https://www.mozilla.org/security/announce/2012/mfsa2012-11.html Fixed in: Firefox 10.0.2 Firefox ESR 10.0.2 Firefox 3.6.27 Thunderbird 10.0.2 Thunderbird ESR 10.0.2 Thunderbird 3.1.19 SeaMonkey 2.7.2 i use firefox-bin-10.0.2 x86 stable Reproducible: Always
Mozilla, is this bug valid for Gentoo, or do we always use the system libpng? We have bug 404197 for libpng itself. Thanks.
-bin packages are only effected, we use system png in source builds.
All the relevant -bin packages are in the tree. Should we work on getting them stabilised and turn this into a STABLEREQ bug?
(In reply to comment #3) > All the relevant -bin packages are in the tree. Should we work on getting them > stabilised and turn this into a STABLEREQ bug? Yep, thank you. Arches, please test and mark stable: =www-client/firefox-bin-10.0.2 Target keywords : "amd64 x86" =mail-client/thunderbird-bin-10.0.2 Target keywords : "amd64 x86" =www-client/seamonkey-bin-2.7.2 Target keywords : "amd64 x86"
Created attachment 302671 [details] QA Notices
amd64: Attached above are the QA notices for all three packages. Can those be fixed on the fly ? Other than that, packages pass.
x86 stable
(In reply to comment #6) > amd64: > > Attached above are the QA notices for all three packages. Can those be fixed on > the fly ? > > Other than that, packages pass. Since they're built by Mozilla and not any Gentoo team, AFAIK, they can't be fixed.
(In reply to comment #8) > (In reply to comment #6) > > amd64: > > > > Attached above are the QA notices for all three packages. Can those be fixed on > > the fly ? > > > > Other than that, packages pass. > > Since they're built by Mozilla and not any Gentoo team, AFAIK, they can't be > fixed. You should be able to skip that warning setting QA_FLAGS_IGNORED variable (as I can read in "man 5 ebuild")
those QA warnings should be 'hidden' in mozilla-bin ebuild with QA_DT_HASH
amd64 ok
QA warnings fixed.
amd64: pass
amd64 stable
old (vulnerable) versions removed from the tree
Thanks, everyone. Added to existing GLSA request.
Can't this bug be closed since these package versions are no longer in the Portage tree?
This issue was resolved and addressed in GLSA 201301-01 at http://security.gentoo.org/glsa/glsa-201301-01.xml by GLSA coordinator Sean Amoss (ackle).