And another bunch of mozilla packages which fix new found security flaws. Target keywords for thunderbird-bin/firefox-bin/seamonkey-bin are: amd64 x86 Target keywords for xulrunner/mozilla-firefox/seamonkey are: alpha amd64 arm hppa ia64 ppc ppc64 sparc x86 List of vulnerabilities concerning xulrunner/firefox and descendants: http://www.mozilla.org/security/known-vulnerabilities/firefox36.html#firefox3.6.7 As of this writing seamonkey still had no list about fixed vulnerabilites but I will deliver those in addition. www-client/icecat is lagging behind (as usual). As soon as they catch up with mozilla I will notify you in this bug. Thunderbird is affected as well. Anarchy wants to do some cleanups in the ebuild before it will be added to this bug.
Ignore target keywords for thunderbird-bin until Anarchy did the bump. Classical cut'n'paste error from me :-/
My, you guys are fast. :)
http://www.seamonkey-project.org/news#2010-07-20 list of seamonkey vuln.
x86 is stable for net-libs/xulrunner-1.9.2.7 www-client/mozilla-firefox-3.6.7 www-client/firefox-bin-3.6.7 www-client/seamonkey-2.0.6 www-client/seamonkey-bin-2.0.6 we will stay here for thunderbird and icecat.
thunderbird-3.1.1. and thunderbird-bin-3.1.1 are in the tree make sure you mark enigmail-1.1.2-r1 as the same time please.
Target keywords for icecat are: amd64 ppc ppc64 x86 Target keywords for thunderbird-bin are: amd64 x86 Target keywords for thunderbird are: alpha amd64 arm ia64 ppc ppc64 sparc x86 ~x86-fbsd ~amd64-linux ~x86-linux Target keywords for enigmail are: alpha amd64 arm ia64 ppc ppc64 sparc x86 ~x86-fbsd List of vulnerabilities concerning thunderbird: http://www.mozilla.org/security/known-vulnerabilities/thunderbird31#thunderbird3.1.1 List of vulnerabilities concerning seamonkey: http://www.mozilla.org/security/known-vulnerabilities/seamonkey20.html#seamonkey2.0.6
I archtested thunderbird-bin-3.1.1, thunderbird-3.1.1, enigmail-1.1.2-r1 on x86. No issues.
Icecat yields: Could not find compatible GRE between version 1.9.2.7 and 1.9.2.7. Remerge did not help. Firefox reports 1.9.2.7 fine.
Thanks Thomas for testing, so apart from icecat, x86 stabled all packages.
+*xulrunner-1.9.2.7-r1 (23 Jul 2010) + + 23 Jul 2010; Lars Wendler <polynomial-c@gentoo.org> + -xulrunner-1.9.2.7.ebuild, +xulrunner-1.9.2.7-r1.ebuild: + Increased revision to fix GRE issues caused by bug #329529 and requested + in bug #329563. + fauli please test icecat with -r1. I left the keywords from -r0 intact so no need to stabilize -r1 again.
on emerge ff-3.6.7 and xulrunner-3.6.7 Could not find compatible GRE between version 1.9.2.7 and 1.9.2.7. emerge --info Portage 2.2_rc67 (default/linux/x86/10.0/desktop, gcc-4.4.4, glibc-2.11.2-r0, 2.6.33-gentoo-r1 i686) ================================================================= System uname: Linux-2.6.33-gentoo-r1-i686-Intel-R-_Core-TM-2_Duo_CPU_T7250_@_2.00GHz-with-gentoo-2.0.1 Timestamp of tree: Fri, 23 Jul 2010 04:30:12 +0000 ccache version 2.4 [disabled] app-shells/bash: 4.1_p7 dev-java/java-config: 2.1.11 dev-lang/python: 2.6.5-r3, 3.1.2-r4 dev-util/ccache: 2.4-r8 dev-util/cmake: 2.8.1-r2 sys-apps/baselayout: 2.0.1 sys-apps/openrc: 0.6.1-r1 sys-apps/sandbox: 2.2 sys-devel/autoconf: 2.13, 2.65-r1 sys-devel/automake: 1.9.6-r3, 1.10.3, 1.11.1 sys-devel/binutils: 2.20.1-r1 sys-devel/gcc: 4.4.4-r1 sys-devel/gcc-config: 1.4.1 sys-devel/libtool: 2.2.10 virtual/os-headers: 2.6.34 ACCEPT_KEYWORDS="x86 ~x86" ACCEPT_LICENSE="* -@EULA dlj-1.1 skype-eula Q3AEULA AdobeFlash-10.1" CBUILD="i686-pc-linux-gnu" CFLAGS="-march=core2 -mtune=core2 -O2 -pipe -fomit-frame-pointer" CHOST="i686-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/share/X11/xkb /usr/share/config" CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/env.d/java/ /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/php/apache2-php5/ext-active/ /etc/php/cgi-php5/ext-active/ /etc/php/cli-php5/ext-active/ /etc/revdep-rebuild /etc/sandbox.d /etc/splash /etc/terminfo" CXXFLAGS="-march=core2 -mtune=core2 -O2 -pipe -fomit-frame-pointer" DISTDIR="/data/tmp/" FEATURES="assume-digests collision-protect distlocks fixpackages news parallel-fetch preserve-libs protect-owned sandbox sfperms strict unmerge-logs unmerge-orphans userfetch" GENTOO_MIRRORS="http://gentoo.osuosl.org/ ftp://distro.ibiblio.org/pub/linux/distributions/gentoo/ http://distro.ibiblio.org/pub/linux/distributions/gentoo/ http://ftp.ucsb.edu/pub/mirrors/linux/gentoo/ http://gentoo.mirrors.pair.com/ http://www.gtlib.gatech.edu/pub/gentoo http://gentoo.llarian.net/ http://gentoo.j-schmitz.net/mirror/" LANG="en_US.utf8" LDFLAGS="-Wl,-O1" LINGUAS="en_US" MAKEOPTS="-j3" PKGDIR="/data/portage/packages" PORTAGE_CONFIGROOT="/" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages" PORTAGE_TMPDIR="/data/temp/" PORTDIR="/data/portage/" PORTDIR_OVERLAY="/usr/local/portage/layman/desktop-effects /usr/local/portage/layman/x11 /usr/local/portage/layman/gnome /usr/local/portage/layman/mozilla /usr/local/portage/layman/qting-edge /usr/local/portage/layman/kde /usr/local/portage/layman/enlightenment /usr/local/portage/custom /usr/local/portage" SYNC="rsync://rsync.gentoo.org/gentoo-portage" USE="X a52 aac acl acpi alsa berkdb bluetooth branding bzip2 cairo cdr cjk cli consolekit cracklib crypt cxx dbus dri dts dvd dvdr emboss encode exif fam flac fortran gdbm gif gpm gtk hal iconv ipv6 jpeg lcms libnotify lm_sensors mad mikmod mng modules mp3 mp4 mpeg mudflap ncurses nls nptl nptlonly ogg opengl openmp pam pango pcre pdf perl png policykit ppds pppd pulseaudio python qt3support qt4 readline reflection sdl session spell spl ssl startup-notification svg sysfs tcpd tiff truetype unicode usb vorbis wifi x264 x86 xcb xml xorg xulrunner xv xvid xvmc zlib" ALSA_CARDS="hda-intel" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mmap_emul mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache cgi cgid dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" ELIBC="glibc" INPUT_DEVICES="evdev keyboard mouse synaptics" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LINGUAS="en_US" LIRC_DEVICES="irman usb_uirt_raw" RUBY_TARGETS="ruby18" USERLAND="GNU" VIDEO_CARDS="nvidia" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq steal rawnat logmark ipmark dhcpmac delude chaos account" Unset: CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, FFLAGS, INSTALL_MASK, LC_ALL, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS
(In reply to comment #11) > on emerge ff-3.6.7 and xulrunner-3.6.7 > Could not find compatible GRE between version 1.9.2.7 and 1.9.2.7. Emerge xulrunner 1.9.2.7-r1 (resync before) and Firefox again. See above comments.
x86 finally done. Bye.
Firefox 3.6.8 is already out, fixing another critical vulnerability: http://www.mozilla.org/security/known-vulnerabilities/firefox36.html#firefox3.6.8
Readding x86 for xulrunner-1.9.2.8/firefox{,-bin}-3.6.8 stabilization. @ ppc team: Please stabilize this version as well. This time blame mozilla upstream for the inconveniences ;) No idea if icecat will release 3.6.8 as well...
stable x86, did I ever mention that I hate compiling XULRunner
Stable for HPPA PPC: net-libs/xulrunner-1.9.2.8 www-client/mozilla-firefox-3.6.8 www-client/seamonkey-2.0.6 Stable for PPC: =mail-client/thunderbird-3.1.1 =x11-plugins/enigmail-1.1.2-r1 =www-client/icecat-3.6.7
+*icecat-3.6.7-r1 (25 Jul 2010) + + 25 Jul 2010; Lars Wendler <polynomial-c@gentoo.org> + +files/mozilla-1.9.2.8.diff, -icecat-3.6.7.ebuild, + +icecat-3.6.7-r1.ebuild: + Added the fixes from firefox-3.6.8 to icecat-3.6.7. It's now technically + icecat-3.6.8 which still wasn't released at the time of this change. + Please keep on stabilizing icecat.
Please note that a www-client/mozilla-firefox -> www-client/firefox pkgmove was just done.
amd64 stable
+*icecat-3.6.8 (31 Jul 2010) + + 31 Jul 2010; Lars Wendler <polynomial-c@gentoo.org> + -files/mozilla-1.9.2.8.diff, -icecat-3.6.7-r1.ebuild, + +icecat-3.6.8.ebuild: + Version bump to stay in sync with xulrunner. Committed straight to stable + as it's identical to 3.6.7-r1 code-wise.
alpha/arm/ia64/sparc stable
ppc64 done
Nothing for mozilla team to do here, none of the affected versions/packages are in-tree anymore.
Bug added to existing GLSA request.
CVE-2010-2755 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2755): layout/generic/nsObjectFrame.cpp in Mozilla Firefox 3.6.7 does not properly free memory in the parameter array of a plugin instance, which allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted HTML document, related to the DATA and SRC attributes of an OBJECT element. NOTE: this vulnerability exists because of an incorrect fix for CVE-2010-1214. CVE-2010-2754 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2754): dom/base/nsJSEnvironment.cpp in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 does not properly suppress a script's URL in certain circumstances involving a redirect and an error message, which allows remote attackers to obtain sensitive information about script parameters via a crafted HTML document, related to the window.onerror handler. CVE-2010-2753 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2753): Integer overflow in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 allows remote attackers to execute arbitrary code via a large selection attribute in a XUL tree element, which triggers a use-after-free. CVE-2010-2752 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2752): Integer overflow in an array class in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 allows remote attackers to execute arbitrary code by placing many Cascading Style Sheets (CSS) values in an array, related to references to external font resources and an inconsistency between 16-bit and 32-bit integers. CVE-2010-2751 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2751): The nsDocShell::OnRedirectStateChange function in docshell/base/nsDocShell.cpp in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, and SeaMonkey before 2.0.6, allows remote attackers to spoof the SSL security status of a document via vectors involving multiple requests, a redirect, and the history.back and history.forward JavaScript functions. CVE-2010-1215 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1215): Mozilla Firefox 3.6.x before 3.6.7 and Thunderbird 3.1.x before 3.1.1 do not properly implement access to a content object through a SafeJSObjectWrapper (aka SJOW) wrapper, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges by leveraging "access to an object from the chrome scope." CVE-2010-1214 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1214): Integer overflow in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, and SeaMonkey before 2.0.6, allows remote attackers to execute arbitrary code via plugin content with many parameter elements. CVE-2010-1213 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1213): The importScripts Web Worker method in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 does not verify that content is valid JavaScript code, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted HTML document. CVE-2010-1212 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1212): js/src/jstracer.cpp in the browser engine in Mozilla Firefox 3.6.x before 3.6.7 and Thunderbird 3.1.x before 3.1.1 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to (1) propagation of deep aborts in the TraceRecorder::record_JSOP_BINDNAME function, (2) depth handling in the TraceRecorder::record_JSOP_GETELEM function, and (3) tracing of out-of-range arguments in the TraceRecorder::record_JSOP_ARGSUB function. CVE-2010-1211 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1211): Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. CVE-2010-1210 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1210): intl/uconv/util/nsUnicodeDecodeHelper.cpp in Mozilla Firefox before 3.6.7 and Thunderbird before 3.1.1 inserts a U+FFFD sequence into text in certain circumstances involving undefined positions, which might make it easier for remote attackers to conduct cross-site scripting (XSS) attacks via crafted 8-bit text. CVE-2010-1209 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1209): Use-after-free vulnerability in the NodeIterator implementation in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, and SeaMonkey before 2.0.6, allows remote attackers to execute arbitrary code via a crafted NodeFilter that detaches DOM nodes, related to the NodeIterator interface and a javascript callback. CVE-2010-1208 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1208): Use-after-free vulnerability in the attribute-cloning functionality in the DOM implementation in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, and SeaMonkey before 2.0.6, allows remote attackers to execute arbitrary code via vectors related to deletion of an event attribute node with a nonzero reference count. CVE-2010-1207 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1207): Mozilla Firefox before 3.6.7 and Thunderbird before 3.1.1 do not properly implement read restrictions for CANVAS elements, which allows remote attackers to obtain sensitive cross-origin information via vectors involving reference retention and node deletion. CVE-2010-0654 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0654): Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 permit cross-origin loading of CSS stylesheets even when the stylesheet download has an incorrect MIME type and the stylesheet document is malformed, which allows remote attackers to obtain sensitive information via a crafted document.
This issue was resolved and addressed in GLSA 201301-01 at http://security.gentoo.org/glsa/glsa-201301-01.xml by GLSA coordinator Sean Amoss (ackle).