Your message dated Mon, 13 Jun 2016 13:46:15 +0200
with message-id <[email protected]>
and subject line Re: iceweasel: WebM loading crashes iceweasel
has caused the Debian Bug report #770490,
regarding iceweasel: WebM loading crashes iceweasel
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
770490: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=770490
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: iceweasel
Version: 31.2.0esr-3
Severity: grave
Tags: security
Justification: user security hole
Dear Maintainer,
I loaded the attached video. This crashed iceweasel with the following message:
> out of memory: 0x00000000FFFFFFFF bytes requested
> Segmentation fault
I am concerned this could be exploitable.
-- Package-specific info:
-- Addons package information
-- System Information:
Debian Release: jessie/sid
APT prefers testing
APT policy: (500, 'testing')
Architecture: i386 (i686)
Kernel: Linux 3.13-1-686-pae (SMP w/1 CPU core)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages iceweasel depends on:
ii debianutils 4.4
ii fontconfig 2.11.0-6.1
ii libasound2 1.0.28-1
ii libatk1.0-0 2.14.0-1
ii libc6 2.19-11
ii libcairo2 1.12.16-2
ii libdbus-1-3 1.8.8-1+b1
ii libdbus-glib-1-2 0.102-1
ii libevent-2.0-5 2.0.21-stable-1.1
ii libffi6 3.1-2
ii libfontconfig1 2.11.0-6.1
ii libfreetype6 2.5.2-2
ii libgcc1 1:4.9.1-16
ii libgdk-pixbuf2.0-0 2.30.8-1
ii libglib2.0-0 2.42.0-2
ii libgtk2.0-0 2.24.24-1
ii libhunspell-1.3-0 1.3.3-2
ii libnspr4 2:4.10.7-1
ii libnss3 2:3.17.1-1
ii libpango-1.0-0 1.36.8-2
ii libsqlite3-0 3.8.6-1
ii libstartup-notification0 0.12-4
ii libstdc++6 4.9.1-16
ii libvpx1 1.3.0-2.1
ii libx11-6 2:1.6.2-3
ii libxext6 2:1.3.2-1
ii libxrender1 1:0.9.8-1
ii libxt6 1:1.1.4-1
ii procps 2:3.3.9-8
ii zlib1g 1:1.2.8.dfsg-2
iceweasel recommends no packages.
Versions of packages iceweasel suggests:
pn fonts-mathjax <none>
pn fonts-oflb-asana-math <none>
pn fonts-stix | otf-stix <none>
ii libcanberra0 0.30-2.1
ii libgnomeui-0 2.24.5-3
ii libgssapi-krb5-2 1.12.1+dfsg-10
pn mozplugger <none>
-- no debconf information
SHUT-IT-DOWN.webm
Description: video/webm
--- End Message ---
--- Begin Message ---
Version: 35.0-1
On Fri, Nov 21, 2014 at 08:13:17PM +0100, Nils Dagsson Moskopp wrote:
> Package: iceweasel
> Version: 31.2.0esr-3
> Followup-For: Bug #770490
>
> Related Mozilla bug: <https://bugzilla.mozilla.org/show_bug.cgi?id=1090405>
Fixed in 35.
--- End Message ---
