Your message dated Mon, 16 May 2005 00:06:21 GMT
with message-id <[EMAIL PROTECTED]>
and subject line mozilla-browser: [CAN-2004-0597] libpng vulnerability also
affects mozilla
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 5 Aug 2004 11:17:27 +0000
>From [EMAIL PROTECTED] Thu Aug 05 04:17:27 2004
Return-path: <[EMAIL PROTECTED]>
Received: from tc2.perso.ens-lyon.org (mirchusko.localnet) [62.212.101.78]
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1BsgFT-0003Y5-00; Thu, 05 Aug 2004 04:17:27 -0700
Received: from joss by mirchusko.localnet with local (Exim 4.34)
id 1BsgFQ-0002aB-DE; Thu, 05 Aug 2004 13:17:24 +0200
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: Josselin Mouette <[EMAIL PROTECTED]>
To: Debian Bug Tracking System <[EMAIL PROTECTED]>
Subject: mozilla-browser: [CAN-2004-0597] libpng vulnerability also affects
mozilla
X-Mailer: reportbug 2.64
Date: Thu, 05 Aug 2004 13:17:24 +0200
Message-Id: <[EMAIL PROTECTED]>
Sender: Josselin Mouette <[EMAIL PROTECTED]>
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2004_03_25
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE
autolearn=no version=2.60-bugs.debian.org_2004_03_25
X-Spam-Level:
Package: mozilla-browser
Version: 2:1.7.1-5
Severity: grave
Tags: security
Justification: user security hole
The libpng vulnerability also seems to affect mozilla. With fixed libpng
packages, mozilla still crashes on this picture:
http://scary.beasts.org/misc/pngtest_bad.png
It seems that /usr/lib/mozilla/components/libimglib2.so includes code
from libpng but is not dynamically linked to libpng. As such, it may
also be vulnerable to other, older libpng vulnerabilities, but I
haven't checked.
---------------------------------------
Received: (at 263612-done) by bugs.debian.org; 16 May 2005 00:06:34 +0000
>From [EMAIL PROTECTED] Sun May 15 17:06:33 2005
Return-path: <[EMAIL PROTECTED]>
Received: from smtpout.terra.es (tfdsmtp1.mail.isp) [213.4.129.48]
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1DXT7s-0007xz-00; Sun, 15 May 2005 17:06:28 -0700
Received: from teleline.es ([10.20.4.99]) by tfdsmtp1.mail.isp
(Netscape Messaging Server 4.15 tfdsmtp1 Mar 14 2002 21:29:48)
with ESMTP id IGK2YL00.2S8 for <[EMAIL PROTECTED]>;
Mon, 16 May 2005 02:06:21 +0200
Disposition-Notification-To: ROBERTOJIMENOCA <[EMAIL PROTECTED]>
From: ROBERTOJIMENOCA <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Message-ID: <[EMAIL PROTECTED]>
Date: Mon, 16 May 2005 00:06:21 GMT
X-Mailer: Netscape Webmail
MIME-Version: 1.0
Content-Language: es
Subject: mozilla-browser: [CAN-2004-0597] libpng vulnerability also
affects mozilla
X-Accept-Language: es
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: 7bit
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-1.9 required=4.0 tests=BAYES_00,BLANK_LINES_70_80,
RCVD_IN_BL_SPAMCOP_NET,ROBERTOJIMENOCA autolearn=no
version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level:
X-CrossAssassin-Score: 5
This bug should be fixed. Reopen othewise.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
