Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 808927 - ~www-client/firefox{-bin,}-91.0.1: HTTP/3 header splitting vulnerability
Summary: ~www-client/firefox{-bin,}-91.0.1: HTTP/3 header splitting vulnerability
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal trivial (vote)
Assignee: Gentoo Security
URL:
Whiteboard: ~4 [noglsa]
Keywords:
Depends on: 808929
Blocks: CVE-2021-29991
  Show dependency tree
 
Reported: 2021-08-18 19:59 UTC by John Helmert III
Modified: 2021-08-24 16:25 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2021-08-18 19:59:29 UTC
Need stabilization.
Comment 1 Thomas Deutschmann gentoo-dev 2021-08-18 22:04:19 UTC
(In reply to John Helmert III from comment #0)
> Need stabilization.

No, does not affect any stable firefox version.
Comment 2 Larry the Git Cow gentoo-dev 2021-08-24 13:17:47 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=da107ef65d4b54256399c018f2409d3375ee611a

commit da107ef65d4b54256399c018f2409d3375ee611a
Author:     Thomas Deutschmann <whissi@gentoo.org>
AuthorDate: 2021-08-24 12:19:18 +0000
Commit:     Thomas Deutschmann <whissi@gentoo.org>
CommitDate: 2021-08-24 12:52:06 +0000

    www-client/firefox-bin: security cleanup
    
    Bug: https://bugs.gentoo.org/807947
    Bug: https://bugs.gentoo.org/808927
    Package-Manager: Portage-3.0.22, Repoman-3.0.3
    Signed-off-by: Thomas Deutschmann <whissi@gentoo.org>

 www-client/firefox-bin/Manifest                  | 194 -----------
 www-client/firefox-bin/firefox-bin-90.0.2.ebuild | 417 -----------------------
 www-client/firefox-bin/firefox-bin-91.0.ebuild   | 384 ---------------------
 3 files changed, 995 deletions(-)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=250bf9a2b6905ed3c1ee7440c3215cf350671e2c

commit 250bf9a2b6905ed3c1ee7440c3215cf350671e2c
Author:     Thomas Deutschmann <whissi@gentoo.org>
AuthorDate: 2021-08-24 12:15:13 +0000
Commit:     Thomas Deutschmann <whissi@gentoo.org>
CommitDate: 2021-08-24 12:52:05 +0000

    www-client/firefox: security cleanup
    
    Bug: https://bugs.gentoo.org/807947
    Bug: https://bugs.gentoo.org/808927
    Package-Manager: Portage-3.0.22, Repoman-3.0.3
    Signed-off-by: Thomas Deutschmann <whissi@gentoo.org>

 www-client/firefox/Manifest               |  293 -------
 www-client/firefox/firefox-78.12.0.ebuild | 1187 -----------------------------
 www-client/firefox/firefox-90.0.2.ebuild  | 1182 ----------------------------
 www-client/firefox/firefox-91.0.ebuild    | 1149 ----------------------------
 4 files changed, 3811 deletions(-)
Comment 3 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2021-08-24 16:25:03 UTC
Only unstable affected, no GLSA.