807947 – (CVE-2021-29981, CVE-2021-29982, CVE-2021-29987, CVE-2021-29990) <www-client/firefox{-bin,}-{78.13.0,91.0}: multiple vulnerabilities

Bug 807947 (CVE-2021-29981, CVE-2021-29982, CVE-2021-29987, CVE-2021-29990) - <www-client/firefox{-bin,}-{78.13.0,91.0}: multiple vulnerabilities

Summary: <www-client/firefox{-bin,}-{78.13.0,91.0}: multiple vulnerabilities

Status:	RESOLVED FIXED

Alias:	CVE-2021-29981, CVE-2021-29982, CVE-2021-29987, CVE-2021-29990

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal major
Assignee:	Gentoo Security

URL:
Whiteboard:	A2 [glsa]
Keywords:

Depends on:	807949
Blocks:	CVE-2021-29980, CVE-2021-29984, CVE-2021-29985, CVE-2021-29986, CVE-2021-29988, CVE-2021-29989
	Show dependency tree

Reported:	2021-08-13 01:27 UTC by John Helmert III
Modified:	2022-02-21 23:05 UTC (History)
CC List:	2 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description John Helmert III archtester

2021-08-13 01:27:04 UTC

Needs stabilization.

Comment 1 Larry the Git Cow gentoo-dev

2021-08-24 13:17:46 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=da107ef65d4b54256399c018f2409d3375ee611a

commit da107ef65d4b54256399c018f2409d3375ee611a
Author:     Thomas Deutschmann <whissi@gentoo.org>
AuthorDate: 2021-08-24 12:19:18 +0000
Commit:     Thomas Deutschmann <whissi@gentoo.org>
CommitDate: 2021-08-24 12:52:06 +0000

    www-client/firefox-bin: security cleanup
    
    Bug: https://bugs.gentoo.org/807947
    Bug: https://bugs.gentoo.org/808927
    Package-Manager: Portage-3.0.22, Repoman-3.0.3
    Signed-off-by: Thomas Deutschmann <whissi@gentoo.org>

 www-client/firefox-bin/Manifest                  | 194 -----------
 www-client/firefox-bin/firefox-bin-90.0.2.ebuild | 417 -----------------------
 www-client/firefox-bin/firefox-bin-91.0.ebuild   | 384 ---------------------
 3 files changed, 995 deletions(-)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=250bf9a2b6905ed3c1ee7440c3215cf350671e2c

commit 250bf9a2b6905ed3c1ee7440c3215cf350671e2c
Author:     Thomas Deutschmann <whissi@gentoo.org>
AuthorDate: 2021-08-24 12:15:13 +0000
Commit:     Thomas Deutschmann <whissi@gentoo.org>
CommitDate: 2021-08-24 12:52:05 +0000

    www-client/firefox: security cleanup
    
    Bug: https://bugs.gentoo.org/807947
    Bug: https://bugs.gentoo.org/808927
    Package-Manager: Portage-3.0.22, Repoman-3.0.3
    Signed-off-by: Thomas Deutschmann <whissi@gentoo.org>

 www-client/firefox/Manifest               |  293 -------
 www-client/firefox/firefox-78.12.0.ebuild | 1187 -----------------------------
 www-client/firefox/firefox-90.0.2.ebuild  | 1182 ----------------------------
 www-client/firefox/firefox-91.0.ebuild    | 1149 ----------------------------
 4 files changed, 3811 deletions(-)

Comment 2 Joonas Niilola gentoo-dev

2021-12-13 06:36:44 UTC

These have been cleaned, but newer security bugs are open.

Comment 3 Larry the Git Cow gentoo-dev

2022-02-21 23:03:19 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/data/glsa.git/commit/?id=57effa1a78ecfa61900fdedbc9401d0948141e99

commit 57effa1a78ecfa61900fdedbc9401d0948141e99
Author:     John Helmert III <ajak@gentoo.org>
AuthorDate: 2022-02-21 22:59:29 +0000
Commit:     John Helmert III <ajak@gentoo.org>
CommitDate: 2022-02-21 22:59:29 +0000

    [ GLSA 202202-03 ] Mozilla Firefox: Multiple vulnerabilities
    
    Bug: https://bugs.gentoo.org/802768
    Bug: https://bugs.gentoo.org/807947
    Bug: https://bugs.gentoo.org/813498
    Bug: https://bugs.gentoo.org/821385
    Bug: https://bugs.gentoo.org/828538
    Bug: https://bugs.gentoo.org/831039
    Bug: https://bugs.gentoo.org/832992
    Signed-off-by: John Helmert III <ajak@gentoo.org>

 glsa-202202-03.xml | 141 +++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 141 insertions(+)

Comment 4 John Helmert III archtester

2022-02-21 23:05:36 UTC

GLSA released, all done!