821385 – (MOZ-2021-0004, MOZ-2021-0005, MOZ-2021-0006) <www-client/firefox{-bin,}-{91.3.0,94}: multiple vulnerabilities

Bug 821385 (MOZ-2021-0004, MOZ-2021-0005, MOZ-2021-0006) - <www-client/firefox{-bin,}-{91.3.0,94}: multiple vulnerabilities

Summary: <www-client/firefox{-bin,}-{91.3.0,94}: multiple vulnerabilities

Status:	RESOLVED FIXED

Alias:	MOZ-2021-0004, MOZ-2021-0005, MOZ-2021-0006

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal major
Assignee:	Gentoo Security

URL:
Whiteboard:	A2 [glsa]
Keywords:

Depends on:	821679
Blocks:	CVE-2021-38503, CVE-2021-38504, CVE-2021-38506, CVE-2021-38507, CVE-2021-38508, CVE-2021-38509, MOZ-2021-0007, MOZ-2021-0008
	Show dependency tree

Reported:	2021-11-02 23:21 UTC by John Helmert III
Modified:	2022-02-21 23:05 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description John Helmert III archtester

2021-11-02 23:21:23 UTC

See tracker for details. Currently waiting on ESR bump

Comment 1 John Helmert III archtester

2021-11-03 15:19:44 UTC

Please remember to tag security bugs when bumping!

Please stabilize 91.3.0.

Comment 2 Larry the Git Cow gentoo-dev

2021-11-04 08:41:17 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=28cc0d41f016e412b5e9410e6c8b7f0e04a83a0b

commit 28cc0d41f016e412b5e9410e6c8b7f0e04a83a0b
Author:     Joonas Niilola <juippis@gentoo.org>
AuthorDate: 2021-11-04 08:39:50 +0000
Commit:     Joonas Niilola <juippis@gentoo.org>
CommitDate: 2021-11-04 08:39:50 +0000

    www-client/firefox: stabilize 91.3.0 for amd64
    
    Bug: https://bugs.gentoo.org/821385
    Signed-off-by: Joonas Niilola <juippis@gentoo.org>

 www-client/firefox/firefox-91.3.0.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=54e673915f1e51b62414f329b9d970eb546ed1a9

commit 54e673915f1e51b62414f329b9d970eb546ed1a9
Author:     Joonas Niilola <juippis@gentoo.org>
AuthorDate: 2021-11-04 08:39:23 +0000
Commit:     Joonas Niilola <juippis@gentoo.org>
CommitDate: 2021-11-04 08:39:23 +0000

    dev-libs/nss: stabilize 3.70 for amd64
    
    Bug: https://bugs.gentoo.org/821385
    Signed-off-by: Joonas Niilola <juippis@gentoo.org>

 dev-libs/nss/nss-3.70.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d9b97b64b6c8628a3d692b1d7b11c4379f9d066a

commit d9b97b64b6c8628a3d692b1d7b11c4379f9d066a
Author:     Joonas Niilola <juippis@gentoo.org>
AuthorDate: 2021-11-04 08:38:51 +0000
Commit:     Joonas Niilola <juippis@gentoo.org>
CommitDate: 2021-11-04 08:38:51 +0000

    dev-libs/nspr: stabilize 4.32 for amd64
    
    Bug: https://bugs.gentoo.org/821385
    Signed-off-by: Joonas Niilola <juippis@gentoo.org>

 dev-libs/nspr/nspr-4.32.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Comment 3 Sam James archtester

2021-12-14 10:37:43 UTC

Please cleanup, thanks.

Comment 4 Joonas Niilola gentoo-dev

2021-12-14 13:15:19 UTC

Done.

Comment 5 Larry the Git Cow gentoo-dev

2022-02-21 23:03:20 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/data/glsa.git/commit/?id=57effa1a78ecfa61900fdedbc9401d0948141e99

commit 57effa1a78ecfa61900fdedbc9401d0948141e99
Author:     John Helmert III <ajak@gentoo.org>
AuthorDate: 2022-02-21 22:59:29 +0000
Commit:     John Helmert III <ajak@gentoo.org>
CommitDate: 2022-02-21 22:59:29 +0000

    [ GLSA 202202-03 ] Mozilla Firefox: Multiple vulnerabilities
    
    Bug: https://bugs.gentoo.org/802768
    Bug: https://bugs.gentoo.org/807947
    Bug: https://bugs.gentoo.org/813498
    Bug: https://bugs.gentoo.org/821385
    Bug: https://bugs.gentoo.org/828538
    Bug: https://bugs.gentoo.org/831039
    Bug: https://bugs.gentoo.org/832992
    Signed-off-by: John Helmert III <ajak@gentoo.org>

 glsa-202202-03.xml | 141 +++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 141 insertions(+)

Comment 6 John Helmert III archtester

2022-02-21 23:05:39 UTC

GLSA released, all done!