Hello, On Mon, Aug 01, 2005 at 10:03:08PM -0700, Debian Bug Tracking System wrote: > This is an automatic notification regarding your Bug report > #306001: mozilla: CAN-2005-0989, > which was filed against the mozilla package. > > It has been closed by one of the developers, namely > Takuo KITAME <[EMAIL PROTECTED]>. > > Their explanation is attached below. If this explanation is > unsatisfactory and you have not received a better one in a separate > message then please contact the developer, by replying to this email.
I have not received a separat message. > Source: mozilla > Source-Version: 2:1.7.10-1 > > We believe that the bug you reported is fixed in the latest version of > mozilla, which is due to be installed in the Debian FTP archive: > * New upstream release > This release includes some security fixes. (closes: #318062) > - CAN-2005-0989: memory disclosure bug in JavaScript's regular expression > string replacement when using an anonymous function as the replacement > argument (closes: #306001) > - CAN-2005-2270: Code execution through shared function objects > - CAN-2005-2269: XHTML node spoofing > - CAN-2005-2268: Javascript prompt origin spoofing > - CAN-2005-2266: Same origin violation: frame calling top.focus() > - CAN-2005-2265: Possible exploitable crash in InstallVersion.compareTo() > - CAN-2005-2263: Same-origin violation with InstallTrigger callback > - CAN-2005-2261: XML scripts ran even when Javascript disabled > - CAN-2005-2260: Content generated event vulnerabilities It's been a few days since you closed this report; I have not yet seen a DSA for Woody and Sarge. Are they in preparation? Greetings Helge -- Dr. Helge Kreutzmann, Dipl.-Phys. [EMAIL PROTECTED] gpg signed mail preferred 64bit GNU powered http://www.itp.uni-hannover.de/~kreutzm Help keep free software "libre": http://www.ffii.de/
pgpQXns6T7mwi.pgp
Description: PGP signature