Hello, On Mon, Aug 01, 2005 at 10:03:08PM -0700, Debian Bug Tracking System wrote: > This is an automatic notification regarding your Bug report > #306001: mozilla: CAN-2005-0989, > which was filed against the mozilla package. > > It has been closed by one of the developers, namely > Takuo KITAME <[EMAIL PROTECTED]>. > > Their explanation is attached below. If this explanation is > unsatisfactory and you have not received a better one in a separate > message then please contact the developer, by replying to this email.
I have not received a separat message.
> Source: mozilla
> Source-Version: 2:1.7.10-1
>
> We believe that the bug you reported is fixed in the latest version of
> mozilla, which is due to be installed in the Debian FTP archive:
> * New upstream release
> This release includes some security fixes. (closes: #318062)
> - CAN-2005-0989: memory disclosure bug in JavaScript's regular expression
> string replacement when using an anonymous function as the replacement
> argument (closes: #306001)
> - CAN-2005-2270: Code execution through shared function objects
> - CAN-2005-2269: XHTML node spoofing
> - CAN-2005-2268: Javascript prompt origin spoofing
> - CAN-2005-2266: Same origin violation: frame calling top.focus()
> - CAN-2005-2265: Possible exploitable crash in InstallVersion.compareTo()
> - CAN-2005-2263: Same-origin violation with InstallTrigger callback
> - CAN-2005-2261: XML scripts ran even when Javascript disabled
> - CAN-2005-2260: Content generated event vulnerabilities
It's been a few days since you closed this report; I have not yet seen
a DSA for Woody and Sarge. Are they in preparation?
Greetings
Helge
--
Dr. Helge Kreutzmann, Dipl.-Phys. [EMAIL PROTECTED]
gpg signed mail preferred
64bit GNU powered http://www.itp.uni-hannover.de/~kreutzm
Help keep free software "libre": http://www.ffii.de/
pgpQXns6T7mwi.pgp
Description: PGP signature
