Your message dated Tue, 4 Oct 2005 16:16:57 -0400
with message-id <[EMAIL PROTECTED]>
and subject line closing
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 17 Jul 2005 09:46:29 +0000
>From [EMAIL PROTECTED] Sun Jul 17 02:46:29 2005
Return-path: <[EMAIL PROTECTED]>
Received: from kitenet.net [64.62.161.42] (postfix)
by spohr.debian.org with esmtp (Exim 3.36 1 (Debian))
id 1Du5jB-0005n8-00; Sun, 17 Jul 2005 02:46:29 -0700
Received: from dragon.kitenet.net (kitenet.net [127.0.0.1])
(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
(Client CN "Joey Hess", Issuer "Joey Hess" (verified OK))
by kitenet.net (Postfix) with ESMTP id 373DA17FB7
for <[EMAIL PROTECTED]>; Sun, 17 Jul 2005 09:46:28 +0000 (GMT)
Received: by dragon.kitenet.net (Postfix, from userid 1000)
id D423C6E873; Sun, 17 Jul 2005 12:47:19 +0300 (EEST)
Date: Sun, 17 Jul 2005 12:47:18 +0300
From: Joey Hess <[EMAIL PROTECTED]>
To: Debian Bug Tracking System <[EMAIL PROTECTED]>
Subject: javascript crasher
Message-ID: <[EMAIL PROTECTED]>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature"; boundary="7JfCtLOvnd9MIVvH"
Content-Disposition: inline
X-Reportbug-Version: 3.15
User-Agent: Mutt/1.5.9i
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level:
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE
autolearn=no version=2.60-bugs.debian.org_2005_01_02
--7JfCtLOvnd9MIVvH
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
Package: mozilla-browser
Version: 2:1.7.8-1
Severity: serious
Tags: security
I've successfully crashed this version of mozilla using the proof of
concept exploits linked to from
http://marc.theaimsgroup.com/?l=3Dbugtraq&m=3D112008299210033&w=3D2
mozilla-firefox 1.0.5-1 doesn't crash.
This is CAN-2005-2114
-- System Information:
Debian Release: testing/unstable
APT prefers unstable
APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.4.27
Locale: LANG=3Den_US.UTF-8, LC_CTYPE=3Den_US.UTF-8 (charmap=3DUTF-8)
Versions of packages mozilla-browser depends on:
ii debconf 1.4.52 Debian configuration managemen=
t sy
ii libatk1.0-0 1.10.1-2 The ATK accessibility toolkit
ii libc6 2.3.2.ds1-22 GNU C Library: Shared librarie=
s an
ii libfontconfig1 2.3.2-1 generic font configuration lib=
rary
ii libfreetype6 2.1.10-1 FreeType 2 font engine, shared=
lib
ii libgcc1 1:4.0.1-2 GCC support library
ii libglib2.0-0 2.6.5-1 The GLib library of C routines
ii libgtk2.0-0 2.6.8-1 The GTK+ graphical user interf=
ace=20
ii libnspr4 2:1.7.8-1 Netscape Portable Runtime Libr=
ary
ii libpango1.0-0 1.8.1-1 Layout and rendering of intern=
atio
ii libstdc++5 1:3.3.6-7 The GNU Standard C++ Library v3
ii libx11-6 6.8.2.dfsg.1-2 X Window System protocol clien=
t li
ii libxext6 6.8.2.dfsg.1-2 X Window System miscellaneous =
exte
ii libxft2 2.1.7-1 FreeType-based font drawing li=
brar
ii libxp6 6.8.2.dfsg.1-2 X Window System printing exten=
sion
ii libxrender1 1:0.9.0-2 X Rendering Extension client l=
ibra
ii libxt6 6.8.2.dfsg.1-2 X Toolkit Intrinsics
ii psmisc 21.6-1 Utilities that use the proc fi=
lesy
ii xlibs 6.8.2.dfsg.1-2 X Window System client librari=
es m
ii zlib1g 1:1.2.2-9 compression library - runtime
Versions of packages mozilla-browser recommends:
ii mozilla-psm 2:1.7.8-1 The Mozilla Internet applicati=
on s
pn myspell-en-us | myspell-dicti <none> (no description available)
-- debconf information excluded
--=20
see shy jo
--7JfCtLOvnd9MIVvH
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
iD8DBQFC2ikmd8HHehbQuO8RAgVLAKCdVXoLdgtEtu7hcyEzrKAbiewu2ACeJdUj
6bS/qHpNiUv7MEabTQHZvhE=
=aMGx
-----END PGP SIGNATURE-----
--7JfCtLOvnd9MIVvH--
---------------------------------------
Received: (at 318723-done) by bugs.debian.org; 4 Oct 2005 20:16:59 +0000
>From [EMAIL PROTECTED] Tue Oct 04 13:16:59 2005
Return-path: <[EMAIL PROTECTED]>
Received: from kitenet.net [64.62.161.42] (postfix)
by spohr.debian.org with esmtp (Exim 3.36 1 (Debian))
id 1EMtDf-000154-00; Tue, 04 Oct 2005 13:16:59 -0700
Received: from dragon.kitenet.net (98-041-dial.xtn.net [66.118.98.41])
(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
(Client CN "Joey Hess", Issuer "Joey Hess" (verified OK))
by kitenet.net (Postfix) with ESMTP id 9EDEA17DC9
for <[EMAIL PROTECTED]>; Tue, 4 Oct 2005 20:16:57 +0000 (GMT)
Received: by dragon.kitenet.net (Postfix, from userid 1000)
id 16955BFA45; Tue, 4 Oct 2005 16:16:57 -0400 (EDT)
Date: Tue, 4 Oct 2005 16:16:57 -0400
From: Joey Hess <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: closing
Message-ID: <[EMAIL PROTECTED]>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature"; boundary="wac7ysb48OaltWcw"
Content-Disposition: inline
User-Agent: Mutt/1.5.10i
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level:
X-Spam-Status: No, hits=-2.0 required=4.0 tests=BAYES_00,ONEWORD autolearn=no
version=2.60-bugs.debian.org_2005_01_02
--wac7ysb48OaltWcw
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
Version: 2:1.7.10-1
Was fixed in this version.
--=20
see shy jo
--wac7ysb48OaltWcw
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
iD8DBQFDQuM5d8HHehbQuO8RAg1lAJ9QV5mWEcF0CkVCmMPBM1zkwNLxpgCeN/5D
tYaIz9HfIZUOvc6b2b5IkaE=
=JyxY
-----END PGP SIGNATURE-----
--wac7ysb48OaltWcw--
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
