Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 141842 - www-client/mozilla-(firefox|thunderbird)-1.5.0.5, www-client/seamonkey-1.0.3 fix security bugs
Summary: www-client/mozilla-(firefox|thunderbird)-1.5.0.5, www-client/seamonkey-1.0.3 ...
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All All
: High major (vote)
Assignee: Gentoo Security
URL: http://releases.mozilla.org/pub/mozil...
Whiteboard: A2 [glsa] frilled
Keywords:
: 142064 (view as bug list)
Depends on: 135646 137198 139704
Blocks:
  Show dependency tree
 
Reported: 2006-07-26 18:36 UTC by ArYiX
Modified: 2020-04-16 06:17 UTC (History)
12 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description ArYiX 2006-07-26 18:36:05 UTC
new version
Comment 1 basic 2006-07-26 22:07:35 UTC
http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox1.5.0.5
vulnerabilities fixed:

MFSA 2006-56  chrome: scheme loading remote content
MFSA 2006-55 Crashes with evidence of memory corruption (rv:1.8.0.5)
MFSA 2006-54 XSS with XPCNativeWrapper(window).Function(...)
MFSA 2006-53 UniversalBrowserRead privilege escalation
MFSA 2006-52 PAC privilege escalation using Function.prototype.call
MFSA 2006-51 Privilege escalation using named-functions and redefined "new Object()"
MFSA 2006-50 JavaScript engine vulnerabilities
MFSA 2006-48 JavaScript new Function race condition
MFSA 2006-47 Native DOM methods can be hijacked across domains
MFSA 2006-46 Memory corruption with simultaneous events
MFSA 2006-45 Javascript navigator Object Vulnerability
MFSA 2006-44 Code execution through deleted frame reference
Comment 2 reisio 2006-07-27 03:38:04 UTC
A USE flag for spatial navigation would be appreciated.

http://www.mozilla.org/access/keyboard/snav/
Comment 3 Wolf Giesen (RETIRED) gentoo-dev 2006-07-27 03:39:25 UTC
Judging from the bugs security might want to grab this one...
Comment 4 Wolf Giesen (RETIRED) gentoo-dev 2006-07-27 03:54:16 UTC
The other products have been updates too, of course.
Comment 5 Wolf Giesen (RETIRED) gentoo-dev 2006-07-27 23:33:25 UTC
Mozilla, would you please provide new ebuilds for firefox/thunderbird-1.5.0.5 and seamonkey-1.0.3, respectively?

(and bear with me should I mess this one up, not comfortable with this yet .-)
Comment 6 Michael-Luke Jones 2006-07-28 01:12:07 UTC
I don't want to be rude, but is the Mozilla Team highly short-staffed? This seems a long response time for an incremental update which fixes 'Highly Critical' security issues, according to Secunia.
Comment 7 Aidan Thornton 2006-07-28 03:24:23 UTC
You might want to hurry up with this one. Someone just posted working exploit code for one of the security holes:

http://browserfun.blogspot.com/2006/07/mobb-28-mozilla-navigator-object.html
Comment 8 Stefan Cornelius (RETIRED) gentoo-dev 2006-07-28 05:02:26 UTC
seems to be a new trend to make PoCs for gentoo systems ... not sure if i like or hate that
Comment 9 Bryan Østergaard (RETIRED) gentoo-dev 2006-07-28 11:35:42 UTC
Seamonkey-1.0.3 is in cvs now. Thunderbird and firefox should follow soon.
Comment 10 Bryan Østergaard (RETIRED) gentoo-dev 2006-07-29 02:45:45 UTC
Thunderbird and firefox bumped in cvs as well.
Comment 11 Michael-Luke Jones 2006-07-29 02:47:14 UTC
Don't forget:
www-client/mozilla-firefox-bin
mail-client/mozilla-thunderbird-bin
Comment 12 Bryan Østergaard (RETIRED) gentoo-dev 2006-07-29 03:36:52 UTC
-bin packages bumped.
Comment 13 Wolf Giesen (RETIRED) gentoo-dev 2006-07-29 04:34:42 UTC
Calling arches with a plea to make this urgent. Thank you!
Comment 14 Wolf Giesen (RETIRED) gentoo-dev 2006-07-29 04:37:12 UTC
To recap, this a collection of

www-client/seamonkey
www-client/mozilla-firefox
www-client/mozilla-firefox-bin
mail-client/mozilla-thunderbird
mail-client/mozilla-thunderbird-bin
Comment 15 Perttu Luukko 2006-07-29 06:26:10 UTC
As discussed in Bug 142064 (which probably should me merged with this one), the language packs for firefox-1.5.0.5 found on gentoo mirrors only contain the output of wget downloading the language packs, *not* the actual language packs :) Building the new firefox with something in LINGUAS thus won't work.
Comment 16 Wolf Giesen (RETIRED) gentoo-dev 2006-07-29 06:31:17 UTC
*** Bug 142064 has been marked as a duplicate of this bug. ***
Comment 17 Bryan Østergaard (RETIRED) gentoo-dev 2006-07-29 06:39:20 UTC
Sorry guys (about the xpi screwup) - it's fixed in cvs now.
Comment 18 Tobias Scherbaum (RETIRED) gentoo-dev 2006-07-29 13:12:25 UTC
ppc stable
Comment 19 Jesus de Santos Garcia 2006-07-29 17:53:00 UTC
x86

www-client/mozilla-firefox: emerged cleanly with lingua ES
www-client/seamonkey: emerged cleanly (not tried crypt)
mail-client/mozilla-thunderbird: emerged cleanly (not tried crypt)

Later I'll test the bin versions. I tried to emerge the bin versions (--pretend) without removing the nobin ones and I didn't get any block. Should not this be disallowed?
Comment 20 Florian Steinel 2006-07-30 03:08:45 UTC
Info Regression:
Windows MediaPlayer plugin stopped working on specific website with FF 1.5.0.5 (mms)
(FF/SM)
http://groups.google.com/group/mozilla.dev.apps.seamonkey/browse_thread/thread/ab95c20c9f1239fc/90bc682fdadfd209#90bc682fdadfd209
https://bugzilla.mozilla.org/show_bug.cgi?id=346167
There will be Version FF 1.5.0.6 and SM 1.0.4 next week.
Comment 21 Christian Faulhammer (RETIRED) gentoo-dev 2006-07-30 04:05:06 UTC
So my computer has its Firefox weeks...only compiling one app 24/7!

After some hours :) I am able to write this entry with the Firefox to be stabled.

1) emerges fine so far 
dodoc: LEGAL does not exist

2) passes collision test
3) works fine so far (have not tested streaming) with some sites with a lot of scripting...

Thunderbird and Seamonkey, plus the two bin versions will follow...

Portage 2.1-r1 (default-linux/x86/2006.0, gcc-3.4.6, glibc-2.3.6-r4, 2.6.17-gentoo-r4 i686)
=================================================================
System uname: 2.6.17-gentoo-r4 i686 AMD Athlon(tm) XP 2500+
Gentoo Base System version 1.6.15
app-admin/eselect-compiler: [Not Present]
dev-lang/python:     2.4.3-r1
dev-python/pycrypto: 2.0.1-r5
dev-util/ccache:     [Not Present]
dev-util/confcache:  [Not Present]
sys-apps/sandbox:    1.2.17
sys-devel/autoconf:  2.13, 2.59-r7
sys-devel/automake:  1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2
sys-devel/binutils:  2.16.1-r3
sys-devel/gcc-config: 1.3.13-r3
sys-devel/libtool:   1.5.22
virtual/os-headers:  2.6.11-r2
ACCEPT_KEYWORDS="x86"
AUTOCLEAN="yes"
CBUILD="i686-pc-linux-gnu"
CFLAGS="-O2"
CHOST="i686-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/share/X11/xkb"
CONFIG_PROTECT_MASK="/etc/env.d /etc/gconf /etc/revdep-rebuild /etc/splash /etc/terminfo"
CXXFLAGS="-O2"
DISTDIR="/usr/portage/distfiles"
FEATURES="autoconfig ccache collision-protect distlocks metadata-transfer parallel-fetch sandbox sfperms strict test"
GENTOO_MIRRORS="ftp://sunsite.informatik.rwth-aachen.de/pub/Linux/gentoo/"
LANG="de_DE@euro"
LC_ALL="de_DE@euro"
LINGUAS="de"
MAKEOPTS="-j2"
PKGDIR="/usr/portage/packages"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --delete-after --stats --timeout=180 --exclude='/distfiles' --exclude='/local' --exclude='/packages'"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
PORTDIR_OVERLAY="/usr/local/portage"
SYNC="rsync://rsync.informatik.rwth-aachen.de/gentoo-portage"
USE="x86 3dnow 3dnowext X Xaw3d a52 alsa arts artworkextra asf audiofile avi bash-completion beagle berkdb bidi bitmap-fonts bootsplash branding bzip2 cairo cdda cddb cdparanoia cdr cli cracklib crypt css cups curl custom-cflags dbus dga directfb divx4linux dlloader dri dts dvd dvdr dvdread dvi eds emacs emboss encode esd evo exif expat fam fat fbcon fdftk ffmpeg firefox foomaticdb fortran ftp gb gcj gdbm gif gnome gpm gstreamer gtk gtk2 gtkhtml hal icq idn imagemagick imap imlib ipv6 isdnlog java javascript jikes jpeg jpeg2k ldap leim libg++ libwww lm_sensors mad maildir matroska mbox mikmod mime mmx mmxext mng mono motif mp3 mpeg mpeg2 mule nautilus ncurses nforce2 nls nocardbus nptl nptlonly nsplugin nvidia objc ogg opengl pam pcre pdf pdflib perl plotutils pmu png ppds pppd preview-latex print python qt qt3 qt4 quicktime readline reflection reiserfs samba sdk session slang spell spl sse ssl svg svga t1lib tcltk tcpd theora thunderbird tiff truetype truetype-fonts type1-fonts udev usb vcd videos vorbis win32codecs wmf wxwindows xine xml xorg xosd xv xvid zlib elibc_glibc input_devices_mouse input_devices_keyboard kernel_linux linguas_de userland_GNU video_cards_radeon video_cards_vesa video_cards_fbdev"
Unset:  CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LDFLAGS, PORTAGE_RSYNC_EXTRA_OPTS
Comment 22 Christian Faulhammer (RETIRED) gentoo-dev 2006-07-30 05:04:13 UTC
You wanted Thunderbird, you will get it...

1) emerges fine
2) passes collision test
3) fetched email, sent email, encrypted email, decrypted email, only POP/SMTP
Comment 23 Christian Faulhammer (RETIRED) gentoo-dev 2006-07-30 06:30:36 UTC
seamonkey is hit by bug #139704 on my system...I will test some USE flag combinations, but that will take some time. USE="mozcalendar" has no effect up to now.
Comment 24 Christian Faulhammer (RETIRED) gentoo-dev 2006-07-30 06:38:09 UTC
firefox-bin

1) emerges fine so far, but lib-compat as dependency is upset by its emerge...it states that it should not be used.
2) passes collision test
3) works (currently are writing this report with it)
Comment 25 Christian Faulhammer (RETIRED) gentoo-dev 2006-07-30 06:52:59 UTC
thunderbird-bin

1) emerges fine (though lib-compat complains again)
2) passes collision test
3) works fine
Comment 26 Stuart Longland (RETIRED) gentoo-dev 2006-07-30 07:17:56 UTC
I've got my O2 building firefox-1.5.0.5 as I type this.  I'll let you all know how it goes.  This said, it's only recently that Firefox gained a ~mips keyword, so it may be some time before we can reasonably mark any release stable.

A heads-up... this release (1.5.0.5) seems to have broken handling of mms:// and rm:// streams with external plugins, which may affect plugins such as Mozplugger & MPlayer that provide a Windows Media Player implementation on Linux.

There's a patch already applied upstream that fixes this, and I've put this patch into the set for 1.5.0.5, but it's not presently in the ebuilds yet.  Apparently, 1.5.0.6 is due out in the next fortnight or so to fix this (and probably other) issue, so I'm at two minds whether to push this fix now, or whether to wait and see.

The updated patchset is already in distfiles-local on woodpecker, and I'll update the ebuild appropriately if the issue arises. :-)
Comment 27 Christian Faulhammer (RETIRED) gentoo-dev 2006-07-30 11:10:55 UTC
seamonkey builds without USE="crypt" perfectly fine, so I add the corresponding bug as a dependency.  Also an old bug marked as WORKSFORME for version 1.0.1 (so maintainers have more data) is added, this problem seems to persist since long and should be no blocker for this security stabilisation.

1.0.3 passes collision test and works fine for me, tested web, mail, IRC and composer

Galeon 2.0.1-r2 (unstable) emerged fine on seamonkey.
Comment 28 Jason Wever (RETIRED) gentoo-dev 2006-07-30 14:05:26 UTC
firefox and thunderbird are stable on SPARC.  seamonkey 1.0.3 is unfortunately still quite crash happy.
Comment 29 Antti Tuominen 2006-07-30 23:28:16 UTC
>>> checking firefox-en-GB-1.5.0.5.xpi
!!! Digest verification failed:
!!! /usr/portage/distfiles/firefox-en-GB-1.5.0.5.xpi
!!! Reason: Failed on MD5 verification
!!! Got: 9477ebb359db57e77ca75422dc50dc65
!!! Expected: 6ef752816f72918a8b3fec432c4f7dbb

I tried the file from a couple of mirrors, including distfiles.gentoo.org.
Comment 30 Simon Stelling (RETIRED) gentoo-dev 2006-07-31 03:56:26 UTC
firefox and thunderbird are marked stable on amd64
seamonkey, firefox-bin and thunderbird-bin remain
Comment 31 urcindalo 2006-07-31 07:42:20 UTC
It fails on spanish translation on AMD64, too:
--------
>>> Emerging (1 of 3) www-client/mozilla-firefox-1.5.0.5 to /
>>> checking ebuild checksums ;-)
>>> checking auxfile checksums ;-)
>>> checking miscfile checksums ;-)
>>> checking firefox-1.5.0.5-source.tar.bz2 ;-)
>>> checking mozilla-firefox-1.5.0.5-patches-0.1.tar.bz2 ;-)
>>> checking firefox-es-ES-1.5.0.5.xpi
!!! Digest verification failed:
!!! /usr/portage/distfiles/firefox-es-ES-1.5.0.5.xpi
!!! Reason: Failed on MD5 verification
!!! Got: 65b06d6db94fe449c51d47fb80a79274
!!! Expected: ed94386b270ab386f5b845084de1199
---------------------
Comment 32 Chris Gianelloni (RETIRED) gentoo-dev 2006-07-31 11:34:25 UTC
(In reply to comment #26)
> The updated patchset is already in distfiles-local on woodpecker, and I'll
> update the ebuild appropriately if the issue arises. :-)

Please update the ebuild, as there's no way we can wait up to 14 days with regards to the release.  Thanks...

Comment 33 René Nussbaumer (RETIRED) gentoo-dev 2006-07-31 13:47:05 UTC
stable on hppa
Comment 34 Jesus de Santos Garcia 2006-07-31 14:09:55 UTC
x86

I tested today thunderbird and seamonkey with the crypt flag enabled without any problem. I send an encrypted mail with both.

I am not able to reproduce Bug 135646 nor Bug 139704

BTW and again, shouldn't the bin version be blocked but the normal ones and the same in the other way?
Comment 35 Chris Gianelloni (RETIRED) gentoo-dev 2006-07-31 18:49:24 UTC
(In reply to comment #34)
> BTW and again, shouldn't the bin version be blocked but the normal ones and the
> same in the other way?

Why?  They can both be installed on the same system quite safely.  It's not like they provide the same files, as the source-based versions install to /usr and the bin install to /opt...
Comment 36 Thomas Cort (RETIRED) gentoo-dev 2006-07-31 20:03:48 UTC
seamonkey-1.0.3 stable on alpha. firefox and thunderbird remain in default-linux/alpha/package.mask, see Bug #128777 and Bug #131359.
Comment 37 Joshua Jackson (RETIRED) gentoo-dev 2006-07-31 20:51:05 UTC
firefox and thunderbird are all done on x86, I've not gotten to seamonkey yet though I'll try to get to it tonight.
Comment 38 Wolf Giesen (RETIRED) gentoo-dev 2006-07-31 23:27:37 UTC
So far we whats seems to be left is

firefox:         arm i64 x86
firefox-bin:     x86
thunderbird:     i64 (sparc) x86  (sparc said ready, not seeing it yet)
thunderbird-bin: x86
seamonkey:       alpha amd64 x86

The vulnerability shows about half of the bugs not affecting the 1.0 branch of ff/tb; the other half has no mention about that (mfsa2006-50/51/52/53/55/56), which makes me wonder whether we should mask 1.0.x out this time (unfortunately leaving Alpha with only Seamonkey). Rest of SecTeam, comments?

I'm also a little irritated - my understandig was we switched from mozilla to seamonkey (anarchy's last work, as it seems) because of sec problems with mozilla, but it's still there. Are we still building gnome against the vulnerable mozilla, then?

As a last note, I seem to remember a (short) glorious time when new firefox builds would not overwrite my searchplugins that I painstakingly have to put there again and again now ... could we bring those golden days back sometime?
Comment 39 Christian Faulhammer (RETIRED) gentoo-dev 2006-07-31 23:45:20 UTC
After failing to compile seamonkey twice with USE="crypt", I successfully build it without it.  After that I could not reproduce the error anymore....I hate that.  So, _everything_ works for me now.
Comment 40 Ferris McCormick (RETIRED) gentoo-dev 2006-08-01 04:25:49 UTC
(In reply to comment #38)
> So far we whats seems to be left is
> 
> firefox:         arm i64 x86
> firefox-bin:     x86
> thunderbird:     i64 (sparc) x86  (sparc said ready, not seeing it yet)
> thunderbird-bin: x86
> seamonkey:       alpha amd64 x86
> 
> The vulnerability shows about half of the bugs not affecting the 1.0 branch of
> ff/tb; the other half has no mention about that (mfsa2006-50/51/52/53/55/56),
> which makes me wonder whether we should mask 1.0.x out this time (unfortunately
> leaving Alpha with only Seamonkey). Rest of SecTeam, comments?
> 
> I'm also a little irritated - my understandig was we switched from mozilla to
> seamonkey (anarchy's last work, as it seems) because of sec problems with
> mozilla, but it's still there. Are we still building gnome against the
> vulnerable mozilla, then?
> 

Don't forget that seamonkey fails pretty quickly on sparc; Please review Bug 137198 and especially Comments 4, 22 on that bug, as well as the accompanying strace of the failure.  Note also Weeve's Comment #28 on this bug.

Thus, on sparc at least, seamonkey in its current state cannot be a mozilla replacement.

> As a last note, I seem to remember a (short) glorious time when new firefox
> builds would not overwrite my searchplugins that I painstakingly have to put
> there again and again now ... could we bring those golden days back sometime?
> 

Comment 41 Thomas Cort (RETIRED) gentoo-dev 2006-08-01 05:31:10 UTC
(In reply to comment #38)
> So far we whats seems to be left is
> seamonkey:       alpha amd64 x86

Alpha has 1.0.3 stable. See comment #36. Is their more we have to do?

> which makes me wonder whether we should mask 1.0.x out this time
> (unfortunately leaving Alpha with only Seamonkey).

alpha already has only Seamonkey. We've had firefox masked in default-linux/alpha/package.mask since June 5th. Don't let us hold you up from removing 1.0.x.
Comment 42 Wolf Giesen (RETIRED) gentoo-dev 2006-08-01 06:15:11 UTC
Unfortunately I obviously lag behind with packages.g.o

New grid of 'open' things from what I see:

seamonkey:       amd64 x86
firefox:         arm i64
thunderbird:     ia64 [sparc]

sparc said ready on tb, still not seeing it yet
ia64: your opinion about masking 1.0 branch? That would leave you without seamonkey and an (IMHO) vulnerable mozilla only.

Starting to look good ...
Comment 43 Paul Varner (RETIRED) gentoo-dev 2006-08-01 14:58:08 UTC
Seamonkey complete on x86.  Thanks to the x86 AT's for testing.
Comment 44 Wolf Giesen (RETIRED) gentoo-dev 2006-08-02 01:38:43 UTC
Forgive me guys, for being so penetrant, but given the assumed number of installed mozilla packages we feel this is a little pressing.

We still need some feedback from amd64 [seamonkey], ia64 [ff, tb] and arm [ff].

Sparc, your thunderbird still does not show up as stable on p.g.o for me, can you recheck?

Thanks for your patience bearing with me!
Comment 45 Michael Weyershäuser 2006-08-02 03:46:59 UTC
seamonkey-1.0.3 on amd64 compiles fine and seems to be working ok...

emerge --info
Portage 2.1-r1 (default-linux/amd64/2006.0, gcc-3.4.6, glibc-2.3.6-r4, 2.6.17-suspend2-r3-Dudebox-Edition x86_64)
=================================================================
System uname: 2.6.17-suspend2-r3-Dudebox-Edition x86_64 unknown
Gentoo Base System version 1.6.15
ccache version 2.3 [enabled]
app-admin/eselect-compiler: [Not Present]
dev-lang/python:     2.4.3-r1
dev-python/pycrypto: 2.0.1-r5
dev-util/ccache:     2.3
dev-util/confcache:  [Not Present]
sys-apps/sandbox:    1.2.17
sys-devel/autoconf:  2.13, 2.59-r7
sys-devel/automake:  1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2
sys-devel/binutils:  2.16.1-r3
sys-devel/gcc-config: 1.3.13-r3
sys-devel/libtool:   1.5.22
virtual/os-headers:  2.6.11-r2
ACCEPT_KEYWORDS="amd64"
AUTOCLEAN="yes"
CBUILD="x86_64-pc-linux-gnu"
CFLAGS="-march=k8 -O2 -pipe -msse3"
CHOST="x86_64-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/kde/3.5/env /usr/kde/3.5/share/config /usr/kde/3.5/shutdown /usr/share/X11/xkb /usr/share/config /var/qmail/control"
CONFIG_PROTECT_MASK="/etc/env.d /etc/gconf /etc/revdep-rebuild /etc/terminfo"
CXXFLAGS="-march=k8 -O2 -pipe -msse3"
DISTDIR="/usr/portage/distfiles"
FEATURES="autoconfig ccache collision-protect distlocks metadata-transfer multilib-strict parallel-fetch sandbox sfperms strict test userfetch userpriv usersandbox"
GENTOO_MIRRORS="ftp://ftp.wh2.tu-dresden.de/pub/mirrors/gentoo ftp://linux.rz.ruhr-uni-bochum.de/gentoo-mirror/ ftp:///ftp-stud.fht-esslingen.de/pub/Mirrors/gentoo/"
LINGUAS="de"
PKGDIR="/usr/portage/packages"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --delete-after --stats --timeout=180 --exclude='/distfiles' --exclude='/local' --exclude='/packages'"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
SYNC="rsync://server/gentoo-portage"
USE="amd64 X alsa arts avi berkdb bitmap-fonts cli crypt cups dlloader dri eds emboss encode foomaticdb fortran gif gnome gpm gstreamer gtk gtk2 imlib ipv6 isdnlog jpeg kde kdeenablefinal lzw lzw-tiff mp3 mpeg ncurses nls nptl opengl pam pcre pdflib perl png pppd python qt qt3 qt4 quicktime readline reflection sdl session spell spl ssl tcpd tiff truetype-fonts type1-fonts unicode usb userlocales xorg xpm xv zlib elibc_glibc input_devices_keyboard input_devices_mouse input_devices_evdev kernel_linux linguas_de userland_GNU video_cards_dummy"
Unset:  CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LANG, LC_ALL, LDFLAGS, MAKEOPTS, PORTAGE_RSYNC_EXTRA_OPTS, PORTDIR_OVERLAY
Comment 46 Simon Stelling (RETIRED) gentoo-dev 2006-08-02 04:38:07 UTC
thanks, amd64 is done here
Comment 47 Thierry Carrez (RETIRED) gentoo-dev 2006-08-02 06:31:52 UTC
seamonkey, tb-bin and ff-bin are ready for GLSA
thunderbird is still missing sparc keyword
Comment 48 Gustavo Zacarias (RETIRED) gentoo-dev 2006-08-02 13:54:43 UTC
thunderbird sparc stable.
Comment 49 Wolf Giesen (RETIRED) gentoo-dev 2006-08-02 14:41:49 UTC
Ready for GLSA.
Comment 50 Jesus de Santos Garcia 2006-08-03 06:54:41 UTC
New versions for Firefox (1.5.0.6) and Seamonkey(1.0.4) have been released today. :-)
Comment 51 Jeremy Olexa (darkside) (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2006-08-03 06:58:58 UTC
(In reply to comment #26)
> Apparently, 1.5.0.6 is due out in the next fortnight or so to fix this (and

I've been watching this bug and I find it kind of comical that this was ALMOST pushed out before the new version came out.. 1.5.0.6 is out now. See: ftp://ftp.mozilla.org/pub/mozilla.org/firefox/releases/1.5.0.6/

Just FYI and keep up the good work! =)
Comment 52 Wolf Giesen (RETIRED) gentoo-dev 2006-08-03 07:09:39 UTC
1.5.0.6 / 1.0.4 do not fix security related bugs, though, just the regression mentioned in #20.
Comment 53 Stefan Cornelius (RETIRED) gentoo-dev 2006-08-03 11:52:32 UTC
seamonkey done in GLSA 200608-02 
Comment 54 Thierry Carrez (RETIRED) gentoo-dev 2006-08-03 13:02:06 UTC
firefox done as GLSA 200608-03
Comment 55 Thierry Carrez (RETIRED) gentoo-dev 2006-08-03 13:31:55 UTC
and TB as GLSA 200608-04
Comment 56 Wolf Giesen (RETIRED) gentoo-dev 2006-08-04 00:01:30 UTC
Thanks everyone for enduring the pain.
Comment 57 Peter Volkov (RETIRED) gentoo-dev 2008-03-06 09:39:07 UTC
Does not affect current (2008.0) release. Removing release.