Summary: | <net-libs/xulrunner-1.9.2.17, <www-client/firefox{,-bin}-3.6.17, <mail-client/thunderbird{,-bin}-3.1.10, <www-client/seamonkey{,-bin}-2.0.14: multiple vulnerabilities (CVE-2011-{00{65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81},1202}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Lars Wendler (Polynomial-C) (RETIRED) <polynomial-c> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | alexanderyt |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://www.mozilla.org/security/known-vulnerabilities/firefox36.html#firefox3.6.17 | ||
Whiteboard: | A2 [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
Lars Wendler (Polynomial-C) (RETIRED)
2011-04-29 16:19:13 UTC
Thanks for the bug, and for getting ebuilds committed so quickly. Are we ready to call arches? We can always readd them when icecat is ready. Just to facilitate searching, here is the list of CVEs as we normally list them. CVE-2011-{0065,0066,0067,0068,0069,0070,0071,0072,0073,0074,0075,0076,0077,0078,0079,0080,0081,1202} (In reply to comment #1) > Thanks for the bug, and for getting ebuilds committed so quickly. Are we ready > to call arches? We can always readd them when icecat is ready. I have no objections against letting arches do their work now. Looking at the severity some of these bugs have I think the faster the better :) > Just to facilitate searching, here is the list of CVEs as we normally list > them. > CVE-2011-{0065,0066,0067,0068,0069,0070,0071,0072,0073,0074,0075,0076,0077,0078,0079,0080,0081,1202} Heh, I tried to make up the summary like this but the input field didn't allow a summary being that long ;) Great, thanks. Arches, please test and mark stable: =www-client/firefox-3.6.17 Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 sparc x86" =www-client/firefox-bin-3.6.17 Target keywords : "amd64 x86" =www-client/seamonkey-2.0.14 Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 sparc x86" =www-client/seamonkey-bin-2.0.14 Target keywords : "amd64 x86" =mail-client/thunderbird-3.1.10 Target keywords : "alpha amd64 ia64 ppc ppc64 sparc x86" =mail-client/thunderbird-bin-3.1.10 Target keywords : "amd64 x86" =net-libs/xulrunner-1.9.2.17 Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 sparc x86" amd64 done ppc/ppc64 stable x86 stable Stable for HPPA. +*icecat-3.6.16-r1 (03 May 2011) + + 03 May 2011; Lars Wendler <polynomial-c@gentoo.org> +icecat-3.6.16-r1.ebuild: + Security bump. This revision contains the same fixes firefox-3.6.17 has. + I cannot add "<www-client/icecat-3.6.16-r1" to the summary as it only allows a limited number of chars. It seems like icecat upstream won't release a 3.6.17 version so I created a patch containing the changes between firefox-3.6.16 and -3.6.17 and applied that to icecat-3.6.16. I gonna write an email to icecat upstream requesting a 3.6.17 version once I return home from work today. In case they do such a release I will add the real 3.6.17 version to the tree with the same mix of stable/unstable KEYWORDS 3.6.16-r1 has at that point. So arches please test and mark stable in addition to the packages listed in the summary: =www-client/icecat-3.6.16-r1 Target keywords: amd64 ppc ppc64 x86 And sorry for readding exactly those four arches which already did their job here :) icecat works. icecat-3.6.16-r1 x86 stable amd64 done. Thanks Agostino alpha/arm/ia64/sparc stable, i haven't done xulrunner/firefox .17 because it sigbuses, like always... ppc/ppc64 stable, last arch done Thanks, everyone. Added to existing GLSA request. (In reply to comment #12) > alpha/arm/ia64/sparc stable, i haven't done xulrunner/firefox .17 because it > sigbuses, like always... Not always, I've found that if I remove the sparc specific kludge from the ebuild it works for me, but you have to catch the browser before it loads the page and all will be well. re-add if needed later. This issue was resolved and addressed in GLSA 201301-01 at http://security.gentoo.org/glsa/glsa-201301-01.xml by GLSA coordinator Sean Amoss (ackle). |