Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 657976 (CVE-2018-5150, CVE-2018-5154, CVE-2018-5155, CVE-2018-5157, CVE-2018-5158, CVE-2018-5159, CVE-2018-5168, CVE-2018-5178, CVE-2018-5183, MFSA-2018-12, MFSA-2018-14) - <www-client/firefox{,-bin}-{52.8.1,60.0.2}: multiple vulnerabilities (MFSA-2018-{12,14})
Summary: <www-client/firefox{,-bin}-{52.8.1,60.0.2}: multiple vulnerabilities (MFSA-20...
Status: RESOLVED FIXED
Alias: CVE-2018-5150, CVE-2018-5154, CVE-2018-5155, CVE-2018-5157, CVE-2018-5158, CVE-2018-5159, CVE-2018-5168, CVE-2018-5178, CVE-2018-5183, MFSA-2018-12, MFSA-2018-14
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL: https://www.mozilla.org/en-US/securit...
Whiteboard: B2 [glsa+ cve]
Keywords:
Depends on:
Blocks:
 
Reported: 2018-06-12 14:04 UTC by Wolfi Jack
Modified: 2018-10-02 22:25 UTC (History)
3 users (show)

See Also:
Package list:
www-client/firefox-52.8.1 www-client/firefox-60.0.2 dev-libs/nspr-4.19 dev-libs/nss-3.37.3
Runtime testing required: ---
stable-bot: sanity-check+


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Wolfi Jack 2018-06-12 14:04:46 UTC
https://www.mozilla.org/en-US/security/advisories/mfsa2018-14/

Reproducible: Always
Comment 1 Jory A. Pratt gentoo-dev 2018-06-15 17:01:40 UTC
52.8.1 and 60.0.2 are in the tree, please mark both ebuilds stable. We will keep 52.x branch around until the full EOL happens.
Comment 2 Stabilization helper bot gentoo-dev 2018-06-17 21:01:39 UTC
An automated check of this bug failed - repoman reported dependency errors (126 lines truncated): 

> dependency.bad www-client/firefox/firefox-60.0.2.ebuild: DEPEND: amd64(default/linux/amd64/17.0) ['>=dev-libs/nss-3.36.4', '>=dev-libs/nspr-4.19']
> dependency.bad www-client/firefox/firefox-60.0.2.ebuild: RDEPEND: amd64(default/linux/amd64/17.0) ['>=dev-libs/nss-3.36.4', '>=dev-libs/nspr-4.19']
> dependency.bad www-client/firefox/firefox-60.0.2.ebuild: DEPEND: amd64(default/linux/amd64/17.0/desktop) ['>=dev-libs/nss-3.36.4', '>=dev-libs/nspr-4.19']
> dependency.bad www-client/firefox/firefox-60.0.2.ebuild: DEPEND: amd64(default/linux/amd64/17.0) ['>=dev-libs/nss-3.36.4', '>=dev-libs/nspr-4.19']
> dependency.bad www-client/firefox/firefox-60.0.2.ebuild: RDEPEND: amd64(default/linux/amd64/17.0) ['>=dev-libs/nss-3.36.4', '>=dev-libs/nspr-4.19']
> dependency.bad www-client/firefox/firefox-60.0.2.ebuild: DEPEND: amd64(default/linux/amd64/17.0/desktop) ['>=dev-libs/nss-3.36.4', '>=dev-libs/nspr-4.19']
Comment 3 Jory A. Pratt gentoo-dev 2018-06-17 22:10:27 UTC
You all will need to take the proper nss and nspr versions at same time.
Comment 4 Thomas Deutschmann gentoo-dev Security 2018-06-18 00:57:39 UTC
x86 stopped stabilization due to bug 658362.
Comment 5 Thomas Deutschmann gentoo-dev Security 2018-06-28 16:12:58 UTC
Superseded by bug 659432.
Comment 6 Thomas Deutschmann gentoo-dev Security 2018-10-02 09:04:18 UTC
Added to an existing GLSA request.
Comment 7 GLSAMaker/CVETool Bot gentoo-dev 2018-10-02 22:25:23 UTC
This issue was resolved and addressed in
 GLSA 201810-01 at https://security.gentoo.org/glsa/201810-01
by GLSA coordinator Thomas Deutschmann (whissi).