Package: epiphany-browser Version: 1.6.5-1 Severity: grave Tags: security Justification: user security hole
>From <http://lwn.net/Articles/150999/>: A buffer overflow vulnerability exists within Firefox version 1.0.6 and all other prior versions which allows for an attacker to remotely execute arbitrary code on an affected host. The problem seems to be when a hostname which has all dashes causes the NormalizeIDN call in nsStandardURL::BuildNormalizedSpec to return true, but is sets encHost to an empty string. On my system, attempting to load the example URL causes Epiphany to freeze: <http://www.security-protocols.com/firefox-death.html> -- System Information: Debian Release: 3.1 APT prefers testing APT policy: (530, 'testing'), (520, 'unstable'), (510, 'experimental') Architecture: i386 (i686) Kernel: Linux 2.6.8-2-k7 Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8) Versions of packages epiphany-browser depends on: ii dbus-1 0.23.4-1 simple interprocess messaging syst ii dbus-glib-1 0.23.4-1 simple interprocess messaging syst ii debconf 1.4.30.13 Debian configuration management sy ii gconf2 2.10.1-1 GNOME configuration database syste ii gnome-icon-theme 2.10.1-2 GNOME Desktop icon theme ii iso-codes 0.44-1 ISO language, territory, currency ii libart-2.0-2 2.3.17-1 Library of functions for 2D graphi ii libatk1.0-0 1.10.1-2 The ATK accessibility toolkit ii libbonobo2-0 2.8.1-2 Bonobo CORBA interfaces library ii libbonoboui2-0 2.10.0-1 The Bonobo UI library ii libc6 2.3.5-6 GNU C Library: Shared libraries an ii libgcc1 1:4.0.1-6 GCC support library ii libgconf2-4 2.10.1-1 GNOME configuration database syste ii libglade2-0 1:2.5.1-2 library to load .glade files at ru ii libglib2.0-0 2.8.0-1 The GLib library of C routines ii libgnome-desktop-2 2.10.2-1 Utility library for loading .deskt ii libgnome2-0 2.10.1-1 The GNOME 2 library - runtime file ii libgnomecanvas2-0 2.10.2-2 A powerful object-oriented display ii libgnomeui-0 2.10.1-1 The GNOME 2 libraries (User Interf ii libgnomevfs2-0 2.10.1-5 The GNOME virtual file-system libr ii libgtk2.0-0 2.6.10-1 The GTK+ graphical user interface ii libice6 4.3.0.dfsg.1-14 Inter-Client Exchange library ii liborbit2 1:2.12.2-1 libraries for ORBit2 - a CORBA ORB ii libpango1.0-0 1.8.2-1 Layout and rendering of internatio ii libpopt0 1.7-5 lib for parsing cmdline parameters ii libsm6 4.3.0.dfsg.1-14 X Window System Session Management ii libstartup-notificatio 0.8-1 library for program launch feedbac ii libstdc++5 1:3.3.5-13 The GNU Standard C++ Library v3 ii libx11-6 4.3.0.dfsg.1-14 X Window System protocol client li ii libxml2 2.6.20-1 GNOME XML library ii libxslt1.1 1.1.14-1 XSLT processing library - runtime ii mozilla-browser 2:1.7.8-1sarge1 The Mozilla Internet application s ii mozilla-psm 2:1.7.8-1sarge1 The Mozilla Internet application s ii xlibs 4.3.0.dfsg.1-14 X Keyboard Extension (XKB) configu ii zlib1g 1:1.2.2-4.sarge.2 compression library - runtime -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]