Your message dated Fri, 21 Apr 2006 11:17:12 -0700
with message-id <[EMAIL PROTECTED]>
and subject line Bug#362656: fixed in firefox 1.5.dfsg+1.5.0.2-2
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
Package: firefox
Version: 1.5.dfsg+1.5.0.1-4
Severity: grave
Tags: security
Justification: user security hole
It's that time of the year (month?) again:
http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox1.5.0.2
MFSA 2006-29 Spoofing with translucent windows
MFSA 2006-28 Security check of js_ValueToFunctionObject() can be circumvented
MFSA 2006-25 Privilege escalation through Print Preview
MFSA 2006-24 Privilege escalation using crypto.generateCRMFRequest
MFSA 2006-23 File stealing by changing input type
MFSA 2006-22 CSS Letter-Spacing Heap Overflow Vulnerability
MFSA 2006-20 Crashes with evidence of memory corruption (rv:1.8.0.2)
Some of those look pretty serious, esp. 2006-23 which I would consider
critical. I didn't examine properly the
others, that one was enough to trigger this report IMO. This also affects
sarge, i think, since 1.0.8 is also
affected.
Thank you for your work,
A.
-- System Information:
Debian Release: testing/unstable
APT prefers testing
APT policy: (500, 'testing')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.15-1-686
Locale: LANG=fr_CA.UTF-8, LC_CTYPE=fr_CA.UTF-8 (charmap=UTF-8)
Versions of packages firefox depends on:
ii debianutils 2.15.3 Miscellaneous utilities specific t
ii fontconfig 2.3.2-1.1 generic font configuration library
ii libatk1.0-0 1.11.3-1 The ATK accessibility toolkit
ii libc6 2.3.6-3 GNU C Library: Shared libraries an
ii libcairo2 1.0.2-3 The Cairo 2D vector graphics libra
ii libfontconfig1 2.3.2-1.1 generic font configuration library
ii libfreetype6 2.1.10-1 FreeType 2 font engine, shared lib
ii libgcc1 1:4.1.0-1 GCC support library
ii libglib2.0-0 2.10.1-2 The GLib library of C routines
ii libgtk2.0-0 2.8.16-1 The GTK+ graphical user interface
ii libidl0 0.8.6-1 library for parsing CORBA IDL file
ii libjpeg62 6b-12 The Independent JPEG Group's JPEG
ii libpango1.0-0 1.12.0-2 Layout and rendering of internatio
ii libpng12-0 1.2.8rel-5 PNG library - runtime
ii libstdc++6 4.1.0-1 The GNU Standard C++ Library v3
ii libx11-6 6.9.0.dfsg.1-6 X Window System protocol client li
ii libxcursor1 1.1.3-1 X cursor management library
ii libxext6 6.9.0.dfsg.1-6 X Window System miscellaneous exte
ii libxft2 2.1.8.2-5.1 FreeType-based font drawing librar
ii libxi6 6.9.0.dfsg.1-6 X Window System Input extension li
ii libxinerama1 6.9.0.dfsg.1-6 X Window System multi-head display
ii libxp6 6.9.0.dfsg.1-6 X Window System printing extension
ii libxrandr2 6.9.0.dfsg.1-6 X Window System Resize, Rotate and
ii libxrender1 1:0.9.0.2-1 X Rendering Extension client libra
ii libxt6 6.9.0.dfsg.1-6 X Toolkit Intrinsics
ii psmisc 22.2-1 Utilities that use the proc filesy
ii zlib1g 1:1.2.3-11 compression library - runtime
firefox recommends no packages.
-- no debconf information
--- End Message ---
--- Begin Message ---
Source: firefox
Source-Version: 1.5.dfsg+1.5.0.2-2
We believe that the bug you reported is fixed in the latest version of
firefox, which is due to be installed in the Debian FTP archive:
firefox-dom-inspector_1.5.dfsg+1.5.0.2-2_i386.deb
to pool/main/f/firefox/firefox-dom-inspector_1.5.dfsg+1.5.0.2-2_i386.deb
firefox-gnome-support_1.5.dfsg+1.5.0.2-2_i386.deb
to pool/main/f/firefox/firefox-gnome-support_1.5.dfsg+1.5.0.2-2_i386.deb
firefox_1.5.dfsg+1.5.0.2-2.diff.gz
to pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.2-2.diff.gz
firefox_1.5.dfsg+1.5.0.2-2.dsc
to pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.2-2.dsc
firefox_1.5.dfsg+1.5.0.2-2_i386.deb
to pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.2-2_i386.deb
mozilla-firefox-dom-inspector_1.5.dfsg+1.5.0.2-2_all.deb
to
pool/main/f/firefox/mozilla-firefox-dom-inspector_1.5.dfsg+1.5.0.2-2_all.deb
mozilla-firefox-gnome-support_1.5.dfsg+1.5.0.2-2_all.deb
to
pool/main/f/firefox/mozilla-firefox-gnome-support_1.5.dfsg+1.5.0.2-2_all.deb
mozilla-firefox_1.5.dfsg+1.5.0.2-2_all.deb
to pool/main/f/firefox/mozilla-firefox_1.5.dfsg+1.5.0.2-2_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Eric Dorland <[EMAIL PROTECTED]> (supplier of updated firefox package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Thu, 20 Apr 2006 22:33:18 -0400
Source: firefox
Binary: firefox-gnome-support firefox-dom-inspector mozilla-firefox
mozilla-firefox-gnome-support mozilla-firefox-dom-inspector firefox
Architecture: source all i386
Version: 1.5.dfsg+1.5.0.2-2
Distribution: unstable
Urgency: critical
Maintainer: Eric Dorland <[EMAIL PROTECTED]>
Changed-By: Eric Dorland <[EMAIL PROTECTED]>
Description:
firefox - lightweight web browser based on Mozilla
firefox-dom-inspector - tool for inspecting the DOM of pages in Mozilla Firefox
firefox-gnome-support - Support for Gnome in Mozilla Firefox
mozilla-firefox - Transition package for firefox rename
mozilla-firefox-dom-inspector - Transition package for firefox rename
mozilla-firefox-gnome-support - Transition package for firefox rename
Closes: 356250 359228 361035 361527 362186 362413 362656
Changes:
firefox (1.5.dfsg+1.5.0.2-2) unstable; urgency=critical
.
* The "ftp-master's aren't my friends today" release.
* debian/rules, debian/control: Don't build the -dbg package for now, to
get around NEW queue processing.
.
firefox (1.5.dfsg+1.5.0.2-1) unstable; urgency=critical
.
[ Eric Dorland ]
* New upstream release. Contains security fixes, hence severity
critical.
- Fixes the following vulnerabilites (Thanks Alexander Sack for
compiling the list): CVE-2006-1724, CVE-2006-0884,
CVE-2006-1730, CVE-2006-1729, CVE-2006-1728, CVE-2006-1727,
CVE-2006-1045, CVE-2006-0748, CVE-2006-1726, CVE-2006-1725,
CVE-2005-2353. (Closes: #362656)
* debian/firefox-runner: Patch from Paul Collins to fix some lingering
ProfileManager launch issues. (Closes: #356250)
* browser/components/preferences/privacy.xul,
browser/locales/en-US/chrome/browser/preferences/preferences.dtd:
Patch from Ian Jackson to make the preferences window bigger for
people with high rez displays. His changelog entry reads:
* Make Preferences window not chop off various elements:
- specify a width of 50em instead of 42em
- do not specify a height
- add another <separator/> to the bottom of privacy.xul's prefpane.
I have no idea why this is necessary :-(.
Malone 36985.
* configure.in, configure: Small typo in configure.in that wasn't
setting TARGET_XPCOM_ABI properly and breaking binary extensions on
some arches. (Closes: #359228)
.
[ Mike Hommey ]
* debian/rules: Disable elf-dynstr-gc, which is pretty useless nowadays.
* security/coreconf/rules.mk: Fix perl code that got broken by newer make.
Taken from bz#325148.
* browser/app/Makefile.in: Apply patch from bz#314927 to install default.xpm
in the correct place.
* debian/rules, debian/firefox.dirs, debian/firefox.install: Updated to fit
this change.
* security/coreconf/rules.mk: Force use of the -g flag in the CFLAGS.
.
firefox (1.5.dfsg+1.5.0.1-5) unstable; urgency=low
.
[ Mike Hommey ]
* debian/rules:
- Add -g to the build flags when building with DEB_BUILD_OPTIONS=nostrip.
If we ask for nostrip, we want the debugging
symbols, right? ;)
- Changed the way we identificate ourselves in vendor.js.
* layout/build/Makefile.in, layout/build/nsLayoutModule.cpp: Remove useless
useragent setter at startup so that general.useragent.product and
general.useragent.productSub set in our vendor.js preference file work at
startup time.
* security/coreconf/Linux.mk:
- Patch from Martin Michlmayr for mips64 builds.
- Don't use x86 as CPU_ARCH when building on an unsupported architecture.
* security/manager/Makefile.in, security/nss/lib/ckfw/builtins/Makefile,
security/nss/lib/manifest.mn: Don't build the stuff we don't need, and
dynamically link libnssckbi to both libplc4 and libplds4 instead of
linking statically.
* debian/firefox.postinst, debian/firefox.prerm,
debian/firefox-gnome-support.postinst, debian/firefox-gnome-support.prerm:
Touch a .autoreg file at configure time, or removal of gnome-support and
remove it with the package. This will trigger autoregistration of the
components if the compreg.dat and xpti.dat files are older than the
.autoreg file. We used to remove compatibility.ini for that reason, but
stopped doing that because firefox was supposed to do that correctly,
which actually only correctly works on new upstream versions, not new
debian revisions, or installation of gnome-support.
* xpfe/components/killAll/Makefile.in: Correctly install the killAll
component.
.
[ Eric Dorland ]
* debian/control:
- Set Section of firefox-gnome-support and
mozilla-firefox-gnome-support to gnome.
- Standards-Version to 3.6.2.2.
- debhelper build-dep to >= 5.0.
- Add firefox-dbg package.
* debian/compat: Set to 5.
* debian/rules:
- Remove silly CVS tarball cleanup target.
- Add arch-independant debhelper calls, and make other debhelper
calls arch-dependent.
- Add --dbg-package=firefox-dbg to dh_strip call.
- Always build with the -g flag. (Based on a change Mike made)
- Patch from Andreas Jochens to use -mminimal-toc when building on
ppc64. (Closes: #361035)
- Use --disable-strip, --disable-strip-libs in configure parameters.
Thanks Ian Jackson.
- Use .upstream instead of .orig to make it more clear and not
confuse the clean target. Thanks Ian Jackson. (Closes: #362186)
- Disable xprint support for now, while the Xorg 7 transition sorts
itself out. Should be reenabled next release.
* debian/firefox.xpm: Add more Debian compliant menu icon.
* debian/firefox.install, debian/rules: Install new Debian compliant
icon.
* debian/firefox.desktop: Add StartupNotify=true for pretty waiting
cursor. Thanks Sven Arvidsson. (Closes: #361527)
* debian/firefox-dom-inspector.preinst,
debian/firefox-dom-inspector.links,
debian/firefox-dom-inspector.install: Install non-architecture
specific bits of the inspector into /usr/share/firefox.
* debian/firefoxrc: Disable the dsp wrapper by default. esddsp is just
too buggy to allow this to continue. May reenable later if they clean
up their act. Leaving the bugs open for now.
* debian/firefox.NEWS:
- Document the dsp wrapper changes.
- Remove old mozilla-firefox entries.
* debian/firefox.1: Fix typo of firefox, thanks Andrew Rendle. (Closes:
#362413)
* debian/firefox.install: We don't get .chk files anymore for some
reason.
Files:
1b317fe2c74518bebcdd9609b1c68047 1066 web optional
firefox_1.5.dfsg+1.5.0.2-2.dsc
d4c9a96b93cc3b543b717a8ef9e96dc3 135797 web optional
firefox_1.5.dfsg+1.5.0.2-2.diff.gz
fa9ea3ac8a98f533354ce0113a96d0f4 46408 web optional
mozilla-firefox_1.5.dfsg+1.5.0.2-2_all.deb
19e38242f52cfbe947ffbcccde437ff2 45604 web optional
mozilla-firefox-dom-inspector_1.5.dfsg+1.5.0.2-2_all.deb
b3a6bd6efd3c2be4631c960dc7420b66 45600 gnome optional
mozilla-firefox-gnome-support_1.5.dfsg+1.5.0.2-2_all.deb
3a307ed5ad9247d6caa24cdd4b3557cc 7982712 web optional
firefox_1.5.dfsg+1.5.0.2-2_i386.deb
fed2d593bf7c1cd5ec5ecde2b4a0008e 245502 web optional
firefox-dom-inspector_1.5.dfsg+1.5.0.2-2_i386.deb
81a1057209cd6bf0588bd6958fee884f 72288 gnome optional
firefox-gnome-support_1.5.dfsg+1.5.0.2-2_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)
iD8DBQFESRyFYemOzxbZcMYRAqWpAKCHfcD3VdSxucz3fpzh0V8iOBekCgCfagUJ
h5ZQnnOA8KeSi7wb+OX81wI=
=BXDN
-----END PGP SIGNATURE-----
--- End Message ---
