Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
summaryrefslogtreecommitdiff
path: root/metadata/glsa
diff options
context:
space:
mode:
authorRepository mirror & CI <repomirrorci@gentoo.org>2021-02-01 02:54:44 +0000
committerRepository mirror & CI <repomirrorci@gentoo.org>2021-02-01 02:54:44 +0000
commitf751c3ed51f85cf8fa880f72845bcc58b8a1c0b0 (patch)
tree8b8032d052fb8b3e09d2676ee2d1c0d245d4af07 /metadata/glsa
parentMerge updates from master (diff)
parent[ GLSA 202102-02 ] Mozilla Thunderbird: Multiple vulnerabilities (diff)
downloadgentoo-f751c3ed51f85cf8fa880f72845bcc58b8a1c0b0.tar.gz
gentoo-f751c3ed51f85cf8fa880f72845bcc58b8a1c0b0.tar.bz2
gentoo-f751c3ed51f85cf8fa880f72845bcc58b8a1c0b0.zip
Merge commit 'ad25bb1223098eee6704824c258e1e4aec82f809' into master
Diffstat (limited to 'metadata/glsa')
-rw-r--r--metadata/glsa/glsa-202102-01.xml95
-rw-r--r--metadata/glsa/glsa-202102-02.xml71
2 files changed, 166 insertions, 0 deletions
diff --git a/metadata/glsa/glsa-202102-01.xml b/metadata/glsa/glsa-202102-01.xml
new file mode 100644
index 000000000000..c448adf3cd6c
--- /dev/null
+++ b/metadata/glsa/glsa-202102-01.xml
@@ -0,0 +1,95 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202102-01">
+ <title>Mozilla Firefox: Multiple vulnerabilities</title>
+ <synopsis>Multiple vulnerabilities have been found in Mozilla Firefox, the
+ worst of which could result in the arbitrary execution of code.
+ </synopsis>
+ <product type="ebuild">firefox</product>
+ <announced>2021-02-01</announced>
+ <revised count="1">2021-02-01</revised>
+ <bug>767334</bug>
+ <access>remote</access>
+ <affected>
+ <package name="www-client/firefox" auto="yes" arch="*">
+ <unaffected range="ge" slot="0/esr78">78.7.0</unaffected>
+ <unaffected range="ge">85.0</unaffected>
+ <vulnerable range="lt">85.0</vulnerable>
+ </package>
+ <package name="www-client/firefox-bin" auto="yes" arch="*">
+ <unaffected range="ge" slot="0/esr78">78.7.0</unaffected>
+ <unaffected range="ge">85.0</unaffected>
+ <vulnerable range="lt">85.0</vulnerable>
+ </package>
+ </affected>
+ <background>
+ <p>Mozilla Firefox is a popular open-source web browser from the Mozilla
+ project.
+ </p>
+ </background>
+ <description>
+ <p>Multiple vulnerabilities have been discovered in Mozilla Firefox. Please
+ review the CVE identifiers referenced below for details.
+ </p>
+ </description>
+ <impact type="normal">
+ <p>Please review the referenced CVE identifiers for details.</p>
+ </impact>
+ <workaround>
+ <p>There is no known workaround at this time.</p>
+ </workaround>
+ <resolution>
+ <p>All Mozilla Firefox ESR users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose "&gt;=www-client/firefox-78.7.0"
+ </code>
+
+ <p>All Mozilla Firefox ESR binary users should upgrade to the latest
+ version:
+ </p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose "&gt;=www-client/firefox-bin-78.7.0"
+ </code>
+
+ <p>All Mozilla Firefox users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose "&gt;=www-client/firefox-85.0"
+ </code>
+
+ <p>All Mozilla Firefox binary users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose "&gt;=www-client/firefox-bin-85.0"
+ </code>
+
+ </resolution>
+ <references>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-23953">CVE-2021-23953</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-23954">CVE-2021-23954</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-23955">CVE-2021-23955</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-23956">CVE-2021-23956</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-23958">CVE-2021-23958</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-23960">CVE-2021-23960</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-23961">CVE-2021-23961</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-23962">CVE-2021-23962</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-23963">CVE-2021-23963</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-23964">CVE-2021-23964</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-23965">CVE-2021-23965</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-26976">CVE-2021-26976</uri>
+ <uri link="https://www.mozilla.org/en-US/security/advisories/mfsa2021-03/">
+ Upstream advisory (MFSA-2021-03)
+ </uri>
+ <uri link="https://www.mozilla.org/en-US/security/advisories/mfsa2021-04/">
+ Upstream advisory (MFSA-2021-04)
+ </uri>
+ </references>
+ <metadata tag="requester" timestamp="2021-01-27T04:40:38Z">sam_c</metadata>
+ <metadata tag="submitter" timestamp="2021-02-01T01:39:52Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202102-02.xml b/metadata/glsa/glsa-202102-02.xml
new file mode 100644
index 000000000000..69f0cc482a4d
--- /dev/null
+++ b/metadata/glsa/glsa-202102-02.xml
@@ -0,0 +1,71 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202102-02">
+ <title>Mozilla Thunderbird: Multiple vulnerabilities</title>
+ <synopsis>Multiple vulnerabilities have been found in Mozilla Thunderbird,
+ the worst of which could result in the arbitrary execution of code.
+ </synopsis>
+ <product type="ebuild">thunderbird</product>
+ <announced>2021-02-01</announced>
+ <revised count="1">2021-02-01</revised>
+ <bug>767394</bug>
+ <access>remote</access>
+ <affected>
+ <package name="mail-client/thunderbird" auto="yes" arch="*">
+ <unaffected range="ge">78.7.0</unaffected>
+ <vulnerable range="lt">78.7.0</vulnerable>
+ </package>
+ <package name="mail-client/thunderbird-bin" auto="yes" arch="*">
+ <unaffected range="ge">78.7.0</unaffected>
+ <vulnerable range="lt">78.7.0</vulnerable>
+ </package>
+ </affected>
+ <background>
+ <p>Mozilla Thunderbird is a popular open-source email client from the
+ Mozilla project.
+ </p>
+ </background>
+ <description>
+ <p>Multiple vulnerabilities have been discovered in Mozilla Thunderbird.
+ Please review the CVE identifiers referenced below for details.
+ </p>
+ </description>
+ <impact type="normal">
+ <p>Please review the referenced CVE identifiers for details.</p>
+ </impact>
+ <workaround>
+ <p>There is no known workaround at this time.</p>
+ </workaround>
+ <resolution>
+ <p>All Mozilla Thunderbird users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose "&gt;=mail-client/thunderbird-78.7.0"
+ </code>
+
+ <p>All Mozilla Thunderbird binary users should upgrade to the latest
+ version:
+ </p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose
+ "&gt;=mail-client/thunderbird-bin-78.7.0"
+ </code>
+
+ </resolution>
+ <references>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-15685">CVE-2020-15685</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-26976">CVE-2020-26976</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-23953">CVE-2021-23953</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-23954">CVE-2021-23954</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-23960">CVE-2021-23960</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-23964">CVE-2021-23964</uri>
+ <uri link="https://www.mozilla.org/en-US/security/advisories/mfsa2021-05/">
+ Upstream advisory (MFSA-2021-05)
+ </uri>
+ </references>
+ <metadata tag="requester" timestamp="2021-01-27T04:56:17Z">sam_c</metadata>
+ <metadata tag="submitter" timestamp="2021-02-01T01:42:49Z">sam_c</metadata>
+</glsa>