Summary: | <www-client/firefox{,-bin}-{52.8.1,60.0.2}: multiple vulnerabilities (MFSA-2018-{12,14}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Wolfi Jack <jackwolf2454> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | arthur, iskatu, mozilla |
Priority: | Normal | Flags: | stable-bot:
sanity-check+
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://www.mozilla.org/en-US/security/advisories/mfsa2018-14/ | ||
Whiteboard: | B2 [glsa+ cve] | ||
Package list: |
www-client/firefox-52.8.1
www-client/firefox-60.0.2
dev-libs/nspr-4.19
dev-libs/nss-3.37.3
|
Runtime testing required: | --- |
Description
Wolfi Jack
2018-06-12 14:04:46 UTC
52.8.1 and 60.0.2 are in the tree, please mark both ebuilds stable. We will keep 52.x branch around until the full EOL happens. An automated check of this bug failed - repoman reported dependency errors (126 lines truncated):
> dependency.bad www-client/firefox/firefox-60.0.2.ebuild: DEPEND: amd64(default/linux/amd64/17.0) ['>=dev-libs/nss-3.36.4', '>=dev-libs/nspr-4.19']
> dependency.bad www-client/firefox/firefox-60.0.2.ebuild: RDEPEND: amd64(default/linux/amd64/17.0) ['>=dev-libs/nss-3.36.4', '>=dev-libs/nspr-4.19']
> dependency.bad www-client/firefox/firefox-60.0.2.ebuild: DEPEND: amd64(default/linux/amd64/17.0/desktop) ['>=dev-libs/nss-3.36.4', '>=dev-libs/nspr-4.19']
> dependency.bad www-client/firefox/firefox-60.0.2.ebuild: DEPEND: amd64(default/linux/amd64/17.0) ['>=dev-libs/nss-3.36.4', '>=dev-libs/nspr-4.19']
> dependency.bad www-client/firefox/firefox-60.0.2.ebuild: RDEPEND: amd64(default/linux/amd64/17.0) ['>=dev-libs/nss-3.36.4', '>=dev-libs/nspr-4.19']
> dependency.bad www-client/firefox/firefox-60.0.2.ebuild: DEPEND: amd64(default/linux/amd64/17.0/desktop) ['>=dev-libs/nss-3.36.4', '>=dev-libs/nspr-4.19']
You all will need to take the proper nss and nspr versions at same time. x86 stopped stabilization due to bug 658362. Superseded by bug 659432. Added to an existing GLSA request. This issue was resolved and addressed in GLSA 201810-01 at https://security.gentoo.org/glsa/201810-01 by GLSA coordinator Thomas Deutschmann (whissi). |