Message-Id: <email address hidden>
Date: Tue, 13 Sep 2005 05:32:11 -0700
From: Alexander Sack <email address hidden>
To: <email address hidden>
Cc: Alexander Sack <email address hidden>, Takuo KITAME <email address hidden>
Subject: Fixed in NMU of mozilla 2:1.7.8-1sarge2
tag 325851 + fixed
quit
This message was generated automatically in response to a
non-maintainer upload. The .changes file follows.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Wed, 31 Aug 2005 06:00:00 +0100
Source: mozilla
Binary: mozilla mozilla-calendar mozilla-dom-inspector libnspr4 mozilla-js-debugger mozilla-browser libnss3 libnspr-dev mozilla-chatzilla mozilla-psm mozilla-mailnews libnss-dev mozilla-dev
Architecture: source i386
Version: 2:1.7.8-1sarge2
Distribution: stable-security
Urgency: critical
Maintainer: Takuo KITAME <email address hidden>
Changed-By: Alexander Sack <email address hidden>
Description:
libnspr-dev - Netscape Portable Runtime library - development files
libnspr4 - Netscape Portable Runtime Library
libnss-dev - Network Security Service Libraries - development
libnss3 - Network Security Service Libraries - runtime
mozilla - The Mozilla Internet application suite - meta package
mozilla-browser - The Mozilla Internet application suite - core and browser
mozilla-calendar - Todo organizer,calendar and reminder,integrated with Mozilla suit
mozilla-chatzilla - Mozilla Web Browser - irc client
mozilla-dev - The Mozilla Internet application suite - development files
mozilla-dom-inspector - A tool for inspecting the DOM of pages in Mozilla.
mozilla-js-debugger - JavaScript debugger for use with Mozilla
mozilla-mailnews - The Mozilla Internet application suite - mail and news support
mozilla-psm - The Mozilla Internet application suite - Personal Security Manage
Closes: 325851
Changes:
mozilla (2:1.7.8-1sarge2) stable-security; urgency=critical
.
* previous version was MFSA 2005-51 aka CAN-2004-0718. The change has been
reverted and reapplied by this version.
* fix multiple security issues. Reverts all changes made by previous
security release 2:1.7.8-1.sarge1, because this one fixes all bugs.
(Closes: 325851)
+ CAN-2005-2270/MFSA 2005-56 Code execution through shared function objects
+ CAN-2005-2269/MFSA 2005-55 XHTML node spoofing
+ CAN-2005-2268/MFSA 2005-54 Javascript prompt origin spoofing
+ CAN-2005-2266/MFSA 2005-52 Same origin violation: frame calling top.focus()
+ CAN-2005-1937/MFSA 2005-51 The return of frame-injection spoofing
+ CAN-2005-2265/MFSA 2005-50 Possibly exploitable crash in InstallVersion.compareTo()
+ CAN-2005-2263/MFSA 2005-48 Same-origin violation with InstallTrigger callback
+ CAN-2005-2261/MFSA 2005-46 XBL scripts ran even when Javascript disabled
+ CAN-2005-2260/MFSA 2005-45 Content-generated event vulnerabilities
* adapted overthespot.diff to changes needed by security patch
Files:
c48d385962c84c57d6085e04483fe01c 1123 web optional mozilla_1.7.8-1sarge2.dsc
e786529434e3cd0d0cdc9371fe5d727c 397348 web optional mozilla_1.7.8-1sarge2.diff.gz
8401dcc3b9c2ac3c5e956d4d93c43724 1032 web optional mozilla_1.7.8-1sarge2_i386.deb
b56563023bd65f213db1f0a138b4a38f 10322448 web optional mozilla-browser_1.7.8-1sarge2_i386.deb
fbfcb714a164679a87b41f1896eeef4a 3591808 devel optional mozilla-dev_1.7.8-1sarge2_i386.deb
2cc3dddc6921aafdf749c31a9e69e2e6 1816046 mail optional mozilla-mailnews_1.7.8-1sarge2_i386.deb
16a81c7add5e724e2dd65396a3121350 158354 net optional mozilla-chatzilla_1.7.8-1sarge2_i386.deb
eebc8cefb2d6689f1e708cd915fa93ad 192476 web optional mozilla-psm_1.7.8-1sarge2_i386.deb
3f8cbaee36be34d4709a600ec0d3cf0a 116676 web optional mozilla-dom-inspector_1.7.8-1sarge2_i386.deb
9694bdc6d612132e760a9b645cc7d7d1 204164 devel optional mozilla-js-debugger_1.7.8-1sarge2_i386.deb
dd9f36972a06aa2e0b153fa9f3d0009f 403494 misc optional mozilla-calendar_1.7.8-1sarge2_i386.deb
072f3d046ce9cdc9f78f9b4ffd2e892b 130860 libs optional libnspr4_1.7.8-1sarge2_i386.deb
7e785c6ca8fccb661b4dec78aa7251d8 170348 libdevel optional libnspr-dev_1.7.8-1sarge2_i386.deb
5ba9ea0be3b85aed6bad309f610c841a 655690 libs optional libnss3_1.7.8-1sarge2_i386.deb
6683024c42d5d434eb0014588af87b0f 187128 libdevel optional libnss-dev_1.7.8-1sarge2_i386.deb
Message-Id: <email address hidden>
Date: Tue, 13 Sep 2005 05:32:11 -0700
From: Alexander Sack <email address hidden>
To: <email address hidden>
Cc: Alexander Sack <email address hidden>, Takuo KITAME <email address hidden>
Subject: Fixed in NMU of mozilla 2:1.7.8-1sarge2
tag 325851 + fixed
quit
This message was generated automatically in response to a
non-maintainer upload. The .changes file follows.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7 dom-inspector libnspr4 mozilla-js-debugger mozilla-browser libnss3 libnspr-dev mozilla-chatzilla mozilla-psm mozilla-mailnews libnss-dev mozilla-dev dom-inspector - A tool for inspecting the DOM of pages in Mozilla. js-debugger - JavaScript debugger for use with Mozilla compareTo( ) 57d6085e04483fe 01c 1123 web optional mozilla_ 1.7.8-1sarge2. dsc 0d0cdc9371fe5d7 27c 397348 web optional mozilla_ 1.7.8-1sarge2. diff.gz 3c5e956d4d93c43 724 1032 web optional mozilla_ 1.7.8-1sarge2_ i386.deb 213db1f0a138b4a 38f 10322448 web optional mozilla- browser_ 1.7.8-1sarge2_ i386.deb 9a87b41f1896eee f4a 3591808 devel optional mozilla- dev_1.7. 8-1sarge2_ i386.deb fdf749c31a9e69e 2e6 1816046 mail optional mozilla- mailnews_ 1.7.8-1sarge2_ i386.deb 4e2dd65396a3121 350 158354 net optional mozilla- chatzilla_ 1.7.8-1sarge2_ i386.deb 9f1e708cd915fa9 3ad 192476 web optional mozilla- psm_1.7. 8-1sarge2_ i386.deb d4709a600ec0d3c f0a 116676 web optional mozilla- dom-inspector_ 1.7.8-1sarge2_ i386.deb 2e760a9b645cc7d 7d1 204164 devel optional mozilla- js-debugger_ 1.7.8-1sarge2_ i386.deb 2e0b153fa9f3d00 09f 403494 misc optional mozilla- calendar_ 1.7.8-1sarge2_ i386.deb c9f78f9b4ffd2e8 92b 130860 libs optional libnspr4_ 1.7.8-1sarge2_ i386.deb 661b4dec78aa725 1d8 170348 libdevel optional libnspr- dev_1.7. 8-1sarge2_ i386.deb ed6bad309f610c8 41a 655690 libs optional libnss3_ 1.7.8-1sarge2_ i386.deb 34eb0014588af87 b0f 187128 libdevel optional libnss- dev_1.7. 8-1sarge2_ i386.deb
Date: Wed, 31 Aug 2005 06:00:00 +0100
Source: mozilla
Binary: mozilla mozilla-calendar mozilla-
Architecture: source i386
Version: 2:1.7.8-1sarge2
Distribution: stable-security
Urgency: critical
Maintainer: Takuo KITAME <email address hidden>
Changed-By: Alexander Sack <email address hidden>
Description:
libnspr-dev - Netscape Portable Runtime library - development files
libnspr4 - Netscape Portable Runtime Library
libnss-dev - Network Security Service Libraries - development
libnss3 - Network Security Service Libraries - runtime
mozilla - The Mozilla Internet application suite - meta package
mozilla-browser - The Mozilla Internet application suite - core and browser
mozilla-calendar - Todo organizer,calendar and reminder,integrated with Mozilla suit
mozilla-chatzilla - Mozilla Web Browser - irc client
mozilla-dev - The Mozilla Internet application suite - development files
mozilla-
mozilla-
mozilla-mailnews - The Mozilla Internet application suite - mail and news support
mozilla-psm - The Mozilla Internet application suite - Personal Security Manage
Closes: 325851
Changes:
mozilla (2:1.7.8-1sarge2) stable-security; urgency=critical
.
* previous version was MFSA 2005-51 aka CAN-2004-0718. The change has been
reverted and reapplied by this version.
* fix multiple security issues. Reverts all changes made by previous
security release 2:1.7.8-1.sarge1, because this one fixes all bugs.
(Closes: 325851)
+ CAN-2005-2270/MFSA 2005-56 Code execution through shared function objects
+ CAN-2005-2269/MFSA 2005-55 XHTML node spoofing
+ CAN-2005-2268/MFSA 2005-54 Javascript prompt origin spoofing
+ CAN-2005-2266/MFSA 2005-52 Same origin violation: frame calling top.focus()
+ CAN-2005-1937/MFSA 2005-51 The return of frame-injection spoofing
+ CAN-2005-2265/MFSA 2005-50 Possibly exploitable crash in InstallVersion.
+ CAN-2005-2263/MFSA 2005-48 Same-origin violation with InstallTrigger callback
+ CAN-2005-2261/MFSA 2005-46 XBL scripts ran even when Javascript disabled
+ CAN-2005-2260/MFSA 2005-45 Content-generated event vulnerabilities
* adapted overthespot.diff to changes needed by security patch
Files:
c48d385962c84c
e786529434e3cd
8401dcc3b9c2ac
b56563023bd65f
fbfcb714a16467
2cc3dddc6921aa
16a81c7add5e72
eebc8cefb2d668
3f8cbaee36be34
9694bdc6d61213
dd9f36972a06aa
072f3d046ce9cd
7e785c6ca8fccb
5ba9ea0be3b85a
6683024c42d5d4
-----BEGIN PGP SIGNATURE-----
LOKgkuT8RAsk6AJ 0fy+Iw/ oko8+udDJKo7W6A g0iBZwCg2ahB jCHgp5Nu0bRlUhk g=
Version: GnuPG v1.4.1 (GNU/Linux)
iD8DBQFDFaUDv8p
yLyR4c+
=tt6V
-----END PGP SIGNATURE-----