Your message dated Mon, 06 Feb 2006 22:17:19 -0800 with message-id <[EMAIL PROTECTED]> and subject line Bug#351442: fixed in firefox 1.5.dfsg+1.5.0.1-1 has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database)
--- Begin Message --->From [EMAIL PROTECTED] Sat Feb 04 13:53:41 2006 Received: (at submit) by bugs.debian.org; 4 Feb 2006 21:53:41 +0000 Return-path: <[EMAIL PROTECTED]> Received: from [63.245.86.215] (helo=localhost.localdomain) by spohr.debian.org with esmtp (Exim 4.50) id 1F5VLa-0000oJ-3b for [EMAIL PROTECTED]; Sat, 04 Feb 2006 13:53:41 -0800 Received: from santiago by localhost.localdomain with local (Exim 4.60) (envelope-from <[EMAIL PROTECTED]>) id 1F5VLS-0004nZ-70; Sat, 04 Feb 2006 16:53:26 -0500 Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: =?iso-8859-1?q?Santiago_Jos=C3=A9_Ruano_Rinc=C3=B3n?= <[EMAIL PROTECTED]> To: Debian Bug Tracking System <[EMAIL PROTECTED]> Subject: firefox: Serveral security vulnerabilities fixed in Firefox 1.5.0.1 Message-ID: <[EMAIL PROTECTED]> X-Mailer: reportbug 3.18 Date: Sat, 04 Feb 2006 16:53:26 -0500 X-Debbugs-Cc: Debian Security Team <[EMAIL PROTECTED]> Delivered-To: [EMAIL PROTECTED] X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 (1.212-2003-09-23-exp) on spohr.debian.org X-Spam-Level: X-Spam-Status: No, hits=-11.0 required=4.0 tests=BAYES_00,HAS_PACKAGE, X_DEBBUGS_CC autolearn=ham version=2.60-bugs.debian.org_2005_01_02 Package: firefox Version: 1.5.dfsg-4 Severity: grave Tags: security Justification: user security hole Please, package the new firefox's version, it fix these vulnerabilities besides some other improvements: MFSA 2006-08 "AnyName" entrainment and access control hazard MFSA 2006-07 Read beyond buffer while parsing XML MFSA 2006-06 Integer overflows in E4X, SVG and Canvas MFSA 2006-05 Localstore.rdf XML injection through XULDocument.persist() MFSA 2006-04 Memory corruption via QueryInterface on Location, Navigator objects MFSA 2006-03 Long document title causes startup denial of Service MFSA 2006-02 Changing postion:relative to static corrupts memory MFSA 2006-01 JavaScript garbage-collection hazards One of them is "critical". Thanks for your work, -- System Information: Debian Release: 3.1 APT prefers unstable APT policy: (990, 'unstable'), (1, 'experimental') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.13 Locale: LANG=es_CO, LC_CTYPE=es_CO (charmap=ISO-8859-1) Versions of packages firefox depends on: ii debianutils 2.8.4 Miscellaneous utilities specific t ii fontconfig 2.3.1-2 generic font configuration library ii libatk1.0-0 1.10.3-1 The ATK accessibility toolkit ii libc6 2.3.5-7 GNU C Library: Shared libraries an ii libcairo2 1.0.2-3 The Cairo 2D vector graphics libra ii libfontconfig1 2.3.1-2 generic font configuration library ii libfreetype6 2.1.7-2.4 FreeType 2 font engine, shared lib ii libgcc1 1:4.0.2-2 GCC support library ii libglib2.0-0 2.8.6-1 The GLib library of C routines ii libgtk2.0-0 2.8.10-1 The GTK+ graphical user interface ii libidl0 0.8.5-1 library for parsing CORBA IDL file ii libjpeg62 6b-10 The Independent JPEG Group's JPEG ii libpango1.0-0 1.10.2-1 Layout and rendering of internatio ii libpng12-0 1.2.8rel-5 PNG library - runtime ii libstdc++6 4.0.2-5 The GNU Standard C++ Library v3 ii libx11-6 4.3.0.dfsg.1-14 X Window System protocol client li ii libxcursor1 1.1.3-1 X cursor management library ii libxext6 4.3.0.dfsg.1-14 X Window System miscellaneous exte ii libxft2 2.1.7-1 FreeType-based font drawing librar ii libxi6 4.3.0.dfsg.1-14 X Window System Input extension li ii libxinerama1 6.9.0.dfsg.1-4 X Window System multi-head display ii libxp6 4.3.0.dfsg.1-14 X Window System printing extension ii libxrandr2 6.9.0.dfsg.1-4 X Window System Resize, Rotate and ii libxrender1 1:0.9.0.2-1 X Rendering Extension client libra ii libxt6 4.3.0.dfsg.1-14 X Toolkit Intrinsics ii psmisc 21.5-1 Utilities that use the proc filesy ii zlib1g 1:1.2.2-4.sarge.2 compression library - runtime firefox recommends no packages. -- no debconf information
--- End Message ---
--- Begin Message --->From [EMAIL PROTECTED] Mon Feb 06 22:20:26 2006 Received: (at 351442-close) by bugs.debian.org; 7 Feb 2006 06:20:26 +0000 Return-path: <[EMAIL PROTECTED]> Received: from katie by spohr.debian.org with local (Exim 4.50) id 1F6MAB-0007vB-Fh; Mon, 06 Feb 2006 22:17:19 -0800 From: Eric Dorland <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] X-Katie: $Revision: 1.65 $ Subject: Bug#351442: fixed in firefox 1.5.dfsg+1.5.0.1-1 Message-Id: <[EMAIL PROTECTED]> Sender: Archive Administrator <[EMAIL PROTECTED]> Date: Mon, 06 Feb 2006 22:17:19 -0800 X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 (1.212-2003-09-23-exp) on spohr.debian.org X-Spam-Level: X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER autolearn=no version=2.60-bugs.debian.org_2005_01_02 Source: firefox Source-Version: 1.5.dfsg+1.5.0.1-1 We believe that the bug you reported is fixed in the latest version of firefox, which is due to be installed in the Debian FTP archive: firefox-dom-inspector_1.5.dfsg+1.5.0.1-1_i386.deb to pool/main/f/firefox/firefox-dom-inspector_1.5.dfsg+1.5.0.1-1_i386.deb firefox-gnome-support_1.5.dfsg+1.5.0.1-1_i386.deb to pool/main/f/firefox/firefox-gnome-support_1.5.dfsg+1.5.0.1-1_i386.deb firefox_1.5.dfsg+1.5.0.1-1.diff.gz to pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.1-1.diff.gz firefox_1.5.dfsg+1.5.0.1-1.dsc to pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.1-1.dsc firefox_1.5.dfsg+1.5.0.1-1_i386.deb to pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.1-1_i386.deb firefox_1.5.dfsg+1.5.0.1.orig.tar.gz to pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.1.orig.tar.gz mozilla-firefox-dom-inspector_1.5.dfsg+1.5.0.1-1_all.deb to pool/main/f/firefox/mozilla-firefox-dom-inspector_1.5.dfsg+1.5.0.1-1_all.deb mozilla-firefox-gnome-support_1.5.dfsg+1.5.0.1-1_all.deb to pool/main/f/firefox/mozilla-firefox-gnome-support_1.5.dfsg+1.5.0.1-1_all.deb mozilla-firefox_1.5.dfsg+1.5.0.1-1_all.deb to pool/main/f/firefox/mozilla-firefox_1.5.dfsg+1.5.0.1-1_all.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [EMAIL PROTECTED], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Eric Dorland <[EMAIL PROTECTED]> (supplier of updated firefox package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [EMAIL PROTECTED]) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.7 Date: Mon, 6 Feb 2006 23:10:29 -0500 Source: firefox Binary: firefox-gnome-support firefox-dom-inspector mozilla-firefox mozilla-firefox-gnome-support mozilla-firefox-dom-inspector firefox Architecture: source all i386 Version: 1.5.dfsg+1.5.0.1-1 Distribution: unstable Urgency: low Maintainer: Eric Dorland <[EMAIL PROTECTED]> Changed-By: Eric Dorland <[EMAIL PROTECTED]> Description: firefox - lightweight web browser based on Mozilla firefox-dom-inspector - tool for inspecting the DOM of pages in Mozilla Firefox firefox-gnome-support - Support for Gnome in Mozilla Firefox mozilla-firefox - Transition package for firefox rename mozilla-firefox-dom-inspector - Transition package for firefox rename mozilla-firefox-gnome-support - Transition package for firefox rename Closes: 338716 344888 345112 348069 348375 348451 348699 348902 349624 349946 350571 350608 350611 350621 350788 351442 Changes: firefox (1.5.dfsg+1.5.0.1-1) unstable; urgency=low . * The "those Ubuntu guys are great after all" release. * New upstream release. (Closes: #351442) . [ Mike Hommey ] * debian/presubj: Added indications to try to reproduce without extensions before actually filing a bug, and a hint to the safe mode. * debian/firefox.install: added the reporter chrome files. (Closes: #344888) * widget/src/gtk2/nsWindow.cpp: Revert additional stale patch for extended mouse buttons support. * debian/firefox.postinst, debian/firefox.prerm: unbashified. (Closes: #349946) * debian/control, debian/firefox-gnome-support.postinst, debian/firefox-gnome-support.prerm: Let the firefox-gnome-support package provide gnome-www-browser and handle a gnome-www-browser alternative. Thanks Loïc Minier. (Closes: #350788) * debian/firefox-runner: Enable Pango support by default. The MOZ_ENABLE_PANGO environment variable is now useless. (Closes: #338716) * debian/README.Debian: Change the paragraph about Pango to hint about the MOZ_DISABLE_PANGO variable. . [ Eric Dorland ] * content/events/src/nsEventStateManager.cpp, modules/libpref/src/init/all.js, widget/public/nsGUIEvent.h: Apply patch from Ian Jackson to revert a stale patch for multiple mouse button support that was fixed in a different way in 1.5 (Closes: #348375) * debian/firefox.preinst: Check md5sum's of old conffiles before cp'ing them on upgrade. This won't stop all unnecessary conffile prompting in all situations (especially from really old versions), but should definitely should work for upgrading from testing or stable. (Closes: #345112) * debian/firefox.install: - Remove run-mozilla.sh. (Closes: #348902) - Reorganize things a bit. - Move profile into /etc/firefox here, instead of in the rules file. * debian/firefox.install, debian/firefox.preinst, debian/firefox.links, debian/firefox.dirs, debian/rules: Move chrome, defaults, greprefs into /usr/share/firefox for more FHS goodnesss. * debian/firefox.1: Document -new-tab and -new-window options, and remove deprecated -remote option. (Closes: #348699) * debian/firefox-runner: Apply patch to properly URL escape local files. Thanks Morita Sho. (Closes: #348451) * browser/app/profile/firefox.js: - Reallow 40-bit ciphers, since now firefox warns people who use them. (Closes: #349624) - Enable bidi UI elements for our bi-directional friends. (Closes: #348069) * debian/rules: Remove glob pattern from dh_install invocation. Thanks Ian Jackson. (Closes: #350571) * browser/base/content/aboutDialog.xul: Fix spurious scrollbar in the about dialog box. Thanks Ian Jackson. (Closes: #350608) * js/src/fdlibm/fdlibm.h: Patch to fix little endianess of mipsel. Thanks Ian Jackson and Thiemo Seufer. (Closes: #350621) * browser/base/content/search.xml: Patch from Ian Jackson to remove misleading Clear option from search box context menu. (Closes: #350611) * debian/watch: Fix regex to actually find the upstream tarballs. * modules/libpref/src/init/all.js: Cope better with printers with spaces in the name. Thanks Ian Jackson. * toolkit/components/passwordmgr/base/nsPasswordManager.cpp: Take patch from bz#235336 as suggested by Ian Jackson to allow password manager to work with sites that only have a password field, no username. Files: 84b1d39411786d9c5aec5bdfab161954 1071 web optional firefox_1.5.dfsg+1.5.0.1-1.dsc 333e28821a59e3aee5aabc5a11f05b0b 42205429 web optional firefox_1.5.dfsg+1.5.0.1.orig.tar.gz 9b885de8399ac22fbb5ca6c5c7ddf345 120265 web optional firefox_1.5.dfsg+1.5.0.1-1.diff.gz bdf1fa1009e71fa6bb5c7bbe4a50ede9 8049118 web optional firefox_1.5.dfsg+1.5.0.1-1_i386.deb e2f70fc7f206f4cb7a12bf7c1cae734b 208150 web optional firefox-dom-inspector_1.5.dfsg+1.5.0.1-1_i386.deb 5fb6ca9c5d0a241a2832c2fb452c11ac 69484 web optional firefox-gnome-support_1.5.dfsg+1.5.0.1-1_i386.deb 668cf6016928d1e1f1ac0537d390b796 43628 web optional mozilla-firefox_1.5.dfsg+1.5.0.1-1_all.deb 5de00a89e5c5807ab4bdcdf7c57653cd 42824 web optional mozilla-firefox-dom-inspector_1.5.dfsg+1.5.0.1-1_all.deb 47e5a14f99b69aa930cfe68ab61cfa8b 42824 web optional mozilla-firefox-gnome-support_1.5.dfsg+1.5.0.1-1_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux) iD8DBQFD6DO3YemOzxbZcMYRArfLAKCAdV2LsNjuZtnIqE3MedhOudHjVACdFTVA f1DGXV88KELDxxqboXCjcOM= =QyN0 -----END PGP SIGNATURE-----
--- End Message ---
