885813 – (CVE-2022-46873, CVE-2022-46879) <www-client/firefox{-bin,}-{102.6.0,108.0}: multiple vulnerabilities

Bug 885813 (CVE-2022-46873, CVE-2022-46879) - <www-client/firefox{-bin,}-{102.6.0,108.0}: multiple vulnerabilities

Summary: <www-client/firefox{-bin,}-{102.6.0,108.0}: multiple vulnerabilities

Status:	RESOLVED FIXED

Alias:	CVE-2022-46873, CVE-2022-46879

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal major (vote)
Assignee:	Gentoo Security

URL:
Whiteboard:	A2 [glsa+]
Keywords:

Depends on:	886015
Blocks:	CVE-2022-46871, CVE-2022-46872, CVE-2022-46874, CVE-2022-46875, CVE-2022-46877, CVE-2022-46878, CVE-2022-46880, CVE-2022-46881, CVE-2022-46882
	Show dependency tree

Reported:	2022-12-13 19:16 UTC by John Helmert III
Modified:	2023-05-03 09:36 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description John Helmert III archtester

2022-12-13 19:16:56 UTC

Details in tracker. Please bump to 102.6, 108.

Comment 1 Larry the Git Cow gentoo-dev

2022-12-16 06:31:10 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1cacb359abbfee2b4257fe594dcfa03835fa045f

commit 1cacb359abbfee2b4257fe594dcfa03835fa045f
Author:     Joonas Niilola <juippis@gentoo.org>
AuthorDate: 2022-12-16 06:30:02 +0000
Commit:     Joonas Niilola <juippis@gentoo.org>
CommitDate: 2022-12-16 06:31:08 +0000

    www-client/firefox: drop 102.5.0
    
    Bug: https://bugs.gentoo.org/885813
    Signed-off-by: Joonas Niilola <juippis@gentoo.org>

 www-client/firefox/Manifest               |   99 ---
 www-client/firefox/firefox-102.5.0.ebuild | 1278 -----------------------------
 2 files changed, 1377 deletions(-)

Comment 2 Joonas Niilola gentoo-dev

2022-12-16 06:32:25 UTC

I'm gonna leave 107.0.1 in tree for a bit longer because 108.0 was such a difficult release. I'm not confident it works like that for everyone, but I am positively surprised no bugs have been yet reported. Fingers crossed...

Comment 3 Larry the Git Cow gentoo-dev

2023-01-05 09:23:31 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=21c64e924813bf475dd969095e8e40a5a8e11e7e

commit 21c64e924813bf475dd969095e8e40a5a8e11e7e
Author:     Joonas Niilola <juippis@gentoo.org>
AuthorDate: 2023-01-05 09:16:04 +0000
Commit:     Joonas Niilola <juippis@gentoo.org>
CommitDate: 2023-01-05 09:23:27 +0000

    www-client/firefox: drop 107.0.1, 108.0, 108.0.1
    
    Bug: https://bugs.gentoo.org/885813
    Signed-off-by: Joonas Niilola <juippis@gentoo.org>

 www-client/firefox/Manifest               |  296 -------
 www-client/firefox/firefox-107.0.1.ebuild | 1328 ----------------------------
 www-client/firefox/firefox-108.0.1.ebuild | 1330 -----------------------------
 www-client/firefox/firefox-108.0.ebuild   | 1330 -----------------------------
 4 files changed, 4284 deletions(-)

Comment 4 John Helmert III archtester

2023-01-25 19:28:13 UTC

GLSA request filed

Comment 5 Larry the Git Cow gentoo-dev

2023-05-03 09:31:59 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/data/glsa.git/commit/?id=5f136da08cc28aa97d67b66cdaeb4c59046fd70d

commit 5f136da08cc28aa97d67b66cdaeb4c59046fd70d
Author:     GLSAMaker <glsamaker@gentoo.org>
AuthorDate: 2023-05-03 09:15:03 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2023-05-03 09:31:46 +0000

    [ GLSA 202305-06 ] Mozilla Firefox: Multiple Vulnerabilities
    
    Bug: https://bugs.gentoo.org/885813
    Bug: https://bugs.gentoo.org/891213
    Signed-off-by: GLSAMaker <glsamaker@gentoo.org>
    Signed-off-by: Sam James <sam@gentoo.org>

 glsa-202305-06.xml | 92 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 92 insertions(+)