Your message dated Fri, 25 Mar 2005 12:03:24 -0500
with message-id <[EMAIL PROTECTED]>
and subject line Bug#301243: fixed in mozilla-firefox 1.0.2-1
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 24 Mar 2005 16:28:09 +0000
>From [EMAIL PROTECTED] Thu Mar 24 08:28:09 2005
Return-path: <[EMAIL PROTECTED]>
Received: from moutng.kundenserver.de [212.227.126.173]
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1DEVBo-0000YP-00; Thu, 24 Mar 2005 08:28:09 -0800
Received: from [212.227.126.179] (helo=mrelayng.kundenserver.de)
by moutng.kundenserver.de with esmtp (Exim 3.35 #1)
id 1DEVBo-000131-00
for [EMAIL PROTECTED]; Thu, 24 Mar 2005 17:28:08 +0100
Received: from [195.90.9.8] (helo=anton)
by mrelayng.kundenserver.de with asmtp (Exim 3.35 #1)
id 1DEVBn-0000ru-00
for [EMAIL PROTECTED]; Thu, 24 Mar 2005 17:28:07 +0100
Received: by anton (Postfix, from userid 2028)
id 91676B6EC4; Thu, 24 Mar 2005 17:28:07 +0100 (CET)
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: Moritz Muehlenhoff <[EMAIL PROTECTED]>
To: Debian Bug Tracking System <[EMAIL PROTECTED]>
Subject: [CAN-2005-0399][CAN-2005-0401][CAN-2005-0402] Three security
vulnerabilities
in Firefox 1.0.1
X-Mailer: reportbug 2.26.1.1.200308291454
Date: Thu, 24 Mar 2005 17:28:07 +0100
Message-Id: <[EMAIL PROTECTED]>
X-Provags-ID: kundenserver.de [EMAIL PROTECTED]
auth:4ad79d65ac46f2345c6ef2e856c1d9ef
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE
autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level:
Package: mozilla-firefox
Version: 1.0-2.37.200411220627
Severity: grave
Tags: security
Three security vulnerabilities have been found in Firefox:
I'm write a collective bugreport for all three vulnerabilities, as you'll
they're
all fixed in 1.0.2:
CAN-2005-0399:
An GIF processing error when parsing the obsolete Netscape extension 2 can lead
to
an exploitable heap overrun, allowing an attacker to run arbitrary code on the
user's machine.
CAN-2005-0401:
A malicious page that could lure a user into dragging something (such as a fake
scrollbar) can bypass the restriction on opening privileged XUL. The startup
scripts in the XUL will run with enhanced privilege, though the actions taken
upon merely opening most XUL are benign. So far no way to run arbitrary code
supplied by the attacker has been found, but this could be a stepping-stone to
future attacks.
CAN-2005-0402:
If a user bookmarked a malicious page as a Firefox sidebar panel that page could
execute arbitrary programs by opening a privileged page and injecting javascript
into it.
Cheers,
Moritz
-- System Information:
Debian Release: 3.0
Architecture: i386
Kernel: Linux anton 2.4.29-univention.1 #1 SMP Thu Jan 27 17:08:46 CET 2005 i686
Locale: [EMAIL PROTECTED], [EMAIL PROTECTED]
Versions of packages mozilla-firefox depends on:
ii debianutil 2.5.4.1.200308251040 Miscellaneous utilities specific t
ii fontconfig 2.2.1-2.18.200308310006 generic font configuration library
ii libatk1.0- 1.4.1-1.5.200312191610 The ATK accessibility toolkit
ii libc6 2.3.2-9 GNU C Library: Shared libraries an
ii libfontcon 2.2.1-2.18.200308310006 generic font configuration library
ii libfreetyp 2.1.5-2.3.200310081510 FreeType 2 font engine, shared lib
ii libgcc1 1:3.3.2-0pre4.12.200309291809 GCC support library
ii libglib2.0 2.2.2-1.6.200308220957 The GLib library of C routines
ii libgtk2.0- 2.2.2-2.24.200409211203 The GTK+ graphical user interface
ii libidl0 0.8.2-1.4.200308222135 library for parsing CORBA IDL file
ii libjpeg62 6b-5.4.200308222202 The Independent JPEG Group's JPEG
ii libkrb53 1.3-2.5.200308221740 MIT Kerberos runtime libraries
ii libpango1. 1.2.3-1.15.200408231011 Layout and rendering of internatio
ii libpng12-0 1.2.5.0-8.6.200410161035 PNG library - runtime
ii libstdc++5 1:3.3.2-0pre4.12.200309291809 The GNU Standard C++ Library v3
ii libx11-6 4.3.0-0pre1v5.51.200409211658 X Window System protocol client li
ii libxext6 4.3.0-0pre1v5.51.200409211658 X Window System miscellaneous exte
ii libxft2 2.1.2-6.13.200408230823 FreeType-based font drawing librar
ii libxp6 4.3.0-0pre1v5.51.200409211658 X Window System printing extension
ii libxrender 0.8.2-1.3.200308092126 X Rendering Extension client libra
ii libxt6 4.3.0-0pre1v5.51.200409211658 X Toolkit Intrinsics
ii psmisc 20.2-2.1.2.200308231331 Utilities that use the proc filesy
ii xlibs 4.3.0-0pre1v5.51.200409211658 X Window System client libraries m
ii zlib1g 1:1.2.2-4.15.200501191530 compression library - runtime
-- debconf-show failed
---------------------------------------
Received: (at 301243-close) by bugs.debian.org; 25 Mar 2005 17:23:49 +0000
>From [EMAIL PROTECTED] Fri Mar 25 09:23:49 2005
Return-path: <[EMAIL PROTECTED]>
Received: from newraff.debian.org [208.185.25.31] (mail)
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1DEsXF-0006uo-00; Fri, 25 Mar 2005 09:23:49 -0800
Received: from katie by newraff.debian.org with local (Exim 3.35 1 (Debian))
id 1DEsDU-0005ru-00; Fri, 25 Mar 2005 12:03:24 -0500
From: Eric Dorland <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
X-Katie: $Revision: 1.55 $
Subject: Bug#301243: fixed in mozilla-firefox 1.0.2-1
Message-Id: <[EMAIL PROTECTED]>
Sender: Archive Administrator <[EMAIL PROTECTED]>
Date: Fri, 25 Mar 2005 12:03:24 -0500
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER
autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level:
X-CrossAssassin-Score: 3
Source: mozilla-firefox
Source-Version: 1.0.2-1
We believe that the bug you reported is fixed in the latest version of
mozilla-firefox, which is due to be installed in the Debian FTP archive:
mozilla-firefox-dom-inspector_1.0.2-1_i386.deb
to pool/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.2-1_i386.deb
mozilla-firefox-gnome-support_1.0.2-1_i386.deb
to pool/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.2-1_i386.deb
mozilla-firefox_1.0.2-1.diff.gz
to pool/main/m/mozilla-firefox/mozilla-firefox_1.0.2-1.diff.gz
mozilla-firefox_1.0.2-1.dsc
to pool/main/m/mozilla-firefox/mozilla-firefox_1.0.2-1.dsc
mozilla-firefox_1.0.2-1_i386.deb
to pool/main/m/mozilla-firefox/mozilla-firefox_1.0.2-1_i386.deb
mozilla-firefox_1.0.2.orig.tar.gz
to pool/main/m/mozilla-firefox/mozilla-firefox_1.0.2.orig.tar.gz
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Eric Dorland <[EMAIL PROTECTED]> (supplier of updated mozilla-firefox package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Fri, 25 Mar 2005 02:30:10 -0500
Source: mozilla-firefox
Binary: mozilla-firefox mozilla-firefox-gnome-support
mozilla-firefox-dom-inspector
Architecture: source i386
Version: 1.0.2-1
Distribution: unstable
Urgency: low
Maintainer: Eric Dorland <[EMAIL PROTECTED]>
Changed-By: Eric Dorland <[EMAIL PROTECTED]>
Description:
mozilla-firefox - lightweight web browser based on Mozilla
mozilla-firefox-dom-inspector - tool for inspecting the DOM of pages in
Mozilla Firefox
mozilla-firefox-gnome-support - Support for Gnome in Mozilla Firefox
Closes: 286038 300976 301243
Changes:
mozilla-firefox (1.0.2-1) unstable; urgency=low
.
* New upstream release. Fixes CAN-2005-0399, CAN-2005-0401,
CAN-2005-0402. (Closes: #301243)
* debian/control: Update suggest for xprint rename. (Closes: #300976)
* xpcom/reflect/xptcall/src/md/unix/{Makefile.in,
xptcinvoke_asm_parisc_linux.s, xptcstubs_asm_parisc_linux.s}: Apply
patch from Ivar (Contributed by Randolph Chung) to fix Firefox on
hppa. (Closes: #286038)
Files:
e1b4f4b62371c4246aef9744fc58b3d8 990 web optional mozilla-firefox_1.0.2-1.dsc
629a9bdd1e9fa93808ad951583e2ba39 40204410 web optional
mozilla-firefox_1.0.2.orig.tar.gz
bdda824de7eac4e6757a74d50198f627 219322 web optional
mozilla-firefox_1.0.2-1.diff.gz
85e1236d0088a001e9c129683ea41a83 8877364 web optional
mozilla-firefox_1.0.2-1_i386.deb
8c7cf922fec8ed3821b6a24b7a33a6dd 154084 web optional
mozilla-firefox-dom-inspector_1.0.2-1_i386.deb
36686c83c557675a92fe3d10bdcf5f01 51362 web optional
mozilla-firefox-gnome-support_1.0.2-1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)
iD8DBQFCRD9ZYemOzxbZcMYRAu32AKCbDRtt6rEOshBUj7znDQ11N6hiVgCgnQLJ
mZ6AglUoOvwPuWtKHTWqF5Q=
=wn3Q
-----END PGP SIGNATURE-----
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
