Bug#345469: marked as done (DOS/hang)

Sun, 05 Feb 2006 19:33:13 -0800 

Your message dated Sun, 5 Feb 2006 22:17:44 -0500
with message-id <[EMAIL PROTECTED]>
and subject line #327549: mozilla-firefox: [CAN-2005-2414] Race condition in 
the xpcom library
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message --- 
>From [EMAIL PROTECTED] Sat Dec 31 11:30:31 2005
Received: (at submit) by bugs.debian.org; 31 Dec 2005 19:30:31 +0000
Return-path: <[EMAIL PROTECTED]>
Received: from kitenet.net ([64.62.161.42] ident=postfix)
        by spohr.debian.org with esmtp (Exim 4.50)
        id 1EsmQx-0007mO-NJ
        for [EMAIL PROTECTED]; Sat, 31 Dec 2005 11:30:31 -0800
Received: from dragon.kitenet.net (unknown [216.184.70.241])
        (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
        (Client CN "Joey Hess", Issuer "Joey Hess" (verified OK))
        by kitenet.net (Postfix) with ESMTP id AC93D184B2
        for <[EMAIL PROTECTED]>; Sat, 31 Dec 2005 19:30:29 +0000 (GMT)
Received: by dragon.kitenet.net (Postfix, from userid 1000)
        id 988E0BEF46; Sat, 31 Dec 2005 14:30:16 -0500 (EST)
Date: Sat, 31 Dec 2005 14:30:15 -0500
From: Joey Hess <[EMAIL PROTECTED]>
To: Debian Bug Tracking System <[EMAIL PROTECTED]>
Subject: DOS/hang
Message-ID: <[EMAIL PROTECTED]>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
        protocol="application/pgp-signature"; boundary="45Z9DzgjV8m4Oswq"
Content-Disposition: inline
X-Reportbug-Version: 3.18
User-Agent: Mutt/1.5.11
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 
        (1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level: 
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE 
        autolearn=no version=2.60-bugs.debian.org_2005_01_02


--45Z9DzgjV8m4Oswq
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Package: mozilla-firefox
Version: 1.0.7-1
Severity: normal
Tags: security

This web page, which was originally developed as a proof of concept for
a different security hole in MSIE, makes firefox spin, consuming cpu and
being completly unresponsive to user input until killed.

http://www.computerterrorism.com/research/ie/poc.htm#

This is CVE-2005-3896.

-- System Information:
Debian Release: testing/unstable
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.15-rc5-686
Locale: LANG=3Den_US.UTF-8, LC_CTYPE=3Den_US.UTF-8 (charmap=3DUTF-8)

Versions of packages mozilla-firefox depends on:
ii  debianutils              2.15.2          Miscellaneous utilities specif=
ic t
ii  fontconfig               2.3.2-1.1       generic font configuration lib=
rary
ii  libatk1.0-0              1.10.3-1        The ATK accessibility toolkit
ii  libc6                    2.3.5-9         GNU C Library: Shared librarie=
s an
ii  libfontconfig1           2.3.2-1.1       generic font configuration lib=
rary
ii  libfreetype6             2.1.10-1        FreeType 2 font engine, shared=
 lib
ii  libgcc1                  1:4.0.2-5       GCC support library
ii  libglib2.0-0             2.8.4-2         The GLib library of C routines
ii  libgtk2.0-0              2.8.9-2         The GTK+ graphical user interf=
ace=20
ii  libidl0                  0.8.5-1         library for parsing CORBA IDL =
file
ii  libjpeg62                6b-11           The Independent JPEG Group's J=
PEG=20
ii  libkrb53                 1.4.3-5         MIT Kerberos runtime libraries
ii  libpango1.0-0            1.10.1-2        Layout and rendering of intern=
atio
ii  libpng12-0               1.2.8rel-5      PNG library - runtime
ii  libstdc++6               4.0.2-5         The GNU Standard C++ Library v3
ii  libx11-6                 6.8.2.dfsg.1-11 X Window System protocol clien=
t li
ii  libxext6                 6.8.2.dfsg.1-11 X Window System miscellaneous =
exte
ii  libxft2                  2.1.7-1         FreeType-based font drawing li=
brar
ii  libxinerama1             6.8.2.dfsg.1-11 X Window System multi-head dis=
play
ii  libxp6                   6.8.2.dfsg.1-11 X Window System printing exten=
sion
ii  libxt6                   6.8.2.dfsg.1-11 X Toolkit Intrinsics
ii  psmisc                   21.8-1          Utilities that use the proc fi=
lesy
ii  xlibs                    6.8.2.dfsg.1-11 X Window System client librari=
es m
ii  zlib1g                   1:1.2.3-9       compression library - runtime

mozilla-firefox recommends no packages.

--=20
see shy jo

--45Z9DzgjV8m4Oswq
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)

iD8DBQFDttxGd8HHehbQuO8RAjyFAKDrvfTe7mtP00GlqFTCzX/b7IDYiwCgz2wh
8NRs6SF0tF/ytTq8tLj1tCk=
=8BiX
-----END PGP SIGNATURE-----

--45Z9DzgjV8m4Oswq--

--- End Message ---
--- Begin Message --- 
>From [EMAIL PROTECTED] Sun Feb 05 19:17:44 2006
Received: (at 327549-done) by bugs.debian.org; 6 Feb 2006 03:17:44 +0000
Return-path: <[EMAIL PROTECTED]>
Received: from mailout1.igs.net ([216.58.97.34])
        by spohr.debian.org with esmtp (Exim 4.50)
        id 1F5wsq-0001eR-4F
        for [EMAIL PROTECTED]; Sun, 05 Feb 2006 19:17:44 -0800
Received: from nightcrawler.kuroneko.ca (nightcrawler.kuroneko.ca 
[66.11.161.69])
        by mailout1.igs.net (Postfix) with ESMTP id 574285888
        for <[EMAIL PROTECTED]>; Sun,  5 Feb 2006 22:17:43 -0500 (EST)
Received: by nightcrawler.kuroneko.ca (Postfix, from userid 1000)
        id 181DC198E2A; Sun,  5 Feb 2006 22:17:44 -0500 (EST)
Date: Sun, 5 Feb 2006 22:17:44 -0500
From: Eric Dorland <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: Re: #327549: mozilla-firefox: [CAN-2005-2414] Race condition in the 
xpcom library
Message-ID: <[EMAIL PROTECTED]>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
        protocol="application/pgp-signature"; boundary="aeRBb0cVhgYNXOrs"
Content-Disposition: inline
User-Agent: Mutt/1.5.11+cvs20060126
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 
        (1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level: 
X-Spam-Status: No, hits=-3.0 required=4.0 tests=BAYES_00 autolearn=no 
        version=2.60-bugs.debian.org_2005_01_02


--aeRBb0cVhgYNXOrs
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Version: 1.5.dfsg-1

I can't reproduce this anymore on the sample vulnerability
page. Closing.=20

--=20
Eric Dorland <[EMAIL PROTECTED]>
ICQ: #61138586, Jabber: [EMAIL PROTECTED]
1024D/16D970C6 097C 4861 9934 27A0 8E1C  2B0A 61E9 8ECF 16D9 70C6

-----BEGIN GEEK CODE BLOCK-----
Version: 3.12
GCS d- s++: a-- C+++ UL+++ P++ L++ E++ W++ N+ o K- w+=20
O? M++ V-- PS+ PE Y+ PGP++ t++ 5++ X+ R tv++ b+++ DI+ D+=20
G e h! r- y+=20
------END GEEK CODE BLOCK------

--aeRBb0cVhgYNXOrs
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)

iD8DBQFD5r/XYemOzxbZcMYRAj1NAJ9w/Fc73nui/sqatBtmiZU67Eo1WACggEYs
19lARK+4BJux/roIOaTABv4=
=vc56
-----END PGP SIGNATURE-----

--aeRBb0cVhgYNXOrs--

--- End Message ---

Reply via email to