Your message dated Thu, 01 Nov 2007 15:48:23 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#447734: fixed in xulrunner 1.8.1.9-1
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
Package: libxul0d
Version: 1.8.1.6-1
Severity: grave
Tags: security
Justification: user security hole
Although <http://security-tracker.debian.net/tracker/CVE-2007-5339>
states that no packages in unstable are vulnerable to this bug, I just
tested Epiphany against it at <http://bcheck.scanit.be/bcheck/> and it
managed to crash my browser.
-- System Information:
Debian Release: 4.0
APT prefers stable
APT policy: (540, 'stable'), (520, 'testing'), (510, 'unstable'), (1,
'experimental')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.22-2-k7
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Versions of packages libxul0d depends on:
ii libatk1.0-0 1.20.0-1 The ATK accessibility toolkit
ii libc6 2.6.1-1+b1 GNU C Library: Shared libraries
ii libcairo2 1.4.10-1 The Cairo 2D vector graphics libra
ii libfontconfig1 2.4.2-1.2 generic font configuration library
ii libfreetype6 2.3.5-1+b1 FreeType 2 font engine, shared lib
ii libgcc1 1:4.2.2-3 GCC support library
ii libglib2.0-0 2.14.1-5 The GLib library of C routines
ii libgtk2.0-0 2.12.1-1 The GTK+ graphical user interface
ii libhunspell-1.1-0 1.1.9-1 spell checker and morphological an
ii libjpeg62 6b-13 The Independent JPEG Group's JPEG
ii libmozjs0d 1.8.1.6-1 The Mozilla SpiderMonkey JavaScrip
ii libnspr4-0d 4.6.7-1 NetScape Portable Runtime Library
ii libnss3-0d 3.11.7-1 Network Security Service libraries
ii libpango1.0-0 1.18.2-1 Layout and rendering of internatio
ii libpng12-0 1.2.15~beta5-1 PNG library - runtime
ii libstdc++6 4.2.2-3 The GNU Standard C++ Library v3
ii libx11-6 2:1.0.3-7 X11 client-side library
ii libxft2 2.1.12-2 FreeType-based font drawing librar
ii libxinerama1 1:1.0.2-1 X11 Xinerama extension library
ii libxrender1 1:0.9.4-1 X Rendering Extension client libra
ii libxt6 1:1.0.2-2 X11 toolkit intrinsics library
ii libxul-common 1.8.1.6-1 Gecko engine library - common file
ii zlib1g 1:1.2.3.3.dfsg-6 compression library - runtime
libxul0d recommends no packages.
-- no debconf information
--- End Message ---
--- Begin Message ---
Source: xulrunner
Source-Version: 1.8.1.9-1
We believe that the bug you reported is fixed in the latest version of
xulrunner, which is due to be installed in the Debian FTP archive:
libmozillainterfaces-java_1.8.1.9-1_all.deb
to pool/main/x/xulrunner/libmozillainterfaces-java_1.8.1.9-1_all.deb
libmozjs-dev_1.8.1.9-1_all.deb
to pool/main/x/xulrunner/libmozjs-dev_1.8.1.9-1_all.deb
libmozjs0d-dbg_1.8.1.9-1_i386.deb
to pool/main/x/xulrunner/libmozjs0d-dbg_1.8.1.9-1_i386.deb
libmozjs0d_1.8.1.9-1_i386.deb
to pool/main/x/xulrunner/libmozjs0d_1.8.1.9-1_i386.deb
libxul-common_1.8.1.9-1_all.deb
to pool/main/x/xulrunner/libxul-common_1.8.1.9-1_all.deb
libxul-dev_1.8.1.9-1_all.deb
to pool/main/x/xulrunner/libxul-dev_1.8.1.9-1_all.deb
libxul0d-dbg_1.8.1.9-1_i386.deb
to pool/main/x/xulrunner/libxul0d-dbg_1.8.1.9-1_i386.deb
libxul0d_1.8.1.9-1_i386.deb
to pool/main/x/xulrunner/libxul0d_1.8.1.9-1_i386.deb
python-xpcom_1.8.1.9-1_i386.deb
to pool/main/x/xulrunner/python-xpcom_1.8.1.9-1_i386.deb
spidermonkey-bin_1.8.1.9-1_i386.deb
to pool/main/x/xulrunner/spidermonkey-bin_1.8.1.9-1_i386.deb
xulrunner-gnome-support_1.8.1.9-1_i386.deb
to pool/main/x/xulrunner/xulrunner-gnome-support_1.8.1.9-1_i386.deb
xulrunner_1.8.1.9-1.diff.gz
to pool/main/x/xulrunner/xulrunner_1.8.1.9-1.diff.gz
xulrunner_1.8.1.9-1.dsc
to pool/main/x/xulrunner/xulrunner_1.8.1.9-1.dsc
xulrunner_1.8.1.9-1_i386.deb
to pool/main/x/xulrunner/xulrunner_1.8.1.9-1_i386.deb
xulrunner_1.8.1.9.orig.tar.gz
to pool/main/x/xulrunner/xulrunner_1.8.1.9.orig.tar.gz
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Mike Hommey <[EMAIL PROTECTED]> (supplier of updated xulrunner package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Thu, 01 Nov 2007 12:52:17 +0100
Source: xulrunner
Binary: libmozjs0d-dbg xulrunner-gnome-support libmozjs0d libxul0d-dbg
libmozjs-dev python-xpcom xulrunner libxul-common libmozillainterfaces-java
spidermonkey-bin libxul-dev libxul0d
Architecture: source i386 all
Version: 1.8.1.9-1
Distribution: unstable
Urgency: low
Maintainer: Mike Hommey <[EMAIL PROTECTED]>
Changed-By: Mike Hommey <[EMAIL PROTECTED]>
Description:
libmozillainterfaces-java - XPCOM bindings for Java
libmozjs-dev - Development files for the Mozilla SpiderMonkey JavaScript
library
libmozjs0d - The Mozilla SpiderMonkey JavaScript library
libmozjs0d-dbg - Development files for the Mozilla SpiderMonkey JavaScript
library
libxul-common - Gecko engine library - common files
libxul-dev - Development files for the Gecko engine library
libxul0d - Gecko engine library
libxul0d-dbg - Development files for the Gecko engine library
python-xpcom - XPCOM bindings for Python
spidermonkey-bin - standalone JavaScript/ECMAScript (ECMA-262) interpreter
xulrunner - XUL + XPCOM application runner
xulrunner-gnome-support - Support for Gnome in xulrunner applications
Closes: 431483 435689 441511 447734
Changes:
xulrunner (1.8.1.9-1) unstable; urgency=low
.
* New security/stability upstream release (taken from upstream CVS)
+ xpidl produces proper java file names. Closes: #435689.
* Fixes mfsa-2007-29 to mfsa-2007-36, also known as CVE-2007-1095,
CVE-2007-2292, CVE-2006-2894, CVE-2007-3511, CVE-2007-4841,
CVE-2007-5334, CVE-2007-5337, CVE-2007-5338, CVE-2007-5339,
CVE-2007-5340. Closes: #447734.
* debian/remove.nonfree: Remove some more object files.
* debian/control: Remove build dependency on ecj-bootstrap, as it doesn't
exist anymore, and is not useful nowadays. Closes: #441511.
* debian/patches/99_configure.dpatch: Updated.
* debian/patches/35_python_2.5.dpatch: Fix FTBFS with python 2.5. Thanks
Alexander Sack. Closes: #431483.
* debian/patches/10_gdkpango_system_wrapper.dpatch: Create a system wrapper
for gdkpango.h to avoid FTBFS because of default visibility.
* debian/patches/00list: Updated accordingly.
Files:
3f0b5aa757a5ad32efe4fd7b6fb65f7e 1220 devel optional xulrunner_1.8.1.9-1.dsc
b960c8616245ed56e0e42b3737ab6cb7 40295272 devel optional
xulrunner_1.8.1.9.orig.tar.gz
82ee44ac31f7a1933dd1f9610fa7cdf4 129124 devel optional
xulrunner_1.8.1.9-1.diff.gz
b24ae9684232a56b691fef32cf7565bb 190272 libdevel optional
libmozjs-dev_1.8.1.9-1_all.deb
e9b31ec42589b843ba72c4917af9ef54 1165518 libs optional
libxul-common_1.8.1.9-1_all.deb
372953db3278eb46960e6d98e254ae38 2794198 libdevel optional
libxul-dev_1.8.1.9-1_all.deb
6973462e58b948b8e902efb81951b714 1322966 libdevel extra
libmozillainterfaces-java_1.8.1.9-1_all.deb
e21b7c11f3a870370b1b555110dc7f6d 277132 devel optional
xulrunner_1.8.1.9-1_i386.deb
2b85e8d8917dd85ee6e1513612fd0703 64330 devel optional
xulrunner-gnome-support_1.8.1.9-1_i386.deb
1ec83feff87b1eaf89b82a3dc694fcdd 360672 libs optional
libmozjs0d_1.8.1.9-1_i386.deb
3af5412221e859e5f8c4e548d96c6c80 808392 libdevel extra
libmozjs0d-dbg_1.8.1.9-1_i386.deb
97953682acb95f34fb388369913720f5 54044 interpreters optional
spidermonkey-bin_1.8.1.9-1_i386.deb
52601c312c863ee661813625ee264b04 5542474 libs optional
libxul0d_1.8.1.9-1_i386.deb
bada26872eeea7d0df9cb66bf2b1f7fc 46821288 libdevel extra
libxul0d-dbg_1.8.1.9-1_i386.deb
cfcdbaf4533d6af89f428060c35ce720 118568 python extra
python-xpcom_1.8.1.9-1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFHKeMi3kvaLFT9KlgRAjn6AJ9ADEbSGnkl+fJyP/O8haxSmGcNQwCfXEp1
98oH6DWAsN0S5PoKSDcAt4g=
=aNT7
-----END PGP SIGNATURE-----
--- End Message ---