Your message dated Wed, 03 May 2006 00:32:27 -0700
with message-id <[EMAIL PROTECTED]>
and subject line Bug#364810: fixed in firefox 1.5.dfsg+1.5.0.3-1
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
Package: firefox
Version: 1.5.dfsg+1.5.0.2-3
Severity: grave
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
The following advisory was published recently:
http://www.securident.com/vuln/ff.txt
[..]
Result:
Firefox Remote Code Execution and Denial of Service - Vendor contacted,
no patch yet.
Problem:
A handling issue exists in how Firefox handles certain Javascript in
js320.dll and xpcom_core.dll
regarding iframe.contentWindow.focus(). By manipulating this feature
a buffer overflow will occur.
[..]
I initally set this report to grave.
Regards, Daniel
- -- System Information:
Debian Release: testing/unstable
APT prefers unstable
APT policy: (850, 'unstable'), (700, 'testing'), (550, 'stable'), (110,
'experimental')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.15.08060320
Locale: LANG=de_DE, LC_CTYPE=de_DE (charmap=ISO-8859-1)
Versions of packages firefox depends on:
ii debianutils 2.15.7 Miscellaneous utilities specific t
ii fontconfig 2.3.2-5.1 generic font configuration library
ii libatk1.0-0 1.11.4-1 The ATK accessibility toolkit
ii libc6 2.3.6-7 GNU C Library: Shared libraries
ii libcairo2 1.0.4-1+b1 The Cairo 2D vector graphics libra
ii libfontconfig1 2.3.2-5.1 generic font configuration library
ii libfreetype6 2.1.10-3 FreeType 2 font engine, shared lib
ii libgcc1 1:4.1.0-1+b1 GCC support library
ii libglib2.0-0 2.10.2-1 The GLib library of C routines
ii libgtk2.0-0 2.8.17-1 The GTK+ graphical user interface
ii libidl0 0.8.6-1 library for parsing CORBA IDL file
ii libjpeg62 6b-12 The Independent JPEG Group's JPEG
ii libpango1.0-0 1.12.1-2 Layout and rendering of internatio
ii libpng12-0 1.2.8rel-5.1 PNG library - runtime
ii libstdc++6 4.1.0-1+b1 The GNU Standard C++ Library v3
ii libx11-6 2:1.0.0-6 X11 client-side library
ii libxcursor1 1.1.5.2-5 X cursor management library
ii libxext6 1:1.0.0-4 X11 miscellaneous extension librar
ii libxfixes3 1:3.0.1.2-4 X11 miscellaneous 'fixes' extensio
ii libxft2 2.1.8.2-6 FreeType-based font drawing librar
ii libxi6 1:1.0.0-5 X11 Input extension library
ii libxinerama1 1:1.0.1-4 X11 Xinerama extension library
ii libxrandr2 2:1.1.0.2-4 X11 RandR extension library
ii libxrender1 1:0.9.0.2-4 X Rendering Extension client libra
ii libxt6 1:1.0.0-4 X11 toolkit intrinsics library
ii psmisc 22.2-1 Utilities that use the proc filesy
ii zlib1g 1:1.2.3-11 compression library - runtime
firefox recommends no packages.
- -- no debconf information
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)
iD8DBQFETobcdg0kG0+YFBERAmWjAJ4qLn54eEqo1M7KTyO/xUbsFoc6mACfQ/cM
KmgZleZqoM3hqv6dXkY0xxI=
=Zqis
-----END PGP SIGNATURE-----
--- End Message ---
--- Begin Message ---
Source: firefox
Source-Version: 1.5.dfsg+1.5.0.3-1
We believe that the bug you reported is fixed in the latest version of
firefox, which is due to be installed in the Debian FTP archive:
firefox-dbg_1.5.dfsg+1.5.0.3-1_i386.deb
to pool/main/f/firefox/firefox-dbg_1.5.dfsg+1.5.0.3-1_i386.deb
firefox-dom-inspector_1.5.dfsg+1.5.0.3-1_i386.deb
to pool/main/f/firefox/firefox-dom-inspector_1.5.dfsg+1.5.0.3-1_i386.deb
firefox-gnome-support_1.5.dfsg+1.5.0.3-1_i386.deb
to pool/main/f/firefox/firefox-gnome-support_1.5.dfsg+1.5.0.3-1_i386.deb
firefox_1.5.dfsg+1.5.0.3-1.diff.gz
to pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.3-1.diff.gz
firefox_1.5.dfsg+1.5.0.3-1.dsc
to pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.3-1.dsc
firefox_1.5.dfsg+1.5.0.3-1_i386.deb
to pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.3-1_i386.deb
firefox_1.5.dfsg+1.5.0.3.orig.tar.gz
to pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.3.orig.tar.gz
mozilla-firefox-dom-inspector_1.5.dfsg+1.5.0.3-1_all.deb
to
pool/main/f/firefox/mozilla-firefox-dom-inspector_1.5.dfsg+1.5.0.3-1_all.deb
mozilla-firefox-gnome-support_1.5.dfsg+1.5.0.3-1_all.deb
to
pool/main/f/firefox/mozilla-firefox-gnome-support_1.5.dfsg+1.5.0.3-1_all.deb
mozilla-firefox_1.5.dfsg+1.5.0.3-1_all.deb
to pool/main/f/firefox/mozilla-firefox_1.5.dfsg+1.5.0.3-1_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Eric Dorland <[EMAIL PROTECTED]> (supplier of updated firefox package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Wed, 3 May 2006 00:32:49 -0400
Source: firefox
Binary: firefox-dbg firefox-gnome-support firefox-dom-inspector mozilla-firefox
mozilla-firefox-gnome-support mozilla-firefox-dom-inspector firefox
Architecture: source all i386
Version: 1.5.dfsg+1.5.0.3-1
Distribution: unstable
Urgency: critical
Maintainer: Eric Dorland <[EMAIL PROTECTED]>
Changed-By: Eric Dorland <[EMAIL PROTECTED]>
Description:
firefox - lightweight web browser based on Mozilla
firefox-dbg - debugging symbols for firefox
firefox-dom-inspector - tool for inspecting the DOM of pages in Mozilla Firefox
firefox-gnome-support - Support for Gnome in Mozilla Firefox
mozilla-firefox - Transition package for firefox rename
mozilla-firefox-dom-inspector - Transition package for firefox rename
mozilla-firefox-gnome-support - Transition package for firefox rename
Closes: 364566 364640 364810 365099 365738
Changes:
firefox (1.5.dfsg+1.5.0.3-1) unstable; urgency=critical
.
* The "secure enough for ya!" release.
* New upstream release. Contains security fixes, hence severity
critical.
- Fixes CVE-2006-1993 aka MFSA 2006-30. (Closes: #364810)
.
[ Mike Hommey ]
* security/manager/Makefile.in, debian/firefox.install: Build and
install the .chk file again. That will make the FIPS mode work again.
* debian/control: Bumped Standards-Version to 3.7.0.0. No changes.
* debian/rules: Fix the navigator.ProductSub value for dumb scripts.
Closes: #364640, #365099. We now use the date of the client.mk file,
which is likely to be the closest value to the release date, instead of
useless build date.
Add the debian version after the firefox version string.
* debian/rules: Use dpkg-architecture to find out the host and build that
we want to pass to the configure script. (Closes: #365738)
.
[ Eric Dorland ]
* debian/firefox-runner:
- Quote the APPLICATION_ID variable to handle profiles with a space
in the name. Inspired by Morita Sho's patch. (Closes: #364566)
- echo MOZ_DISABLE_PANGO on verbose.
* debian/rules: It's baaaackkk. Reenable xprint.
Files:
2a707c2af7d2092558ffe06e44194ed2 1079 web optional
firefox_1.5.dfsg+1.5.0.3-1.dsc
a99d2d930f7c83852e677c1005c94318 42869074 web optional
firefox_1.5.dfsg+1.5.0.3.orig.tar.gz
37c390fbecc12363dab9d999e8cec77d 136819 web optional
firefox_1.5.dfsg+1.5.0.3-1.diff.gz
8c8c674d99e36f6d2e0ec5a888c64369 46956 web optional
mozilla-firefox_1.5.dfsg+1.5.0.3-1_all.deb
5fc10df35c6a71088c45694321ac0989 46152 web optional
mozilla-firefox-dom-inspector_1.5.dfsg+1.5.0.3-1_all.deb
e301b4151730723589e03c5e1ef66d7e 46152 gnome optional
mozilla-firefox-gnome-support_1.5.dfsg+1.5.0.3-1_all.deb
44da48e65f0aab5a37b352352ecfa55b 8075456 web optional
firefox_1.5.dfsg+1.5.0.3-1_i386.deb
8c83bc03a47c5efd05ec2439fe16372c 246112 web optional
firefox-dom-inspector_1.5.dfsg+1.5.0.3-1_i386.deb
c639b94e82bd99e4b72f6bc1be7463ad 72908 gnome optional
firefox-gnome-support_1.5.dfsg+1.5.0.3-1_i386.deb
ac45ed934fea2b5835ab5b0e94c8d356 44442258 web optional
firefox-dbg_1.5.dfsg+1.5.0.3-1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)
iD8DBQFEWFQJYemOzxbZcMYRAhIFAJ9C4srCP+7m7C1rI0qQNV4yDj0VDgCgxy9V
KNntuUQc9qUJDetS8ngCRtY=
=PRf+
-----END PGP SIGNATURE-----
--- End Message ---
