836866 – (CVE-2022-28283, CVE-2022-28284, CVE-2022-28287, CVE-2022-28288, MFSA-2022-14) <www-client/firefox{-bin,}-{91.8.0,99.0}: Multiple vulnerabilities

Bug 836866 (CVE-2022-28283, CVE-2022-28284, CVE-2022-28287, CVE-2022-28288, MFSA-2022-14) - <www-client/firefox{-bin,}-{91.8.0,99.0}: Multiple vulnerabilities

Summary: <www-client/firefox{-bin,}-{91.8.0,99.0}: Multiple vulnerabilities

Status:	RESOLVED FIXED

Alias:	CVE-2022-28283, CVE-2022-28284, CVE-2022-28287, CVE-2022-28288, MFSA-2022-14

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal normal
Assignee:	Gentoo Security

URL:
Whiteboard:	B2 [glsa+]
Keywords:

Depends on:	836914
Blocks:
	Show dependency tree

Reported:	2022-04-05 22:46 UTC by Sam James
Modified:	2022-08-10 04:27 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Sam James archtester

2022-04-05 22:46:14 UTC

Comment 1 Sam James archtester

2022-04-05 23:17:04 UTC

Please stable when ready.

Comment 2 Sam James archtester

2022-04-05 23:56:08 UTC

(firefox 99 not bumped to yet but it's not stable either)

Comment 3 Larry the Git Cow gentoo-dev

2022-04-07 07:07:21 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2287bfe2683a7101089828457a42c2563f404968

commit 2287bfe2683a7101089828457a42c2563f404968
Author:     Joonas Niilola <juippis@gentoo.org>
AuthorDate: 2022-04-07 07:04:58 +0000
Commit:     Joonas Niilola <juippis@gentoo.org>
CommitDate: 2022-04-07 07:04:58 +0000

    www-client/firefox: add 99.0
    
    Bug: https://bugs.gentoo.org/836866
    Signed-off-by: Joonas Niilola <juippis@gentoo.org>

 www-client/firefox/Manifest            |   99 +++
 www-client/firefox/firefox-99.0.ebuild | 1258 ++++++++++++++++++++++++++++++++
 2 files changed, 1357 insertions(+)

Comment 4 John Helmert III archtester

2022-04-11 02:16:10 UTC

Please cleanup

Comment 5 Larry the Git Cow gentoo-dev

2022-04-11 12:24:53 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6b06ffa1d38711bd221cabd10aa28febf4ce143f

commit 6b06ffa1d38711bd221cabd10aa28febf4ce143f
Author:     Joonas Niilola <juippis@gentoo.org>
AuthorDate: 2022-04-11 12:24:18 +0000
Commit:     Joonas Niilola <juippis@gentoo.org>
CommitDate: 2022-04-11 12:24:18 +0000

    www-client/firefox: drop 91.7.0, 91.7.1 (sec cleanup)
    
    Bug: https://bugs.gentoo.org/836866
    Signed-off-by: Joonas Niilola <juippis@gentoo.org>

 www-client/firefox/Manifest              |  197 -----
 www-client/firefox/firefox-91.7.0.ebuild | 1230 -----------------------------
 www-client/firefox/firefox-91.7.1.ebuild | 1238 ------------------------------
 3 files changed, 2665 deletions(-)

Comment 6 Larry the Git Cow gentoo-dev

2022-08-10 04:18:46 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/data/glsa.git/commit/?id=28683764d95cb78c056bdf67f3245ad0eb5c6bbe

commit 28683764d95cb78c056bdf67f3245ad0eb5c6bbe
Author:     GLSAMaker <glsamaker@gentoo.org>
AuthorDate: 2022-08-10 04:06:48 +0000
Commit:     John Helmert III <ajak@gentoo.org>
CommitDate: 2022-08-10 04:17:28 +0000

    [ GLSA 202208-08 ] Mozilla Firefox: Multiple Vulnerabilities
    
    Bug: https://bugs.gentoo.org/834631
    Bug: https://bugs.gentoo.org/834804
    Bug: https://bugs.gentoo.org/836866
    Bug: https://bugs.gentoo.org/842438
    Bug: https://bugs.gentoo.org/846593
    Bug: https://bugs.gentoo.org/849044
    Bug: https://bugs.gentoo.org/857045
    Bug: https://bugs.gentoo.org/861515
    Signed-off-by: GLSAMaker <glsamaker@gentoo.org>
    Signed-off-by: John Helmert III <ajak@gentoo.org>

 glsa-202208-08.xml | 147 +++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 147 insertions(+)

Comment 7 John Helmert III archtester

2022-08-10 04:27:04 UTC

GLSA released, all done!