Summary: | <www-client/firefox{,-bin}-{45.5.1,50.0.1} <mail-client/thunderbird{,-bin}-45.5.1: Use-after-free in SVG Animation (CVE-2016-9079) | ||||||
---|---|---|---|---|---|---|---|
Product: | Gentoo Security | Reporter: | Luke-Jr <luke-jr+gentoobugs> | ||||
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> | ||||
Status: | RESOLVED FIXED | ||||||
Severity: | critical | CC: | edigaryev, gentoo, mozilla | ||||
Priority: | Normal | ||||||
Version: | unspecified | ||||||
Hardware: | All | ||||||
OS: | Linux | ||||||
URL: | https://www.mozilla.org/en-US/security/advisories/mfsa2016-92/ | ||||||
Whiteboard: | A1 [glsa cve blocked] | ||||||
Package list: | Runtime testing required: | --- | |||||
Bug Depends on: | 602576 | ||||||
Bug Blocks: | 599924 | ||||||
Attachments: |
|
Description
Luke-Jr
2016-11-30 23:27:47 UTC
Created attachment 454816 [details]
version bump for ebuild
Just bumping the revision, no need to actually change anything in the build. Have confirmed that the bug causes the assertion that the mozilla devs expect now, so a safe crash rather than a potentially exploitable one.
commit ca6c03ddef83791f42d00c0f05a715375cb075f7 Author: Lars Wendler <polynomial-c@gentoo.org> Date: Thu Dec 1 09:45:23 2016 www-client/firefox-bin: Sec bump to versions 45.5.1 and 50.0.2 (bug #601320). Package-Manager: portage-2.3.2 commit 9bcbd4d9eb899ee0723c2156203bea6430f6ecb6 Author: Lars Wendler <polynomial-c@gentoo.org> Date: Thu Dec 1 09:34:45 2016 www-client/firefox: Sec bump to versions 45.5.1 and 50.0.2 (bug #601320). Package-Manager: portage-2.3.2 @arches, please stabilize: =mail-client/thunderbird-45.5.1 ppc ppc64 =www-client/firefox-45.5.1 ppc ppc64 x86 x86 stable @ Arches, please continue thunderbird stabilization; Firefox stabilization has been moved to bug 602576. This issue was resolved and addressed in GLSA 201701-15 at https://security.gentoo.org/glsa/201701-15 by GLSA coordinator Thomas Deutschmann (whissi). |