Summary: | www-client/mozilla-firefox <2.0.0.14 www-client/seamonkey<1.1.9-r1 Crash in JavaScript garbage collector (CVE-2008-1380) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Hanno Böck <hanno> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | mozilla, polynomial-c |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://www.mozilla.org/security/announce/2008/mfsa2008-20.html | ||
Whiteboard: | A2 [glsa] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 230567 | ||
Bug Blocks: |
Description
Hanno Böck
![]() =www-client/mozilla-firefox[-bin]-2.0.0.14 =net-libs/xulrunner-1.8.1.14 In the tree seamonkey-1.1.10 is not released yet, and thunderbird either Arches, please test and mark stable: =www-client/mozilla-firefox-2.0.0.14 Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 release sparc x86" =www-client/mozilla-firefox-bin-2.0.0.14 Target keywords : "amd64 release x86" =net-libs/xulrunner-1.8.1.14 Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 release sparc x86" Both stable for HPPA. Probably need to stay on board for seamonkey (if not please tell). alpha/ia64/sparc/x86 stable amd64 stable ppc64 stable No seamonkey-1.1.10 yet? ppc stable, ready for glsa. Fixed in release snapshot. According to this blog entry, Seamonkey upstream has decided not to release 1.1.10 anytime soon: http://home.kairo.at/blog/2008-04/weekly_status_report_w17_2008_w15_w16 Raul has committed the patch to fix this vulnerability in www-client/seamonkey-1.1.9-r1. There are no updates to www-client/seamonkey-bin due to the nature of being upstream builds. Arches, please test and mark stable: =www-client/seamonkey-1.1.9-r1 Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 release sparc x86" alpha/ia64/sparc stable x86 stable ppc64 stable amd64 stable Stable for HPPA. ppc stable GLSA 200805-18, but we will have to leave this open until it is fixed for seamonkey-bin. Fixed in release snapshot. Fixed via bug 230567 GLSA 200808-03 |