CVE-2020-16044: A malicious peer could have modified a COOKIE-ECHO chunk in a SCTP packet in a way that potentially resulted in a use-after-free. We presume that with enough effort it could have been exploited to run arbitrary code. Fixed in 78.6.1 and 84.0.2.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ff5e3675ea8ee7cf8474bff12042618eeca352de commit ff5e3675ea8ee7cf8474bff12042618eeca352de Author: Joonas Niilola <juippis@gentoo.org> AuthorDate: 2021-01-07 08:56:57 +0000 Commit: Joonas Niilola <juippis@gentoo.org> CommitDate: 2021-01-07 08:56:57 +0000 www-client/firefox-bin: (security) bump to 78.6.1 Bug: https://bugs.gentoo.org/764161 Signed-off-by: Joonas Niilola <juippis@gentoo.org> www-client/firefox-bin/Manifest | 97 ++++++ www-client/firefox-bin/firefox-bin-78.6.1.ebuild | 411 +++++++++++++++++++++++ 2 files changed, 508 insertions(+)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=90421b2a65fae9cb6f39a53ed87b76ccde5be9c1 commit 90421b2a65fae9cb6f39a53ed87b76ccde5be9c1 Author: Joonas Niilola <juippis@gentoo.org> AuthorDate: 2021-01-07 13:51:14 +0000 Commit: Joonas Niilola <juippis@gentoo.org> CommitDate: 2021-01-07 13:52:19 +0000 www-client/firefox: (security) ESR bump to 78.6.1 Bug: https://bugs.gentoo.org/764161 Closes: https://bugs.gentoo.org/764290 Signed-off-by: Joonas Niilola <juippis@gentoo.org> www-client/firefox/Manifest | 96 +++ www-client/firefox/firefox-78.6.1.ebuild | 1130 ++++++++++++++++++++++++++++++ 2 files changed, 1226 insertions(+)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=31164aeb729c82602a284d56b94a7740bc5e4ed4 commit 31164aeb729c82602a284d56b94a7740bc5e4ed4 Author: Joonas Niilola <juippis@gentoo.org> AuthorDate: 2021-01-07 14:06:14 +0000 Commit: Joonas Niilola <juippis@gentoo.org> CommitDate: 2021-01-07 14:09:16 +0000 www-client/firefox-bin: (security) bump to 84.0.2 Bug: https://bugs.gentoo.org/764161 Signed-off-by: Joonas Niilola <juippis@gentoo.org> www-client/firefox-bin/Manifest | 97 ++++++ www-client/firefox-bin/firefox-bin-84.0.2.ebuild | 411 +++++++++++++++++++++++ 2 files changed, 508 insertions(+)
Thank you!
I'm missing www-client/firefox/firefox-84.0.2.ebuild
It's not in the tree yet, the main maintainer hasn't returned committing after christmas and I'm a bit occupied until tomorrow. Since it's 84.0.1 -> 84.0.2 bump there's probably nothing major updated (haven't had time to check 84.0.x logs), so just renaming the ebuild should be enough if you want to help testing it.
*** Bug 764560 has been marked as a duplicate of this bug. ***
I'll switch back to [ebuild] for now I guess until we get the 84.x.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=702a672379acb4a1202015ccce32f6b798dd963f commit 702a672379acb4a1202015ccce32f6b798dd963f Author: Joonas Niilola <juippis@gentoo.org> AuthorDate: 2021-01-09 12:35:42 +0000 Commit: Joonas Niilola <juippis@gentoo.org> CommitDate: 2021-01-09 12:35:42 +0000 www-client/firefox: (security) bump to 84.0.2 Bug: https://bugs.gentoo.org/764161 Bug: https://bugs.gentoo.org/764590 Signed-off-by: Joonas Niilola <juippis@gentoo.org> www-client/firefox/Manifest | 97 +++ www-client/firefox/firefox-84.0.2.ebuild | 1130 ++++++++++++++++++++++++++++++ 2 files changed, 1227 insertions(+)
New GLSA request filed.
This issue was resolved and addressed in GLSA 202101-04 at https://security.gentoo.org/glsa/202101-04 by GLSA coordinator Sam James (sam_c).
Reopening for cleanup.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=fac19fbd00964ce6966bd1b569d0dc4a2216f5a0 commit fac19fbd00964ce6966bd1b569d0dc4a2216f5a0 Author: Joonas Niilola <juippis@gentoo.org> AuthorDate: 2021-01-11 15:50:12 +0000 Commit: Joonas Niilola <juippis@gentoo.org> CommitDate: 2021-01-11 15:50:12 +0000 www-client/firefox-bin: security cleanup Bug: https://bugs.gentoo.org/764161 Signed-off-by: Joonas Niilola <juippis@gentoo.org> www-client/firefox-bin/Manifest | 291 ---------------- www-client/firefox-bin/firefox-bin-78.6.0.ebuild | 411 ----------------------- www-client/firefox-bin/firefox-bin-84.0.1.ebuild | 411 ----------------------- www-client/firefox-bin/firefox-bin-84.0.ebuild | 411 ----------------------- 4 files changed, 1524 deletions(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f37052c735aac4e72281e753f84518b4675e03b4 commit f37052c735aac4e72281e753f84518b4675e03b4 Author: Joonas Niilola <juippis@gentoo.org> AuthorDate: 2021-01-11 15:49:16 +0000 Commit: Joonas Niilola <juippis@gentoo.org> CommitDate: 2021-01-11 15:49:16 +0000 www-client/firefox: security cleanup Bug: https://bugs.gentoo.org/764161 Signed-off-by: Joonas Niilola <juippis@gentoo.org> www-client/firefox/Manifest | 288 ------- www-client/firefox/firefox-78.6.0.ebuild | 1129 --------------------------- www-client/firefox/firefox-84.0.1-r1.ebuild | 1128 -------------------------- www-client/firefox/firefox-84.0.ebuild | 1128 -------------------------- 4 files changed, 3673 deletions(-)
All done, thanks!