Package: firefox Version: 109.0-1 Severity: serious Several vulnerabilities have been fixed in Firefox 110: https://www.mozilla.org/en-US/security/advisories/mfsa2023-05/
So Firefox should be updated to this version. However, it now build-depends on rustc >= 1.65, which will not be in unstable during the freeze, thus not before several months. There should either be an alternate way to get Firefox 110 in unstable (e.g. include rust for the Firefox build or ask for a rustc-unstable package[*]?), or it should (permanently?) move to experimental. [*] which will never go to testing, just like the firefox package. -- Package-specific info: -- Addons package information -- System Information: Debian Release: bookworm/sid APT prefers unstable-debug APT policy: (500, 'unstable-debug'), (500, 'stable-updates'), (500, 'stable-security'), (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 'experimental') merged-usr: no Architecture: amd64 (x86_64) Kernel: Linux 6.1.0-4-amd64 (SMP w/8 CPU threads; PREEMPT) Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE Locale: LANG=POSIX, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages firefox depends on: ii debianutils 5.7-0.4 ii fontconfig 2.14.1-4 ii libasound2 1.2.8-1+b1 ii libatk1.0-0 2.46.0-5 ii libc6 2.36-8 ii libcairo-gobject2 1.16.0-7 ii libcairo2 1.16.0-7 ii libdbus-1-3 1.14.6-1 ii libdbus-glib-1-2 0.112-3 ii libevent-2.1-7 2.1.12-stable-5+b1 ii libffi8 3.4.4-1 ii libfontconfig1 2.14.1-4 ii libfreetype6 2.12.1+dfsg-4 ii libgcc-s1 12.2.0-14 ii libgdk-pixbuf-2.0-0 2.42.10+dfsg-1+b1 ii libglib2.0-0 2.74.5-1 ii libgtk-3-0 3.24.36-3 ii libnspr4 2:4.35-1 ii libnss3 2:3.87.1-1 ii libpango-1.0-0 1.50.12+ds-1 ii libstdc++6 12.2.0-14 ii libvpx7 1.12.0-1 ii libx11-6 2:1.8.3-3 ii libx11-xcb1 2:1.8.3-3 ii libxcb-shm0 1.15-1 ii libxcb1 1.15-1 ii libxcomposite1 1:0.4.5-1 ii libxdamage1 1:1.1.6-1 ii libxext6 2:1.3.4-1+b1 ii libxfixes3 1:6.0.0-2 ii libxrandr2 2:1.5.2-2+b1 ii libxtst6 2:1.2.3-1.1 ii procps 2:4.0.2-3 ii zlib1g 1:1.2.13.dfsg-1 Versions of packages firefox recommends: ii libavcodec59 7:5.1.2-2 Versions of packages firefox suggests: ii fonts-lmodern 2.005-1 ii fonts-stix [otf-stix] 1.1.1-4.1 ii libcanberra0 0.30-10 ii libgssapi-krb5-2 1.20.1-1 ii pulseaudio 16.1+dfsg1-2+b1 -- no debconf information -- Vincent Lefèvre <vinc...@vinc17.net> - Web: <https://www.vinc17.net/> 100% accessible validated (X)HTML - Blog: <https://www.vinc17.net/blog/> Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)