Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 808927

Summary: ~www-client/firefox{-bin,}-91.0.1: HTTP/3 header splitting vulnerability
Product: Gentoo Security Reporter: John Helmert III <ajak>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: trivial CC: mozilla
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: ~4 [noglsa]
Package list:
Runtime testing required: ---
Bug Depends on: 808929    
Bug Blocks: 808925    

Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2021-08-18 19:59:29 UTC
Need stabilization.
Comment 1 Thomas Deutschmann gentoo-dev 2021-08-18 22:04:19 UTC
(In reply to John Helmert III from comment #0)
> Need stabilization.

No, does not affect any stable firefox version.
Comment 2 Larry the Git Cow gentoo-dev 2021-08-24 13:17:47 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=da107ef65d4b54256399c018f2409d3375ee611a

commit da107ef65d4b54256399c018f2409d3375ee611a
Author:     Thomas Deutschmann <whissi@gentoo.org>
AuthorDate: 2021-08-24 12:19:18 +0000
Commit:     Thomas Deutschmann <whissi@gentoo.org>
CommitDate: 2021-08-24 12:52:06 +0000

    www-client/firefox-bin: security cleanup
    
    Bug: https://bugs.gentoo.org/807947
    Bug: https://bugs.gentoo.org/808927
    Package-Manager: Portage-3.0.22, Repoman-3.0.3
    Signed-off-by: Thomas Deutschmann <whissi@gentoo.org>

 www-client/firefox-bin/Manifest                  | 194 -----------
 www-client/firefox-bin/firefox-bin-90.0.2.ebuild | 417 -----------------------
 www-client/firefox-bin/firefox-bin-91.0.ebuild   | 384 ---------------------
 3 files changed, 995 deletions(-)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=250bf9a2b6905ed3c1ee7440c3215cf350671e2c

commit 250bf9a2b6905ed3c1ee7440c3215cf350671e2c
Author:     Thomas Deutschmann <whissi@gentoo.org>
AuthorDate: 2021-08-24 12:15:13 +0000
Commit:     Thomas Deutschmann <whissi@gentoo.org>
CommitDate: 2021-08-24 12:52:05 +0000

    www-client/firefox: security cleanup
    
    Bug: https://bugs.gentoo.org/807947
    Bug: https://bugs.gentoo.org/808927
    Package-Manager: Portage-3.0.22, Repoman-3.0.3
    Signed-off-by: Thomas Deutschmann <whissi@gentoo.org>

 www-client/firefox/Manifest               |  293 -------
 www-client/firefox/firefox-78.12.0.ebuild | 1187 -----------------------------
 www-client/firefox/firefox-90.0.2.ebuild  | 1182 ----------------------------
 www-client/firefox/firefox-91.0.ebuild    | 1149 ----------------------------
 4 files changed, 3811 deletions(-)
Comment 3 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2021-08-24 16:25:03 UTC
Only unstable affected, no GLSA.