GNU bug report logs - #78487
[PATCH] gnu: librewolf: Update to 138.0.4-1 [security fixes].

Previous Next

Full log

Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):

From: Ian Eure <ian <at> retrospec.tv>
To: guix-patches <at> gnu.org
Cc: Ian Eure <ian <at> retrospec.tv>
Subject: [PATCH] gnu: librewolf: Update to 138.0.4-1 [security fixes].
Date: Sun, 18 May 2025 14:43:21 -0700

Fixes:

CVE-2025-4918: Out-of-bounds access when resolving Promise objects
CVE-2025-4919: Out-of-bounds access when optimizing linear sums

* gnu/packages/librewolf.scm (librewolf): Update to 138.0.4-1.

Change-Id: I2c2b7b5a043b37b60f0378f115f0f31fa3993618
---
 gnu/packages/librewolf.scm | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/gnu/packages/librewolf.scm b/gnu/packages/librewolf.scm
index 063a89420fe..db4a7673858 100644
--- a/gnu/packages/librewolf.scm
+++ b/gnu/packages/librewolf.scm
@@ -207,17 +207,17 @@ (define rust-librewolf rust-1.82)
 ;; Update this id with every update to its release date.
 ;; It's used for cache validation and therefore can lead to strange bugs.
 ;; ex: date '+%Y%m%d%H%M%S'
-(define %librewolf-build-id "20250502155055")
+(define %librewolf-build-id "20250518101454")
 
 (define-public librewolf
   (package
     (name "librewolf")
-    (version "138.0.3-1")
+    (version "138.0.4-1")
     (source
      (make-librewolf-source
       #:version version
-      #:firefox-hash "1r0kam26cz5rz39n6zcc2hrbav6dxlfrsa0qhhfjlnv33ns3lzx2"
-      #:librewolf-hash "1bf9sa5radjr7g6ng7kqy2ss13c0q6vkq9dfzj5y998ifxw19s4c"
+      #:firefox-hash "0mjh2if31ibx68a66cvxh5sa20xb78gdn9wdw0wv745dinq0vlrz"
+      #:librewolf-hash "1g4r2k8z5i25gcc8gfspixbi21dddyk4yg6wv7nya44swy51j7r9"
       #:l10n firefox-l10n))
     (build-system gnu-build-system)
     (arguments
-- 
2.49.0

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.