Bug#308776: marked as done (mozilla-browser: Multiple security issues)

Fri, 13 May 2005 04:08:09 -0700 

Your message dated Fri, 13 May 2005 06:32:19 -0400
with message-id <[EMAIL PROTECTED]>
and subject line Bug#308776: fixed in mozilla 2:1.7.8-1
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--------------------------------------
Received: (at submit) by bugs.debian.org; 12 May 2005 09:53:57 +0000
>From [EMAIL PROTECTED] Thu May 12 02:53:57 2005
Return-path: <[EMAIL PROTECTED]>
Received: from smtp.blackdown.de [213.239.206.42] 
        by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
        id 1DWAOD-0002ln-00; Thu, 12 May 2005 02:53:57 -0700
Received: from p5090b1a3.dip0.t-ipconnect.de ([80.144.177.163] 
ident=[yOrnjYfdXFAw/j1EgA9eqJin9a7qdftC])
        by smtp.blackdown.de with esmtpsa (TLS-1.0:RSA_AES_256_CBC_SHA:32)
        (Exim 4.50)
        id 1DWAOB-0008GQ-7S; Thu, 12 May 2005 11:53:55 +0200
Received: from fry.jknet ([192.168.1.2] 
ident=[XcPJzi65aswfYcjenEerIPIQRKMtvQ3+])
        by server.jknet with esmtps (TLS-1.0:RSA_AES_256_CBC_SHA:32)
        (Exim 4.50)
        id 1DWAOA-00070Z-Gt; Thu, 12 May 2005 11:53:54 +0200
Received: from jk by fry.jknet with local (Exim 4.50)
        id 1DWAOA-0003HU-4g; Thu, 12 May 2005 11:53:54 +0200
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: Juergen Kreileder <[EMAIL PROTECTED]>
To: Debian Bug Tracking System <[EMAIL PROTECTED]>
Subject: mozilla-browser: Multiple security issues
X-Mailer: reportbug 3.12
Date: Thu, 12 May 2005 11:53:54 +0200
Message-Id: <[EMAIL PROTECTED]>
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 
        (1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-6.5 required=4.0 tests=BAYES_10,HAS_PACKAGE 
        autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level: 

Package: mozilla-browser
Version: 2:1.7.7-2
Severity: grave
Tags: security
Justification: user security hole

Mozilla 1.7.8 is out.  According to
http://www.mozilla.org/projects/security/known-vulnerabilities.html
it fixes three vulnerabilities:

* MFSA 2005-44 Privilege escalation via non-DOM property overrides   
* MFSA 2005-43 "Wrapped" javascript: urls bypass security checks
* MFSA 2005-42 Code execution via javascript: IconURL

The first two are marked as critical, the last one as high.

---------------------------------------
Received: (at 308776-close) by bugs.debian.org; 13 May 2005 10:46:23 +0000
>From [EMAIL PROTECTED] Fri May 13 03:46:23 2005
Return-path: <[EMAIL PROTECTED]>
Received: from newraff.debian.org [208.185.25.31] (mail)
        by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
        id 1DWXgV-0007ba-00; Fri, 13 May 2005 03:46:23 -0700
Received: from katie by newraff.debian.org with local (Exim 3.35 1 (Debian))
        id 1DWXSt-0004BU-00; Fri, 13 May 2005 06:32:19 -0400
From: Takuo KITAME <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
X-Katie: $Revision: 1.55 $
Subject: Bug#308776: fixed in mozilla 2:1.7.8-1
Message-Id: <[EMAIL PROTECTED]>
Sender: Archive Administrator <[EMAIL PROTECTED]>
Date: Fri, 13 May 2005 06:32:19 -0400
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 
        (1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER 
        autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level: 

Source: mozilla
Source-Version: 2:1.7.8-1

We believe that the bug you reported is fixed in the latest version of
mozilla, which is due to be installed in the Debian FTP archive:

libnspr-dev_1.7.8-1_i386.deb
  to pool/main/m/mozilla/libnspr-dev_1.7.8-1_i386.deb
libnspr4_1.7.8-1_i386.deb
  to pool/main/m/mozilla/libnspr4_1.7.8-1_i386.deb
libnss-dev_1.7.8-1_i386.deb
  to pool/main/m/mozilla/libnss-dev_1.7.8-1_i386.deb
libnss3_1.7.8-1_i386.deb
  to pool/main/m/mozilla/libnss3_1.7.8-1_i386.deb
mozilla-browser_1.7.8-1_i386.deb
  to pool/main/m/mozilla/mozilla-browser_1.7.8-1_i386.deb
mozilla-calendar_1.7.8-1_i386.deb
  to pool/main/m/mozilla/mozilla-calendar_1.7.8-1_i386.deb
mozilla-chatzilla_1.7.8-1_i386.deb
  to pool/main/m/mozilla/mozilla-chatzilla_1.7.8-1_i386.deb
mozilla-dev_1.7.8-1_i386.deb
  to pool/main/m/mozilla/mozilla-dev_1.7.8-1_i386.deb
mozilla-dom-inspector_1.7.8-1_i386.deb
  to pool/main/m/mozilla/mozilla-dom-inspector_1.7.8-1_i386.deb
mozilla-js-debugger_1.7.8-1_i386.deb
  to pool/main/m/mozilla/mozilla-js-debugger_1.7.8-1_i386.deb
mozilla-mailnews_1.7.8-1_i386.deb
  to pool/main/m/mozilla/mozilla-mailnews_1.7.8-1_i386.deb
mozilla-psm_1.7.8-1_i386.deb
  to pool/main/m/mozilla/mozilla-psm_1.7.8-1_i386.deb
mozilla_1.7.8-1.diff.gz
  to pool/main/m/mozilla/mozilla_1.7.8-1.diff.gz
mozilla_1.7.8-1.dsc
  to pool/main/m/mozilla/mozilla_1.7.8-1.dsc
mozilla_1.7.8-1_i386.deb
  to pool/main/m/mozilla/mozilla_1.7.8-1_i386.deb
mozilla_1.7.8.orig.tar.gz
  to pool/main/m/mozilla/mozilla_1.7.8.orig.tar.gz



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Takuo KITAME <[EMAIL PROTECTED]> (supplier of updated mozilla package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Fri, 13 May 2005 16:58:08 +0900
Source: mozilla
Binary: mozilla mozilla-calendar mozilla-dom-inspector libnspr4 
mozilla-js-debugger mozilla-browser libnss3 libnspr-dev mozilla-chatzilla 
mozilla-psm mozilla-mailnews libnss-dev mozilla-dev
Architecture: source i386
Version: 2:1.7.8-1
Distribution: unstable
Urgency: high
Maintainer: Takuo KITAME <[EMAIL PROTECTED]>
Changed-By: Takuo KITAME <[EMAIL PROTECTED]>
Description: 
 libnspr-dev - Netscape Portable Runtime library - development files
 libnspr4   - Netscape Portable Runtime Library
 libnss-dev - Network Security Service Libraries - development
 libnss3    - Network Security Service Libraries - runtime
 mozilla    - The Mozilla Internet application suite - meta package
 mozilla-browser - The Mozilla Internet application suite - core and browser
 mozilla-calendar - Todo organizer,calendar and reminder,integrated with 
Mozilla suit
 mozilla-chatzilla - Mozilla Web Browser - irc client
 mozilla-dev - The Mozilla Internet application suite - development files
 mozilla-dom-inspector - A tool for inspecting the DOM of pages in Mozilla.
 mozilla-js-debugger - JavaScript debugger for use with Mozilla
 mozilla-mailnews - The Mozilla Internet application suite - mail and news 
support
 mozilla-psm - The Mozilla Internet application suite - Personal Security Manage
Closes: 308776
Changes: 
 mozilla (2:1.7.8-1) unstable; urgency=high
 .
   * New upstream release
     This release includes multiple security fixes.
      - MFSA 2005-44 Privilege escalation via non-DOM property overrides
      - MFSA 2005-43 "Wrapped" javascript: urls bypass security checks
      - MFSA 2005-42 Code execution via javascript: IconURL
      (closes: #308776)
Files: 
 39376a556ad91e0bc02fea11f2aa5963 1111 web optional mozilla_1.7.8-1.dsc
 13c0f0331617748426679e8f2e9f537a 30589520 web optional 
mozilla_1.7.8.orig.tar.gz
 469f7af37942c418a872af0920de9baa 304792 web optional mozilla_1.7.8-1.diff.gz
 5400e8979cbbb32fe4741e9641085928 1022 web optional mozilla_1.7.8-1_i386.deb
 dcbf8baa4e6964af3c029e71f38ba66c 10282470 web optional 
mozilla-browser_1.7.8-1_i386.deb
 400e18932fa006863f302320c912955d 3344194 devel optional 
mozilla-dev_1.7.8-1_i386.deb
 8850cd1a97578a0810e452ba92211704 1811030 mail optional 
mozilla-mailnews_1.7.8-1_i386.deb
 320b16c850493dfb532eedcfd8725c00 158292 net optional 
mozilla-chatzilla_1.7.8-1_i386.deb
 0854701f0339a23e82f9ffd8ffb5465b 192276 web optional 
mozilla-psm_1.7.8-1_i386.deb
 b0fe136673a7c125ae80d327879da32b 116198 web optional 
mozilla-dom-inspector_1.7.8-1_i386.deb
 adf5a760c918bfe7f62f4941fcfec474 204118 devel optional 
mozilla-js-debugger_1.7.8-1_i386.deb
 87b74dcd8af23a92372f3fd937dbb8ae 403256 misc optional 
mozilla-calendar_1.7.8-1_i386.deb
 01314fecccc8daa636e25760fdfc76c0 130212 libs optional libnspr4_1.7.8-1_i386.deb
 09bb8bb3b22fb539c81b8fd48665b31f 168036 libdevel optional 
libnspr-dev_1.7.8-1_i386.deb
 530402bec6a9629a93d160bc2f598cc3 654088 libs optional libnss3_1.7.8-1_i386.deb
 a5572b78a82d3fc9815fea17a04f0974 184926 libdevel optional 
libnss-dev_1.7.8-1_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)

iD8DBQFChH5nU+WZW1FVMwoRArh1AJ9ooJ1gvJjrjjEhxGJFioiG11D2gwCfRCrQ
E6Ii2Se2lUJEQbvFE40EzMg=
=zVGK
-----END PGP SIGNATURE-----


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Reply via email to