Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 907817 (CVE-2023-29345, CVE-2023-33143) - <www-client/microsoft-edge-114.0.1823.37: privilege escalation vulnerability
Summary: <www-client/microsoft-edge-114.0.1823.37: privilege escalation vulnerability
Status: RESOLVED FIXED
Alias: CVE-2023-29345, CVE-2023-33143
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL:
Whiteboard: A4 [glsa+]
Keywords:
Depends on:
Blocks:
 
Reported: 2023-06-04 03:31 UTC by John Helmert III
Modified: 2024-02-03 08:03 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2023-06-04 03:31:37 UTC 
CVE-2023-33143 (https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33143):

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

Fixed in 114.0.1823.37.
Comment 1 Mike Gilbert gentoo-dev 2023-06-05 23:37:35 UTC 
commit 25f8df6393510645360ed7cfa24435baf37d7b59
Author: Mike Gilbert <floppym@gentoo.org>
Date:   Mon Jun 5 19:33:10 2023 -0400

    www-client/microsoft-edge: amd64 stable (114.0.1823.37)
    
    Signed-off-by: Mike Gilbert <floppym@gentoo.org>

commit 3610c837f1d91db3fa7ef7b365b85225fc5cf4ca
Author: Mike Gilbert <floppym@gentoo.org>
Date:   Mon Jun 5 19:33:04 2023 -0400

    www-client/microsoft-edge: automated bump (114.0.1823.37)
    
    Signed-off-by: Mike Gilbert <floppym@gentoo.org>
Comment 2 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2023-06-09 04:21:40 UTC 
CVE-2023-29345 (https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29345):

Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability
Comment 3 Larry the Git Cow gentoo-dev 2024-02-03 08:01:31 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/data/glsa.git/commit/?id=f0f0b4193142467bf80273c59cea40220cf3ecc3

commit f0f0b4193142467bf80273c59cea40220cf3ecc3
Author:     GLSAMaker <glsamaker@gentoo.org>
AuthorDate: 2024-02-03 08:00:42 +0000
Commit:     Hans de Graaff <graaff@gentoo.org>
CommitDate: 2024-02-03 08:01:23 +0000

    [ GLSA 202402-05 ] Microsoft Edge: Multiple Vulnerabilities
    
    Bug: https://bugs.gentoo.org/907817
    Bug: https://bugs.gentoo.org/908518
    Bug: https://bugs.gentoo.org/918586
    Bug: https://bugs.gentoo.org/919495
    Signed-off-by: GLSAMaker <glsamaker@gentoo.org>
    Signed-off-by: Hans de Graaff <graaff@gentoo.org>

 glsa-202402-05.xml | 60 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 60 insertions(+)