ieure pushed a commit to branch master
in repository guix.
commit c224bf2dd1b388f4a4dd264ff88931f6355569e0
Author: Ian Eure <[email protected]>
AuthorDate: Mon Apr 7 17:14:27 2025 -0700
gnu: librewolf: Update to 137.0.1-1 [security fixes].
New upstream release. Contains fixes for:
CVE-2025-3028: Use-after-free triggered by XSLTProcessor
CVE-2025-3031: JIT optimization bug with different stack slot sizes
CVE-2025-3032: Leaking file descriptors from the fork server
CVE-2025-3029: URL bar spoofing via non-BMP Unicode characters
CVE-2025-3035: Tab title disclosure across pages when using AI chatbot
CVE-2025-3033: Opening local .url files could lead to another file
being opened
CVE-2025-3030: Memory safety bugs fixed in Firefox 137, Thunderbird
137, Firefox ESR 128.9, and Thunderbird 128.9
CVE-2025-3034: Memory safety bugs fixed in Firefox 137 and Thunderbird
137
* gnu/packages/librewolf.scm (librewolf): Update to 137.0.1-1.
Change-Id: I418fadabc2375fe85e6d71f0fba198ae5983159c
---
gnu/packages/librewolf.scm | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/gnu/packages/librewolf.scm b/gnu/packages/librewolf.scm
index 1cb7084f23..f9cc4b34cc 100644
--- a/gnu/packages/librewolf.scm
+++ b/gnu/packages/librewolf.scm
@@ -206,17 +206,17 @@
;; Update this id with every update to its release date.
;; It's used for cache validation and therefore can lead to strange bugs.
;; ex: date '+%Y%m%d%H%M%S'
-(define %librewolf-build-id "20250327215540")
+(define %librewolf-build-id "20250405165830")
(define-public librewolf
(package
(name "librewolf")
- (version "136.0.4-1")
+ (version "137.0.1-1")
(source
(make-librewolf-source
#:version version
- #:firefox-hash "0hn2ywyacgg8n47qz1q2l8bf32mszj3vnpkl6kag3wmqqbhvja2a"
- #:librewolf-hash "045il4xrji2zh1scx3aiy6hx6jv098232aycda6bhsh27szbsrfa"
+ #:firefox-hash "1r0b5vfhqkw5vgf7bb0ylcw4vlg9mpfj96n8whfppj8r5rhah788"
+ #:librewolf-hash "0yry4k44wifi9h25h49krm05jbrs6bg9pa4vszv8af8dv5qm2bz0"
#:l10n firefox-l10n))
(build-system gnu-build-system)
(arguments
