Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 836866 (CVE-2022-28283, CVE-2022-28284, CVE-2022-28287, CVE-2022-28288, MFSA-2022-14)

Summary: <www-client/firefox{-bin,}-{91.8.0,99.0}: Multiple vulnerabilities
Product: Gentoo Security Reporter: Sam James <sam>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal CC: mozilla
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: B2 [glsa+]
Package list:
Runtime testing required: ---
Bug Depends on: 836914    
Bug Blocks:    

Description Sam James archtester Gentoo Infrastructure gentoo-dev Security 2022-04-05 22:46:14 UTC
.
Comment 1 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2022-04-05 23:17:04 UTC
Please stable when ready.
Comment 2 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2022-04-05 23:56:08 UTC
(firefox 99 not bumped to yet but it's not stable either)
Comment 3 Larry the Git Cow gentoo-dev 2022-04-07 07:07:21 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2287bfe2683a7101089828457a42c2563f404968

commit 2287bfe2683a7101089828457a42c2563f404968
Author:     Joonas Niilola <juippis@gentoo.org>
AuthorDate: 2022-04-07 07:04:58 +0000
Commit:     Joonas Niilola <juippis@gentoo.org>
CommitDate: 2022-04-07 07:04:58 +0000

    www-client/firefox: add 99.0
    
    Bug: https://bugs.gentoo.org/836866
    Signed-off-by: Joonas Niilola <juippis@gentoo.org>

 www-client/firefox/Manifest            |   99 +++
 www-client/firefox/firefox-99.0.ebuild | 1258 ++++++++++++++++++++++++++++++++
 2 files changed, 1357 insertions(+)
Comment 4 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-04-11 02:16:10 UTC
Please cleanup
Comment 5 Larry the Git Cow gentoo-dev 2022-04-11 12:24:53 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6b06ffa1d38711bd221cabd10aa28febf4ce143f

commit 6b06ffa1d38711bd221cabd10aa28febf4ce143f
Author:     Joonas Niilola <juippis@gentoo.org>
AuthorDate: 2022-04-11 12:24:18 +0000
Commit:     Joonas Niilola <juippis@gentoo.org>
CommitDate: 2022-04-11 12:24:18 +0000

    www-client/firefox: drop 91.7.0, 91.7.1 (sec cleanup)
    
    Bug: https://bugs.gentoo.org/836866
    Signed-off-by: Joonas Niilola <juippis@gentoo.org>

 www-client/firefox/Manifest              |  197 -----
 www-client/firefox/firefox-91.7.0.ebuild | 1230 -----------------------------
 www-client/firefox/firefox-91.7.1.ebuild | 1238 ------------------------------
 3 files changed, 2665 deletions(-)
Comment 6 Larry the Git Cow gentoo-dev 2022-08-10 04:18:46 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/data/glsa.git/commit/?id=28683764d95cb78c056bdf67f3245ad0eb5c6bbe

commit 28683764d95cb78c056bdf67f3245ad0eb5c6bbe
Author:     GLSAMaker <glsamaker@gentoo.org>
AuthorDate: 2022-08-10 04:06:48 +0000
Commit:     John Helmert III <ajak@gentoo.org>
CommitDate: 2022-08-10 04:17:28 +0000

    [ GLSA 202208-08 ] Mozilla Firefox: Multiple Vulnerabilities
    
    Bug: https://bugs.gentoo.org/834631
    Bug: https://bugs.gentoo.org/834804
    Bug: https://bugs.gentoo.org/836866
    Bug: https://bugs.gentoo.org/842438
    Bug: https://bugs.gentoo.org/846593
    Bug: https://bugs.gentoo.org/849044
    Bug: https://bugs.gentoo.org/857045
    Bug: https://bugs.gentoo.org/861515
    Signed-off-by: GLSAMaker <glsamaker@gentoo.org>
    Signed-off-by: John Helmert III <ajak@gentoo.org>

 glsa-202208-08.xml | 147 +++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 147 insertions(+)
Comment 7 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-08-10 04:27:04 UTC
GLSA released, all done!