Comment 1 Agostino Sarubbo 2012-02-13 17:31:08 UTC

Arches, please test and mark stable:

=www-client/firefox-10.0.1
Target keywords : "alpha amd64 arm ia64 ppc x86"

=www-client/firefox-bin-10.0.1
Target keywords : "amd64 x86"

=mail-client/thunderbird-10.0.1
Target keywords : "alpha amd64 x86"

=mail-client/thunderbird-bin-10.0.1
Target keywords : "amd64 x86"

=dev-libs/nss-3.13.1-r2
Target KEYWORDS : "alpha amd64 arm ia64 ppc x86"

=www-client/seamonkey-2.7.1
Target keywords : "alpha amd64 arm ppc x86"

=www-client/seamonkey-bin-2.7.1
Target keywords : "amd64 x86"

=media-libs/libvpx-0.9.7-r1
Target keywords : "alpha amd64 arm ia64 ppc x86"

=www-client/icecat-10.0.1
Target keywords : "amd64 ppc x86"

Comment 2 Agostino Sarubbo 2012-02-13 18:07:15 UTC

(In reply to comment #1)
> =www-client/icecat-10.0.1
> Target keywords : "amd64 ppc x86"

err.
=www-client/icecat-10.0-r1

amd64:

> =www-client/firefox-bin-10.0.1
> Target keywords : "amd64 x86"
pass

little notice by repoman

upstream.workaround           
   media-libs/libvpx/libvpx-0.9.7-r1.ebuild: Ebuild calls addpredict on line: 49


QA notice command not found still present for seamonkey and thunderbird (Bug 391889)

thunderbird still fails to compile with use debug enabled (Bug 398389)

for everything else amd64 is ok for all

Comment 6 Agostino Sarubbo 2012-02-17 11:32:09 UTC

amd64 stable

Comment 7 Agostino Sarubbo 2012-02-19 14:42:29 UTC

*** Bug 404487 has been marked as a duplicate of this bug. ***

Comment 8 Agostino Sarubbo 2012-02-19 14:42:48 UTC

*** Bug 404491 has been marked as a duplicate of this bug. ***

Comment 9 Thomas Kahle (RETIRED) 2012-02-20 11:24:21 UTC

x86 done. Thanks.

Comment 10 GLSAMaker/CVETool Bot 2012-02-20 15:38:19 UTC

CVE-2012-0452 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0452):
  Use-after-free vulnerability in Mozilla Firefox 10.x before 10.0.1,
  Thunderbird 10.x before 10.0.1, and SeaMonkey 2.7 allows remote attackers to
  cause a denial of service (application crash) or possibly execute arbitrary
  code via vectors that trigger failure of an
  nsXBLDocumentInfo::ReadPrototypeBindings function call, related to the cycle
  collector's access to a hash table containing a stale XBL binding.

Comment 11 Jory A. Pratt 2012-02-28 05:26:20 UTC

Please stabilize 10.0.0-r1 which has the bindist fix for branding, this is crucial to licensing.

Comment 12 Agostino Sarubbo 2012-03-01 18:15:47 UTC

(In reply to comment #11)
> Please stabilize 10.0.0-r1 which has the bindist fix for branding, this is
> crucial to licensing.

amd64 done

Comment 13 Thomas Kahle (RETIRED) 2012-03-07 15:56:32 UTC

x86 done.  only firefox and thunderbird, right? If not, please add us back.

Comment 14 Thomas Kahle (RETIRED) 2012-03-07 16:00:11 UTC

(In reply to comment #13)
> x86 done.  only firefox and thunderbird, right? If not, please add us back.
Correction: firefox only.  Thunderbird needs a newer libvpx?  I don't understand the overlap with bug 401985.

Comment 15 Thomas Kahle (RETIRED) 2012-03-07 16:04:12 UTC

(In reply to comment #14)
> (In reply to comment #13)
> > x86 done.  only firefox and thunderbird, right? If not, please add us back.
> Correction: firefox only.  Thunderbird needs a newer libvpx?  I don't
> understand the overlap with bug 401985.

Argh. Same applies to firefox, of course.  So x86 did nothing, awaiting clarification what to do.

Shouldn't the remaining arches continue with #408161 instead of this?

Comment 17 Sean Amoss (RETIRED) 2012-03-23 11:08:33 UTC

(In reply to comment #16)
> Shouldn't the remaining arches continue with #408161 instead of this?

Yes.

Comment 18 GLSAMaker/CVETool Bot 2013-01-08 01:05:11 UTC

This issue was resolved and addressed in
 GLSA 201301-01 at http://security.gentoo.org/glsa/glsa-201301-01.xml
by GLSA coordinator Sean Amoss (ackle).