Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 864723 (CVE-2022-33636, CVE-2022-33649, CVE-2022-35796) - <www-client/microsoft-edge-104.0.1293.47: multiple vulnerabilities
Summary: <www-client/microsoft-edge-104.0.1293.47: multiple vulnerabilities
Status: RESOLVED FIXED
Alias: CVE-2022-33636, CVE-2022-33649, CVE-2022-35796
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL:
Whiteboard: B2 [glsa+]
Keywords:
Depends on: CVE-2022-2603, CVE-2022-2604, CVE-2022-2605, CVE-2022-2606, CVE-2022-2607, CVE-2022-2608, CVE-2022-2609, CVE-2022-2610, CVE-2022-2611, CVE-2022-2612, CVE-2022-2613, CVE-2022-2614, CVE-2022-2615, CVE-2022-2616, CVE-2022-2617, CVE-2022-2618, CVE-2022-2619, CVE-2022-2620, CVE-2022-2621, CVE-2022-2622, CVE-2022-2623, CVE-2022-2624
Blocks:
  Show dependency tree
 
Reported: 2022-08-09 22:49 UTC by John Helmert III
Modified: 2022-08-21 06:13 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-08-09 22:49:22 UTC
CVE-2022-35796 (https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35796):

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability.

CVE-2022-33636 (https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-33636):

Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability.

CVE-2022-33649 (https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-33649):

Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability.
Comment 1 Stephan Hartmann gentoo-dev 2022-08-17 09:02:25 UTC
Removing beta and dev because those are not security supported.
Comment 2 Larry the Git Cow gentoo-dev 2022-08-21 06:13:02 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/data/glsa.git/commit/?id=cc821fda3ee186d2bcc82c6163599beb50f2302d

commit cc821fda3ee186d2bcc82c6163599beb50f2302d
Author:     GLSAMaker <glsamaker@gentoo.org>
AuthorDate: 2022-08-21 06:11:41 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2022-08-21 06:12:55 +0000

    [ GLSA 202208-35 ] Chromium, Google Chrome, Microsoft Edge: Multiple Vulnerabilities
    
    Bug: https://bugs.gentoo.org/858104
    Bug: https://bugs.gentoo.org/859442
    Bug: https://bugs.gentoo.org/863512
    Bug: https://bugs.gentoo.org/864723
    Bug: https://bugs.gentoo.org/865501
    Signed-off-by: GLSAMaker <glsamaker@gentoo.org>
    Signed-off-by: Sam James <sam@gentoo.org>

 glsa-202208-35.xml | 126 +++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 126 insertions(+)
Comment 3 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2022-08-21 06:13:58 UTC
GLSA done, all done.