Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 218065 - www-client/mozilla-firefox <2.0.0.14 www-client/seamonkey<1.1.9-r1 Crash in JavaScript garbage collector (CVE-2008-1380)
Summary: www-client/mozilla-firefox <2.0.0.14 www-client/seamonkey<1.1.9-r1 Crash in ...
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: Gentoo Security
URL: http://www.mozilla.org/security/annou...
Whiteboard: A2 [glsa]
Keywords:
Depends on: 230567
Blocks:
  Show dependency tree
 
Reported: 2008-04-17 08:47 UTC by Hanno Boeck
Modified: 2008-08-06 00:43 UTC (History)
3 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Hanno Boeck gentoo-dev 2008-04-17 08:47:59 UTC
Cite advisory from mozilla.org:
"Fixes for security problems in the JavaScript engine described in MFSA 2008-15 (CVE-2008-1237) introduced a stability problem, where some users experienced crashes during JavaScript garbage collection. This is being fixed primarily to address stability concerns. We have no demonstration that this particular crash is exploitable but are issuing this advisory because some crashes of this type have been shown to be exploitable in the past."
Comment 1 Raúl Porcel (RETIRED) gentoo-dev 2008-04-17 12:25:29 UTC
=www-client/mozilla-firefox[-bin]-2.0.0.14
=net-libs/xulrunner-1.8.1.14

In the tree

seamonkey-1.1.10 is not released yet, and thunderbird either
Comment 2 Robert Buchholz (RETIRED) gentoo-dev 2008-04-18 00:06:37 UTC
Arches, please test and mark stable:
=www-client/mozilla-firefox-2.0.0.14
Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 release sparc x86"

=www-client/mozilla-firefox-bin-2.0.0.14
Target keywords : "amd64 release x86"

=net-libs/xulrunner-1.8.1.14
Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 release sparc x86"
Comment 3 Jeroen Roovers gentoo-dev 2008-04-18 03:04:18 UTC
Both stable for HPPA. Probably need to stay on board for seamonkey (if not please tell).
Comment 4 Raúl Porcel (RETIRED) gentoo-dev 2008-04-18 10:59:01 UTC
alpha/ia64/sparc/x86 stable
Comment 5 Markus Meier gentoo-dev 2008-04-19 13:51:28 UTC
amd64 stable
Comment 6 Markus Rothe (RETIRED) gentoo-dev 2008-04-19 15:42:00 UTC
ppc64 stable
Comment 7 Jeroen Roovers gentoo-dev 2008-04-21 16:13:46 UTC
No seamonkey-1.1.10 yet?
Comment 8 Tobias Scherbaum (RETIRED) gentoo-dev 2008-04-22 16:12:59 UTC
ppc stable, ready for glsa.
Comment 9 Peter Volkov (RETIRED) gentoo-dev 2008-04-23 20:25:26 UTC
Fixed in release snapshot.
Comment 10 Robert Buchholz (RETIRED) gentoo-dev 2008-05-17 11:49:01 UTC
According to this blog entry, Seamonkey upstream has decided not to release 1.1.10 anytime soon:
http://home.kairo.at/blog/2008-04/weekly_status_report_w17_2008_w15_w16

Raul has committed the patch to fix this vulnerability in www-client/seamonkey-1.1.9-r1. There are no updates to www-client/seamonkey-bin due to the nature of being upstream builds.
Comment 11 Robert Buchholz (RETIRED) gentoo-dev 2008-05-17 11:49:29 UTC
Arches, please test and mark stable:
=www-client/seamonkey-1.1.9-r1
Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 release sparc x86"
Comment 12 Raúl Porcel (RETIRED) gentoo-dev 2008-05-17 19:11:04 UTC
alpha/ia64/sparc stable
Comment 13 Christian Faulhammer (RETIRED) gentoo-dev 2008-05-18 08:26:18 UTC
x86 stable
Comment 14 Markus Rothe (RETIRED) gentoo-dev 2008-05-18 14:29:48 UTC
ppc64 stable
Comment 15 Robert Buchholz (RETIRED) gentoo-dev 2008-05-18 15:34:25 UTC
amd64 stable
Comment 16 Jeroen Roovers gentoo-dev 2008-05-18 15:56:40 UTC
Stable for HPPA.
Comment 17 Tobias Scherbaum (RETIRED) gentoo-dev 2008-05-20 16:32:50 UTC
ppc stable
Comment 18 Robert Buchholz (RETIRED) gentoo-dev 2008-05-20 21:22:10 UTC
GLSA 200805-18, but we will have to leave this open until it is fixed for seamonkey-bin.
Comment 19 Peter Volkov (RETIRED) gentoo-dev 2008-05-21 09:36:58 UTC
Fixed in release snapshot.
Comment 20 Robert Buchholz (RETIRED) gentoo-dev 2008-07-30 19:53:46 UTC
Fixed via bug 230567
Comment 21 Robert Buchholz (RETIRED) gentoo-dev 2008-08-06 00:43:23 UTC
GLSA 200808-03