Summary: | <www-client/firefox{,-bin}-{38.4.0,42.0}: multiple vulnerabilities (CVE-2015-{4513,4514,4515,4518,7187,7188,7189,7193,7194,7195,7196,7197,7198,7199,7181,7182,7183,7200}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Nikolay Edigaryev <edigaryev> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | ap, carlphilippreh, edigaryev, hydrapolic, mozilla |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/#firefox42 | ||
Whiteboard: | A2 [glsa cve] | ||
Package list: | Runtime testing required: | --- |
Description
Nikolay Edigaryev
2015-11-03 17:25:31 UTC
CVE-2015-4513 (38.4/42) CVE-2015-4514 (38.4/42) CVE-2015-4515 (42) CVE-2015-4518 (42) CVE-2015-7185 (42) CVE-2015-7186 (42) CVE-2015-7187 (42) CVE-2015-7188 (38.4/42) CVE-2015-7189 (38.4/42) CVE-2015-7190 (42) CVE-2015-7191 (42) CVE-2015-7192 (42) CVE-2015-7193 (38.4/42) CVE-2015-7194 (38.4/42) CVE-2015-7195 (42) CVE-2015-7196 (38.4/42) CVE-2015-7197 (38.4/42) CVE-2015-7198 (38.4/42) CVE-2015-7199 (38.4/42) CVE-2015-7181 (38.4/42) CVE-2015-7182 (38.4/42) CVE-2015-7183 (38.4/42) CVE-2015-7200 (38.4/42) Removing some of the android CVE's 7190 7191 7192 7186 7185 the patch 8011_bug1194520-freetype261_until_moz43.patch has to be removed from the firefox-patches tarball for firefox-38.4.0-esr, because it has been fixed upstream meanwhile. see https://bugzilla.mozilla.org/show_bug.cgi?id=1194520 www-client/firefox{,-bin}-{38.4,42}.0 are in the tree now (and the unnecessary patch has now been excluded from the 38.4 ebuild as well) www-client/firefox-bin-38.4.0 can be stabilized right away, but www-client/firefox-38.4.0 requires the stabilization of nspr and nss as per bug 564834. Thunderbird packages have not yet been rolled/released upstream, and seamonkey is likely delayed similarly. Will get those into the tree as soon as they are available. amd64/x86 stable For the remains stabilization: Arches, please test and mark stable: =www-client/firefox-38.4.0 Target keywords : "hppa ppc ppc64" Stable for PPC64. ppc stable Stable for HPPA. =mail-client/thunderbird-38.4.0 has hit the tree. Please mark stable soon, as this security related as well. Please file a separate bug for Thunderbird, as the stabilization for Firefox is completed. Arches and Maintainer(s), Thank you for your work. Added to an existing GLSA Request. Maintainer(s), please drop the vulnerable version(s). This issue was resolved and addressed in GLSA 201512-10 at https://security.gentoo.org/glsa/201512-10 by GLSA coordinator Yury German (BlueKnight). |