Bug #13406 “[Warty] CAN-2005-0592 Heap-based buffer overflow in ...” : Bugs : mozilla package : Ubuntu

Revision history for this message

Debian Bug Importer (debzilla) wrote on 2005-03-01:

#1

Automatically imported from Debian bug report #297619 http://bugs.debian.org/297619

Revision history for this message

Debian Bug Importer (debzilla) wrote on 2005-03-01:

#2

Message-ID: <email address hidden>
Date: Tue, 1 Mar 2005 14:59:59 -0500
From: Joey Hess <email address hidden>
To: Debian Bug Tracking System <email address hidden>
Subject: CAN-2005-0592 Heap-based buffer overflow in the UTF8ToNewUnicode function

--GvXjxJ+pjyke8COw
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Package: mozilla-browser
Version: 2:1.7.5-1
Severity: grave
Tags: security

Please see http://www.mozilla.org/security/announce/mfsa2005-15.html; I
have not verified but since our mozilla is before the 1.7.6 upstream
that fixed this bug, I guess we're vulnerable to it.=20

Please refer to CAN-2005-0592 in any changelog entries regarding this
hole.

-- System Information:
Debian Release: 3.1
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.4.27
Locale: LANG=3Den_US.UTF-8, LC_CTYPE=3Den_US.UTF-8 (charmap=3DUTF-8)

Versions of packages mozilla-browser ii debconf 1.4.46 t sy
ii libatk1.0-0 1.8.0-4 ii libc6 2.3.2.ds1-20 s an
ii libfontconfig1 2.2.3-4 rary
ii libfreetype6 2.1.7-2.3 lib
ii libgcc1 1:3.4.3-9 ii libglib2.0-0 2.6.3-1 ii libgtk2.0-0 2.6.2-3 ace=20
ii libnspr4 2:1.7.5-1 ary
ii libpango1.0-0 1.8.0-3 atio
ii libstdc++5 1:3.3.5-8 ii libx11-6 t li
ii libxext6 exte
ii libxft2 2.1.2-6 brar
ii libxp6 sion
ii libxrender1 0.8.3-7 ibra
ii libxt6 ii psmisc 21.5-1 lesy
ii xlibs 4.3.0.dfsg.1-12 figu
ii zlib1g 1:1.2.2-4 depends on:
Debian configuration managemen=
The ATK accessibility toolkit
GNU C Library: Shared librarie=
generic font configuration lib=
FreeType 2 font engine, shared=
GCC support library
The GLib library of C routines
The GTK+ graphical user interf=
Netscape Portable Runtime Libr=
Layout and rendering of intern=
The GNU Standard C++ Library v3
4.3.0.dfsg.1-12.0.1 X Window System protocol clien=
4.3.0.dfsg.1-12.0.1 X Window System miscellaneous =
FreeType-based font drawing li=
4.3.0.dfsg.1-12.0.1 X Window System printing exten=
X Rendering Extension client l=
4.3.0.dfsg.1-12.0.1 X Toolkit Intrinsics
Utilities that use the proc fi=
X Keyboard Extension (XKB) con=
compression library - runtime

-- debconf information excluded

--=20
see shy jo

--GvXjxJ+pjyke8COw
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)

iD8DBQFCJMm/d8HHehbQuO8RAjACAKCd3O7uH+EgpqMYxjgO7Mxc8HurIgCfZQLV
8eepr+E4nw95XjrWHN1lCc4=
=2cW+
-----END PGP SIGNATURE-----

--GvXjxJ+pjyke8COw--

Message-ID: <20050301195959.GA4628@kitenet.net>
Date: Tue, 1 Mar 2005 14:59:59 -0500
From: Joey Hess <joeyh@debian.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: CAN-2005-0592 Heap-based buffer overflow in the UTF8ToNewUnicode function

--GvXjxJ+pjyke8COw
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Package: mozilla-browser
Version: 2:1.7.5-1
Severity: grave
Tags: security

Please see http://www.mozilla.org/security/announce/mfsa2005-15.html; I
have not verified but since our mozilla is before the 1.7.6 upstream
that fixed this bug, I guess we're vulnerable to it.=20

Please refer to CAN-2005-0592 in any changelog entries regarding this
hole.

-- System Information:
Debian Release: 3.1
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.4.27
Locale: LANG=3Den_US.UTF-8, LC_CTYPE=3Den_US.UTF-8 (charmap=3DUTF-8)

Versions of packages mozilla-browser depends on:
ii  debconf              1.4.46              Debian configuration managemen=
t sy
ii  libatk1.0-0          1.8.0-4             The ATK accessibility toolkit
ii  libc6                2.3.2.ds1-20        GNU C Library: Shared librarie=
s an
ii  libfontconfig1       2.2.3-4             generic font configuration lib=
rary
ii  libfreetype6         2.1.7-2.3           FreeType 2 font engine, shared=
 lib
ii  libgcc1              1:3.4.3-9           GCC support library
ii  libglib2.0-0         2.6.3-1             The GLib library of C routines
ii  libgtk2.0-0          2.6.2-3             The GTK+ graphical user interf=
ace=20
ii  libnspr4             2:1.7.5-1           Netscape Portable Runtime Libr=
ary
ii  libpango1.0-0        1.8.0-3             Layout and rendering of intern=
atio
ii  libstdc++5           1:3.3.5-8           The GNU Standard C++ Library v3
ii  libx11-6             4.3.0.dfsg.1-12.0.1 X Window System protocol clien=
t li
ii  libxext6             4.3.0.dfsg.1-12.0.1 X Window System miscellaneous =
exte
ii  libxft2              2.1.2-6             FreeType-based font drawing li=
brar
ii  libxp6               4.3.0.dfsg.1-12.0.1 X Window System printing exten=
sion
ii  libxrender1          0.8.3-7             X Rendering Extension client l=
ibra
ii  libxt6               4.3.0.dfsg.1-12.0.1 X Toolkit Intrinsics
ii  psmisc               21.5-1              Utilities that use the proc fi=
lesy
ii  xlibs                4.3.0.dfsg.1-12     X Keyboard Extension (XKB) con=
figu
ii  zlib1g               1:1.2.2-4           compression library - runtime

-- debconf information excluded

--=20
see shy jo

--GvXjxJ+pjyke8COw
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)

iD8DBQFCJMm/d8HHehbQuO8RAjACAKCd3O7uH+EgpqMYxjgO7Mxc8HurIgCfZQLV
8eepr+E4nw95XjrWHN1lCc4=
=2cW+
-----END PGP SIGNATURE-----

--GvXjxJ+pjyke8COw--

Revision history for this message

Martin Pitt (pitti) wrote on 2005-03-02:

#3

For the record, this issue has a trivial patch for updating ffox/mozilla in Warty:

https://bugzilla.mozilla.org/attachment.cgi?id=147104

This will be fixed in Hoary by uploading 1.0.1, but Mozilla needs to be fixed as
well. Matt, can we just package 1.7.6 for Hoary? This will also get rid of the
window injection spoofing, and other vulnerabilities.

Revision history for this message

Matt Zimmerman (mdz) wrote on 2005-03-02:

#4

mozilla has no more reverse depends/build-depends in main, right? (we use
firefox instead for embedding)

If so, then it should be safe to update

Revision history for this message

In Debian Bug tracker #297619, Takuo KITAME (kitame) wrote on 2005-03-23: Bug#297619: fixed in mozilla 2:1.7.6-1

#5

Download full text (6.8 KiB)

Source: mozilla
Source-Version: 2:1.7.6-1

We believe that the bug you reported is fixed in the latest version of
mozilla, which is due to be installed in the Debian FTP archive:

libnspr-dev_1.7.6-1_i386.deb
  to pool/main/m/mozilla/libnspr-dev_1.7.6-1_i386.deb
libnspr4_1.7.6-1_i386.deb
  to pool/main/m/mozilla/libnspr4_1.7.6-1_i386.deb
libnss-dev_1.7.6-1_i386.deb
  to pool/main/m/mozilla/libnss-dev_1.7.6-1_i386.deb
libnss3_1.7.6-1_i386.deb
  to pool/main/m/mozilla/libnss3_1.7.6-1_i386.deb
mozilla-browser_1.7.6-1_i386.deb
  to pool/main/m/mozilla/mozilla-browser_1.7.6-1_i386.deb
mozilla-calendar_1.7.6-1_i386.deb
  to pool/main/m/mozilla/mozilla-calendar_1.7.6-1_i386.deb
mozilla-chatzilla_1.7.6-1_i386.deb
  to pool/main/m/mozilla/mozilla-chatzilla_1.7.6-1_i386.deb
mozilla-dev_1.7.6-1_i386.deb
  to pool/main/m/mozilla/mozilla-dev_1.7.6-1_i386.deb
mozilla-dom-inspector_1.7.6-1_i386.deb
  to pool/main/m/mozilla/mozilla-dom-inspector_1.7.6-1_i386.deb
mozilla-js-debugger_1.7.6-1_i386.deb
  to pool/main/m/mozilla/mozilla-js-debugger_1.7.6-1_i386.deb
mozilla-mailnews_1.7.6-1_i386.deb
  to pool/main/m/mozilla/mozilla-mailnews_1.7.6-1_i386.deb
mozilla-psm_1.7.6-1_i386.deb
  to pool/main/m/mozilla/mozilla-psm_1.7.6-1_i386.deb
mozilla_1.7.6-1.diff.gz
  to pool/main/m/mozilla/mozilla_1.7.6-1.diff.gz
mozilla_1.7.6-1.dsc
  to pool/main/m/mozilla/mozilla_1.7.6-1.dsc
mozilla_1.7.6-1_i386.deb
  to pool/main/m/mozilla/mozilla_1.7.6-1_i386.deb
mozilla_1.7.6.orig.tar.gz
  to pool/main/m/mozilla/mozilla_1.7.6.orig.tar.gz

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to <email address hidden>,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Takuo KITAME <email address hidden> (supplier of updated mozilla package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing <email address hidden>)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Thu, 24 Mar 2005 01:34:42 +0900
Source: mozilla
Binary: mozilla mozilla-calendar mozilla-dom-inspector libnspr4 mozilla-js-debugger mozilla-browser libnss3 libnspr-dev mozilla-chatzilla mozilla-psm mozilla-mailnews libnss-dev mozilla-dev
Architecture: source i386
Version: 2:1.7.6-1
Distribution: unstable
Urgency: low
Maintainer: Takuo KITAME <email address hidden>
Changed-By: Takuo KITAME <email address hidden>
Description:
libnspr-dev - Netscape Portable Runtime library - development files
libnspr4 - Netscape Portable Runtime Library
libnss-dev - Network Security Service Libraries - development
libnss3 - Network Security Service Libraries - runtime
mozilla - The Mozilla Internet application suite - meta package
mozilla-browser - The Mozilla Internet application suite - core and browser
mozilla-calendar - Todo organizer,calendar and reminder,integrated with Mozilla suit
mozilla-chatzilla - Mozilla Web Browser - irc client
mozilla-dev - The Mozilla Internet application suite - development files
moz...

Source: mozilla
Source-Version: 2:1.7.6-1

We believe that the bug you reported is fixed in the latest version of
mozilla, which is due to be installed in the Debian FTP archive:

libnspr-dev_1.7.6-1_i386.deb
  to pool/main/m/mozilla/libnspr-dev_1.7.6-1_i386.deb
libnspr4_1.7.6-1_i386.deb
  to pool/main/m/mozilla/libnspr4_1.7.6-1_i386.deb
libnss-dev_1.7.6-1_i386.deb
  to pool/main/m/mozilla/libnss-dev_1.7.6-1_i386.deb
libnss3_1.7.6-1_i386.deb
  to pool/main/m/mozilla/libnss3_1.7.6-1_i386.deb
mozilla-browser_1.7.6-1_i386.deb
  to pool/main/m/mozilla/mozilla-browser_1.7.6-1_i386.deb
mozilla-calendar_1.7.6-1_i386.deb
  to pool/main/m/mozilla/mozilla-calendar_1.7.6-1_i386.deb
mozilla-chatzilla_1.7.6-1_i386.deb
  to pool/main/m/mozilla/mozilla-chatzilla_1.7.6-1_i386.deb
mozilla-dev_1.7.6-1_i386.deb
  to pool/main/m/mozilla/mozilla-dev_1.7.6-1_i386.deb
mozilla-dom-inspector_1.7.6-1_i386.deb
  to pool/main/m/mozilla/mozilla-dom-inspector_1.7.6-1_i386.deb
mozilla-js-debugger_1.7.6-1_i386.deb
  to pool/main/m/mozilla/mozilla-js-debugger_1.7.6-1_i386.deb
mozilla-mailnews_1.7.6-1_i386.deb
  to pool/main/m/mozilla/mozilla-mailnews_1.7.6-1_i386.deb
mozilla-psm_1.7.6-1_i386.deb
  to pool/main/m/mozilla/mozilla-psm_1.7.6-1_i386.deb
mozilla_1.7.6-1.diff.gz
  to pool/main/m/mozilla/mozilla_1.7.6-1.diff.gz
mozilla_1.7.6-1.dsc
  to pool/main/m/mozilla/mozilla_1.7.6-1.dsc
mozilla_1.7.6-1_i386.deb
  to pool/main/m/mozilla/mozilla_1.7.6-1_i386.deb
mozilla_1.7.6.orig.tar.gz
  to pool/main/m/mozilla/mozilla_1.7.6.orig.tar.gz

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 297619@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Takuo KITAME <kitame@debian.org> (supplier of updated mozilla package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Thu, 24 Mar 2005 01:34:42 +0900
Source: mozilla
Binary: mozilla mozilla-calendar mozilla-dom-inspector libnspr4 mozilla-js-debugger mozilla-browser libnss3 libnspr-dev mozilla-chatzilla mozilla-psm mozilla-mailnews libnss-dev mozilla-dev
Architecture: source i386
Version: 2:1.7.6-1
Distribution: unstable
Urgency: low
Maintainer: Takuo KITAME <kitame@debian.org>
Changed-By: Takuo KITAME <kitame@debian.org>
Description: 
 libnspr-dev - Netscape Portable Runtime library - development files
 libnspr4   - Netscape Portable Runtime Library
 libnss-dev - Network Security Service Libraries - development
 libnss3    - Network Security Service Libraries - runtime
 mozilla    - The Mozilla Internet application suite - meta package
 mozilla-browser - The Mozilla Internet application suite - core and browser
 mozilla-calendar - Todo organizer,calendar and reminder,integrated with Mozilla suit
 mozilla-chatzilla - Mozilla Web Browser - irc client
 mozilla-dev - The Mozilla Internet application suite - development files
 mozilla-dom-inspector - A tool for inspecting the DOM of pages in Mozilla.
 mozilla-js-debugger - JavaScript debugger for use with Mozilla
 mozilla-mailnews - The Mozilla Internet application suite - mail and news support
 mozilla-psm - The Mozilla Internet application suite - Personal Security Manage
Closes: 215394 265928 270783 277504 279200 285611 290451 290863 293663 294274 297216 297618 297619 297620 300090 300978
Changes: 
 mozilla (2:1.7.6-1) unstable; urgency=low
 .
   * New upstream release
   * fix some security issues.
     - CAN-2005-0233: IDN support allows domainname spooing (closes: #294274)
     - CAN-2005-0592: Heap-based bufer over flow (closes: #297619)
     - CAN-2004-1156: secunia window injection vulnerability (closes: #293663)
     - MFSA-2005-18: Mozilla Firefox and Mozilla Browser Out Of Memory Heap Corruption Design Error
     - CAN-2005-0593: SSL "secure site" indicator spoofing (closes: #297618)
     - CAN-2005-0588: does not restrict xsl:include and xsl:import tags in XSLT stylesheets to the current domain.
     - CAN-2005-0587: allows remote malicious web sites to overwrite arbitrary files by tricking the user into downloading a .LNK (link) file twice, which overwrites the file that was referenced in the first .LNK file.
     - CAN-2005-0586: allows remote malicious web sites to spoof the extensions of files to download via the Content-Disposition header
     - CAN-2005-0585: truncates long sub-domains or paths for display, which may allow remote malicious web sites to spoof legitimate sites and facilitate phishing attacks.
     - CAN-2005-0584: when displaying the HTTP Authentication dialog, do not change the focus to the tab that generated the prompt, which could facilitate spoofing and phishing attacks. (closes: #297620)
   * change binary name to mozilla-suite rom mozilla-VERSION (closes: #285611,#277504,#215394)
   * applied over the spot patch (closes: #290863)
   * added debian/po/it.po (closes: #279200)
   * added debian/po/nl.po (closes: #270783)
   * update debian/po/fi.po (closes: #265928)
   * remove run-mozilla.sh (closes: #297216, #300090)
   * update xprint dependency (closes: #300978)
   * use readlink(1) instead of perl's. (closes: #290451)
Files: 
 03f9b7cf7250d2bfa894fd264306b6ab 1111 web optional mozilla_1.7.6-1.dsc
 800f8d3877193a5d786d9ce4e3d1e400 30587697 web optional mozilla_1.7.6.orig.tar.gz
 15b76e937aa59308670c5afbaba7fd1f 303435 web optional mozilla_1.7.6-1.diff.gz
 70e9de0a98277fb0899227bebba665ab 1028 web optional mozilla_1.7.6-1_i386.deb
 97f99f437701e242220fa9de5a7c3bdf 10280282 web optional mozilla-browser_1.7.6-1_i386.deb
 8fc77a77186e461c480b8455c9272281 3343978 devel optional mozilla-dev_1.7.6-1_i386.deb
 0d6d79f4b70dd7d3cd58ad69829c4d91 1811052 mail optional mozilla-mailnews_1.7.6-1_i386.deb
 7881b2b481782364b1cb8a30cc454cf5 158318 net optional mozilla-chatzilla_1.7.6-1_i386.deb
 68e7c2c1c5ae79b1ae7bd0efbb75467e 192294 web optional mozilla-psm_1.7.6-1_i386.deb
 6b746476168989818eddd61e2d926acb 116194 web optional mozilla-dom-inspector_1.7.6-1_i386.deb
 f1925702d98df3ae51f28abe8f72c9b8 204124 devel optional mozilla-js-debugger_1.7.6-1_i386.deb
 5684fcb1e872312398fa3572157d8ffd 403270 misc optional mozilla-calendar_1.7.6-1_i386.deb
 db7397110795bc26f3ff049ad5cb0b26 129784 libs optional libnspr4_1.7.6-1_i386.deb
 4df0474571e6206ffeb96f1847857598 168060 libdevel optional libnspr-dev_1.7.6-1_i386.deb
 76106353331539e79d10e133498699d4 653648 libs optional libnss3_1.7.6-1_i386.deb
 3093fc70ca1754bf1506cc7c000b5106 184920 libdevel optional libnss-dev_1.7.6-1_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)

iD8DBQFCQbO+U+WZW1FVMwoRAnxyAJ92vH1aYBcYDcyKE3UaKjHUGTT7fACfaXuH
hsFMT2ZhkOqrng0p3NOEBu0=
=zlfK
-----END PGP SIGNATURE-----

Revision history for this message

Debian Bug Importer (debzilla) wrote on 2005-03-23:

#6

Download full text (7.0 KiB)

Message-Id: <email address hidden>
Date: Wed, 23 Mar 2005 13:32:24 -0500
From: Takuo KITAME <email address hidden>
To: <email address hidden>
Subject: Bug#297619: fixed in mozilla 2:1.7.6-1

Source: mozilla
Source-Version: 2:1.7.6-1

We believe that the bug you reported is fixed in the latest version of
mozilla, which is due to be installed in the Debian FTP archive:

libnspr-dev_1.7.6-1_i386.deb
  to pool/main/m/mozilla/libnspr-dev_1.7.6-1_i386.deb
libnspr4_1.7.6-1_i386.deb
  to pool/main/m/mozilla/libnspr4_1.7.6-1_i386.deb
libnss-dev_1.7.6-1_i386.deb
  to pool/main/m/mozilla/libnss-dev_1.7.6-1_i386.deb
libnss3_1.7.6-1_i386.deb
  to pool/main/m/mozilla/libnss3_1.7.6-1_i386.deb
mozilla-browser_1.7.6-1_i386.deb
  to pool/main/m/mozilla/mozilla-browser_1.7.6-1_i386.deb
mozilla-calendar_1.7.6-1_i386.deb
  to pool/main/m/mozilla/mozilla-calendar_1.7.6-1_i386.deb
mozilla-chatzilla_1.7.6-1_i386.deb
  to pool/main/m/mozilla/mozilla-chatzilla_1.7.6-1_i386.deb
mozilla-dev_1.7.6-1_i386.deb
  to pool/main/m/mozilla/mozilla-dev_1.7.6-1_i386.deb
mozilla-dom-inspector_1.7.6-1_i386.deb
  to pool/main/m/mozilla/mozilla-dom-inspector_1.7.6-1_i386.deb
mozilla-js-debugger_1.7.6-1_i386.deb
  to pool/main/m/mozilla/mozilla-js-debugger_1.7.6-1_i386.deb
mozilla-mailnews_1.7.6-1_i386.deb
  to pool/main/m/mozilla/mozilla-mailnews_1.7.6-1_i386.deb
mozilla-psm_1.7.6-1_i386.deb
  to pool/main/m/mozilla/mozilla-psm_1.7.6-1_i386.deb
mozilla_1.7.6-1.diff.gz
  to pool/main/m/mozilla/mozilla_1.7.6-1.diff.gz
mozilla_1.7.6-1.dsc
  to pool/main/m/mozilla/mozilla_1.7.6-1.dsc
mozilla_1.7.6-1_i386.deb
  to pool/main/m/mozilla/mozilla_1.7.6-1_i386.deb
mozilla_1.7.6.orig.tar.gz
  to pool/main/m/mozilla/mozilla_1.7.6.orig.tar.gz

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to <email address hidden>,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Takuo KITAME <email address hidden> (supplier of updated mozilla package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing <email address hidden>)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Thu, 24 Mar 2005 01:34:42 +0900
Source: mozilla
Binary: mozilla mozilla-calendar mozilla-dom-inspector libnspr4 mozilla-js-debugger mozilla-browser libnss3 libnspr-dev mozilla-chatzilla mozilla-psm mozilla-mailnews libnss-dev mozilla-dev
Architecture: source i386
Version: 2:1.7.6-1
Distribution: unstable
Urgency: low
Maintainer: Takuo KITAME <email address hidden>
Changed-By: Takuo KITAME <email address hidden>
Description:
libnspr-dev - Netscape Portable Runtime library - development files
libnspr4 - Netscape Portable Runtime Library
libnss-dev - Network Security Service Libraries - development
libnss3 - Network Security Service Libraries - runtime
mozilla - The Mozilla Internet application suite - meta package
mozilla-browser - The Mozilla Internet application suite - core and browser
mozilla...

Message-Id: <E1DEAeW-000051-00@newraff.debian.org>
Date: Wed, 23 Mar 2005 13:32:24 -0500
From: Takuo KITAME <kitame@debian.org>
To: 297619-close@bugs.debian.org
Subject: Bug#297619: fixed in mozilla 2:1.7.6-1

Source: mozilla
Source-Version: 2:1.7.6-1

We believe that the bug you reported is fixed in the latest version of
mozilla, which is due to be installed in the Debian FTP archive:

libnspr-dev_1.7.6-1_i386.deb
  to pool/main/m/mozilla/libnspr-dev_1.7.6-1_i386.deb
libnspr4_1.7.6-1_i386.deb
  to pool/main/m/mozilla/libnspr4_1.7.6-1_i386.deb
libnss-dev_1.7.6-1_i386.deb
  to pool/main/m/mozilla/libnss-dev_1.7.6-1_i386.deb
libnss3_1.7.6-1_i386.deb
  to pool/main/m/mozilla/libnss3_1.7.6-1_i386.deb
mozilla-browser_1.7.6-1_i386.deb
  to pool/main/m/mozilla/mozilla-browser_1.7.6-1_i386.deb
mozilla-calendar_1.7.6-1_i386.deb
  to pool/main/m/mozilla/mozilla-calendar_1.7.6-1_i386.deb
mozilla-chatzilla_1.7.6-1_i386.deb
  to pool/main/m/mozilla/mozilla-chatzilla_1.7.6-1_i386.deb
mozilla-dev_1.7.6-1_i386.deb
  to pool/main/m/mozilla/mozilla-dev_1.7.6-1_i386.deb
mozilla-dom-inspector_1.7.6-1_i386.deb
  to pool/main/m/mozilla/mozilla-dom-inspector_1.7.6-1_i386.deb
mozilla-js-debugger_1.7.6-1_i386.deb
  to pool/main/m/mozilla/mozilla-js-debugger_1.7.6-1_i386.deb
mozilla-mailnews_1.7.6-1_i386.deb
  to pool/main/m/mozilla/mozilla-mailnews_1.7.6-1_i386.deb
mozilla-psm_1.7.6-1_i386.deb
  to pool/main/m/mozilla/mozilla-psm_1.7.6-1_i386.deb
mozilla_1.7.6-1.diff.gz
  to pool/main/m/mozilla/mozilla_1.7.6-1.diff.gz
mozilla_1.7.6-1.dsc
  to pool/main/m/mozilla/mozilla_1.7.6-1.dsc
mozilla_1.7.6-1_i386.deb
  to pool/main/m/mozilla/mozilla_1.7.6-1_i386.deb
mozilla_1.7.6.orig.tar.gz
  to pool/main/m/mozilla/mozilla_1.7.6.orig.tar.gz

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 297619@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Takuo KITAME <kitame@debian.org> (supplier of updated mozilla package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Thu, 24 Mar 2005 01:34:42 +0900
Source: mozilla
Binary: mozilla mozilla-calendar mozilla-dom-inspector libnspr4 mozilla-js-debugger mozilla-browser libnss3 libnspr-dev mozilla-chatzilla mozilla-psm mozilla-mailnews libnss-dev mozilla-dev
Architecture: source i386
Version: 2:1.7.6-1
Distribution: unstable
Urgency: low
Maintainer: Takuo KITAME <kitame@debian.org>
Changed-By: Takuo KITAME <kitame@debian.org>
Description: 
 libnspr-dev - Netscape Portable Runtime library - development files
 libnspr4   - Netscape Portable Runtime Library
 libnss-dev - Network Security Service Libraries - development
 libnss3    - Network Security Service Libraries - runtime
 mozilla    - The Mozilla Internet application suite - meta package
 mozilla-browser - The Mozilla Internet application suite - core and browser
 mozilla-calendar - Todo organizer,calendar and reminder,integrated with Mozilla suit
 mozilla-chatzilla - Mozilla Web Browser - irc client
 mozilla-dev - The Mozilla Internet application suite - development files
 mozilla-dom-inspector - A tool for inspecting the DOM of pages in Mozilla.
 mozilla-js-debugger - JavaScript debugger for use with Mozilla
 mozilla-mailnews - The Mozilla Internet application suite - mail and news support
 mozilla-psm - The Mozilla Internet application suite - Personal Security Manage
Closes: 215394 265928 270783 277504 279200 285611 290451 290863 293663 294274 297216 297618 297619 297620 300090 300978
Changes: 
 mozilla (2:1.7.6-1) unstable; urgency=low
 .
   * New upstream release
   * fix some security issues.
     - CAN-2005-0233: IDN support allows domainname spooing (closes: #294274)
     - CAN-2005-0592: Heap-based bufer over flow (closes: #297619)
     - CAN-2004-1156: secunia window injection vulnerability (closes: #293663)
     - MFSA-2005-18: Mozilla Firefox and Mozilla Browser Out Of Memory Heap Corruption Design Error
     - CAN-2005-0593: SSL "secure site" indicator spoofing (closes: #297618)
     - CAN-2005-0588: does not restrict xsl:include and xsl:import tags in XSLT stylesheets to the current domain.
     - CAN-2005-0587: allows remote malicious web sites to overwrite arbitrary files by tricking the user into downloading a .LNK (link) file twice, which overwrites the file that was referenced in the first .LNK file.
     - CAN-2005-0586: allows remote malicious web sites to spoof the extensions of files to download via the Content-Disposition header
     - CAN-2005-0585: truncates long sub-domains or paths for display, which may allow remote malicious web sites to spoof legitimate sites and facilitate phishing attacks.
     - CAN-2005-0584: when displaying the HTTP Authentication dialog, do not change the focus to the tab that generated the prompt, which could facilitate spoofing and phishing attacks. (closes: #297620)
   * change binary name to mozilla-suite rom mozilla-VERSION (closes: #285611,#277504,#215394)
   * applied over the spot patch (closes: #290863)
   * added debian/po/it.po (closes: #279200)
   * added debian/po/nl.po (closes: #270783)
   * update debian/po/fi.po (closes: #265928)
   * remove run-mozilla.sh (closes: #297216, #300090)
   * update xprint dependency (closes: #300978)
   * use readlink(1) instead of perl's. (closes: #290451)
Files: 
 03f9b7cf7250d2bfa894fd264306b6ab 1111 web optional mozilla_1.7.6-1.dsc
 800f8d3877193a5d786d9ce4e3d1e400 30587697 web optional mozilla_1.7.6.orig.tar.gz
 15b76e937aa59308670c5afbaba7fd1f 303435 web optional mozilla_1.7.6-1.diff.gz
 70e9de0a98277fb0899227bebba665ab 1028 web optional mozilla_1.7.6-1_i386.deb
 97f99f437701e242220fa9de5a7c3bdf 10280282 web optional mozilla-browser_1.7.6-1_i386.deb
 8fc77a77186e461c480b8455c9272281 3343978 devel optional mozilla-dev_1.7.6-1_i386.deb
 0d6d79f4b70dd7d3cd58ad69829c4d91 1811052 mail optional mozilla-mailnews_1.7.6-1_i386.deb
 7881b2b481782364b1cb8a30cc454cf5 158318 net optional mozilla-chatzilla_1.7.6-1_i386.deb
 68e7c2c1c5ae79b1ae7bd0efbb75467e 192294 web optional mozilla-psm_1.7.6-1_i386.deb
 6b746476168989818eddd61e2d926acb 116194 web optional mozilla-dom-inspector_1.7.6-1_i386.deb
 f1925702d98df3ae51f28abe8f72c9b8 204124 devel optional mozilla-js-debugger_1.7.6-1_i386.deb
 5684fcb1e872312398fa3572157d8ffd 403270 misc optional mozilla-calendar_1.7.6-1_i386.deb
 db7397110795bc26f3ff049ad5cb0b26 129784 libs optional libnspr4_1.7.6-1_i386.deb
 4df0474571e6206ffeb96f1847857598 168060 libdevel optional libnspr-dev_1.7.6-1_i386.deb
 76106353331539e79d10e133498699d4 653648 libs optional libnss3_1.7.6-1_i386.deb
 3093fc70ca1754bf1506cc7c000b5106 184920 libdevel optional libnss-dev_1.7.6-1_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)

iD8DBQFCQbO+U+WZW1FVMwoRAnxyAJ92vH1aYBcYDcyKE3UaKjHUGTT7fACfaXuH
hsFMT2ZhkOqrng0p3NOEBu0=
=zlfK
-----END PGP SIGNATURE-----

Revision history for this message

Martin Pitt (pitti) wrote on 2005-03-29:

#7

For the record, Hoary is fixed. Thom, can you please include the simple patch
into the Warty update? (Please reassign the bug if you want to see it in your
list as a reminder)

https://bugzilla.mozilla.org/attachment.cgi?id=147104

Revision history for this message

Martin Pitt (pitti) wrote on 2005-07-29:

#8

This was fixed in USN-149-3.

Bug Watch Updater (bug-watch-updater) on 2006-09-27

Changed in mozilla:
status:	Unknown → Fix Released

Affects		Status	Importance	Assigned to	Milestone
	mozilla (Debian)	Fix Released	Unknown	debbugs #297619
	mozilla (Ubuntu)	Fix Released	High	Martin Pitt	Ubuntu ubuntu-5.04

Ubuntu
mozilla package

[Warty] CAN-2005-0592 Heap-based buffer overflow in the UTF8ToNewUnicode function

Bug Description

CVE References

Other bug subscribers

Remote bug watches

Ubuntumozilla package

[Warty] CAN-2005-0592 Heap-based buffer overflow in the UTF8ToNewUnicode function

Bug Description

CVE References

Other bug subscribers

Remote bug watches

Ubuntu
mozilla package