MFSA 2011-18 XSLT generate-id() function heap address leak MFSA 2011-17 WebGLES vulnerabilities MFSA 2011-16 Directory traversal in resource: protocol MFSA 2011-15 Escalation of privilege through Java Embedding Plugin MFSA 2011-14 Information stealing via form history MFSA 2011-13 Multiple dangling pointer vulnerabilities MFSA 2011-12 Miscellaneous memory safety hazards (rv:2.0.1/ 1.9.2.17/ 1.9.1.19) Although not listed in the summary, ~net-libs/xulrunner-2.0 and ~www-client/firefox-4.0 are affected as well.
Thanks for the bug, and for getting ebuilds committed so quickly. Are we ready to call arches? We can always readd them when icecat is ready. Just to facilitate searching, here is the list of CVEs as we normally list them. CVE-2011-{0065,0066,0067,0068,0069,0070,0071,0072,0073,0074,0075,0076,0077,0078,0079,0080,0081,1202}
(In reply to comment #1) > Thanks for the bug, and for getting ebuilds committed so quickly. Are we ready > to call arches? We can always readd them when icecat is ready. I have no objections against letting arches do their work now. Looking at the severity some of these bugs have I think the faster the better :) > Just to facilitate searching, here is the list of CVEs as we normally list > them. > CVE-2011-{0065,0066,0067,0068,0069,0070,0071,0072,0073,0074,0075,0076,0077,0078,0079,0080,0081,1202} Heh, I tried to make up the summary like this but the input field didn't allow a summary being that long ;)
Great, thanks. Arches, please test and mark stable: =www-client/firefox-3.6.17 Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 sparc x86" =www-client/firefox-bin-3.6.17 Target keywords : "amd64 x86" =www-client/seamonkey-2.0.14 Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 sparc x86" =www-client/seamonkey-bin-2.0.14 Target keywords : "amd64 x86" =mail-client/thunderbird-3.1.10 Target keywords : "alpha amd64 ia64 ppc ppc64 sparc x86" =mail-client/thunderbird-bin-3.1.10 Target keywords : "amd64 x86" =net-libs/xulrunner-1.9.2.17 Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 sparc x86"
amd64 done
ppc/ppc64 stable
x86 stable
Stable for HPPA.
+*icecat-3.6.16-r1 (03 May 2011) + + 03 May 2011; Lars Wendler <polynomial-c@gentoo.org> +icecat-3.6.16-r1.ebuild: + Security bump. This revision contains the same fixes firefox-3.6.17 has. + I cannot add "<www-client/icecat-3.6.16-r1" to the summary as it only allows a limited number of chars. It seems like icecat upstream won't release a 3.6.17 version so I created a patch containing the changes between firefox-3.6.16 and -3.6.17 and applied that to icecat-3.6.16. I gonna write an email to icecat upstream requesting a 3.6.17 version once I return home from work today. In case they do such a release I will add the real 3.6.17 version to the tree with the same mix of stable/unstable KEYWORDS 3.6.16-r1 has at that point. So arches please test and mark stable in addition to the packages listed in the summary: =www-client/icecat-3.6.16-r1 Target keywords: amd64 ppc ppc64 x86 And sorry for readding exactly those four arches which already did their job here :)
icecat works.
icecat-3.6.16-r1 x86 stable
amd64 done. Thanks Agostino
alpha/arm/ia64/sparc stable, i haven't done xulrunner/firefox .17 because it sigbuses, like always...
ppc/ppc64 stable, last arch done
Thanks, everyone. Added to existing GLSA request.
(In reply to comment #12) > alpha/arm/ia64/sparc stable, i haven't done xulrunner/firefox .17 because it > sigbuses, like always... Not always, I've found that if I remove the sparc specific kludge from the ebuild it works for me, but you have to catch the browser before it loads the page and all will be well.
re-add if needed later.
This issue was resolved and addressed in GLSA 201301-01 at http://security.gentoo.org/glsa/glsa-201301-01.xml by GLSA coordinator Sean Amoss (ackle).
