MFSA 2012-40 Buffer overflow and use-after-free issues found using Address Sanitizer MFSA 2012-39 NSS parsing errors with zero length items MFSA 2012-38 Use-after-free while replacing/inserting a node in a document MFSA 2012-37 Information disclosure though Windows file shares and shortcut files MFSA 2012-36 Content Security Policy inline-script bypass MFSA 2012-34 Miscellaneous memory safety hazards nspr-4.9.1 and nss-3.13.5 can start to be stabilized. Ebuilds for fx/tb-10.0.5 are being worked on and will be added soon as possible. Reproducible: Always
Thanks for the bug, Jory. MFSA 2012-34: CVE-2011-3101, CVE-2012-1937, CVE-2012-1938, CVE-2012-1939 MFSA 2012-35: CVE-2012-1942, CVE-2012-1943 MFSA 2012-36: CVE-2012-1944 MFSA 2012-37: CVE-2012-1945 MFSA 2012-38: CVE-2012-1946 MFSA 2012-39: CVE-2012-0441 MFSA 2012-40: CVE-2012-1940, CVE-2012-1941, CVE-2012-1947
+*firefox-10.0.5 (06 Jun 2012) + + 06 Jun 2012; Lars Wendler <polynomial-c@gentoo.org> -firefox-10.0.3.ebuild, + +firefox-10.0.5.ebuild: + Security bump. Removed old. + +*thunderbird-10.0.5 (06 Jun 2012) + + 06 Jun 2012; Lars Wendler <polynomial-c@gentoo.org> + -thunderbird-10.0.3.ebuild, +thunderbird-10.0.5.ebuild: + Security bump. Removed old. +
Thanks much; let's roll on tb/fx and readd arches as others become available. Arches, please test and mark stable: =www-client/firefox-10.0.5 Target keywords : "alpha amd64 arm ia64 ppc ppc64 sparc x86" =dev-libs/nspr-4.9.1 Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 sparc x86" =dev-libs/nss-3.13.5 Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 sparc x86" =mail-client/thunderbird-10.0.5 Target keywords : "alpha amd64 ia64 ppc ppc64 sparc x86"
(In reply to comment #3) > Thanks much; let's roll on tb/fx and readd arches as others become available. > > Arches, please test and mark stable: > =www-client/firefox-10.0.5 > Target keywords : "alpha amd64 arm ia64 ppc ppc64 sparc x86" > > =dev-libs/nspr-4.9.1 > Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 sparc x86" > > =dev-libs/nss-3.13.5 > Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 sparc x86" > > =mail-client/thunderbird-10.0.5 > Target keywords : "alpha amd64 ia64 ppc ppc64 sparc x86" You can bring in seamonkey and seamonkey-bin they are both in the tree as well.
(In reply to comment #4) > > You can bring in seamonkey and seamonkey-bin they are both in the tree as > well. Thanks, updated targets: Arches, please test and mark stable: =www-client/firefox-10.0.5 Target keywords : "alpha amd64 arm ia64 ppc ppc64 sparc x86" =dev-libs/nspr-4.9.1 Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 sparc x86" =dev-libs/nss-3.13.5 Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 sparc x86" =mail-client/thunderbird-10.0.5 Target keywords : "alpha amd64 ia64 ppc ppc64 sparc x86" =www-client/seamonkey-2.10 Target keywords : "alpha amd64 arm ia64 ppc ppc64 sparc x86" =www-client/seamonkey-bin-2.10 Target keywords : "amd64 x86"
(In reply to comment #5) > =www-client/firefox-10.0.5 > =dev-libs/nspr-4.9.1 > =dev-libs/nss-3.13.5 > =www-client/seamonkey-bin-2.10 amd64 ok > =mail-client/thunderbird-10.0.5 a part usually known bug (Bug 398389) for everything else amd64 is ok > =www-client/seamonkey-2.10 fails to build with specific use flags (Bug 420233) but for everything else amd64 is ok
why there aren't -bin for firefox and thunderbird in the list of stabilization?lapse?
Agostino, next time just fix it, please. Arches, this is the complete list. Please test and mark stable: =www-client/firefox-10.0.5 Target keywords : "alpha amd64 arm ia64 ppc ppc64 sparc x86" =www-client/firefox-bin-10.0.5 Target keywords : "amd64 x86" =dev-libs/nspr-4.9.1 Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 sparc x86" =dev-libs/nss-3.13.5 Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 sparc x86" =mail-client/thunderbird-10.0.5 Target keywords : "alpha amd64 ia64 ppc ppc64 sparc x86" =mail-client/thunderbird-bin-10.0.5 Target keywords : "amd64 x86" =www-client/seamonkey-2.10 Target keywords : "alpha amd64 arm ia64 ppc ppc64 sparc x86" =www-client/seamonkey-bin-2.10 Target keywords : "amd64 x86"
amd64 stable
x86: all *-bin packages was pass Also i'm not see problems with other packages and libraries: compile and run: everything fine. Compile with specific USE flags combination:ok for me. All RDEPEND compile is fine. Also ho problems with repoman for this versions. Thunderbird: i can reproduce Bug 398389.
CVE-2012-3105 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3105): The glBufferData function in the WebGL implementation in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 does not properly mitigate an unspecified flaw in an NVIDIA driver, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, a related issue to CVE-2011-3101. CVE-2012-1947 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1947): Heap-based buffer overflow in the utf16_to_isolatin1 function in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allows remote attackers to execute arbitrary code via vectors that trigger a character-set conversion failure. CVE-2012-1946 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1946): Use-after-free vulnerability in the nsINode::ReplaceOrInsertBefore function in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 might allow remote attackers to execute arbitrary code via document changes involving replacement or insertion of a node. CVE-2012-1945 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1945): Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allow local users to obtain sensitive information via an HTML document that loads a shortcut (aka .lnk) file for display within an IFRAME element, as demonstrated by a network share implemented by (1) Microsoft Windows or (2) Samba. CVE-2012-1944 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1944): The Content Security Policy (CSP) implementation in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 does not block inline event handlers, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted HTML document. CVE-2012-1943 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1943): Untrusted search path vulnerability in Updater.exe in the Windows Updater Service in Mozilla Firefox 12.0, Thunderbird 12.0, and SeaMonkey 2.9 on Windows allows local users to gain privileges via a Trojan horse wsock32.dll file in an application directory. CVE-2012-1942 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1942): The Mozilla Updater and Windows Updater Service in Mozilla Firefox 12.0, Thunderbird 12.0, and SeaMonkey 2.9 on Windows allow local users to gain privileges by loading a DLL file in a privileged context. CVE-2012-1941 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1941): Heap-based buffer overflow in the nsHTMLReflowState::CalculateHypotheticalBox function in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allows remote attackers to execute arbitrary code by resizing a window displaying absolutely positioned and relatively positioned elements in nested columns. CVE-2012-1940 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1940): Use-after-free vulnerability in the nsFrameList::FirstChild function in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption and application crash) by changing the size of a container of absolutely positioned elements in a column. CVE-2012-1939 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1939): jsinfer.cpp in Mozilla Firefox ESR 10.x before 10.0.5 and Thunderbird ESR 10.x before 10.0.5 does not properly determine data types, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via crafted JavaScript code. CVE-2012-1938 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1938): Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 13.0, Thunderbird before 13.0, and SeaMonkey before 2.10 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to (1) methodjit/ImmutableSync.cpp, (2) the JSObject::makeDenseArraySlow function in js/src/jsarray.cpp, and unknown other components. CVE-2012-1937 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1937): Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. CVE-2012-0441 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0441): The ASN.1 decoder in the QuickDER decoder in Mozilla Network Security Services (NSS) before 3.13.4, as used in Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10, allows remote attackers to cause a denial of service (application crash) via a zero-length item, as demonstrated by (1) a zero-length basic constraint or (2) a zero-length field in an OCSP response.
Please stabilise =www-client/seamonkey-2.10.1 and =www-client/seamonkey-bin-2.10.1 as they fix some MAJOR issues that cropped up in seamonkey(-bin)-2.10. amd64 re-added for that reason. No change for firefox and thunderbird stabilisation versions as the only stable branch is 10.0.x which is unaffected.
x86 stable, thanks Mikle!
Remaining arches will continue in bug 427224.
This issue was resolved and addressed in GLSA 201301-01 at http://security.gentoo.org/glsa/glsa-201301-01.xml by GLSA coordinator Sean Amoss (ackle).