Re: libpng graphics library vulnerabilities in old SeaMonkey v2.0.14 web browser?
Robert Kaiser wrote: Rostyslaw Lewyckyj schrieb: Jens Hatlak wrote: ... Yes, as always, all currently known vulnerabilities are fixed in the current stable release, Hmmm. That is quite a broad and strong statement ! :) Well, at least all the ones listed in the list I pointed to. :) Robert Kaiser and, it's quite possible, the vulnerabilities not listed in that list have not been fixed!! -- Daniel ___ support-seamonkey mailing list support-seamonkey@lists.mozilla.org https://lists.mozilla.org/listinfo/support-seamonkey
Re: libpng graphics library vulnerabilities in old SeaMonkey v2.0.14 web browser?
Daniel schrieb: Robert Kaiser wrote: Rostyslaw Lewyckyj schrieb: Jens Hatlak wrote: ... Yes, as always, all currently known vulnerabilities are fixed in the current stable release, Hmmm. That is quite a broad and strong statement ! :) Well, at least all the ones listed in the list I pointed to. :) and, it's quite possible, the vulnerabilities not listed in that list have not been fixed!! If you know any specific one, please let us know. All vulnerability fixes we know of are in 2.7.2, but as always, nobody can know everything. Robert Kaiser ___ support-seamonkey mailing list support-seamonkey@lists.mozilla.org https://lists.mozilla.org/listinfo/support-seamonkey
Re: libpng graphics library vulnerabilities in old SeaMonkey v2.0.14 web browser?
Robert Kaiser wrote: Daniel schrieb: Robert Kaiser wrote: Rostyslaw Lewyckyj schrieb: Jens Hatlak wrote: ... Yes, as always, all currently known vulnerabilities are fixed in the current stable release, Hmmm. That is quite a broad and strong statement ! :) Well, at least all the ones listed in the list I pointed to. :) and, it's quite possible, the vulnerabilities not listed in that list have not been fixed!! If you know any specific one, please let us know. All vulnerability fixes we know of are in 2.7.2, but as always, nobody can know everything. Robert Kaiser And it's always possible that something that's claimed as fixed, really isn't. Or is only partially fixed. Like a leaky pipe patched except for that annoying pin hole. -- Rostyk ___ support-seamonkey mailing list support-seamonkey@lists.mozilla.org https://lists.mozilla.org/listinfo/support-seamonkey
Re: libpng graphics library vulnerabilities in old SeaMonkey v2.0.14 web browser?
Interviewed by CNN on 22/02/2012 11:24, Ant told the world: Hello. In http://www.dslreports.com/forum/r26922231- security forum thread, Libra and I would like to know if Seamonkey 2.0.14 has this libpng graphic vulnerabilities? Thank you in advance. :) Error: Either this forum does not exist, or it is members only! Could you please offer a link to a publicly-available reference to what exactly is this vulnerability? -- MCBastos This message has been protected with the 2ROT13 algorithm. Unauthorized use will be prosecuted under the DMCA. -=-=- ... Sent from my U.S. Robotics Pilot 100. * Added by TagZilla 0.7a1 running on Seamonkey 2.7.2 * Get it at http://xsidebar.mozdev.org/modifiedmailnews.html#tagzilla ___ support-seamonkey mailing list support-seamonkey@lists.mozilla.org https://lists.mozilla.org/listinfo/support-seamonkey
Re: libpng graphics library vulnerabilities in old SeaMonkey v2.0.14 web browser?
On 2/22/2012 5:35 AM PT, MCBastos typed: In http://www.dslreports.com/forum/r26922231- security forum thread, Libra and I would like to know if Seamonkey 2.0.14 has this libpng graphic vulnerabilities? Thank you in advance. :) Error: Either this forum does not exist, or it is members only! Try http://www.dslreports.com/forum/r26922231- or http://preview.tinyurl.com/6u4gxv5 Could you please offer a link to a publicly-available reference to what exactly is this vulnerability? http://blog.mozilla.com/security/2012/02/17/mozilla-releases-to-address-cve-2011-3026/ from last week. -- Left right left right we're army ants. We swarm we fight. We have no home. We roam. We race. You're lucky if we miss your place. --Douglas Florian (The Army Ants Poem) /\___/\ Ant(Dude) @ http://antfarm.ma.cx (Personal Web Site) / /\ /\ \Ant's Quality Foraged Links: http://aqfl.net | |o o| | \ _ /If crediting, then use Ant nickname and AQFL URL/link. ( ) If e-mailing, then axe ANT from its address if needed. Ant is currently not listening to any songs on this computer. ___ support-seamonkey mailing list support-seamonkey@lists.mozilla.org https://lists.mozilla.org/listinfo/support-seamonkey
Re: libpng graphics library vulnerabilities in old SeaMonkey v2.0.14 web browser?
MCBastos wrote: In http://www.dslreports.com/forum/r26922231- security forum thread, Error: Either this forum does not exist, or it is members only! Could you please offer a link to a publicly-available reference to what exactly is this vulnerability? Publicly available here; perhaps you are trying to connect from an IP address associated with something undesirable ? Philip Taylor ___ support-seamonkey mailing list support-seamonkey@lists.mozilla.org https://lists.mozilla.org/listinfo/support-seamonkey
Re: libpng graphics library vulnerabilities in old SeaMonkey v2.0.14 web browser?
Interviewed by CNN on 22/02/2012 12:34, Philip TAYLOR told the world: MCBastos wrote: In http://www.dslreports.com/forum/r26922231- security forum thread, Error: Either this forum does not exist, or it is members only! Could you please offer a link to a publicly-available reference to what exactly is this vulnerability? Publicly available here; perhaps you are trying to connect from an IP address associated with something undesirable ? No, Ant got it -- it's the hyphen at the end, that Seamonkey interprets as NOT being part of the URL (and I never would guess it's supposed to be). -- MCBastos This message has been protected with the 2ROT13 algorithm. Unauthorized use will be prosecuted under the DMCA. -=-=- ... Sent from my Coleco Adam. * Added by TagZilla 0.7a1 running on Seamonkey 2.7.2 * Get it at http://xsidebar.mozdev.org/modifiedmailnews.html#tagzilla ___ support-seamonkey mailing list support-seamonkey@lists.mozilla.org https://lists.mozilla.org/listinfo/support-seamonkey
Re: libpng graphics library vulnerabilities in old SeaMonkey v2.0.14 web browser?
Ant wrote: Hello. In http://www.dslreports.com/forum/r26922231- security forum thread, Libra and I would like to know if Seamonkey 2.0.14 has this libpng graphic vulnerabilities? Thank you in advance. :) I can confirm the vulnerability exists in 2.0.14. We will not be releasing a new version of 2.0.14 to account for it however [2.0.14 is EOL]. For any maintainers of distributions that for one reason or another refuse to update, the patch that landed for current releases looks like it would apply cleanly on that version: http://hg.mozilla.org/releases/mozilla-release/rev/bd611a3115b0 -- ~Justin Wood (Callek) ___ support-seamonkey mailing list support-seamonkey@lists.mozilla.org https://lists.mozilla.org/listinfo/support-seamonkey
Re: libpng graphics library vulnerabilities in old SeaMonkey v2.0.14 web browser?
On 2/22/2012 7:39 AM PT, Justin Wood (Callek) typed: In http://www.dslreports.com/forum/r26922231- security forum thread, Libra and I would like to know if Seamonkey 2.0.14 has this libpng graphic vulnerabilities? I can confirm the vulnerability exists in 2.0.14. We will not be releasing a new version of 2.0.14 to account for it however [2.0.14 is EOL]. For any maintainers of distributions that for one reason or another refuse to update, the patch that landed for current releases looks like it would apply cleanly on that version: http://hg.mozilla.org/releases/mozilla-release/rev/bd611a3115b0 Thanks. :) -- No, I'd prefer a cooler WITHOUT an ant-door, thank you... --unknown /\___/\ Ant(Dude) @ http://antfarm.ma.cx (Personal Web Site) / /\ /\ \Ant's Quality Foraged Links: http://aqfl.net | |o o| | \ _ /If crediting, then use Ant nickname and AQFL URL/link. ( ) If e-mailing, then axe ANT from its address if needed. Ant is currently not listening to any songs on this computer. ___ support-seamonkey mailing list support-seamonkey@lists.mozilla.org https://lists.mozilla.org/listinfo/support-seamonkey
Re: libpng graphics library vulnerabilities in old SeaMonkey v2.0.14 web browser?
Rostyslaw Lewyckyj wrote: But the current version of SM is 2.7.2 Have these vulnerabilities been eliminated IN THE CURRENT VERSION of SM ??? http://www.seamonkey-project.org/releases/seamonkey2.7/changes#fixesP2 https://www.mozilla.org/security/known-vulnerabilities/seamonkey.html It's all there. And if you mean not just the libpng vulnerability but others: Yes, as always, all currently known vulnerabilities are fixed in the current stable release, which is SM 2.7.2 as of now. HTH Jens -- Jens Hatlak http://jens.hatlak.de/ SeaMonkey Trunk Tracker http://smtt.blogspot.com/ ___ support-seamonkey mailing list support-seamonkey@lists.mozilla.org https://lists.mozilla.org/listinfo/support-seamonkey
Re: libpng graphics library vulnerabilities in old SeaMonkey v2.0.14 web browser?
MCBastos wrote: Interviewed by CNN on 22/02/2012 12:34, Philip TAYLOR told the world: MCBastos wrote: In http://www.dslreports.com/forum/r26922231- security forum thread, Error: Either this forum does not exist, or it is members only! Could you please offer a link to a publicly-available reference to what exactly is this vulnerability? Publicly available here; perhaps you are trying to connect from an IP address associated with something undesirable ? No, Ant got it -- it's the hyphen at the end, that Seamonkey interprets as NOT being part of the URL (and I never would guess it's supposed to be). All right, fine. Clicking on the link as posted, when in SM 2.7.2 , is not interpreted correctly by SM! It is interpreted correctly in ATT/YAHOO webmail (being accessed via SM 2.7.2) and possibly when the news article is being read in another reader e.g. I.E. So is this a bug in the SM browser? Has it been entered into BUGZILLA? or is it an already known old bug? -- Rostyk ___ support-seamonkey mailing list support-seamonkey@lists.mozilla.org https://lists.mozilla.org/listinfo/support-seamonkey
Re: libpng graphics library vulnerabilities in old SeaMonkey v2.0.14 web browser?
Jens Hatlak wrote: ... Yes, as always, all currently known vulnerabilities are fixed in the current stable release, HTH Jens Hmmm. That is quite a broad and strong statement ! :) -- Rostyk ___ support-seamonkey mailing list support-seamonkey@lists.mozilla.org https://lists.mozilla.org/listinfo/support-seamonkey
Re: libpng graphics library vulnerabilities in old SeaMonkey v2.0.14 web browser?
Rostyslaw Lewyckyj wrote: MCBastos wrote: Interviewed by CNN on 22/02/2012 12:34, Philip TAYLOR told the world: MCBastos wrote: In http://www.dslreports.com/forum/r26922231- security forum thread, Error: Either this forum does not exist, or it is members only! Could you please offer a link to a publicly-available reference to what exactly is this vulnerability? Publicly available here; perhaps you are trying to connect from an IP address associated with something undesirable ? No, Ant got it -- it's the hyphen at the end, that Seamonkey interprets as NOT being part of the URL (and I never would guess it's supposed to be). All right, fine. Clicking on the link as posted, when in SM 2.7.2 , is not interpreted correctly by SM! It is interpreted correctly in ATT/YAHOO webmail (being accessed via SM 2.7.2) and possibly when the news article is being read in another reader e.g. I.E. So is this a bug in the SM browser? Has it been entered into BUGZILLA? or is it an already known old bug? The link is incomplete in that post, as far as I can see. It should be, and I think I addressed how to get to it in another post. http://www.dslreports.com/forum/r26906111-Mozilla-Security-release-to-fix-libpng-graphics-library-vuln -- SeaMonkey | openSUSE 11.4(x86_64) | Gnome 2.32.1 | 1.8GHz CPU | 2GB RAM Get openSUSE: http://software.opensuse.org/121/en Firefox Support: http://support.mozilla.org Profile Manager: https://developer.mozilla.org/en/Profile_Manager ___ support-seamonkey mailing list support-seamonkey@lists.mozilla.org https://lists.mozilla.org/listinfo/support-seamonkey
Re: libpng graphics library vulnerabilities in old SeaMonkey v2.0.14 web browser?
Rostyslaw Lewyckyj schrieb: Jens Hatlak wrote: ... Yes, as always, all currently known vulnerabilities are fixed in the current stable release, Hmmm. That is quite a broad and strong statement ! :) Well, at least all the ones listed in the list I pointed to. :) Robert Kaiser ___ support-seamonkey mailing list support-seamonkey@lists.mozilla.org https://lists.mozilla.org/listinfo/support-seamonkey
Re: libpng graphics library vulnerabilities in old SeaMonkey v2.0.14 web browser?
WLS wrote: Rostyslaw Lewyckyj wrote: MCBastos wrote: Interviewed by CNN on 22/02/2012 12:34, Philip TAYLOR told the world: MCBastos wrote: In http://www.dslreports.com/forum/r26922231- security forum thread, Error: Either this forum does not exist, or it is members only! Could you please offer a link to a publicly-available reference to what exactly is this vulnerability? Publicly available here; perhaps you are trying to connect from an IP address associated with something undesirable ? No, Ant got it -- it's the hyphen at the end, that Seamonkey interprets as NOT being part of the URL (and I never would guess it's supposed to be). All right, fine. Clicking on the link as posted, when in SM 2.7.2 , is not interpreted correctly by SM! It is interpreted correctly in ATT/YAHOO webmail (being accessed via SM 2.7.2) and possibly when the news article is being read in another reader e.g. I.E. So is this a bug in the SM browser? Has it been entered into BUGZILLA? or is it an already known old bug? The link is incomplete in that post, as far as I can see. It should be, and I think I addressed how to get to it in another post. http://www.dslreports.com/forum/r26906111-Mozilla-Security-release-to-fix-libpng-graphics-library-vuln No. The link in the message is complete. But SM does not pick up the trailing - when you click on the url. All you have to do is to add the missing - at the end of the url (after it fails) and do a carriage return so that SM retries with the corrected url. Or highlight the url including the -, copy it to the clipboard (ctrl-c), and use ctrl-v to enter the full url from the clipboard to the url entry blank. -- Rostyk ___ support-seamonkey mailing list support-seamonkey@lists.mozilla.org https://lists.mozilla.org/listinfo/support-seamonkey
Re: libpng graphics library vulnerabilities in old SeaMonkey v2.0.14 web browser?
On 02/22/2012 08:28 PM, Rostyslaw Lewyckyj wrote: WLS wrote: Rostyslaw Lewyckyj wrote: MCBastos wrote: Interviewed by CNN on 22/02/2012 12:34, Philip TAYLOR told the world: MCBastos wrote: In http://www.dslreports.com/forum/r26922231- security forum thread, Error: Either this forum does not exist, or it is members only! Could you please offer a link to a publicly-available reference to what exactly is this vulnerability? Publicly available here; perhaps you are trying to connect from an IP address associated with something undesirable ? No, Ant got it -- it's the hyphen at the end, that Seamonkey interprets as NOT being part of the URL (and I never would guess it's supposed to be). All right, fine. Clicking on the link as posted, when in SM 2.7.2 , is not interpreted correctly by SM! It is interpreted correctly in ATT/YAHOO webmail (being accessed via SM 2.7.2) and possibly when the news article is being read in another reader e.g. I.E. So is this a bug in the SM browser? Has it been entered into BUGZILLA? or is it an already known old bug? The link is incomplete in that post, as far as I can see. It should be, and I think I addressed how to get to it in another post. http://www.dslreports.com/forum/r26906111-Mozilla-Security-release-to-fix-libpng-graphics-library-vuln No. The link in the message is complete. But SM does not pick up the trailing - when you click on the url. All you have to do is to add the missing - at the end of the url (after it fails) and do a carriage return so that SM retries with the corrected url. Or highlight the url including the -, copy it to the clipboard (ctrl-c), and use ctrl-v to enter the full url from the clipboard to the url entry blank. OK -- Thunderbird Beta | openSUSE 11.4 Linux Get openSUSE: http://software.opensuse.org/121/en Humans aren't a color of skin, a religion, a sex, a sexual orientation, or a flag. We are human beings and that is how we need to see and treat each other. - Justin Sane ___ support-seamonkey mailing list support-seamonkey@lists.mozilla.org https://lists.mozilla.org/listinfo/support-seamonkey
Re: libpng graphics library vulnerabilities in old SeaMonkey v2.0.14 web browser?
On 02/22/2012 05:28 PM, Rostyslaw Lewyckyj wrote: WLS wrote: Rostyslaw Lewyckyj wrote: MCBastos wrote: Interviewed by CNN on 22/02/2012 12:34, Philip TAYLOR told the world: MCBastos wrote: In http://www.dslreports.com/forum/r26922231- security forum thread, Error: Either this forum does not exist, or it is members only! Could you please offer a link to a publicly-available reference to what exactly is this vulnerability? Publicly available here; perhaps you are trying to connect from an IP address associated with something undesirable ? No, Ant got it -- it's the hyphen at the end, that Seamonkey interprets as NOT being part of the URL (and I never would guess it's supposed to be). All right, fine. Clicking on the link as posted, when in SM 2.7.2 , is not interpreted correctly by SM! It is interpreted correctly in ATT/YAHOO webmail (being accessed via SM 2.7.2) and possibly when the news article is being read in another reader e.g. I.E. So is this a bug in the SM browser? Has it been entered into BUGZILLA? or is it an already known old bug? The link is incomplete in that post, as far as I can see. It should be, and I think I addressed how to get to it in another post. http://www.dslreports.com/forum/r26906111-Mozilla-Security-release-to-fix-libpng-graphics-library-vuln No. The link in the message is complete. But SM does not pick up the trailing - when you click on the url. All you have to do is to add the missing - at the end of the url (after it fails) and do a carriage return so that SM retries with the corrected url. Or highlight the url including the -, copy it to the clipboard (ctrl-c), and use ctrl-v to enter the full url from the clipboard to the url entry blank. Or enclose in : http://www.dslreports.com/forum/r26922231- Does that work? ___ support-seamonkey mailing list support-seamonkey@lists.mozilla.org https://lists.mozilla.org/listinfo/support-seamonkey
Re: libpng graphics library vulnerabilities in old SeaMonkey v2.0.14 web browser?
On 02/22/2012 06:31 PM, NoOp wrote: ... Or enclose in : http://www.dslreports.com/forum/r26922231- Does that work? But that probably wouldn't work on a url that wraps. Such as: http://www.ifixit.com/Guide/iPod-Touch-2nd-Generation-Battery-Replacement/1131/1 The URL on the newsgroup shows: http://www.ifixit.com/Guide/iPod-Touch-2nd-Generation-Battery-Replacemen t/1131/1 ___ support-seamonkey mailing list support-seamonkey@lists.mozilla.org https://lists.mozilla.org/listinfo/support-seamonkey