GNU bug report logs - #78487
[PATCH] gnu: librewolf: Update to 138.0.4-1 [security fixes].

Previous Next

Package: guix-patches;

Reported by: Ian Eure <ian <at> retrospec.tv>

Date: Sun, 18 May 2025 21:44:02 UTC

Severity: normal

Tags: patch

Done: Ian Eure <ian <at> retrospec.tv>

To reply to this bug, email your comments to 78487 AT debbugs.gnu.org.
There is no need to reopen the bug first.

Toggle the display of automated, internal messages from the tracker.

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to guix-patches <at> gnu.org:
bug#78487; Package guix-patches. (Sun, 18 May 2025 21:44:02 GMT) Full text and rfc822 format available.
Acknowledgement sent to Ian Eure <ian <at> retrospec.tv>:
New bug report received and forwarded. Copy sent to guix-patches <at> gnu.org. (Sun, 18 May 2025 21:44:02 GMT) Full text and rfc822 format available.

Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):

From: Ian Eure <ian <at> retrospec.tv>
To: guix-patches <at> gnu.org
Cc: Ian Eure <ian <at> retrospec.tv>
Subject: [PATCH] gnu: librewolf: Update to 138.0.4-1 [security fixes].
Date: Sun, 18 May 2025 14:43:21 -0700

Fixes:

CVE-2025-4918: Out-of-bounds access when resolving Promise objects
CVE-2025-4919: Out-of-bounds access when optimizing linear sums

* gnu/packages/librewolf.scm (librewolf): Update to 138.0.4-1.

Change-Id: I2c2b7b5a043b37b60f0378f115f0f31fa3993618
---
 gnu/packages/librewolf.scm | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/gnu/packages/librewolf.scm b/gnu/packages/librewolf.scm
index 063a89420fe..db4a7673858 100644
--- a/gnu/packages/librewolf.scm
+++ b/gnu/packages/librewolf.scm
@@ -207,17 +207,17 @@ (define rust-librewolf rust-1.82)
 ;; Update this id with every update to its release date.
 ;; It's used for cache validation and therefore can lead to strange bugs.
 ;; ex: date '+%Y%m%d%H%M%S'
-(define %librewolf-build-id "20250502155055")
+(define %librewolf-build-id "20250518101454")
 
 (define-public librewolf
   (package
     (name "librewolf")
-    (version "138.0.3-1")
+    (version "138.0.4-1")
     (source
      (make-librewolf-source
       #:version version
-      #:firefox-hash "1r0kam26cz5rz39n6zcc2hrbav6dxlfrsa0qhhfjlnv33ns3lzx2"
-      #:librewolf-hash "1bf9sa5radjr7g6ng7kqy2ss13c0q6vkq9dfzj5y998ifxw19s4c"
+      #:firefox-hash "0mjh2if31ibx68a66cvxh5sa20xb78gdn9wdw0wv745dinq0vlrz"
+      #:librewolf-hash "1g4r2k8z5i25gcc8gfspixbi21dddyk4yg6wv7nya44swy51j7r9"
       #:l10n firefox-l10n))
     (build-system gnu-build-system)
     (arguments
-- 
2.49.0
bug closed, send any further explanations to 78487 <at> debbugs.gnu.org and Ian Eure <ian <at> retrospec.tv> Request was from Ian Eure <ian <at> retrospec.tv> to control <at> debbugs.gnu.org. (Fri, 23 May 2025 04:37:02 GMT) Full text and rfc822 format available.
This bug report was last modified 25 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.