Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 581326 (CVE-2016-2804, CVE-2016-2805, CVE-2016-2806, CVE-2016-2807, CVE-2016-2808, CVE-2016-2809, CVE-2016-2810, CVE-2016-2811, CVE-2016-2812, CVE-2016-2813, CVE-2016-2814, CVE-2016-2816, CVE-2016-2817, CVE-2016-2820)

Summary: <www-client/firefox{,-bin}-{38.8.0,45.1.0,46.0} <mail-client/thunderbird{,-bin}-{38.8.0,45.1.0}: multiple vulnerabilities
Product: Gentoo Security Reporter: Agostino Sarubbo <ago>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Severity: normal CC: email, mozilla
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: A2 [glsa cve]
Package list:
Runtime testing required: ---

Comment 1 Ian Stakenvicius (RETIRED) gentoo-dev 2016-05-05 15:02:42 UTC
Ebuilds for firefox and thunderbird are in the tree now, with the exception of thunderbird{,-bin}-45.1.0 which should be released tomorrow (but will remain ~arch)

I've pushed the -bin variants directly to stable.  ATs please stabilize as per usual the 38.8.0 versions:

=www-client/firefox-38.8.0 Targt KEYWORDS: amd64 hppa ppc ppc64 x86
=mail-client/thunderbird-38.8.0 Target KEYWORDS: amd64 ppc ppc64 x86

Comment 2 Jeroen Roovers (RETIRED) gentoo-dev 2016-05-07 09:46:01 UTC
Stable for HPPA PPC64.
Comment 3 Agostino Sarubbo gentoo-dev 2016-05-11 10:50:37 UTC
amd64 stable
Comment 4 Agostino Sarubbo gentoo-dev 2016-05-11 10:51:46 UTC
x86 stable
Comment 5 Ian Stakenvicius (RETIRED) gentoo-dev 2016-07-05 15:26:46 UTC
AT timeout for ppc so marked it stable.  That's the last one.  Also dropped firefox-38.7.
Comment 6 Ian Stakenvicius (RETIRED) gentoo-dev 2016-07-05 15:32:54 UTC
(In reply to Ian Stakenvicius from comment #5)
> AT timeout for ppc so marked it stable.  That's the last one.  Also dropped
> firefox-38.7.

oops, sorry -- thunderbird-38.8 is waiting on both ppc and ppc64. Re-CC'ing arch teams
Comment 7 Jeroen Roovers (RETIRED) gentoo-dev 2016-07-13 04:26:25 UTC
Superseded by bug #585308.
Comment 8 GLSAMaker/CVETool Bot gentoo-dev 2017-01-03 13:02:26 UTC
This issue was resolved and addressed in
 GLSA 201701-15 at
by GLSA coordinator Thomas Deutschmann (whissi).