Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 807947 (CVE-2021-29981, CVE-2021-29982, CVE-2021-29987, CVE-2021-29990) - <www-client/firefox{-bin,}-{78.13.0,91.0}: multiple vulnerabilities
Summary: <www-client/firefox{-bin,}-{78.13.0,91.0}: multiple vulnerabilities
Status: RESOLVED FIXED
Alias: CVE-2021-29981, CVE-2021-29982, CVE-2021-29987, CVE-2021-29990
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal major (vote)
Assignee: Gentoo Security
URL:
Whiteboard: A2 [glsa]
Keywords:
Depends on: 807949
Blocks: CVE-2021-29980, CVE-2021-29984, CVE-2021-29985, CVE-2021-29986, CVE-2021-29988, CVE-2021-29989
  Show dependency tree
 
Reported: 2021-08-13 01:27 UTC by John Helmert III
Modified: 2022-02-21 23:05 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2021-08-13 01:27:04 UTC
Needs stabilization.
Comment 1 Larry the Git Cow gentoo-dev 2021-08-24 13:17:46 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=da107ef65d4b54256399c018f2409d3375ee611a

commit da107ef65d4b54256399c018f2409d3375ee611a
Author:     Thomas Deutschmann <whissi@gentoo.org>
AuthorDate: 2021-08-24 12:19:18 +0000
Commit:     Thomas Deutschmann <whissi@gentoo.org>
CommitDate: 2021-08-24 12:52:06 +0000

    www-client/firefox-bin: security cleanup
    
    Bug: https://bugs.gentoo.org/807947
    Bug: https://bugs.gentoo.org/808927
    Package-Manager: Portage-3.0.22, Repoman-3.0.3
    Signed-off-by: Thomas Deutschmann <whissi@gentoo.org>

 www-client/firefox-bin/Manifest                  | 194 -----------
 www-client/firefox-bin/firefox-bin-90.0.2.ebuild | 417 -----------------------
 www-client/firefox-bin/firefox-bin-91.0.ebuild   | 384 ---------------------
 3 files changed, 995 deletions(-)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=250bf9a2b6905ed3c1ee7440c3215cf350671e2c

commit 250bf9a2b6905ed3c1ee7440c3215cf350671e2c
Author:     Thomas Deutschmann <whissi@gentoo.org>
AuthorDate: 2021-08-24 12:15:13 +0000
Commit:     Thomas Deutschmann <whissi@gentoo.org>
CommitDate: 2021-08-24 12:52:05 +0000

    www-client/firefox: security cleanup
    
    Bug: https://bugs.gentoo.org/807947
    Bug: https://bugs.gentoo.org/808927
    Package-Manager: Portage-3.0.22, Repoman-3.0.3
    Signed-off-by: Thomas Deutschmann <whissi@gentoo.org>

 www-client/firefox/Manifest               |  293 -------
 www-client/firefox/firefox-78.12.0.ebuild | 1187 -----------------------------
 www-client/firefox/firefox-90.0.2.ebuild  | 1182 ----------------------------
 www-client/firefox/firefox-91.0.ebuild    | 1149 ----------------------------
 4 files changed, 3811 deletions(-)
Comment 2 Joonas Niilola gentoo-dev 2021-12-13 06:36:44 UTC
These have been cleaned, but newer security bugs are open.
Comment 3 Larry the Git Cow gentoo-dev 2022-02-21 23:03:19 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/data/glsa.git/commit/?id=57effa1a78ecfa61900fdedbc9401d0948141e99

commit 57effa1a78ecfa61900fdedbc9401d0948141e99
Author:     John Helmert III <ajak@gentoo.org>
AuthorDate: 2022-02-21 22:59:29 +0000
Commit:     John Helmert III <ajak@gentoo.org>
CommitDate: 2022-02-21 22:59:29 +0000

    [ GLSA 202202-03 ] Mozilla Firefox: Multiple vulnerabilities
    
    Bug: https://bugs.gentoo.org/802768
    Bug: https://bugs.gentoo.org/807947
    Bug: https://bugs.gentoo.org/813498
    Bug: https://bugs.gentoo.org/821385
    Bug: https://bugs.gentoo.org/828538
    Bug: https://bugs.gentoo.org/831039
    Bug: https://bugs.gentoo.org/832992
    Signed-off-by: John Helmert III <ajak@gentoo.org>

 glsa-202202-03.xml | 141 +++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 141 insertions(+)
Comment 4 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-02-21 23:05:36 UTC
GLSA released, all done!