Your message dated Mon, 24 Nov 2008 06:47:19 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#505557: fixed in iceweasel 3.0.4-1
has caused the Debian Bug report #505557,
regarding Mozilla Firefox 3 Multiple Vulnerabilities
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [EMAIL PROTECTED]
immediately.)
--
505557: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=505557
Debian Bug Tracking System
Contact [EMAIL PROTECTED] with problems
--- Begin Message ---
Package: iceweasel
Version: 3.0.3-3
Severity: critical
Tags: security
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
The following SA (Secunia Advisory) id was published for Firefox 3.
SA32713[1]
Description:
Some vulnerabilities have been reported in Mozilla Firefox, which can be
exploited by malicious people to disclose sensitive information, bypass
certain security restrictions, or compromise a user's system.
1) An error when processing "file:" URIs can be exploited to execute
arbitrary JavaScript code with chrome privileges by tricking a user into
opening a malicious local file in a tab previously opened for a
"chrome:" document or a privileged "about:" URI.
2) Various errors in the layout engine can be exploited to cause memory
corruptions and potentially execute arbitrary code.
3) An error in the browser engine can be exploited to cause a crash.
For more information see vulnerability #5 in:
SA32693
4) An error in the JavaScript engine can be exploited to cause a memory
corruption and potentially execute arbitrary code.
5) An error in the browser's restore feature can be exploited to violate
the same-origin policy.
For more information see vulnerability #7 in:
SA32693
6) An error in the processing of the "http-index-format" MIME type can
be exploited to execute arbitrary code.
For more information see vulnerability #8 in:
SA32693
7) An error in the DOM constructing code can be exploited to dereference
uninitialized memory and potentially execute arbitrary code:
For more information see vulnerability #9 in:
SA32693
8) An error in "nsXMLHttpRequest::NotifyEventListeners()" can be
exploited to bypass certain security restrictions.
For more information see vulnerability #10 in:
SA32693
9) An error can be exploited to manipulate signed JAR files and execute
arbitrary JavaScript code in the context of another site.
For more information see vulnerability #11 in:
SA32693
10) An error exists when parsing E4X documents can be exploited to
inject arbitrary XML code.
For more information see vulnerability #12 in:
SA32693
The vulnerabilities are reported in versions prior to 3.0.4.
Solution:
Update to version 3.0.4.
CVE reference:
CVE-2008-0017
CVE-2008-5015
CVE-2008-5016
CVE-2008-5017
CVE-2008-5018
CVE-2008-5019
CVE-2008-5021
CVE-2008-5022
CVE-2008-5023
CVE-2008-5024
If you fix the vulnerability please also make sure to include the the CVE id in
the changelog entry.
[1]http://secunia.com/advisories/32713/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkkcOQkACgkQNxpp46476arZ+QCfZ9MG8NFbSAMAXKBnB/Lx5BWn
6woAoJ99q6HGzMo1XWDCrNh9swljrkO3
=U3tk
-----END PGP SIGNATURE-----
--- End Message ---
--- Begin Message ---
Source: iceweasel
Source-Version: 3.0.4-1
We believe that the bug you reported is fixed in the latest version of
iceweasel, which is due to be installed in the Debian FTP archive:
iceweasel-dbg_3.0.4-1_amd64.deb
to pool/main/i/iceweasel/iceweasel-dbg_3.0.4-1_amd64.deb
iceweasel-gnome-support_3.0.4-1_all.deb
to pool/main/i/iceweasel/iceweasel-gnome-support_3.0.4-1_all.deb
iceweasel_3.0.4-1.diff.gz
to pool/main/i/iceweasel/iceweasel_3.0.4-1.diff.gz
iceweasel_3.0.4-1.dsc
to pool/main/i/iceweasel/iceweasel_3.0.4-1.dsc
iceweasel_3.0.4-1_amd64.deb
to pool/main/i/iceweasel/iceweasel_3.0.4-1_amd64.deb
iceweasel_3.0.4.orig.tar.gz
to pool/main/i/iceweasel/iceweasel_3.0.4.orig.tar.gz
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Eric Dorland <[EMAIL PROTECTED]> (supplier of updated iceweasel package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Sun, 23 Nov 2008 01:32:40 -0500
Source: iceweasel
Binary: iceweasel iceweasel-gnome-support iceweasel-dbg
Architecture: source all amd64
Version: 3.0.4-1
Distribution: unstable
Urgency: low
Maintainer: Eric Dorland <[EMAIL PROTECTED]>
Changed-By: Eric Dorland <[EMAIL PROTECTED]>
Description:
iceweasel - lightweight web browser based on Mozilla
iceweasel-dbg - debugging symbols for iceweasel
iceweasel-gnome-support - Support for GNOME in Iceweasel
Closes: 451943 492286 495897 499346 503595 505557
Changes:
iceweasel (3.0.4-1) unstable; urgency=low
.
* New upstream release. (Closes: #505557)
.
[ Mike Hommey ]
* debian/iceweasel-gnome-support.postinst,
debian/iceweasel-gnome-support.prerm: Handle gnome-www-browser alternative.
Restored from 3.0~b5-3. Closes: #492286.
* debian/branding/locales/browserconfig.properties: Change the homepage to
about:. Closes: #499346
* browser/branding/unofficial/locales/browserconfig.properties: Revert
previous change, this is not the installed file.
* debian/homepagereset.js: Force homepage reset if it was previously set to
the granparadiso homepage.
* debian/iceweasel-restart-required.update-notifier: Added japanese
translation. Thanks Hideki Yamane. Closes: #503595.
* browser/components/shell/src/nsGNOMEShellService.cpp: Fix various problems
in the handling of GNOME background color. Closes: #495897.
.
[ Eric Dorland ]
* debian/iceweasel.desktop: Just specify "iceweasel" as the icon, so it
can pick the scalable one under certain circumstances. (Closes:
#451943)
Checksums-Sha1:
ed0bf8de2fd0d4b1c8512b2063efd93786b34e83 1351 iceweasel_3.0.4-1.dsc
0e20deeec3c1dc469e028a9eb60940ced0d27e48 43490007 iceweasel_3.0.4.orig.tar.gz
ef9501a6ac072d4a654c97e9ec8173930668e038 161939 iceweasel_3.0.4-1.diff.gz
3fe4359edaed462121bed27c3144bbcf7adf36ac 68952
iceweasel-gnome-support_3.0.4-1_all.deb
1a50de1307e5491aebc15f29f6426d9063c33736 1144652 iceweasel_3.0.4-1_amd64.deb
309a7087fc34194fba4ddfaa70fcc43cff1a1ede 430844 iceweasel-dbg_3.0.4-1_amd64.deb
Checksums-Sha256:
bbdfe73972e2c4a77682695c1419ecc7e65f0ea0697e08979adfb2cb60394f66 1351
iceweasel_3.0.4-1.dsc
81a32d621a2110a40453f355e9ac4256c5576d3a455c503d990501ff038f9262 43490007
iceweasel_3.0.4.orig.tar.gz
1ef7fb478394b6dbccb0e76e395904b8f8c05bfce5aa92a6021bb079c883d983 161939
iceweasel_3.0.4-1.diff.gz
c120b023fb4f92bb5d480a01dfb324d8e84f1ee4ad97dd033abc0c6b44a76333 68952
iceweasel-gnome-support_3.0.4-1_all.deb
7de685e16201d3dbbdbfd874109190b730b78f4bc8a2c28a8382d7c791df0923 1144652
iceweasel_3.0.4-1_amd64.deb
d069922e66f5adb4a6c24c41b0d4a294ee52a5f65477719d7155fe5629d61b67 430844
iceweasel-dbg_3.0.4-1_amd64.deb
Files:
30d002c2df34a5ed8da2617088c28b59 1351 web optional iceweasel_3.0.4-1.dsc
ee064c069d4310e404c3c1054de531b9 43490007 web optional
iceweasel_3.0.4.orig.tar.gz
0be11d72f23033084b86e4815779ea7b 161939 web optional iceweasel_3.0.4-1.diff.gz
9ae229b7112c3b5c12fb8060ad68f3e2 68952 gnome optional
iceweasel-gnome-support_3.0.4-1_all.deb
0085f962d8045c84b9a8deae06291a83 1144652 web optional
iceweasel_3.0.4-1_amd64.deb
a6935c1bbffb7cb1de9f8c37e46ddc40 430844 devel extra
iceweasel-dbg_3.0.4-1_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFJKkj4YemOzxbZcMYRApHUAKCNrc0DDyoWvegnnN/NfPfjyQvpZQCgpt12
FeX/LJJ9XH+l3iu3S/nAvh8=
=u7kz
-----END PGP SIGNATURE-----
--- End Message ---
