Message-Id: <email address hidden>
Date: Wed, 23 Mar 2005 13:32:24 -0500
From: Takuo KITAME <email address hidden>
To: <email address hidden>
Subject: Bug#297619: fixed in mozilla 2:1.7.6-1
Source: mozilla
Source-Version: 2:1.7.6-1
We believe that the bug you reported is fixed in the latest version of
mozilla, which is due to be installed in the Debian FTP archive:
libnspr-dev_1.7.6-1_i386.deb
to pool/main/m/mozilla/libnspr-dev_1.7.6-1_i386.deb
libnspr4_1.7.6-1_i386.deb
to pool/main/m/mozilla/libnspr4_1.7.6-1_i386.deb
libnss-dev_1.7.6-1_i386.deb
to pool/main/m/mozilla/libnss-dev_1.7.6-1_i386.deb
libnss3_1.7.6-1_i386.deb
to pool/main/m/mozilla/libnss3_1.7.6-1_i386.deb
mozilla-browser_1.7.6-1_i386.deb
to pool/main/m/mozilla/mozilla-browser_1.7.6-1_i386.deb
mozilla-calendar_1.7.6-1_i386.deb
to pool/main/m/mozilla/mozilla-calendar_1.7.6-1_i386.deb
mozilla-chatzilla_1.7.6-1_i386.deb
to pool/main/m/mozilla/mozilla-chatzilla_1.7.6-1_i386.deb
mozilla-dev_1.7.6-1_i386.deb
to pool/main/m/mozilla/mozilla-dev_1.7.6-1_i386.deb
mozilla-dom-inspector_1.7.6-1_i386.deb
to pool/main/m/mozilla/mozilla-dom-inspector_1.7.6-1_i386.deb
mozilla-js-debugger_1.7.6-1_i386.deb
to pool/main/m/mozilla/mozilla-js-debugger_1.7.6-1_i386.deb
mozilla-mailnews_1.7.6-1_i386.deb
to pool/main/m/mozilla/mozilla-mailnews_1.7.6-1_i386.deb
mozilla-psm_1.7.6-1_i386.deb
to pool/main/m/mozilla/mozilla-psm_1.7.6-1_i386.deb
mozilla_1.7.6-1.diff.gz
to pool/main/m/mozilla/mozilla_1.7.6-1.diff.gz
mozilla_1.7.6-1.dsc
to pool/main/m/mozilla/mozilla_1.7.6-1.dsc
mozilla_1.7.6-1_i386.deb
to pool/main/m/mozilla/mozilla_1.7.6-1_i386.deb
mozilla_1.7.6.orig.tar.gz
to pool/main/m/mozilla/mozilla_1.7.6.orig.tar.gz
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to <email address hidden>,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Takuo KITAME <email address hidden> (supplier of updated mozilla package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing <email address hidden>)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Thu, 24 Mar 2005 01:34:42 +0900
Source: mozilla
Binary: mozilla mozilla-calendar mozilla-dom-inspector libnspr4 mozilla-js-debugger mozilla-browser libnss3 libnspr-dev mozilla-chatzilla mozilla-psm mozilla-mailnews libnss-dev mozilla-dev
Architecture: source i386
Version: 2:1.7.6-1
Distribution: unstable
Urgency: low
Maintainer: Takuo KITAME <email address hidden>
Changed-By: Takuo KITAME <email address hidden>
Description:
libnspr-dev - Netscape Portable Runtime library - development files
libnspr4 - Netscape Portable Runtime Library
libnss-dev - Network Security Service Libraries - development
libnss3 - Network Security Service Libraries - runtime
mozilla - The Mozilla Internet application suite - meta package
mozilla-browser - The Mozilla Internet application suite - core and browser
mozilla-calendar - Todo organizer,calendar and reminder,integrated with Mozilla suit
mozilla-chatzilla - Mozilla Web Browser - irc client
mozilla-dev - The Mozilla Internet application suite - development files
mozilla-dom-inspector - A tool for inspecting the DOM of pages in Mozilla.
mozilla-js-debugger - JavaScript debugger for use with Mozilla
mozilla-mailnews - The Mozilla Internet application suite - mail and news support
mozilla-psm - The Mozilla Internet application suite - Personal Security Manage
Closes: 215394 265928 270783 277504 279200 285611 290451 290863 293663 294274 297216 297618 297619 297620 300090 300978
Changes:
mozilla (2:1.7.6-1) unstable; urgency=low
.
* New upstream release
* fix some security issues.
- CAN-2005-0233: IDN support allows domainname spooing (closes: #294274)
- CAN-2005-0592: Heap-based bufer over flow (closes: #297619)
- CAN-2004-1156: secunia window injection vulnerability (closes: #293663)
- MFSA-2005-18: Mozilla Firefox and Mozilla Browser Out Of Memory Heap Corruption Design Error
- CAN-2005-0593: SSL "secure site" indicator spoofing (closes: #297618)
- CAN-2005-0588: does not restrict xsl:include and xsl:import tags in XSLT stylesheets to the current domain.
- CAN-2005-0587: allows remote malicious web sites to overwrite arbitrary files by tricking the user into downloading a .LNK (link) file twice, which overwrites the file that was referenced in the first .LNK file.
- CAN-2005-0586: allows remote malicious web sites to spoof the extensions of files to download via the Content-Disposition header
- CAN-2005-0585: truncates long sub-domains or paths for display, which may allow remote malicious web sites to spoof legitimate sites and facilitate phishing attacks.
- CAN-2005-0584: when displaying the HTTP Authentication dialog, do not change the focus to the tab that generated the prompt, which could facilitate spoofing and phishing attacks. (closes: #297620)
* change binary name to mozilla-suite rom mozilla-VERSION (closes: #285611,#277504,#215394)
* applied over the spot patch (closes: #290863)
* added debian/po/it.po (closes: #279200)
* added debian/po/nl.po (closes: #270783)
* update debian/po/fi.po (closes: #265928)
* remove run-mozilla.sh (closes: #297216, #300090)
* update xprint dependency (closes: #300978)
* use readlink(1) instead of perl's. (closes: #290451)
Files:
03f9b7cf7250d2bfa894fd264306b6ab 1111 web optional mozilla_1.7.6-1.dsc
800f8d3877193a5d786d9ce4e3d1e400 30587697 web optional mozilla_1.7.6.orig.tar.gz
15b76e937aa59308670c5afbaba7fd1f 303435 web optional mozilla_1.7.6-1.diff.gz
70e9de0a98277fb0899227bebba665ab 1028 web optional mozilla_1.7.6-1_i386.deb
97f99f437701e242220fa9de5a7c3bdf 10280282 web optional mozilla-browser_1.7.6-1_i386.deb
8fc77a77186e461c480b8455c9272281 3343978 devel optional mozilla-dev_1.7.6-1_i386.deb
0d6d79f4b70dd7d3cd58ad69829c4d91 1811052 mail optional mozilla-mailnews_1.7.6-1_i386.deb
7881b2b481782364b1cb8a30cc454cf5 158318 net optional mozilla-chatzilla_1.7.6-1_i386.deb
68e7c2c1c5ae79b1ae7bd0efbb75467e 192294 web optional mozilla-psm_1.7.6-1_i386.deb
6b746476168989818eddd61e2d926acb 116194 web optional mozilla-dom-inspector_1.7.6-1_i386.deb
f1925702d98df3ae51f28abe8f72c9b8 204124 devel optional mozilla-js-debugger_1.7.6-1_i386.deb
5684fcb1e872312398fa3572157d8ffd 403270 misc optional mozilla-calendar_1.7.6-1_i386.deb
db7397110795bc26f3ff049ad5cb0b26 129784 libs optional libnspr4_1.7.6-1_i386.deb
4df0474571e6206ffeb96f1847857598 168060 libdevel optional libnspr-dev_1.7.6-1_i386.deb
76106353331539e79d10e133498699d4 653648 libs optional libnss3_1.7.6-1_i386.deb
3093fc70ca1754bf1506cc7c000b5106 184920 libdevel optional libnss-dev_1.7.6-1_i386.deb
Message-Id: <email address hidden>
Date: Wed, 23 Mar 2005 13:32:24 -0500
From: Takuo KITAME <email address hidden>
To: <email address hidden>
Subject: Bug#297619: fixed in mozilla 2:1.7.6-1
Source: mozilla
Source-Version: 2:1.7.6-1
We believe that the bug you reported is fixed in the latest version of
mozilla, which is due to be installed in the Debian FTP archive:
libnspr- dev_1.7. 6-1_i386. deb m/mozilla/ libnspr- dev_1.7. 6-1_i386. deb 1.7.6-1_ i386.deb m/mozilla/ libnspr4_ 1.7.6-1_ i386.deb dev_1.7. 6-1_i386. deb m/mozilla/ libnss- dev_1.7. 6-1_i386. deb 1.7.6-1_ i386.deb m/mozilla/ libnss3_ 1.7.6-1_ i386.deb browser_ 1.7.6-1_ i386.deb m/mozilla/ mozilla- browser_ 1.7.6-1_ i386.deb calendar_ 1.7.6-1_ i386.deb m/mozilla/ mozilla- calendar_ 1.7.6-1_ i386.deb chatzilla_ 1.7.6-1_ i386.deb m/mozilla/ mozilla- chatzilla_ 1.7.6-1_ i386.deb dev_1.7. 6-1_i386. deb m/mozilla/ mozilla- dev_1.7. 6-1_i386. deb dom-inspector_ 1.7.6-1_ i386.deb m/mozilla/ mozilla- dom-inspector_ 1.7.6-1_ i386.deb js-debugger_ 1.7.6-1_ i386.deb m/mozilla/ mozilla- js-debugger_ 1.7.6-1_ i386.deb mailnews_ 1.7.6-1_ i386.deb m/mozilla/ mozilla- mailnews_ 1.7.6-1_ i386.deb psm_1.7. 6-1_i386. deb m/mozilla/ mozilla- psm_1.7. 6-1_i386. deb 1.7.6-1. diff.gz m/mozilla/ mozilla_ 1.7.6-1. diff.gz m/mozilla/ mozilla_ 1.7.6-1. dsc 1.7.6-1_ i386.deb m/mozilla/ mozilla_ 1.7.6-1_ i386.deb 1.7.6.orig. tar.gz m/mozilla/ mozilla_ 1.7.6.orig. tar.gz
to pool/main/
libnspr4_
to pool/main/
libnss-
to pool/main/
libnss3_
to pool/main/
mozilla-
to pool/main/
mozilla-
to pool/main/
mozilla-
to pool/main/
mozilla-
to pool/main/
mozilla-
to pool/main/
mozilla-
to pool/main/
mozilla-
to pool/main/
mozilla-
to pool/main/
mozilla_
to pool/main/
mozilla_1.7.6-1.dsc
to pool/main/
mozilla_
to pool/main/
mozilla_
to pool/main/
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to <email address hidden>,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Takuo KITAME <email address hidden> (supplier of updated mozilla package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing <email address hidden>)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7 dom-inspector libnspr4 mozilla-js-debugger mozilla-browser libnss3 libnspr-dev mozilla-chatzilla mozilla-psm mozilla-mailnews libnss-dev mozilla-dev dom-inspector - A tool for inspecting the DOM of pages in Mozilla. js-debugger - JavaScript debugger for use with Mozilla #277504, #215394) bfa894fd264306b 6ab 1111 web optional mozilla_1.7.6-1.dsc 5d786d9ce4e3d1e 400 30587697 web optional mozilla_ 1.7.6.orig. tar.gz 08670c5afbaba7f d1f 303435 web optional mozilla_ 1.7.6-1. diff.gz b0899227bebba66 5ab 1028 web optional mozilla_ 1.7.6-1_ i386.deb 42220fa9de5a7c3 bdf 10280282 web optional mozilla- browser_ 1.7.6-1_ i386.deb 1c480b8455c9272 281 3343978 devel optional mozilla- dev_1.7. 6-1_i386. deb d3cd58ad69829c4 d91 1811052 mail optional mozilla- mailnews_ 1.7.6-1_ i386.deb 64b1cb8a30cc454 cf5 158318 net optional mozilla- chatzilla_ 1.7.6-1_ i386.deb b1ae7bd0efbb754 67e 192294 web optional mozilla- psm_1.7. 6-1_i386. deb 818eddd61e2d926 acb 116194 web optional mozilla- dom-inspector_ 1.7.6-1_ i386.deb ae51f28abe8f72c 9b8 204124 devel optional mozilla- js-debugger_ 1.7.6-1_ i386.deb 2398fa3572157d8 ffd 403270 misc optional mozilla- calendar_ 1.7.6-1_ i386.deb 26f3ff049ad5cb0 b26 129784 libs optional libnspr4_ 1.7.6-1_ i386.deb 6ffeb96f1847857 598 168060 libdevel optional libnspr- dev_1.7. 6-1_i386. deb e79d10e13349869 9d4 653648 libs optional libnss3_ 1.7.6-1_ i386.deb bf1506cc7c000b5 106 184920 libdevel optional libnss- dev_1.7. 6-1_i386. deb
Date: Thu, 24 Mar 2005 01:34:42 +0900
Source: mozilla
Binary: mozilla mozilla-calendar mozilla-
Architecture: source i386
Version: 2:1.7.6-1
Distribution: unstable
Urgency: low
Maintainer: Takuo KITAME <email address hidden>
Changed-By: Takuo KITAME <email address hidden>
Description:
libnspr-dev - Netscape Portable Runtime library - development files
libnspr4 - Netscape Portable Runtime Library
libnss-dev - Network Security Service Libraries - development
libnss3 - Network Security Service Libraries - runtime
mozilla - The Mozilla Internet application suite - meta package
mozilla-browser - The Mozilla Internet application suite - core and browser
mozilla-calendar - Todo organizer,calendar and reminder,integrated with Mozilla suit
mozilla-chatzilla - Mozilla Web Browser - irc client
mozilla-dev - The Mozilla Internet application suite - development files
mozilla-
mozilla-
mozilla-mailnews - The Mozilla Internet application suite - mail and news support
mozilla-psm - The Mozilla Internet application suite - Personal Security Manage
Closes: 215394 265928 270783 277504 279200 285611 290451 290863 293663 294274 297216 297618 297619 297620 300090 300978
Changes:
mozilla (2:1.7.6-1) unstable; urgency=low
.
* New upstream release
* fix some security issues.
- CAN-2005-0233: IDN support allows domainname spooing (closes: #294274)
- CAN-2005-0592: Heap-based bufer over flow (closes: #297619)
- CAN-2004-1156: secunia window injection vulnerability (closes: #293663)
- MFSA-2005-18: Mozilla Firefox and Mozilla Browser Out Of Memory Heap Corruption Design Error
- CAN-2005-0593: SSL "secure site" indicator spoofing (closes: #297618)
- CAN-2005-0588: does not restrict xsl:include and xsl:import tags in XSLT stylesheets to the current domain.
- CAN-2005-0587: allows remote malicious web sites to overwrite arbitrary files by tricking the user into downloading a .LNK (link) file twice, which overwrites the file that was referenced in the first .LNK file.
- CAN-2005-0586: allows remote malicious web sites to spoof the extensions of files to download via the Content-Disposition header
- CAN-2005-0585: truncates long sub-domains or paths for display, which may allow remote malicious web sites to spoof legitimate sites and facilitate phishing attacks.
- CAN-2005-0584: when displaying the HTTP Authentication dialog, do not change the focus to the tab that generated the prompt, which could facilitate spoofing and phishing attacks. (closes: #297620)
* change binary name to mozilla-suite rom mozilla-VERSION (closes: #285611,
* applied over the spot patch (closes: #290863)
* added debian/po/it.po (closes: #279200)
* added debian/po/nl.po (closes: #270783)
* update debian/po/fi.po (closes: #265928)
* remove run-mozilla.sh (closes: #297216, #300090)
* update xprint dependency (closes: #300978)
* use readlink(1) instead of perl's. (closes: #290451)
Files:
03f9b7cf7250d2
800f8d3877193a
15b76e937aa593
70e9de0a98277f
97f99f437701e2
8fc77a77186e46
0d6d79f4b70dd7
7881b2b4817823
68e7c2c1c5ae79
6b746476168989
f1925702d98df3
5684fcb1e87231
db7397110795bc
4df0474571e620
76106353331539
3093fc70ca1754
-----BEGIN PGP SIGNATURE-----
U+WZW1FVMwoRAnx yAJ92vH1aYBcYDc yKE3UaKjHUGTT7f ACfaXuH p3NOEBu0=
Version: GnuPG v1.4.0 (GNU/Linux)
iD8DBQFCQbO+
hsFMT2ZhkOqrng0
=zlfK
-----END PGP SIGNATURE-----