Your message dated Sat, 20 Aug 2005 06:47:15 -0700
with message-id <[EMAIL PROTECTED]>
and subject line Bug#318061: fixed in mozilla-firefox 1.0.4-2sarge2
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 13 Jul 2005 07:22:40 +0000
>From [EMAIL PROTECTED] Wed Jul 13 00:22:40 2005
Return-path: <[EMAIL PROTECTED]>
Received: from mail.enyo.de [212.9.189.167]
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1DsbZo-0004UH-00; Wed, 13 Jul 2005 00:22:40 -0700
Received: from deneb.enyo.de ([2001:14b0:202:1::ab])
by albireo.enyo.de with esmtp id 1DsbZn-00078y-Ag
for [EMAIL PROTECTED]; Wed, 13 Jul 2005 09:22:39 +0200
Received: from fw by deneb.enyo.de with local (Exim 4.52)
id 1DsbZX-0001EN-L8; Wed, 13 Jul 2005 09:22:23 +0200
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: Florian Weimer <[EMAIL PROTECTED]>
To: Debian Bug Tracking System <[EMAIL PROTECTED]>
Subject: mozilla-firefox: version 1.0.5 fixes several security bugs
X-Mailer: reportbug 3.15
Date: Wed, 13 Jul 2005 09:22:23 +0200
Message-Id: <[EMAIL PROTECTED]>
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE
autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level:
Package: mozilla-firefox
Version: 1.0.4-3
Severity: grave
Tags: security
Justification: user security hole
Firefox 1.0.5 fixes several security bugs, two of them rated critical.
Unfortunately, details for these bugs are embargoed until at least July
20, 2005, so no details so far.
http://www.mozilla.org/projects/security/known-vulnerabilities.html#Firefox
---------------------------------------
Received: (at 318061-close) by bugs.debian.org; 20 Aug 2005 13:55:47 +0000
>From [EMAIL PROTECTED] Sat Aug 20 06:55:47 2005
Return-path: <[EMAIL PROTECTED]>
Received: from katie by spohr.debian.org with local (Exim 3.36 1 (Debian))
id 1E6Tgp-0000fy-00; Sat, 20 Aug 2005 06:47:15 -0700
From: Eric Dorland <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
X-Katie: $Revision: 1.56 $
Subject: Bug#318061: fixed in mozilla-firefox 1.0.4-2sarge2
Message-Id: <[EMAIL PROTECTED]>
Sender: Archive Administrator <[EMAIL PROTECTED]>
Date: Sat, 20 Aug 2005 06:47:15 -0700
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level:
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER
autolearn=no version=2.60-bugs.debian.org_2005_01_02
Source: mozilla-firefox
Source-Version: 1.0.4-2sarge2
We believe that the bug you reported is fixed in the latest version of
mozilla-firefox, which is due to be installed in the Debian FTP archive:
mozilla-firefox-dom-inspector_1.0.4-2sarge2_i386.deb
to
pool/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge2_i386.deb
mozilla-firefox-gnome-support_1.0.4-2sarge2_i386.deb
to
pool/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge2_i386.deb
mozilla-firefox_1.0.4-2sarge2.diff.gz
to pool/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge2.diff.gz
mozilla-firefox_1.0.4-2sarge2.dsc
to pool/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge2.dsc
mozilla-firefox_1.0.4-2sarge2_i386.deb
to pool/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge2_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Eric Dorland <[EMAIL PROTECTED]> (supplier of updated mozilla-firefox package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Fri, 12 Aug 2005 19:52:58 -0400
Source: mozilla-firefox
Binary: mozilla-firefox mozilla-firefox-gnome-support
mozilla-firefox-dom-inspector
Architecture: source i386
Version: 1.0.4-2sarge2
Distribution: stable-security
Urgency: critical
Maintainer: Eric Dorland <[EMAIL PROTECTED]>
Changed-By: Eric Dorland <[EMAIL PROTECTED]>
Description:
mozilla-firefox - lightweight web browser based on Mozilla
mozilla-firefox-dom-inspector - tool for inspecting the DOM of pages in
Mozilla Firefox
mozilla-firefox-gnome-support - Support for Gnome in Mozilla Firefox
Closes: 318061
Changes:
mozilla-firefox (1.0.4-2sarge2) stable-security; urgency=critical
.
* Fixes for various security vulnerabilities. (Closes: #318061)
* The previous (unreleased) version fixes MFSA2005-51: "The return of
frame-injection spoofing" aka CAN-2005-1937, which is really just the
return of CAN-2004-0718.
* accessible/src/base/nsBaseWidgetAccessible.cpp,
content/base/public/nsContentUtils.h,
content/base/src/nsContentUtils.cpp, content/base/src/nsDocument.cpp,
content/base/src/nsDocument.h, content/base/src/nsDocumentViewer.cpp,
content/base/src/nsGenericDOMDataNode.cpp,
content/base/src/nsGenericElement.cpp,
content/base/src/nsGenericElement.h,
content/base/src/nsImageLoadingContent.cpp,
content/base/src/nsSelection.cpp,
content/events/public/nsIEventListenerManager.h,
content/events/public/nsIPrivateDOMEvent.h,
content/events/public/nsMutationEvent.h,
content/events/src/nsDOMEvent.cpp,
content/events/src/nsEventListenerManager.cpp,
content/events/src/nsEventListenerManager.h,
content/events/src/nsEventStateManager.cpp,
content/html/content/src/nsGenericHTMLElement.cpp,
content/html/content/src/nsHTMLButtonElement.cpp,
content/html/content/src/nsHTMLFormElement.cpp,
content/html/content/src/nsHTMLInputElement.cpp,
content/html/content/src/nsHTMLScriptElement.cpp,
content/html/content/src/nsHTMLSelectElement.cpp,
content/html/content/src/nsHTMLTextAreaElement.cpp,
content/svg/content/src/nsSVGElement.cpp,
content/xbl/src/nsXBLBinding.cpp, content/xbl/src/nsXBLBinding.h,
content/xbl/src/nsXBLPrototypeHandler.cpp,
content/xml/content/src/nsXMLElement.cpp,
content/xml/document/src/nsXMLDocument.cpp,
content/xul/content/src/nsXULElement.cpp,
content/xul/document/src/nsXULCommandDispatcher.cpp,
content/xul/document/src/nsXULDocument.cpp,
dom/public/idl/events/Makefile.in, dom/src/base/nsDOMClassInfo.cpp,
dom/src/base/nsDOMClassInfo.h, dom/src/base/nsGlobalWindow.cpp,
dom/src/base/nsGlobalWindow.h, dom/src/base/nsJSEnvironment.cpp,
dom/src/base/nsWindowRoot.cpp, dom/src/base/nsWindowRoot.h,
extensions/xmlextras/base/src/nsXMLHttpRequest.cpp,
layout/html/base/src/nsGfxScrollFrame.cpp,
layout/html/base/src/nsObjectFrame.cpp,
layout/html/base/src/nsPresShell.cpp,
layout/html/forms/public/nsIFormControlFrame.h,
layout/html/forms/src/nsComboboxControlFrame.cpp,
layout/html/forms/src/nsComboboxControlFrame.h,
layout/html/forms/src/nsFileControlFrame.h,
layout/html/forms/src/nsFormControlFrame.cpp,
layout/html/forms/src/nsFormControlFrame.h,
layout/html/forms/src/nsGfxButtonControlFrame.cpp,
layout/html/forms/src/nsHTMLButtonControlFrame.cpp,
layout/html/forms/src/nsHTMLButtonControlFrame.h,
layout/html/forms/src/nsImageControlFrame.cpp,
layout/html/forms/src/nsListControlFrame.cpp,
layout/html/forms/src/nsListControlFrame.h,
layout/html/forms/src/nsTextControlFrame.cpp,
layout/html/forms/src/nsTextControlFrame.h,
layout/xul/base/src/nsBoxFrame.cpp,
layout/xul/base/src/nsButtonBoxFrame.cpp,
layout/xul/base/src/nsButtonBoxFrame.h,
layout/xul/base/src/nsImageBoxFrame.cpp,
layout/xul/base/src/nsMenuFrame.cpp,
layout/xul/base/src/nsPopupSetFrame.cpp,
layout/xul/base/src/nsResizerFrame.cpp,
layout/xul/base/src/nsResizerFrame.h,
layout/xul/base/src/nsScrollBoxFrame.cpp,
layout/xul/base/src/nsScrollbarButtonFrame.cpp,
layout/xul/base/src/nsTitleBarFrame.cpp,
layout/xul/base/src/nsTitleBarFrame.h,
layout/xul/base/src/tree/src/nsTreeBodyFrame.cpp,
layout/xul/base/src/tree/src/nsTreeSelection.cpp,
toolkit/components/satchel/src/nsFormFillController.cpp,
view/public/nsIViewObserver.h, view/src/nsViewManager.cpp,
webshell/public/nsILinkHandler.h, widget/public/nsEvent.h,
widget/public/nsGUIEvent.h, widget/public/nsIEventListener.h,
widget/public/nsIWidget.h, widget/src/beos/nsWindow.cpp,
widget/src/cocoa/nsChildView.mm, widget/src/cocoa/nsCocoaWindow.mm,
widget/src/cocoa/nsMenuBarX.cpp, widget/src/cocoa/nsMenuItemX.cpp,
widget/src/cocoa/nsMenuX.cpp, widget/src/gtk/nsGtkEventHandler.cpp,
widget/src/gtk/nsWidget.cpp, widget/src/gtk/nsWindow.cpp,
widget/src/gtk2/nsCommonWidget.cpp, widget/src/gtk2/nsWindow.cpp,
widget/src/mac/nsMacControl.cpp, widget/src/mac/nsMacEventHandler.cpp,
widget/src/mac/nsMacWindow.cpp, widget/src/mac/nsMenuBarX.cpp,
widget/src/mac/nsMenuX.cpp, widget/src/mac/nsWindow.cpp,
widget/src/os2/nsFrameWindow.cpp, widget/src/os2/nsWindow.cpp,
widget/src/photon/nsWidget.cpp, widget/src/photon/nsWidget.h,
widget/src/photon/nsWindow.cpp,
widget/src/windows/nsNativeDragTarget.cpp,
widget/src/windows/nsWindow.cpp, widget/src/xlib/nsAppShell.cpp,
widget/src/xlib/nsWidget.cpp, widget/src/xlib/nsWindow.cpp,
xpfe/appshell/src/nsWebShellWindow.cpp,
xpfe/appshell/src/nsXULWindow.cpp: Huge patch from bz#289940 to fix
MFSA2005-45: "Content-generated event vulnerabilities" aka
CAN-2005-2260.
* content/base/src/nsContentUtils.cpp,
dom/public/idl/events/nsIDOMNSEventTarget.idl: Fixes for the above
patch.
* content/xbl/src/nsXBLBinding.cpp: Patch from bz#292591 to fix
MFSA2005-46: "XBL scripts ran even when Javascript disabled" aka
CAN-2005-2261.
* browser/base/content/browser.js,
browser/base/content/setWallpaper.xul: Patch from bz#292737 to fix
MFSA2005-47: "Code execution via "Set as Wallpaper"", aka
CAN-2005-2262.
* xpinstall/src/nsJSInstallTriggerGlobal.cpp,
xpinstall/src/nsXPITriggerInfo.h, xpinstall/src/nsXPITriggerInfo.cpp:
Patch from bz#293331 to fix MFSA2005-48: "Same-origin violation with
InstallTrigger callback" aka CAN-2005-2263.
* browser/base/content/browser.js: Patch from bz#294074 to fix
MFSA2005-49: "Script injection from Firefox sidebar panel using
data:" aka CAN-2005-2264.
* xpinstall/src/nsJSInstall.cpp, xpinstall/src/nsJSWinProfile.cpp,
xpinstall/src/nsJSInstallTriggerGlobal.cpp,
xpinstall/src/nsJSInstallVersion.cpp, xpinstall/src/nsJSFile.cpp,
xpinstall/src/nsJSWinReg.cpp, xpinstall/src/nsJSFileSpecObj.cpp:
Patches from bz#295854 to fix MFSA2005-50: "Possibly exploitable crash
in InstallVersion.compareTo" aka CAN-2005-2265.
* content/html/document/src/nsHTMLDocument.cpp: Patch from bz#296830 to
fix MFSA2005-52: " Same origin violation: frame calling top.focus()"
aka CAN-2005-2266.
* browser/base/content/browser.js, docshell/base/nsDocShell.cpp,
docshell/base/nsDocShell.h, docshell/base/nsIDocShellLoadInfo.idl,
docshell/base/nsIWebNavigation.idl: Patch from bz#298255 for
MFSA2005-53: "Standalone applications can run arbitrary code through
the browser" aka CAN-2005-2267.
* dom/src/base/nsGlobalWindow.cpp: Patch from bz#298934 for MFSA2005-54:
"Javascript prompt origin spoofing" aka CAN-2005-2268.
* browser/base/content/browser.js,
browser/base/content/utilityOverlay.js,
toolkit/components/help/content/help.js,
xpfe/communicator/resources/content/contentAreaUtils.js,
xpfe/communicator/resources/content/contentAreaClick.js,
xpfe/communicator/resources/content/nsContextMenu.js: Patches from
bz#298892 to fix MFSA2005-55: "XHTML node spoofing" aka CAN-2005-2269.
* js/src/xpconnect/src/XPCDispObject.cpp,
js/src/xpconnect/src/XPCIDispatchExtension.cpp,
js/src/xpconnect/src/xpccomponents.cpp,
js/src/xpconnect/src/xpcjsruntime.cpp,
js/src/xpconnect/src/xpcprivate.h,
js/src/xpconnect/src/xpcwrappednativeinfo.cpp,
js/src/xpconnect/src/xpcwrappednativejsops.cpp,
js/src/xpconnect/src/xpcwrappednativescope.cpp: Patch from bz#294795
to partially fix MFSA2005-56: "Code execution through shared function
objects" aka CAN-2005-2270.
* js/src/jsobj.c, js/src/jsregexp.c: Apply patches from bz#296397 to fix
the rest of CAN-2005-2270.
Files:
a5cf2fc8bc04662e6c192c15666011e4 1001 web optional
mozilla-firefox_1.0.4-2sarge2.dsc
45e66f5ddde0d5c016fd15268da0e522 285974 web optional
mozilla-firefox_1.0.4-2sarge2.diff.gz
54e66239bff8195d09a76a8b0c65e096 8887610 web optional
mozilla-firefox_1.0.4-2sarge2_i386.deb
e40d4387cdf627df5706e8a83f39640d 156664 web optional
mozilla-firefox-dom-inspector_1.0.4-2sarge2_i386.deb
3bc7062690df1334a92eeeae36819ea0 53906 web optional
mozilla-firefox-gnome-support_1.0.4-2sarge2_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
iD8DBQFC/xY+W5ql+IAeqTIRAicxAJ4jEgpSE78a9TMj+Ak4n/QFdAyjMACePcBj
U8CHa7WKezKU59a8iNp8Q4o=
=yf3x
-----END PGP SIGNATURE-----
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
