Versions of packages mozilla-browser depends on:
ii debconf 1.4.46 Debian configuration managemen=
t sy
ii libatk1.0-0 1.8.0-4 The ATK accessibility toolkit
ii libc6 2.3.2.ds1-20 GNU C Library: Shared librarie=
s an
ii libfontconfig1 2.2.3-4 generic font configuration lib=
rary
ii libfreetype6 2.1.7-2.3 FreeType 2 font engine, shared=
lib
ii libgcc1 1:3.4.3-9 GCC support library
ii libglib2.0-0 2.6.3-1 The GLib library of C routines
ii libgtk2.0-0 2.6.2-3 The GTK+ graphical user interf=
ace=20
ii libnspr4 2:1.7.5-1 Netscape Portable Runtime Libr=
ary
ii libpango1.0-0 1.8.0-3 Layout and rendering of intern=
atio
ii libstdc++5 1:3.3.5-8 The GNU Standard C++ Library v3
ii libx11-6 4.3.0.dfsg.1-12.0.1 X Window System protocol clien=
t li
ii libxext6 4.3.0.dfsg.1-12.0.1 X Window System miscellaneous =
exte
ii libxft2 2.1.2-6 FreeType-based font drawing li=
brar
ii libxp6 4.3.0.dfsg.1-12.0.1 X Window System printing exten=
sion
ii libxrender1 0.8.3-7 X Rendering Extension client l=
ibra
ii libxt6 4.3.0.dfsg.1-12.0.1 X Toolkit Intrinsics
ii psmisc 21.5-1 Utilities that use the proc fi=
lesy
ii xlibs 4.3.0.dfsg.1-12 X Keyboard Extension (XKB) con=
figu
ii zlib1g 1:1.2.2-4 compression library - runtime
-- debconf information excluded
--=20
see shy jo
--GvXjxJ+pjyke8COw
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline
Message-ID: <email address hidden>
Date: Tue, 1 Mar 2005 14:59:59 -0500
From: Joey Hess <email address hidden>
To: Debian Bug Tracking System <email address hidden>
Subject: CAN-2005-0592 Heap-based buffer overflow in the UTF8ToNewUnicode function
--GvXjxJ+pjyke8COw Disposition: inline Transfer- Encoding: quoted-printable
Content-Type: text/plain; charset=us-ascii
Content-
Content-
Package: mozilla-browser
Version: 2:1.7.5-1
Severity: grave
Tags: security
Please see http:// www.mozilla. org/security/ announce/ mfsa2005- 15.html; I
have not verified but since our mozilla is before the 1.7.6 upstream
that fixed this bug, I guess we're vulnerable to it.=20
Please refer to CAN-2005-0592 in any changelog entries regarding this
hole.
-- System Information: 3Den_US. UTF-8 (charmap=3DUTF-8)
Debian Release: 3.1
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.4.27
Locale: LANG=3Den_US.UTF-8, LC_CTYPE=
Versions of packages mozilla-browser depends on:
ii debconf 1.4.46 Debian configuration managemen=
t sy
ii libatk1.0-0 1.8.0-4 The ATK accessibility toolkit
ii libc6 2.3.2.ds1-20 GNU C Library: Shared librarie=
s an
ii libfontconfig1 2.2.3-4 generic font configuration lib=
rary
ii libfreetype6 2.1.7-2.3 FreeType 2 font engine, shared=
lib
ii libgcc1 1:3.4.3-9 GCC support library
ii libglib2.0-0 2.6.3-1 The GLib library of C routines
ii libgtk2.0-0 2.6.2-3 The GTK+ graphical user interf=
ace=20
ii libnspr4 2:1.7.5-1 Netscape Portable Runtime Libr=
ary
ii libpango1.0-0 1.8.0-3 Layout and rendering of intern=
atio
ii libstdc++5 1:3.3.5-8 The GNU Standard C++ Library v3
ii libx11-6 4.3.0.dfsg.1-12.0.1 X Window System protocol clien=
t li
ii libxext6 4.3.0.dfsg.1-12.0.1 X Window System miscellaneous =
exte
ii libxft2 2.1.2-6 FreeType-based font drawing li=
brar
ii libxp6 4.3.0.dfsg.1-12.0.1 X Window System printing exten=
sion
ii libxrender1 0.8.3-7 X Rendering Extension client l=
ibra
ii libxt6 4.3.0.dfsg.1-12.0.1 X Toolkit Intrinsics
ii psmisc 21.5-1 Utilities that use the proc fi=
lesy
ii xlibs 4.3.0.dfsg.1-12 X Keyboard Extension (XKB) con=
figu
ii zlib1g 1:1.2.2-4 compression library - runtime
-- debconf information excluded
--=20
see shy jo
--GvXjxJ+pjyke8COw pgp-signature; name="signature .asc" Description: Digital signature Disposition: inline
Content-Type: application/
Content-
Content-
-----BEGIN PGP SIGNATURE-----
d8HHehbQuO8RAjA CAKCd3O7uH+ EgpqMYxjgO7Mxc8 HurIgCfZQLV WHN1lCc4=
Version: GnuPG v1.4.0 (GNU/Linux)
iD8DBQFCJMm/
8eepr+E4nw95Xjr
=2cW+
-----END PGP SIGNATURE-----
--GvXjxJ+ pjyke8COw- -