-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Package : firefox-esr Version : 52.7.2esr-1~deb7u1 CVE ID : CVE-2018-5146 CVE-2018-5147
Richard Zhu and Huzaifa Sidhpurwala discovered that an out-of-bounds memory write when playing Vorbis media files could result in the execution of arbitrary code. For Debian 7 "Wheezy", these problems have been fixed in version 52.7.2esr-1~deb7u1. We recommend that you upgrade your firefox-esr packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAlq5fMIACgkQnUbEiOQ2 gwKNTw/+PRSV6iREMrdAdM+Yv1xD43y33tpKYWtveXpi76DMj45qsNS9H7+7JeC8 UGzeGCK6DuhMK7mo+Dq2+Giu4UlzLlqbRu52Kzqv5X8yyOgiHHLcYDKsgr7jRGBu I6heNURAnRzVlEFv0LeTA6Tg8L9zN2w7jQ89zHlByN/wcU33ahdGcuHsblMWwtxU M2BUlU+f3vJBNWimw5JIsufn9FRwQynQYpEWP8o1tWadejthFuNathwPoRN5AinD w/mwz7xgkHzgt1eEurFI+sVmkCN7z2BeZuWysiti0t9EIOATONGzIQb0IJS2AQTO u0nzfMWg4uFIdf/KLgj6b4aKApmuTPOgvqKgXq4bXVScJmCXipgJeg+dVtX2PxZ8 wqM0PdNzMakdnijek+GeE7k0fBAUWcPIR/n7tg6SxXiCs+LEVDS4TLzETn83Zs/C LGbIMchTratMTH2zPwFOcQ2FlKuzS3kaPQmKO0Jp1o0qs9vqcgLP9IlYhN/qcbha tn5QeEl1TQKfegAlqMLMhZ32CpGbJGgsfeELvj+D+aD2Anqhy0q/IOGdxoayUlaP Xx2mDumOjwGJgZ1p+Ha34WsUzaWvJEMCrRqd0mLjdAyhhQ862tCbPxJs7K7scODl lJRYxXwh9BY9UhWXPPrL8SrbJDYhTKExzjnRBGOy/fUMrgPYsuM= =R5Dh -----END PGP SIGNATURE-----
