Your message dated Thu, 30 Mar 2006 00:47:20 -0800
with message-id <[EMAIL PROTECTED]>
and subject line Bug#327452: fixed in mozilla-firefox 1.0.4-2sarge5
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
Package: mozilla-firefox
Version: 1.0.4-2sarge3
Severity: critical
Tags: security patch
a security issue has been discovered. A workaround fix is available from
the bug report. This applies to sarge/unstable and experimental version
of firefox.
The issue is named: CAN-2005-2871
MFSA id is still missing.
The upstream bug report is: #307259.
A patch for aviary branch and HEAD is attached to the bugzilla bug.
--- End Message ---
--- Begin Message ---
Source: mozilla-firefox
Source-Version: 1.0.4-2sarge5
We believe that the bug you reported is fixed in the latest version of
mozilla-firefox, which is due to be installed in the Debian FTP archive:
mozilla-firefox-dom-inspector_1.0.4-2sarge5_i386.deb
to
pool/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge5_i386.deb
mozilla-firefox-gnome-support_1.0.4-2sarge5_i386.deb
to
pool/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge5_i386.deb
mozilla-firefox_1.0.4-2sarge5.diff.gz
to pool/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge5.diff.gz
mozilla-firefox_1.0.4-2sarge5.dsc
to pool/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge5.dsc
mozilla-firefox_1.0.4-2sarge5_i386.deb
to pool/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge5_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Eric Dorland <[EMAIL PROTECTED]> (supplier of updated mozilla-firefox package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Sun, 25 Sep 2005 02:32:14 -0400
Source: mozilla-firefox
Binary: mozilla-firefox mozilla-firefox-gnome-support
mozilla-firefox-dom-inspector
Architecture: source i386
Version: 1.0.4-2sarge5
Distribution: stable-security
Urgency: critical
Maintainer: Eric Dorland <[EMAIL PROTECTED]>
Changed-By: Eric Dorland <[EMAIL PROTECTED]>
Description:
mozilla-firefox - lightweight web browser based on Mozilla
mozilla-firefox-dom-inspector - tool for inspecting the DOM of pages in
Mozilla Firefox
mozilla-firefox-gnome-support - Support for Gnome in Mozilla Firefox
Closes: 327452
Changes:
mozilla-firefox (1.0.4-2sarge5) stable-security; urgency=critical
.
* Fixes for MFSA-2005-58 taken from CVS, which comprises the following
issues (Thanks to Alexander Sack and Noah Meyerhans):
* layout/html/base/src/nsTextTransformer.cpp,
content/shared/src/nsBidiUtils.cpp: Fix for "Crash on 'zero-width
non-joiner' sequence", aka CAN-2005-2702, bz#296134.
* netwerk/protocol/http/src/nsHttpChannel.cpp,
extensions/xmlextras/base/src/nsXMLHttpRequest.cpp: Fix for
"XMLHttpRequest header spoofing", aka CAN-2005-2703, bz#297078 and
bz#302263.
* content/xbl/src/nsXBLContentSink.cpp: Fix for "Object spoofing using
XBL <implements>", aka CAN-2005-2704, bz#299518.
* modules/libpr0n/decoders/xbm/nsXBMDecoder.h,
modules/libpr0n/decoders/xbm/nsXBMDecoder.cpp: Fix for "Heap overrun
in XBM image processing", aka CAN-2005-2701, bz#300936.
* dom/src/base/nsGlobalWindow.h, dom/src/base/nsGlobalWindow.cpp,
embedding/components/windowwatcher/public/nsIWindowWatcher.idl,
embedding/components/windowwatcher/public/nsPIWindowWatcher.idl: Fix
for "Chrome window spoofing", aka CAN-2005-2707, bz#306804.
* js/src/jsstr.c: Fix "JavaScript integer overflow", aka CAN-2005-2705,
bz#303213.
* netwerk/protocol/about/src/nsAboutRedirector.cpp,
caps/src/nsScriptSecurityManager.cpp: Fix for "Privilege escalation
using about: scheme", aka CAN-2005-2706, bz#304754 and bz#306261.
.
* netwerk/base/src/nsStandardURL.h, netwerk/base/src/nsStandardURL.cpp:
Fix for MFSA-2005-57 "IDN heap overrun", aka CAN-2005-2871. This is a
better fix than was provided in 1.0.4-2sarge4. (Closes: #327452)
.
* browser/app/mozilla.in, webshell/tests/viewer/mozilla-viewer.sh,
xpfe/bootstrap/mozilla.in: Fix for MFSA-2005-59 " Command-line
handling on Linux allows shell execution", aka CAN-2005-2968,
bz#307185. The Debian packages do not use these scripts so is not
affected by this advisory, but the files are in the source package, so
better safe than sorry.
Files:
bf9cf2b7106335cccc2afb10f6386c57 1001 web optional
mozilla-firefox_1.0.4-2sarge5.dsc
d3f81e09a762be3c51aa20655ada5d32 332598 web optional
mozilla-firefox_1.0.4-2sarge5.diff.gz
795a6aa3ca33a5e328e863612ceb0ac3 8891730 web optional
mozilla-firefox_1.0.4-2sarge5_i386.deb
5e5d92e6c30a1d677edcc2fd9beb1861 157566 web optional
mozilla-firefox-dom-inspector_1.0.4-2sarge5_i386.deb
885991c2f4580f06f12ba1cc6ff456ac 54820 web optional
mozilla-firefox-gnome-support_1.0.4-2sarge5_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
iD8DBQFDNllfYemOzxbZcMYRAo2AAKC0IxS9kX+Luz6i/n9DSZ7syBo7swCgiKiE
z5Tu07Zf2DWrG481ChTuTpA=
=RwAR
-----END PGP SIGNATURE-----
--- End Message ---
