Your message dated Mon, 18 Apr 2005 12:32:46 -0400
with message-id <[EMAIL PROTECTED]>
and subject line Bug#304922: fixed in mozilla 2:1.7.7-1
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 16 Apr 2005 14:12:43 +0000
>From [EMAIL PROTECTED] Sat Apr 16 07:12:43 2005
Return-path: <[EMAIL PROTECTED]>
Received: from smtp.blackdown.de [213.239.206.42]
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1DMo2M-00078U-00; Sat, 16 Apr 2005 07:12:42 -0700
Received: from p5090a008.dip0.t-ipconnect.de ([80.144.160.8]
ident=[bi1NtvSC7jvh91hwTI+aTADX4xL4fimV])
by smtp.blackdown.de with esmtpsa (TLS-1.0:RSA_AES_256_CBC_SHA:32)
(Exim 4.50)
id 1DMo2L-0001HW-0N
for [EMAIL PROTECTED]; Sat, 16 Apr 2005 16:12:41 +0200
Received: from fry.jknet ([192.168.1.2]
ident=[8Z5vhVqGCPpY1Rs/Kabouf07bpsJre1s])
by server.jknet with esmtps (TLS-1.0:RSA_AES_256_CBC_SHA:32)
(Exim 4.50)
id 1DMo2K-0003VD-6h
for [EMAIL PROTECTED]; Sat, 16 Apr 2005 16:12:40 +0200
Received: from jk by fry.jknet with local (Exim 4.50)
id 1DMo2I-0006jM-ST
for [EMAIL PROTECTED]; Sat, 16 Apr 2005 16:12:38 +0200
From: Juergen Kreileder <[EMAIL PROTECTED]>
To: Debian Bug Tracking System <[EMAIL PROTECTED]>
Subject: mozilla-browser: Multiple Security Issues
X-PGP-Key: http://blackhole.pca.dfn.de:11371/pks/lookup?op=get&search=0x730A28A5
X-PGP-Fingerprint: 7C19 D069 9ED5 DC2E 1B10 9859 C027 8D5B 730A 28A5
X-Debbugs-CC: Juergen Kreileder <[EMAIL PROTECTED]>
Date: Sat, 16 Apr 2005 16:12:38 +0200
Message-ID: <[EMAIL PROTECTED]>
Organization: Blackdown Java-Linux Team
Lines: 60
User-Agent: Gnus/5.110003 (No Gnus v0.3) Emacs/21.4 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-11.0 required=4.0 tests=BAYES_00,HAS_PACKAGE,
X_DEBBUGS_CC autolearn=ham version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level:
Package: mozilla-browser
Version: 2:1.7.6-1
Severity: grave
Tags: security
Mozilla 1.7.7 fixes seven security issues, according to
http://www.mozilla.org/projects/security/known-vulnerabilities.html#Mozilla
two have critical severity and one has high severity:
MFSA 2005-33 Javascript "lambda" replace exposes memory contents
MFSA 2005-35 Showing blocked javascript: popup uses wrong privilege context
MFSA 2005-36 Cross-site scripting through global scope pollution
MFSA 2005-37 Code execution through javascript: favicons
MFSA 2005-38 Search plugin cross-site scripting
MFSA 2005-40 Missing Install object instance checks
MFSA 2005-41 Privilege escalation via DOM property overrides
-- System Information:
Debian Release: 3.1
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: powerpc (ppc64)
Kernel: Linux 2.6.12-rc2-mm3
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Versions of packages mozilla-browser depends on:
ii debconf 1.4.48 Debian configuration management sy
ii libatk1.0-0 1.8.0-4 The ATK accessibility toolkit
ii libc6 2.3.2.ds1-20 GNU C Library: Shared libraries an
ii libfontconfig1 2.3.1-2 generic font configuration library
ii libfreetype6 2.1.7-2.3 FreeType 2 font engine, shared lib
ii libgcc1 1:3.4.3-12 GCC support library
ii libglib2.0-0 2.6.4-1 The GLib library of C routines
ii libgtk2.0-0 2.6.4-1 The GTK+ graphical user interface
ii libkrb53 1.3.6-2 MIT Kerberos runtime libraries
ii libnspr4 2:1.7.6-1 Netscape Portable Runtime Library
ii libpango1.0-0 1.8.1-1 Layout and rendering of internatio
ii libstdc++5 1:3.3.5-12 The GNU Standard C++ Library v3
ii libx11-6 4.3.0.dfsg.1-12 X Window System protocol client li
ii libxext6 4.3.0.dfsg.1-12 X Window System miscellaneous exte
ii libxft2 2.1.7-1 FreeType-based font drawing librar
ii libxp6 4.3.0.dfsg.1-12 X Window System printing extension
ii libxrender1 0.8.3-7 X Rendering Extension client libra
ii libxt6 4.3.0.dfsg.1-12 X Toolkit Intrinsics
ii psmisc 21.6-1 Utilities that use the proc filesy
ii xlibs 4.3.0.dfsg.1-12 X Keyboard Extension (XKB) configu
ii zlib1g 1:1.2.2-4 compression library - runtime
-- debconf information:
* mozilla/dsp: esddsp
* mozilla/locale_auto: true
* mozilla/prefs_note:
Juergen
--
Juergen Kreileder, Blackdown Java-Linux Team
http://blog.blackdown.de/
---------------------------------------
Received: (at 304922-close) by bugs.debian.org; 18 Apr 2005 16:48:37 +0000
>From [EMAIL PROTECTED] Mon Apr 18 09:48:37 2005
Return-path: <[EMAIL PROTECTED]>
Received: from newraff.debian.org [208.185.25.31] (mail)
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1DNZQL-0000HZ-00; Mon, 18 Apr 2005 09:48:37 -0700
Received: from katie by newraff.debian.org with local (Exim 3.35 1 (Debian))
id 1DNZB0-0004s1-00; Mon, 18 Apr 2005 12:32:46 -0400
From: Takuo KITAME <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
X-Katie: $Revision: 1.55 $
Subject: Bug#304922: fixed in mozilla 2:1.7.7-1
Message-Id: <[EMAIL PROTECTED]>
Sender: Archive Administrator <[EMAIL PROTECTED]>
Date: Mon, 18 Apr 2005 12:32:46 -0400
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER
autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level:
X-CrossAssassin-Score: 8
Source: mozilla
Source-Version: 2:1.7.7-1
We believe that the bug you reported is fixed in the latest version of
mozilla, which is due to be installed in the Debian FTP archive:
libnspr-dev_1.7.7-1_i386.deb
to pool/main/m/mozilla/libnspr-dev_1.7.7-1_i386.deb
libnspr4_1.7.7-1_i386.deb
to pool/main/m/mozilla/libnspr4_1.7.7-1_i386.deb
libnss-dev_1.7.7-1_i386.deb
to pool/main/m/mozilla/libnss-dev_1.7.7-1_i386.deb
libnss3_1.7.7-1_i386.deb
to pool/main/m/mozilla/libnss3_1.7.7-1_i386.deb
mozilla-browser_1.7.7-1_i386.deb
to pool/main/m/mozilla/mozilla-browser_1.7.7-1_i386.deb
mozilla-calendar_1.7.7-1_i386.deb
to pool/main/m/mozilla/mozilla-calendar_1.7.7-1_i386.deb
mozilla-chatzilla_1.7.7-1_i386.deb
to pool/main/m/mozilla/mozilla-chatzilla_1.7.7-1_i386.deb
mozilla-dev_1.7.7-1_i386.deb
to pool/main/m/mozilla/mozilla-dev_1.7.7-1_i386.deb
mozilla-dom-inspector_1.7.7-1_i386.deb
to pool/main/m/mozilla/mozilla-dom-inspector_1.7.7-1_i386.deb
mozilla-js-debugger_1.7.7-1_i386.deb
to pool/main/m/mozilla/mozilla-js-debugger_1.7.7-1_i386.deb
mozilla-mailnews_1.7.7-1_i386.deb
to pool/main/m/mozilla/mozilla-mailnews_1.7.7-1_i386.deb
mozilla-psm_1.7.7-1_i386.deb
to pool/main/m/mozilla/mozilla-psm_1.7.7-1_i386.deb
mozilla_1.7.7-1.diff.gz
to pool/main/m/mozilla/mozilla_1.7.7-1.diff.gz
mozilla_1.7.7-1.dsc
to pool/main/m/mozilla/mozilla_1.7.7-1.dsc
mozilla_1.7.7-1_i386.deb
to pool/main/m/mozilla/mozilla_1.7.7-1_i386.deb
mozilla_1.7.7.orig.tar.gz
to pool/main/m/mozilla/mozilla_1.7.7.orig.tar.gz
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Takuo KITAME <[EMAIL PROTECTED]> (supplier of updated mozilla package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Mon, 18 Apr 2005 17:02:02 +0900
Source: mozilla
Binary: mozilla mozilla-calendar mozilla-dom-inspector libnspr4
mozilla-js-debugger mozilla-browser libnss3 libnspr-dev mozilla-chatzilla
mozilla-psm mozilla-mailnews libnss-dev mozilla-dev
Architecture: source i386
Version: 2:1.7.7-1
Distribution: unstable
Urgency: high
Maintainer: Takuo KITAME <[EMAIL PROTECTED]>
Changed-By: Takuo KITAME <[EMAIL PROTECTED]>
Description:
libnspr-dev - Netscape Portable Runtime library - development files
libnspr4 - Netscape Portable Runtime Library
libnss-dev - Network Security Service Libraries - development
libnss3 - Network Security Service Libraries - runtime
mozilla - The Mozilla Internet application suite - meta package
mozilla-browser - The Mozilla Internet application suite - core and browser
mozilla-calendar - Todo organizer,calendar and reminder,integrated with
Mozilla suit
mozilla-chatzilla - Mozilla Web Browser - irc client
mozilla-dev - The Mozilla Internet application suite - development files
mozilla-dom-inspector - A tool for inspecting the DOM of pages in Mozilla.
mozilla-js-debugger - JavaScript debugger for use with Mozilla
mozilla-mailnews - The Mozilla Internet application suite - mail and news
support
mozilla-psm - The Mozilla Internet application suite - Personal Security Manage
Closes: 260305 280567 290451 298456 301506 302650 304904 304922
Changes:
mozilla (2:1.7.7-1) unstable; urgency=high
.
* New upstream release
* fix some security issue. (closes: #298456, #304922)
- MFSA 2005-33 Javascript "lambda" replace exposes memory contents
- MFSA 2005-35 Showing blocked javascript: popup uses wrong privilege
context
- MFSA 2005-36 Cross-site scripting through global scope pollution
- MFSA 2005-37 Code execution through javascript: favicons
- MFSA 2005-38 Search plugin cross-site scripting
- MFSA 2005-40 Missing Install object instance checks
- MFSA 2005-41 Privilege escalation via DOM property overrides
* applied patch to fix build problem on amd64 (closes: #301506)
* mozilla-runner.in:
- remove calling perl. use readlink(1) instead. (closes: #290451)
* remove libXt.so.6 from /usr/lib/mozilla (closes: #304904)
* fix typo in update-mozilla-chrome.8 (closes: #302650)
* suggests: latex-xft-fonts (closes: #280567)
* add rplaydsp to list of dsp wrappers. (closes: #260305)
Files:
2f5a05ce404cc1f6ddb04f67fcdda8d7 1111 web optional mozilla_1.7.7-1.dsc
682c914456da9e9e42488fc409fdca6c 29916494 web optional
mozilla_1.7.7.orig.tar.gz
033170012ea5a938c8ebb7772881a3f9 430348 web optional mozilla_1.7.7-1.diff.gz
f5550a61d250f27474b45622a909cd80 1030 web optional mozilla_1.7.7-1_i386.deb
23ab38ac520dd9e42739943b892c8f76 10282480 web optional
mozilla-browser_1.7.7-1_i386.deb
215984fca726135438dc451857370440 3344100 devel optional
mozilla-dev_1.7.7-1_i386.deb
8e7165662bb8e48c43738247fbee77fe 1811054 mail optional
mozilla-mailnews_1.7.7-1_i386.deb
f055d8b22ea8898f2fe411f7739a3a58 158310 net optional
mozilla-chatzilla_1.7.7-1_i386.deb
45f5765f457baa33318581729e744853 192294 web optional
mozilla-psm_1.7.7-1_i386.deb
5bf2748534f91917ab8199e266a75bc5 116202 web optional
mozilla-dom-inspector_1.7.7-1_i386.deb
f29da9ca2b003138d6bbb35c1cb348c2 204124 devel optional
mozilla-js-debugger_1.7.7-1_i386.deb
68d577ad78da1818b1c8bbb77bfe5d70 403266 misc optional
mozilla-calendar_1.7.7-1_i386.deb
a7f313fb11dab407082ae17529be47a6 130102 libs optional libnspr4_1.7.7-1_i386.deb
96d6c630d4f5092e33b2cc011e4ca991 168058 libdevel optional
libnspr-dev_1.7.7-1_i386.deb
e8ad0f4c8efb83d609211ae6cedffa10 653968 libs optional libnss3_1.7.7-1_i386.deb
42f0bb9c8e06a545a9ad7a24c353ed41 184944 libdevel optional
libnss-dev_1.7.7-1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)
iD8DBQFCY4LkU+WZW1FVMwoRApOzAJ4zv0p2LFHSwxjnq0StnQsi/4uFpwCfbBS4
gQtD0rqxPXtTDrfhfn9YsUk=
=L6HF
-----END PGP SIGNATURE-----
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
