Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 640486 - multiple security vulnerabilities in www-client/firefox-52.5.0 (ESR) fixed in 52.5.2.
Summary: multiple security vulnerabilities in www-client/firefox-52.5.0 (ESR) fixed in...
Status: RESOLVED DUPLICATE of bug 639854
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL: https://www.mozilla.org/en-US/securit...
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2017-12-10 11:28 UTC by Christian D.
Modified: 2017-12-10 20:11 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Christian D. 2017-12-10 11:28:06 UTC
Given that >=www-client/firefox-57 alias Quantum is incompatible with many extensions, gentoo should, at least for the time being, provide the most recent ESR release of firefox.

Reproducible: Always
Comment 1 Christian D. 2017-12-10 12:27:01 UTC
Simply renaming the ebuild unfortunately does not do the trick. The source downloads and builds all right, but the install fails: 


cp: cannot stat '/var/tmp/portage/www-client/firefox-52.5.2/files/gentoo-default-prefs.js-1': No such file or directory
 * ERROR: www-client/firefox-52.5.2::local failed (install phase):
 *   (no error message)
 * 
 * Call stack:
 *     ebuild.sh, line 124:  Called src_install
 *   environment, line 5151:  Called die
 * The specific snippet of code:
 *       cp "${FILESDIR}"/gentoo-default-prefs.js-1 "${BUILD_OBJ_DIR}/dist/bin/browser/defaults/preferences/all-gentoo.js" || die;


I guess the maintainers must know what the "gentoo-default-prefs" thing is about, I certainly don't.
Comment 2 Christopher Díaz Riveros (RETIRED) gentoo-dev Security 2017-12-10 20:11:21 UTC
(In reply to Christian D. from comment #0)


Thank you for the report Christian, CVE-2017-7843 is already addressed in bug 639854. 

Please be patient, maintainers are still working on v57.

Thank you

*** This bug has been marked as a duplicate of bug 639854 ***