Bug 905883 (CVE-2023-29350, CVE-2023-29354)

Summary:	<www-client/microsoft-edge-113.0.1774.35: multiple vulnerabilities
Product:	Gentoo Security	Reporter:	John Helmert III <ajak>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	RESOLVED FIXED
Severity:	major	CC:	chromium
Priority:	Normal
Version:	unspecified
Hardware:	All
OS:	Linux
Whiteboard:	A2 [glsa+]
Package list:		Runtime testing required:	---

Description John Helmert III archtester

2023-05-07 16:23:14 UTC

CVE-2023-29350 (https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29350):

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

CVE-2023-29354 (https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29354):

Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability

Fixes in 113.0.774.35.

Comment 1 John Helmert III archtester

2023-05-31 04:28:06 UTC

Added to existing chrom* GLSA

Comment 2 Larry the Git Cow gentoo-dev

2023-09-30 08:57:38 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/data/glsa.git/commit/?id=de793de405f9e13d0d29d94de3f236ce0b5b3338

commit de793de405f9e13d0d29d94de3f236ce0b5b3338
Author:     GLSAMaker <glsamaker@gentoo.org>
AuthorDate: 2023-09-30 08:56:23 +0000
Commit:     Hans de Graaff <graaff@gentoo.org>
CommitDate: 2023-09-30 08:57:27 +0000

    [ GLSA 202309-17 ] Chromium, Google Chrome, Microsoft Edge: Multiple Vulnerabilities
    
    Bug: https://bugs.gentoo.org/893660
    Bug: https://bugs.gentoo.org/904252
    Bug: https://bugs.gentoo.org/904394
    Bug: https://bugs.gentoo.org/904560
    Bug: https://bugs.gentoo.org/905297
    Bug: https://bugs.gentoo.org/905620
    Bug: https://bugs.gentoo.org/905883
    Bug: https://bugs.gentoo.org/906586
    Signed-off-by: GLSAMaker <glsamaker@gentoo.org>
    Signed-off-by: Hans de Graaff <graaff@gentoo.org>

 glsa-202309-17.xml | 152 +++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 152 insertions(+)