CVE-2018-18500: Use-after-free parsing HTML5 stream CVE-2018-18503: Memory corruption with Audio Buffer CVE-2018-18504: Memory corruption and out-of-bounds read of texture client buffer CVE-2018-18505: Privilege escalation through IPC channel messages CVE-2018-18506: Proxy Auto-Configuration file can define localhost access to be proxied CVE-2018-18502: Memory safety bugs fixed in Firefox 65 CVE-2018-18501: Memory safety bugs fixed in Firefox 65 and Firefox ESR 60.5 Gentoo Security Padawan (domhnall)
An automated check of this bug failed - the following atom is unknown: www-client-firefox-60.5.0 Please verify the atom list.
x86 stable
amd64 stable
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7a549899175e46425b3e0dee9286ac11522737b6 commit 7a549899175e46425b3e0dee9286ac11522737b6 Author: Thomas Deutschmann <whissi@gentoo.org> AuthorDate: 2019-02-06 14:16:21 +0000 Commit: Thomas Deutschmann <whissi@gentoo.org> CommitDate: 2019-02-06 14:16:21 +0000 www-client/firefox-bin: security cleanup Bug: https://bugs.gentoo.org/676892 Package-Manager: Portage-2.3.59, Repoman-2.3.12 Signed-off-by: Thomas Deutschmann <whissi@gentoo.org> www-client/firefox-bin/Manifest | 172 -------------------- .../firefox-bin/firefox-bin-60.4.0-r1.ebuild | 179 --------------------- .../firefox-bin/firefox-bin-64.0.2-r1.ebuild | 179 --------------------- 3 files changed, 530 deletions(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9e6a8e1b86fb7a9466ec87c022cd98b617559397 commit 9e6a8e1b86fb7a9466ec87c022cd98b617559397 Author: Thomas Deutschmann <whissi@gentoo.org> AuthorDate: 2019-02-06 14:15:32 +0000 Commit: Thomas Deutschmann <whissi@gentoo.org> CommitDate: 2019-02-06 14:15:32 +0000 www-client/firefox: security cleanup Bug: https://bugs.gentoo.org/676892 Package-Manager: Portage-2.3.59, Repoman-2.3.12 Signed-off-by: Thomas Deutschmann <whissi@gentoo.org> www-client/firefox/Manifest | 278 -------------- www-client/firefox/firefox-60.4.0.ebuild | 419 -------------------- www-client/firefox/firefox-64.0.2.ebuild | 639 ------------------------------- www-client/firefox/firefox-64.0.ebuild | 639 ------------------------------- 4 files changed, 1975 deletions(-)
New GLSA request filed.
This issue was resolved and addressed in GLSA 201903-04 at https://security.gentoo.org/glsa/201903-04 by GLSA coordinator Aaron Bauman (b-man).