GMT) Full text and rfc822 format available.
bug archived. Request was from Debbugs Internal Request <help-debbugs <at> gnu.org> to internal_control <at> debbugs.gnu.org. (Fri, 20 Jun 2025 11:24:13 GMT) Full text and rfc822 format available.
This bug report was last modified 27 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.