Summary: | <www-client/firefox{,-bin}-{78.6.1, 84.0.2}: Use after free code execution (CVE-2020-16044) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | John Helmert III <ajak> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | major | CC: | klaus.kusche, mozilla, sergeev917 |
Priority: | Normal | Flags: | nattka:
sanity-check+
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://www.mozilla.org/en-US/security/advisories/mfsa2021-01/ | ||
Whiteboard: | A2 [glsa+ cve] | ||
Package list: |
www-client/firefox-78.6.1 *
|
Runtime testing required: | --- |
Bug Depends on: | 764581 | ||
Bug Blocks: | 765085 |
Description
John Helmert III
2021-01-06 18:57:17 UTC
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ff5e3675ea8ee7cf8474bff12042618eeca352de commit ff5e3675ea8ee7cf8474bff12042618eeca352de Author: Joonas Niilola <juippis@gentoo.org> AuthorDate: 2021-01-07 08:56:57 +0000 Commit: Joonas Niilola <juippis@gentoo.org> CommitDate: 2021-01-07 08:56:57 +0000 www-client/firefox-bin: (security) bump to 78.6.1 Bug: https://bugs.gentoo.org/764161 Signed-off-by: Joonas Niilola <juippis@gentoo.org> www-client/firefox-bin/Manifest | 97 ++++++ www-client/firefox-bin/firefox-bin-78.6.1.ebuild | 411 +++++++++++++++++++++++ 2 files changed, 508 insertions(+) The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=90421b2a65fae9cb6f39a53ed87b76ccde5be9c1 commit 90421b2a65fae9cb6f39a53ed87b76ccde5be9c1 Author: Joonas Niilola <juippis@gentoo.org> AuthorDate: 2021-01-07 13:51:14 +0000 Commit: Joonas Niilola <juippis@gentoo.org> CommitDate: 2021-01-07 13:52:19 +0000 www-client/firefox: (security) ESR bump to 78.6.1 Bug: https://bugs.gentoo.org/764161 Closes: https://bugs.gentoo.org/764290 Signed-off-by: Joonas Niilola <juippis@gentoo.org> www-client/firefox/Manifest | 96 +++ www-client/firefox/firefox-78.6.1.ebuild | 1130 ++++++++++++++++++++++++++++++ 2 files changed, 1226 insertions(+) The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=31164aeb729c82602a284d56b94a7740bc5e4ed4 commit 31164aeb729c82602a284d56b94a7740bc5e4ed4 Author: Joonas Niilola <juippis@gentoo.org> AuthorDate: 2021-01-07 14:06:14 +0000 Commit: Joonas Niilola <juippis@gentoo.org> CommitDate: 2021-01-07 14:09:16 +0000 www-client/firefox-bin: (security) bump to 84.0.2 Bug: https://bugs.gentoo.org/764161 Signed-off-by: Joonas Niilola <juippis@gentoo.org> www-client/firefox-bin/Manifest | 97 ++++++ www-client/firefox-bin/firefox-bin-84.0.2.ebuild | 411 +++++++++++++++++++++++ 2 files changed, 508 insertions(+) Thank you! I'm missing www-client/firefox/firefox-84.0.2.ebuild It's not in the tree yet, the main maintainer hasn't returned committing after christmas and I'm a bit occupied until tomorrow. Since it's 84.0.1 -> 84.0.2 bump there's probably nothing major updated (haven't had time to check 84.0.x logs), so just renaming the ebuild should be enough if you want to help testing it. *** Bug 764560 has been marked as a duplicate of this bug. *** I'll switch back to [ebuild] for now I guess until we get the 84.x. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=702a672379acb4a1202015ccce32f6b798dd963f commit 702a672379acb4a1202015ccce32f6b798dd963f Author: Joonas Niilola <juippis@gentoo.org> AuthorDate: 2021-01-09 12:35:42 +0000 Commit: Joonas Niilola <juippis@gentoo.org> CommitDate: 2021-01-09 12:35:42 +0000 www-client/firefox: (security) bump to 84.0.2 Bug: https://bugs.gentoo.org/764161 Bug: https://bugs.gentoo.org/764590 Signed-off-by: Joonas Niilola <juippis@gentoo.org> www-client/firefox/Manifest | 97 +++ www-client/firefox/firefox-84.0.2.ebuild | 1130 ++++++++++++++++++++++++++++++ 2 files changed, 1227 insertions(+) New GLSA request filed. This issue was resolved and addressed in GLSA 202101-04 at https://security.gentoo.org/glsa/202101-04 by GLSA coordinator Sam James (sam_c). Reopening for cleanup. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=fac19fbd00964ce6966bd1b569d0dc4a2216f5a0 commit fac19fbd00964ce6966bd1b569d0dc4a2216f5a0 Author: Joonas Niilola <juippis@gentoo.org> AuthorDate: 2021-01-11 15:50:12 +0000 Commit: Joonas Niilola <juippis@gentoo.org> CommitDate: 2021-01-11 15:50:12 +0000 www-client/firefox-bin: security cleanup Bug: https://bugs.gentoo.org/764161 Signed-off-by: Joonas Niilola <juippis@gentoo.org> www-client/firefox-bin/Manifest | 291 ---------------- www-client/firefox-bin/firefox-bin-78.6.0.ebuild | 411 ----------------------- www-client/firefox-bin/firefox-bin-84.0.1.ebuild | 411 ----------------------- www-client/firefox-bin/firefox-bin-84.0.ebuild | 411 ----------------------- 4 files changed, 1524 deletions(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f37052c735aac4e72281e753f84518b4675e03b4 commit f37052c735aac4e72281e753f84518b4675e03b4 Author: Joonas Niilola <juippis@gentoo.org> AuthorDate: 2021-01-11 15:49:16 +0000 Commit: Joonas Niilola <juippis@gentoo.org> CommitDate: 2021-01-11 15:49:16 +0000 www-client/firefox: security cleanup Bug: https://bugs.gentoo.org/764161 Signed-off-by: Joonas Niilola <juippis@gentoo.org> www-client/firefox/Manifest | 288 ------- www-client/firefox/firefox-78.6.0.ebuild | 1129 --------------------------- www-client/firefox/firefox-84.0.1-r1.ebuild | 1128 -------------------------- www-client/firefox/firefox-84.0.ebuild | 1128 -------------------------- 4 files changed, 3673 deletions(-) All done, thanks! |