Bug#1031357: firefox 109 is obsolete/insecure, firefox 110 needs rustc >= 1.65, not in unstable

Wed, 15 Feb 2023 08:00:31 -0800 

Package: firefox
Version: 109.0-1
Severity: serious

Several vulnerabilities have been fixed in Firefox 110:
  https://www.mozilla.org/en-US/security/advisories/mfsa2023-05/

So Firefox should be updated to this version. However, it now
build-depends on rustc >= 1.65, which will not be in unstable
during the freeze, thus not before several months.

There should either be an alternate way to get Firefox 110 in
unstable (e.g. include rust for the Firefox build or ask for a
rustc-unstable package[*]?), or it should (permanently?) move
to experimental.

[*] which will never go to testing, just like the firefox package.

-- Package-specific info:


-- Addons package information

-- System Information:
Debian Release: bookworm/sid
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'stable-updates'), (500, 
'stable-security'), (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 
'experimental')
merged-usr: no
Architecture: amd64 (x86_64)

Kernel: Linux 6.1.0-4-amd64 (SMP w/8 CPU threads; PREEMPT)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, 
TAINT_UNSIGNED_MODULE
Locale: LANG=POSIX, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages firefox depends on:
ii  debianutils          5.7-0.4
ii  fontconfig           2.14.1-4
ii  libasound2           1.2.8-1+b1
ii  libatk1.0-0          2.46.0-5
ii  libc6                2.36-8
ii  libcairo-gobject2    1.16.0-7
ii  libcairo2            1.16.0-7
ii  libdbus-1-3          1.14.6-1
ii  libdbus-glib-1-2     0.112-3
ii  libevent-2.1-7       2.1.12-stable-5+b1
ii  libffi8              3.4.4-1
ii  libfontconfig1       2.14.1-4
ii  libfreetype6         2.12.1+dfsg-4
ii  libgcc-s1            12.2.0-14
ii  libgdk-pixbuf-2.0-0  2.42.10+dfsg-1+b1
ii  libglib2.0-0         2.74.5-1
ii  libgtk-3-0           3.24.36-3
ii  libnspr4             2:4.35-1
ii  libnss3              2:3.87.1-1
ii  libpango-1.0-0       1.50.12+ds-1
ii  libstdc++6           12.2.0-14
ii  libvpx7              1.12.0-1
ii  libx11-6             2:1.8.3-3
ii  libx11-xcb1          2:1.8.3-3
ii  libxcb-shm0          1.15-1
ii  libxcb1              1.15-1
ii  libxcomposite1       1:0.4.5-1
ii  libxdamage1          1:1.1.6-1
ii  libxext6             2:1.3.4-1+b1
ii  libxfixes3           1:6.0.0-2
ii  libxrandr2           2:1.5.2-2+b1
ii  libxtst6             2:1.2.3-1.1
ii  procps               2:4.0.2-3
ii  zlib1g               1:1.2.13.dfsg-1

Versions of packages firefox recommends:
ii  libavcodec59  7:5.1.2-2

Versions of packages firefox suggests:
ii  fonts-lmodern          2.005-1
ii  fonts-stix [otf-stix]  1.1.1-4.1
ii  libcanberra0           0.30-10
ii  libgssapi-krb5-2       1.20.1-1
ii  pulseaudio             16.1+dfsg1-2+b1

-- no debconf information

-- 
Vincent Lefèvre <vinc...@vinc17.net> - Web: <https://www.vinc17.net/>
100% accessible validated (X)HTML - Blog: <https://www.vinc17.net/blog/>
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)

Reply via email to