LEAP 15.1 : when can we expect to see patched Firefox package hit the update repository?

Yesterday Mozilla announced that a critical vulnerability exists in Firefox and Firefox ESR and that a zero-day exploit is circulating in the wild. They’re urging users to upgrade to 67.0.3 or 60.7.1 ESR.

Looks like 60.7.1 ESR was pushed to the Debian update repos a couple hours after the Mozilla announcement went live. But near as I can tell, Leap 15.1 update repositories are still sitting at 60.6.3 ESR which is almost 3 weeks old.

Is this being worked-on?

I don’t have an answer. But it is very likely that this is being worked on. The maintainer of our Mozilla software is usually very active on such matters. And he has already filed a bug report on this issue – bug 1138614.

You can maybe add yourself to that bug report, so that you receive email updates on its progress.