Debian
mozilla package

Bug #13406
Comment #2

Comment 2 for bug 13406

Revision history for this message

Debian Bug Importer (debzilla) wrote on 2005-03-01:

Message-ID: <email address hidden>
Date: Tue, 1 Mar 2005 14:59:59 -0500
From: Joey Hess <email address hidden>
To: Debian Bug Tracking System <email address hidden>
Subject: CAN-2005-0592 Heap-based buffer overflow in the UTF8ToNewUnicode function

--GvXjxJ+pjyke8COw
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Package: mozilla-browser
Version: 2:1.7.5-1
Severity: grave
Tags: security

Please see http://www.mozilla.org/security/announce/mfsa2005-15.html; I
have not verified but since our mozilla is before the 1.7.6 upstream
that fixed this bug, I guess we're vulnerable to it.=20

Please refer to CAN-2005-0592 in any changelog entries regarding this
hole.

-- System Information:
Debian Release: 3.1
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.4.27
Locale: LANG=3Den_US.UTF-8, LC_CTYPE=3Den_US.UTF-8 (charmap=3DUTF-8)

Versions of packages mozilla-browser ii debconf 1.4.46 t sy
ii libatk1.0-0 1.8.0-4 ii libc6 2.3.2.ds1-20 s an
ii libfontconfig1 2.2.3-4 rary
ii libfreetype6 2.1.7-2.3 lib
ii libgcc1 1:3.4.3-9 ii libglib2.0-0 2.6.3-1 ii libgtk2.0-0 2.6.2-3 ace=20
ii libnspr4 2:1.7.5-1 ary
ii libpango1.0-0 1.8.0-3 atio
ii libstdc++5 1:3.3.5-8 ii libx11-6 t li
ii libxext6 exte
ii libxft2 2.1.2-6 brar
ii libxp6 sion
ii libxrender1 0.8.3-7 ibra
ii libxt6 ii psmisc 21.5-1 lesy
ii xlibs 4.3.0.dfsg.1-12 figu
ii zlib1g 1:1.2.2-4 depends on:
Debian configuration managemen=
The ATK accessibility toolkit
GNU C Library: Shared librarie=
generic font configuration lib=
FreeType 2 font engine, shared=
GCC support library
The GLib library of C routines
The GTK+ graphical user interf=
Netscape Portable Runtime Libr=
Layout and rendering of intern=
The GNU Standard C++ Library v3
4.3.0.dfsg.1-12.0.1 X Window System protocol clien=
4.3.0.dfsg.1-12.0.1 X Window System miscellaneous =
FreeType-based font drawing li=
4.3.0.dfsg.1-12.0.1 X Window System printing exten=
X Rendering Extension client l=
4.3.0.dfsg.1-12.0.1 X Toolkit Intrinsics
Utilities that use the proc fi=
X Keyboard Extension (XKB) con=
compression library - runtime

-- debconf information excluded

--=20
see shy jo

--GvXjxJ+pjyke8COw
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)

iD8DBQFCJMm/d8HHehbQuO8RAjACAKCd3O7uH+EgpqMYxjgO7Mxc8HurIgCfZQLV
8eepr+E4nw95XjrWHN1lCc4=
=2cW+
-----END PGP SIGNATURE-----

--GvXjxJ+pjyke8COw--

Message-ID: <20050301195959.GA4628@kitenet.net>
Date: Tue, 1 Mar 2005 14:59:59 -0500
From: Joey Hess <joeyh@debian.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: CAN-2005-0592 Heap-based buffer overflow in the UTF8ToNewUnicode function

--GvXjxJ+pjyke8COw
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Package: mozilla-browser
Version: 2:1.7.5-1
Severity: grave
Tags: security

Please see http://www.mozilla.org/security/announce/mfsa2005-15.html; I
have not verified but since our mozilla is before the 1.7.6 upstream
that fixed this bug, I guess we're vulnerable to it.=20

Please refer to CAN-2005-0592 in any changelog entries regarding this
hole.

-- System Information:
Debian Release: 3.1
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.4.27
Locale: LANG=3Den_US.UTF-8, LC_CTYPE=3Den_US.UTF-8 (charmap=3DUTF-8)

Versions of packages mozilla-browser depends on:
ii  debconf              1.4.46              Debian configuration managemen=
t sy
ii  libatk1.0-0          1.8.0-4             The ATK accessibility toolkit
ii  libc6                2.3.2.ds1-20        GNU C Library: Shared librarie=
s an
ii  libfontconfig1       2.2.3-4             generic font configuration lib=
rary
ii  libfreetype6         2.1.7-2.3           FreeType 2 font engine, shared=
 lib
ii  libgcc1              1:3.4.3-9           GCC support library
ii  libglib2.0-0         2.6.3-1             The GLib library of C routines
ii  libgtk2.0-0          2.6.2-3             The GTK+ graphical user interf=
ace=20
ii  libnspr4             2:1.7.5-1           Netscape Portable Runtime Libr=
ary
ii  libpango1.0-0        1.8.0-3             Layout and rendering of intern=
atio
ii  libstdc++5           1:3.3.5-8           The GNU Standard C++ Library v3
ii  libx11-6             4.3.0.dfsg.1-12.0.1 X Window System protocol clien=
t li
ii  libxext6             4.3.0.dfsg.1-12.0.1 X Window System miscellaneous =
exte
ii  libxft2              2.1.2-6             FreeType-based font drawing li=
brar
ii  libxp6               4.3.0.dfsg.1-12.0.1 X Window System printing exten=
sion
ii  libxrender1          0.8.3-7             X Rendering Extension client l=
ibra
ii  libxt6               4.3.0.dfsg.1-12.0.1 X Toolkit Intrinsics
ii  psmisc               21.5-1              Utilities that use the proc fi=
lesy
ii  xlibs                4.3.0.dfsg.1-12     X Keyboard Extension (XKB) con=
figu
ii  zlib1g               1:1.2.2-4           compression library - runtime

-- debconf information excluded

--=20
see shy jo

--GvXjxJ+pjyke8COw
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)

iD8DBQFCJMm/d8HHehbQuO8RAjACAKCd3O7uH+EgpqMYxjgO7Mxc8HurIgCfZQLV
8eepr+E4nw95XjrWHN1lCc4=
=2cW+
-----END PGP SIGNATURE-----

--GvXjxJ+pjyke8COw--

Debianmozilla package

Comment 2 for bug 13406

Debian
mozilla package