Debian
mozilla package

  1. Bug #13406
  2. Comment #6

Comment 6 for bug 13406

Revision history for this message
Debian Bug Importer (debzilla) wrote :

Message-Id: <email address hidden>
Date: Wed, 23 Mar 2005 13:32:24 -0500
From: Takuo KITAME <email address hidden>
To: <email address hidden>
Subject: Bug#297619: fixed in mozilla 2:1.7.6-1

Source: mozilla
Source-Version: 2:1.7.6-1

We believe that the bug you reported is fixed in the latest version of
mozilla, which is due to be installed in the Debian FTP archive:

libnspr-dev_1.7.6-1_i386.deb
  to pool/main/m/mozilla/libnspr-dev_1.7.6-1_i386.deb
libnspr4_1.7.6-1_i386.deb
  to pool/main/m/mozilla/libnspr4_1.7.6-1_i386.deb
libnss-dev_1.7.6-1_i386.deb
  to pool/main/m/mozilla/libnss-dev_1.7.6-1_i386.deb
libnss3_1.7.6-1_i386.deb
  to pool/main/m/mozilla/libnss3_1.7.6-1_i386.deb
mozilla-browser_1.7.6-1_i386.deb
  to pool/main/m/mozilla/mozilla-browser_1.7.6-1_i386.deb
mozilla-calendar_1.7.6-1_i386.deb
  to pool/main/m/mozilla/mozilla-calendar_1.7.6-1_i386.deb
mozilla-chatzilla_1.7.6-1_i386.deb
  to pool/main/m/mozilla/mozilla-chatzilla_1.7.6-1_i386.deb
mozilla-dev_1.7.6-1_i386.deb
  to pool/main/m/mozilla/mozilla-dev_1.7.6-1_i386.deb
mozilla-dom-inspector_1.7.6-1_i386.deb
  to pool/main/m/mozilla/mozilla-dom-inspector_1.7.6-1_i386.deb
mozilla-js-debugger_1.7.6-1_i386.deb
  to pool/main/m/mozilla/mozilla-js-debugger_1.7.6-1_i386.deb
mozilla-mailnews_1.7.6-1_i386.deb
  to pool/main/m/mozilla/mozilla-mailnews_1.7.6-1_i386.deb
mozilla-psm_1.7.6-1_i386.deb
  to pool/main/m/mozilla/mozilla-psm_1.7.6-1_i386.deb
mozilla_1.7.6-1.diff.gz
  to pool/main/m/mozilla/mozilla_1.7.6-1.diff.gz
mozilla_1.7.6-1.dsc
  to pool/main/m/mozilla/mozilla_1.7.6-1.dsc
mozilla_1.7.6-1_i386.deb
  to pool/main/m/mozilla/mozilla_1.7.6-1_i386.deb
mozilla_1.7.6.orig.tar.gz
  to pool/main/m/mozilla/mozilla_1.7.6.orig.tar.gz

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to <email address hidden>,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Takuo KITAME <email address hidden> (supplier of updated mozilla package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing <email address hidden>)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Thu, 24 Mar 2005 01:34:42 +0900
Source: mozilla
Binary: mozilla mozilla-calendar mozilla-dom-inspector libnspr4 mozilla-js-debugger mozilla-browser libnss3 libnspr-dev mozilla-chatzilla mozilla-psm mozilla-mailnews libnss-dev mozilla-dev
Architecture: source i386
Version: 2:1.7.6-1
Distribution: unstable
Urgency: low
Maintainer: Takuo KITAME <email address hidden>
Changed-By: Takuo KITAME <email address hidden>
Description:
 libnspr-dev - Netscape Portable Runtime library - development files
 libnspr4 - Netscape Portable Runtime Library
 libnss-dev - Network Security Service Libraries - development
 libnss3 - Network Security Service Libraries - runtime
 mozilla - The Mozilla Internet application suite - meta package
 mozilla-browser - The Mozilla Internet application suite - core and browser
 mozilla-calendar - Todo organizer,calendar and reminder,integrated with Mozilla suit
 mozilla-chatzilla - Mozilla Web Browser - irc client
 mozilla-dev - The Mozilla Internet application suite - development files
 mozilla-dom-inspector - A tool for inspecting the DOM of pages in Mozilla.
 mozilla-js-debugger - JavaScript debugger for use with Mozilla
 mozilla-mailnews - The Mozilla Internet application suite - mail and news support
 mozilla-psm - The Mozilla Internet application suite - Personal Security Manage
Closes: 215394 265928 270783 277504 279200 285611 290451 290863 293663 294274 297216 297618 297619 297620 300090 300978
Changes:
 mozilla (2:1.7.6-1) unstable; urgency=low
 .
   * New upstream release
   * fix some security issues.
     - CAN-2005-0233: IDN support allows domainname spooing (closes: #294274)
     - CAN-2005-0592: Heap-based bufer over flow (closes: #297619)
     - CAN-2004-1156: secunia window injection vulnerability (closes: #293663)
     - MFSA-2005-18: Mozilla Firefox and Mozilla Browser Out Of Memory Heap Corruption Design Error
     - CAN-2005-0593: SSL "secure site" indicator spoofing (closes: #297618)
     - CAN-2005-0588: does not restrict xsl:include and xsl:import tags in XSLT stylesheets to the current domain.
     - CAN-2005-0587: allows remote malicious web sites to overwrite arbitrary files by tricking the user into downloading a .LNK (link) file twice, which overwrites the file that was referenced in the first .LNK file.
     - CAN-2005-0586: allows remote malicious web sites to spoof the extensions of files to download via the Content-Disposition header
     - CAN-2005-0585: truncates long sub-domains or paths for display, which may allow remote malicious web sites to spoof legitimate sites and facilitate phishing attacks.
     - CAN-2005-0584: when displaying the HTTP Authentication dialog, do not change the focus to the tab that generated the prompt, which could facilitate spoofing and phishing attacks. (closes: #297620)
   * change binary name to mozilla-suite rom mozilla-VERSION (closes: #285611,#277504,#215394)
   * applied over the spot patch (closes: #290863)
   * added debian/po/it.po (closes: #279200)
   * added debian/po/nl.po (closes: #270783)
   * update debian/po/fi.po (closes: #265928)
   * remove run-mozilla.sh (closes: #297216, #300090)
   * update xprint dependency (closes: #300978)
   * use readlink(1) instead of perl's. (closes: #290451)
Files:
 03f9b7cf7250d2bfa894fd264306b6ab 1111 web optional mozilla_1.7.6-1.dsc
 800f8d3877193a5d786d9ce4e3d1e400 30587697 web optional mozilla_1.7.6.orig.tar.gz
 15b76e937aa59308670c5afbaba7fd1f 303435 web optional mozilla_1.7.6-1.diff.gz
 70e9de0a98277fb0899227bebba665ab 1028 web optional mozilla_1.7.6-1_i386.deb
 97f99f437701e242220fa9de5a7c3bdf 10280282 web optional mozilla-browser_1.7.6-1_i386.deb
 8fc77a77186e461c480b8455c9272281 3343978 devel optional mozilla-dev_1.7.6-1_i386.deb
 0d6d79f4b70dd7d3cd58ad69829c4d91 1811052 mail optional mozilla-mailnews_1.7.6-1_i386.deb
 7881b2b481782364b1cb8a30cc454cf5 158318 net optional mozilla-chatzilla_1.7.6-1_i386.deb
 68e7c2c1c5ae79b1ae7bd0efbb75467e 192294 web optional mozilla-psm_1.7.6-1_i386.deb
 6b746476168989818eddd61e2d926acb 116194 web optional mozilla-dom-inspector_1.7.6-1_i386.deb
 f1925702d98df3ae51f28abe8f72c9b8 204124 devel optional mozilla-js-debugger_1.7.6-1_i386.deb
 5684fcb1e872312398fa3572157d8ffd 403270 misc optional mozilla-calendar_1.7.6-1_i386.deb
 db7397110795bc26f3ff049ad5cb0b26 129784 libs optional libnspr4_1.7.6-1_i386.deb
 4df0474571e6206ffeb96f1847857598 168060 libdevel optional libnspr-dev_1.7.6-1_i386.deb
 76106353331539e79d10e133498699d4 653648 libs optional libnss3_1.7.6-1_i386.deb
 3093fc70ca1754bf1506cc7c000b5106 184920 libdevel optional libnss-dev_1.7.6-1_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)

iD8DBQFCQbO+U+WZW1FVMwoRAnxyAJ92vH1aYBcYDcyKE3UaKjHUGTT7fACfaXuH
hsFMT2ZhkOqrng0p3NOEBu0=
=zlfK
-----END PGP SIGNATURE-----