Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 885813 (CVE-2022-46873, CVE-2022-46879)

Summary: <www-client/firefox{-bin,}-{102.6.0,108.0}: multiple vulnerabilities
Product: Gentoo Security Reporter: John Helmert III <ajak>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: major CC: mozilla
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: A2 [glsa+]
Package list:
Runtime testing required: ---
Bug Depends on: 886015    
Bug Blocks: 885811    

Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-12-13 19:16:56 UTC 
Details in tracker. Please bump to 102.6, 108.
Comment 1 Larry the Git Cow gentoo-dev 2022-12-16 06:31:10 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1cacb359abbfee2b4257fe594dcfa03835fa045f

commit 1cacb359abbfee2b4257fe594dcfa03835fa045f
Author:     Joonas Niilola <juippis@gentoo.org>
AuthorDate: 2022-12-16 06:30:02 +0000
Commit:     Joonas Niilola <juippis@gentoo.org>
CommitDate: 2022-12-16 06:31:08 +0000

    www-client/firefox: drop 102.5.0
    
    Bug: https://bugs.gentoo.org/885813
    Signed-off-by: Joonas Niilola <juippis@gentoo.org>

 www-client/firefox/Manifest               |   99 ---
 www-client/firefox/firefox-102.5.0.ebuild | 1278 -----------------------------
 2 files changed, 1377 deletions(-)
Comment 2 Joonas Niilola gentoo-dev 2022-12-16 06:32:25 UTC 
I'm gonna leave 107.0.1 in tree for a bit longer because 108.0 was such a difficult release. I'm not confident it works like that for everyone, but I am positively surprised no bugs have been yet reported. Fingers crossed...
Comment 3 Larry the Git Cow gentoo-dev 2023-01-05 09:23:31 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=21c64e924813bf475dd969095e8e40a5a8e11e7e

commit 21c64e924813bf475dd969095e8e40a5a8e11e7e
Author:     Joonas Niilola <juippis@gentoo.org>
AuthorDate: 2023-01-05 09:16:04 +0000
Commit:     Joonas Niilola <juippis@gentoo.org>
CommitDate: 2023-01-05 09:23:27 +0000

    www-client/firefox: drop 107.0.1, 108.0, 108.0.1
    
    Bug: https://bugs.gentoo.org/885813
    Signed-off-by: Joonas Niilola <juippis@gentoo.org>

 www-client/firefox/Manifest               |  296 -------
 www-client/firefox/firefox-107.0.1.ebuild | 1328 ----------------------------
 www-client/firefox/firefox-108.0.1.ebuild | 1330 -----------------------------
 www-client/firefox/firefox-108.0.ebuild   | 1330 -----------------------------
 4 files changed, 4284 deletions(-)
Comment 4 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2023-01-25 19:28:13 UTC 
GLSA request filed
Comment 5 Larry the Git Cow gentoo-dev 2023-05-03 09:31:59 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/data/glsa.git/commit/?id=5f136da08cc28aa97d67b66cdaeb4c59046fd70d

commit 5f136da08cc28aa97d67b66cdaeb4c59046fd70d
Author:     GLSAMaker <glsamaker@gentoo.org>
AuthorDate: 2023-05-03 09:15:03 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2023-05-03 09:31:46 +0000

    [ GLSA 202305-06 ] Mozilla Firefox: Multiple Vulnerabilities
    
    Bug: https://bugs.gentoo.org/885813
    Bug: https://bugs.gentoo.org/891213
    Signed-off-by: GLSAMaker <glsamaker@gentoo.org>
    Signed-off-by: Sam James <sam@gentoo.org>

 glsa-202305-06.xml | 92 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 92 insertions(+)