Debian
mozilla package

mozilla: Multiple security issues fixed in 1.7.12

Bug #22324 reported by Debian Bug Importer
4
Affects Status Importance Assigned to Milestone
mozilla (Debian)
Fix Released
Unknown
mozilla (Ubuntu)
Fix Released
High
Martin Pitt

Bug Description

Automatically imported from Debian bug report #329778 http://bugs.debian.org/329778

See original description
Revision history for this message
Debian Bug Importer (debzilla) wrote :

Automatically imported from Debian bug report #329778 http://bugs.debian.org/329778

Revision history for this message
Debian Bug Importer (debzilla) wrote :

Message-Id: <email address hidden>
Date: Fri, 23 Sep 2005 11:53:17 +0200
From: Moritz Muehlenhoff <email address hidden>
To: Debian Bug Tracking System <email address hidden>
Subject: mozilla: Multiple security issues fixed in 1.7.12

Package: mozilla
Version: 2:1.7.11-1
Severity: grave
Tags: security
Justification: user security hole

As usual Mozilla 1.7.12 fixes several security issues. I'm copying
the bug descriptions from a Red Hat advisory, because they are not
yet public on the Mozilla website:

<-->
A bug was found in the way Mozilla processes XBM image files. If a user
views a specially crafted XBM file, it becomes possible to execute
arbitrary code as the user running Mozilla. The Common Vulnerabilities and
Exposures project (cve.mitre.org) has assigned the name CAN-2005-2701 to
this issue.

A bug was found in the way Mozilla processes certain Unicode sequences.
It may be possible to execute arbitrary code as the user running
Mozilla, if the user views a specially crafted Unicode sequence.
(CAN-2005-2702)

A bug was found in the way Mozilla makes XMLHttp requests. It is possible
that a malicious web page could leverage this flaw to exploit other proxy
or server flaws from the victim's machine. It is also possible that this
flaw could be leveraged to send XMLHttp requests to hosts other than the
originator; the default behavior of the browser is to disallow this.
(CAN-2005-2703)

A bug was found in the way Mozilla implemented its XBL interface. It may be
possible for a malicious web page to create an XBL binding in a way
that would allow arbitrary JavaScript execution with chrome permissions.
Please note that in Mozilla 1.7.10 this issue is not directly exploitable
and would need to leverage other unknown exploits. (CAN-2005-2704)

An integer overflow bug was found in Mozilla's JavaScript engine. Under
favorable conditions, it may be possible for a malicious web page to
execute arbitrary code as the user running Mozilla. (CAN-2005-2705)

A bug was found in the way Mozilla displays about: pages. It is possible
for a malicious web page to open an about: page, such as about:mozilla, in
such a way that it becomes possible to execute JavaScript with chrome
privileges. (CAN-2005-2706)

A bug was found in the way Mozilla opens new windows. It is possible for a
malicious web site to construct a new window without any user interface
components, such as the address bar and the status bar. This window could
hen be used to mislead the user for malicious purposes. (CAN-2005-2707)

-- System Information:
Debian Release: 3.1
Architecture: i386 (i686)
Kernel: Linux 2.4.29-vs1.2.10
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)

Versions of packages mozilla depends on:
pn mozilla-browser Not found.
pn mozilla-mailnews Not found.
pn mozilla-psm Not found.

Revision history for this message
Martin Pitt (pitti) wrote :

1.7.12 is in Breezy, warty and hoary updates are prepared, tested, uploaded, and
currently building.

Revision history for this message
Martin Pitt (pitti) wrote :

stables have been fixed in USN-186-1.

Revision history for this message
In , Alexander Sack (asac) wrote : Fixed in NMU of mozilla 2:1.7.12-1
Download full text (3.9 KiB)

tag 318723 + fixed
tag 321644 + fixed
tag 325532 + fixed
tag 327366 + fixed
tag 327455 + fixed
tag 329778 + fixed
tag 332480 + fixed

quit

This message was generated automatically in response to a
non-maintainer upload. The .changes file follows.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Wed, 6 Oct 2005 23:48:00 +0200
Source: mozilla
Binary: mozilla mozilla-calendar mozilla-dom-inspector libnspr4 mozilla-js-debugger mozilla-browser libnss3 libnspr-dev mozilla-chatzilla mozilla-psm mozilla-mailnews libnss-dev mozilla-dev
Architecture: source i386
Version: 2:1.7.12-1
Distribution: unstable
Urgency: high
Maintainer: Takuo KITAME <email address hidden>
Changed-By: Alexander Sack <email address hidden>
Description:
 libnspr-dev - Netscape Portable Runtime library - development files
 libnspr4 - Netscape Portable Runtime Library
 libnss-dev - Network Security Service Libraries - development
 libnss3 - Network Security Service Libraries - runtime
 mozilla - The Mozilla Internet application suite - meta package
 mozilla-browser - The Mozilla Internet application suite - core and browser
 mozilla-calendar - Todo organizer,calendar and reminder,integrated with Mozilla suit
 mozilla-chatzilla - Mozilla Web Browser - irc client
 mozilla-dev - The Mozilla Internet application suite - development files
 mozilla-dom-inspector - A tool for inspecting the DOM of pages in Mozilla.
 mozilla-js-debugger - JavaScript debugger for use with Mozilla
 mozilla-mailnews - The Mozilla Internet application suite - mail and news support
 mozilla-psm - The Mozilla Internet application suite - Personal Security Manage
Closes: 318723 321644 325532 327366 327455 329778 332480
Changes:
 mozilla (2:1.7.12-1) unstable; urgency=high
 .
   * NMU: fixing several security issues and most important RC bugs.
     (Closes: 332480)
   * new upstream version 1.7.12 fixes:
     + [CAN-2005-2871] IDN buffer overflow [MFSA 2005-57] (Closes: 327366)
     + security issue revealed: CAN-2005-2871 (Closes: 327455)
     + mozilla: Multiple security issues fixed in 1.7.12 (Closes: 329778)
     + javascript crasher - unsure about this ... have to test.
       (Closes: 318723)
     + mozilla 1.7.10 version crashes almost immediately (Closes: 321644)
   * applied patch by Steve Langasek <email address hidden> to make mozilla
     build on arm and other archs. (Closes: 325532)
Files:
 766dea59ec7f68b837ea0d42fd5a4188 1093 web optional mozilla_1.7.12-1.dsc
 6b5e421f09fef73ad972c8f6d7f7137b 30586755 web optional mozilla_1.7.12.orig.tar.gz
 0f7b83c1b25d5a6e3811c5d5add782ed 325638 web optional mozilla_1.7.12-1.diff.gz
 ad6d45717329823d52b98a7a5c9436ca 1022 web optional mozilla_1.7.12-1_i386.deb
 79c50292a9d41f7804c6b122d5989eec 9385338 web optional mozilla-browser_1.7.12-1_i386.deb
 d5b7b50bc5dd19ab8e8dc64aa05c12e9 3588608 devel optional mozilla-dev_1.7.12-1_i386.deb
 fdb59d0a9868df3d9bbaf72f3e997fab 1722632 mail optional mozilla-mailnews_1.7.12-1_i386.deb
 58cb2343e9d24d37ee35f596785fb5c3 158312 net optional mozilla-chatzilla_1.7.12-1_i386.deb
 b1e4b565ff92d53903726bf9ed5de29a 180280 web optional mozilla-psm_1.7.12-1_i386.deb
 b57fa3506af263edd8a6b464e8558605 115818 web optiona...

Read more...

Revision history for this message
Debian Bug Importer (debzilla) wrote :
Download full text (4.1 KiB)

Message-Id: <email address hidden>
Date: Sun, 09 Oct 2005 13:32:45 -0700
From: Alexander Sack <email address hidden>
To: <email address hidden>
Cc: Alexander Sack <email address hidden>, Takuo KITAME <email address hidden>
Subject: Fixed in NMU of mozilla 2:1.7.12-1

tag 318723 + fixed
tag 321644 + fixed
tag 325532 + fixed
tag 327366 + fixed
tag 327455 + fixed
tag 329778 + fixed
tag 332480 + fixed

quit

This message was generated automatically in response to a
non-maintainer upload. The .changes file follows.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Wed, 6 Oct 2005 23:48:00 +0200
Source: mozilla
Binary: mozilla mozilla-calendar mozilla-dom-inspector libnspr4 mozilla-js-debugger mozilla-browser libnss3 libnspr-dev mozilla-chatzilla mozilla-psm mozilla-mailnews libnss-dev mozilla-dev
Architecture: source i386
Version: 2:1.7.12-1
Distribution: unstable
Urgency: high
Maintainer: Takuo KITAME <email address hidden>
Changed-By: Alexander Sack <email address hidden>
Description:
 libnspr-dev - Netscape Portable Runtime library - development files
 libnspr4 - Netscape Portable Runtime Library
 libnss-dev - Network Security Service Libraries - development
 libnss3 - Network Security Service Libraries - runtime
 mozilla - The Mozilla Internet application suite - meta package
 mozilla-browser - The Mozilla Internet application suite - core and browser
 mozilla-calendar - Todo organizer,calendar and reminder,integrated with Mozilla suit
 mozilla-chatzilla - Mozilla Web Browser - irc client
 mozilla-dev - The Mozilla Internet application suite - development files
 mozilla-dom-inspector - A tool for inspecting the DOM of pages in Mozilla.
 mozilla-js-debugger - JavaScript debugger for use with Mozilla
 mozilla-mailnews - The Mozilla Internet application suite - mail and news support
 mozilla-psm - The Mozilla Internet application suite - Personal Security Manage
Closes: 318723 321644 325532 327366 327455 329778 332480
Changes:
 mozilla (2:1.7.12-1) unstable; urgency=high
 .
   * NMU: fixing several security issues and most important RC bugs.
     (Closes: 332480)
   * new upstream version 1.7.12 fixes:
     + [CAN-2005-2871] IDN buffer overflow [MFSA 2005-57] (Closes: 327366)
     + security issue revealed: CAN-2005-2871 (Closes: 327455)
     + mozilla: Multiple security issues fixed in 1.7.12 (Closes: 329778)
     + javascript crasher - unsure about this ... have to test.
       (Closes: 318723)
     + mozilla 1.7.10 version crashes almost immediately (Closes: 321644)
   * applied patch by Steve Langasek <email address hidden> to make mozilla
     build on arm and other archs. (Closes: 325532)
Files:
 766dea59ec7f68b837ea0d42fd5a4188 1093 web optional mozilla_1.7.12-1.dsc
 6b5e421f09fef73ad972c8f6d7f7137b 30586755 web optional mozilla_1.7.12.orig.tar.gz
 0f7b83c1b25d5a6e3811c5d5add782ed 325638 web optional mozilla_1.7.12-1.diff.gz
 ad6d45717329823d52b98a7a5c9436ca 1022 web optional mozilla_1.7.12-1_i386.deb
 79c50292a9d41f7804c6b122d5989eec 9385338 web optional mozilla-browser_1.7.12-1_i386.deb
 d5b7b50bc5dd19ab8e8dc64aa05c12e9 3588608 devel optional mozilla-dev_1.7.12-1_i386.deb
 fdb59d0a9868df3d9bbaf72f3e997fab 1722632 mail ...

Read more...

Revision history for this message
In , Alexander Sack (asac) wrote : Fixed in NMU of mozilla 2:1.7.8-1sarge3
Download full text (5.6 KiB)

tag 321427 + fixed
tag 327366 + fixed
tag 329778 + fixed

quit

This message was generated automatically in response to a
non-maintainer upload. The .changes file follows.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Tue, 27 Sep 2005 13:00:00 +0100
Source: mozilla
Binary: mozilla mozilla-calendar mozilla-dom-inspector libnspr4 mozilla-js-debugger mozilla-browser libnss3 libnspr-dev mozilla-chatzilla mozilla-psm mozilla-mailnews libnss-dev mozilla-dev
Architecture: source i386
Version: 2:1.7.8-1sarge3
Distribution: stable-security
Urgency: critical
Maintainer: Takuo KITAME <email address hidden>
Changed-By: Alexander Sack <email address hidden>
Description:
 libnspr-dev - Netscape Portable Runtime library - development files
 libnspr4 - Netscape Portable Runtime Library
 libnss-dev - Network Security Service Libraries - development
 libnss3 - Network Security Service Libraries - runtime
 mozilla - The Mozilla Internet application suite - meta package
 mozilla-browser - The Mozilla Internet application suite - core and browser
 mozilla-calendar - Todo organizer,calendar and reminder,integrated with Mozilla suit
 mozilla-chatzilla - Mozilla Web Browser - irc client
 mozilla-dev - The Mozilla Internet application suite - development files
 mozilla-dom-inspector - A tool for inspecting the DOM of pages in Mozilla.
 mozilla-js-debugger - JavaScript debugger for use with Mozilla
 mozilla-mailnews - The Mozilla Internet application suite - mail and news support
 mozilla-psm - The Mozilla Internet application suite - Personal Security Manage
Closes: 321427 327366 329778
Changes:
 mozilla (2:1.7.8-1sarge3) stable-security; urgency=critical
 .
   * MFSA-2005-56a.debian: Regressions introduced by mozilla 1.7.9.
     Summary: Regressions introduced by mozilla 1.7.9 bugfix. There was no
       advisory for it (debian/patches/001_mfsa_2005-56a.patch)
     Closes: 321427
     Bugzilla: 294307 301917 300749
     Issues addressed:
       + Regressions introduced by mozilla 1.7.9 bugfix.
   * MFSA-2005-57: IDN heap overrun
     Summary: Tom Ferris reported a Firefox crash when processing a domain
       name consisting solely of soft-hyphen characters.
       (debian/patches/001_mfsa-2005-57.patch)
     Closes: 327366
     CVE-Ids: CAN-2005-2871
     Bugzilla: 307259 308281
     Issues addressed:
       + CAN-2005-2871 - IDN heap overrun
   * MFSA-2005-58: Accumulated vendor advisory for multiple vulnerabilities
     Summary: Fixes for multiple vulnerabilities with an overall severity
       of "critical" have been released in Mozilla Firefox 1.0.7 and
       the Mozilla Suite 1.7.12 (debian/patches/001_mfsa-2005-58.patch)
     Closes: 329778
     CVE-Ids: CAN-2005-2701 CAN-2005-2702 CAN-2005-2703 CAN-2005-2704
       CAN-2005-2705 CAN-2005-2706 CAN-2005-2707
     Bugzilla: 300936 296134 297078 302263 299518 303213 304754 306261
        306804 291178 300853 301180 302100
     Issues addressed:
       + CAN-2005-2701 - Heap overrun in XBM image processing
       + CAN-2005-2702 - Crash on "zero-width non-joiner" sequence
       + CAN-2005-2703 - XMLHttpRequest header spoofing
       + CAN-2005-2704 - Object spoofing using XBL <implements>...

Read more...

Revision history for this message
Debian Bug Importer (debzilla) wrote :
Download full text (5.8 KiB)

Message-Id: <email address hidden>
Date: Sat, 12 Nov 2005 01:03:12 -0800
From: Alexander Sack <email address hidden>
To: <email address hidden>
Cc: Alexander Sack <email address hidden>, Takuo KITAME <email address hidden>
Subject: Fixed in NMU of mozilla 2:1.7.8-1sarge3

tag 321427 + fixed
tag 327366 + fixed
tag 329778 + fixed

quit

This message was generated automatically in response to a
non-maintainer upload. The .changes file follows.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Tue, 27 Sep 2005 13:00:00 +0100
Source: mozilla
Binary: mozilla mozilla-calendar mozilla-dom-inspector libnspr4 mozilla-js-debugger mozilla-browser libnss3 libnspr-dev mozilla-chatzilla mozilla-psm mozilla-mailnews libnss-dev mozilla-dev
Architecture: source i386
Version: 2:1.7.8-1sarge3
Distribution: stable-security
Urgency: critical
Maintainer: Takuo KITAME <email address hidden>
Changed-By: Alexander Sack <email address hidden>
Description:
 libnspr-dev - Netscape Portable Runtime library - development files
 libnspr4 - Netscape Portable Runtime Library
 libnss-dev - Network Security Service Libraries - development
 libnss3 - Network Security Service Libraries - runtime
 mozilla - The Mozilla Internet application suite - meta package
 mozilla-browser - The Mozilla Internet application suite - core and browser
 mozilla-calendar - Todo organizer,calendar and reminder,integrated with Mozilla suit
 mozilla-chatzilla - Mozilla Web Browser - irc client
 mozilla-dev - The Mozilla Internet application suite - development files
 mozilla-dom-inspector - A tool for inspecting the DOM of pages in Mozilla.
 mozilla-js-debugger - JavaScript debugger for use with Mozilla
 mozilla-mailnews - The Mozilla Internet application suite - mail and news support
 mozilla-psm - The Mozilla Internet application suite - Personal Security Manage
Closes: 321427 327366 329778
Changes:
 mozilla (2:1.7.8-1sarge3) stable-security; urgency=critical
 .
   * MFSA-2005-56a.debian: Regressions introduced by mozilla 1.7.9.
     Summary: Regressions introduced by mozilla 1.7.9 bugfix. There was no
       advisory for it (debian/patches/001_mfsa_2005-56a.patch)
     Closes: 321427
     Bugzilla: 294307 301917 300749
     Issues addressed:
       + Regressions introduced by mozilla 1.7.9 bugfix.
   * MFSA-2005-57: IDN heap overrun
     Summary: Tom Ferris reported a Firefox crash when processing a domain
       name consisting solely of soft-hyphen characters.
       (debian/patches/001_mfsa-2005-57.patch)
     Closes: 327366
     CVE-Ids: CAN-2005-2871
     Bugzilla: 307259 308281
     Issues addressed:
       + CAN-2005-2871 - IDN heap overrun
   * MFSA-2005-58: Accumulated vendor advisory for multiple vulnerabilities
     Summary: Fixes for multiple vulnerabilities with an overall severity
       of "critical" have been released in Mozilla Firefox 1.0.7 and
       the Mozilla Suite 1.7.12 (debian/patches/001_mfsa-2005-58.patch)
     Closes: 329778
     CVE-Ids: CAN-2005-2701 CAN-2005-2702 CAN-2005-2703 CAN-2005-2704
       CAN-2005-2705 CAN-2005-2706 CAN-2005-2707
     Bugzilla: 300936 296134 297078 302263 299518 303213 304754 306261
        306804 291178 300853 301180 302...

Read more...

Revision history for this message
In , Alexander Sack (asac) wrote :
Download full text (5.6 KiB)

tag 321427 + fixed
tag 327366 + fixed
tag 329778 + fixed

quit

This message was generated automatically in response to a
non-maintainer upload. The .changes file follows.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Tue, 27 Sep 2005 13:00:00 +0100
Source: mozilla
Binary: mozilla mozilla-calendar mozilla-dom-inspector libnspr4 mozilla-js-debugger mozilla-browser libnss3 libnspr-dev mozilla-chatzilla mozilla-psm mozilla-mailnews libnss-dev mozilla-dev
Architecture: source i386
Version: 2:1.7.8-1sarge3
Distribution: stable-security
Urgency: critical
Maintainer: Takuo KITAME <email address hidden>
Changed-By: Alexander Sack <email address hidden>
Description:
 libnspr-dev - Netscape Portable Runtime library - development files
 libnspr4 - Netscape Portable Runtime Library
 libnss-dev - Network Security Service Libraries - development
 libnss3 - Network Security Service Libraries - runtime
 mozilla - The Mozilla Internet application suite - meta package
 mozilla-browser - The Mozilla Internet application suite - core and browser
 mozilla-calendar - Todo organizer,calendar and reminder,integrated with Mozilla suit
 mozilla-chatzilla - Mozilla Web Browser - irc client
 mozilla-dev - The Mozilla Internet application suite - development files
 mozilla-dom-inspector - A tool for inspecting the DOM of pages in Mozilla.
 mozilla-js-debugger - JavaScript debugger for use with Mozilla
 mozilla-mailnews - The Mozilla Internet application suite - mail and news support
 mozilla-psm - The Mozilla Internet application suite - Personal Security Manage
Closes: 321427 327366 329778
Changes:
 mozilla (2:1.7.8-1sarge3) stable-security; urgency=critical
 .
   * MFSA-2005-56a.debian: Regressions introduced by mozilla 1.7.9.
     Summary: Regressions introduced by mozilla 1.7.9 bugfix. There was no
       advisory for it (debian/patches/001_mfsa_2005-56a.patch)
     Closes: 321427
     Bugzilla: 294307 301917 300749
     Issues addressed:
       + Regressions introduced by mozilla 1.7.9 bugfix.
   * MFSA-2005-57: IDN heap overrun
     Summary: Tom Ferris reported a Firefox crash when processing a domain
       name consisting solely of soft-hyphen characters.
       (debian/patches/001_mfsa-2005-57.patch)
     Closes: 327366
     CVE-Ids: CAN-2005-2871
     Bugzilla: 307259 308281
     Issues addressed:
       + CAN-2005-2871 - IDN heap overrun
   * MFSA-2005-58: Accumulated vendor advisory for multiple vulnerabilities
     Summary: Fixes for multiple vulnerabilities with an overall severity
       of "critical" have been released in Mozilla Firefox 1.0.7 and
       the Mozilla Suite 1.7.12 (debian/patches/001_mfsa-2005-58.patch)
     Closes: 329778
     CVE-Ids: CAN-2005-2701 CAN-2005-2702 CAN-2005-2703 CAN-2005-2704
       CAN-2005-2705 CAN-2005-2706 CAN-2005-2707
     Bugzilla: 300936 296134 297078 302263 299518 303213 304754 306261
        306804 291178 300853 301180 302100
     Issues addressed:
       + CAN-2005-2701 - Heap overrun in XBM image processing
       + CAN-2005-2702 - Crash on "zero-width non-joiner" sequence
       + CAN-2005-2703 - XMLHttpRequest header spoofing
       + CAN-2005-2704 - Object spoofing using XBL <implements>...

Read more...

Revision history for this message
Debian Bug Importer (debzilla) wrote :
Download full text (5.8 KiB)

Message-Id: <email address hidden>
Date: Fri, 16 Dec 2005 21:34:34 -0800
From: Alexander Sack <email address hidden>
To: <email address hidden>
Cc: Alexander Sack <email address hidden>, Takuo KITAME <email address hidden>
Subject: Fixed in NMU of mozilla 2:1.7.8-1sarge3

tag 321427 + fixed
tag 327366 + fixed
tag 329778 + fixed

quit

This message was generated automatically in response to a
non-maintainer upload. The .changes file follows.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Tue, 27 Sep 2005 13:00:00 +0100
Source: mozilla
Binary: mozilla mozilla-calendar mozilla-dom-inspector libnspr4 mozilla-js-debugger mozilla-browser libnss3 libnspr-dev mozilla-chatzilla mozilla-psm mozilla-mailnews libnss-dev mozilla-dev
Architecture: source i386
Version: 2:1.7.8-1sarge3
Distribution: stable-security
Urgency: critical
Maintainer: Takuo KITAME <email address hidden>
Changed-By: Alexander Sack <email address hidden>
Description:
 libnspr-dev - Netscape Portable Runtime library - development files
 libnspr4 - Netscape Portable Runtime Library
 libnss-dev - Network Security Service Libraries - development
 libnss3 - Network Security Service Libraries - runtime
 mozilla - The Mozilla Internet application suite - meta package
 mozilla-browser - The Mozilla Internet application suite - core and browser
 mozilla-calendar - Todo organizer,calendar and reminder,integrated with Mozilla suit
 mozilla-chatzilla - Mozilla Web Browser - irc client
 mozilla-dev - The Mozilla Internet application suite - development files
 mozilla-dom-inspector - A tool for inspecting the DOM of pages in Mozilla.
 mozilla-js-debugger - JavaScript debugger for use with Mozilla
 mozilla-mailnews - The Mozilla Internet application suite - mail and news support
 mozilla-psm - The Mozilla Internet application suite - Personal Security Manage
Closes: 321427 327366 329778
Changes:
 mozilla (2:1.7.8-1sarge3) stable-security; urgency=critical
 .
   * MFSA-2005-56a.debian: Regressions introduced by mozilla 1.7.9.
     Summary: Regressions introduced by mozilla 1.7.9 bugfix. There was no
       advisory for it (debian/patches/001_mfsa_2005-56a.patch)
     Closes: 321427
     Bugzilla: 294307 301917 300749
     Issues addressed:
       + Regressions introduced by mozilla 1.7.9 bugfix.
   * MFSA-2005-57: IDN heap overrun
     Summary: Tom Ferris reported a Firefox crash when processing a domain
       name consisting solely of soft-hyphen characters.
       (debian/patches/001_mfsa-2005-57.patch)
     Closes: 327366
     CVE-Ids: CAN-2005-2871
     Bugzilla: 307259 308281
     Issues addressed:
       + CAN-2005-2871 - IDN heap overrun
   * MFSA-2005-58: Accumulated vendor advisory for multiple vulnerabilities
     Summary: Fixes for multiple vulnerabilities with an overall severity
       of "critical" have been released in Mozilla Firefox 1.0.7 and
       the Mozilla Suite 1.7.12 (debian/patches/001_mfsa-2005-58.patch)
     Closes: 329778
     CVE-Ids: CAN-2005-2701 CAN-2005-2702 CAN-2005-2703 CAN-2005-2704
       CAN-2005-2705 CAN-2005-2706 CAN-2005-2707
     Bugzilla: 300936 296134 297078 302263 299518 303213 304754 306261
        306804 291178 300853 301180 302...

Read more...

Revision history for this message
In , Adam D. Barratt (debian-bts-adam-barratt) wrote : Bugs fixed in NMU, documenting versions

# Hi,
#
# These bugs were fixed in an NMU, but have not been acknowledged by the
# maintainers. With version tracking in the Debian BTS, it is important
# to know which version of a package fixes each bug so that they can be
# tracked for release status, so I'm closing these bugs with the
#relevant version information now

close 271427 8.14+v8.11+urw-0.1
close 314698 0.35-2.1
close 325635 0.35-2.1
close 328017 0.35-2.1
close 320115 2.0-4.2
close 320284 1.11
close 320899 11.4.1870-7.1
close 327078 11.4.1870-7.1
close 327349 11.4.1870-7.1
close 320903 1:0.71-1.2
close 327946 1:0.71-1.2
close 320941 2.0.3-1.1
close 321126 2.6.3.2
close 321545 0.1.3b-1.1
close 341341 0.1.3b-1.1
close 321553 0.1.12-2.2
close 321644 2:1.7.12-1.1
close 346013 2:1.7.12-1.1
close 321816 2.61-2.1
close 321967 4.0.0-2.1
close 330024 4.0.0-2.1
close 321998 0.9.21-0.1
close 322583 0.3.8.1-4
close 322853 0.7.1-3.1
close 356739 0.7.1-3.1
close 322961 0.4.3.1.dfsg-0.1
close 322972 9.4.2-2.4
close 323084 0.4.5+cvs20030824-1.4
close 323160 0.1.10-0.1
close 323355 1.2.11-0.2
close 323725 0.18.2-10.1
close 323942 0.4.0-4.1
close 324371 4.3-18.1
close 324553 2.9.5.0.37.5.2
close 324558 1.2-release-2.1
close 324579 1.11-6.2
close 324606 1.2-release-2.2
close 324908 0.12.4-4.1
close 325210 2.6.0-1.1
close 325490 0.7.1-1.1
close 325514 0.8.6-1.1
close 326468 0.8.6-1.1
close 325532 2:1.7.12-1
close 327366 2:1.7.12-1
close 329778 2:1.7.12-1
close 332480 2:1.7.12-1
close 325635 0.35-2.1
close 328017 0.35-2.1
close 325835 0.1.12-7.1
close 325851 2:1.7.8-1sarge2
close 325938 0.9.8beta2-4.1
close 327930 0.9.8beta2-4.1
close 326285 0.99.3-5.1
close 326295 0.8.2-5.1
close 373110 0.8.2-5.1
close 379331 0.8.2-5.1
close 379334 0.8.2-5.1
close 326298 0.2.12-2.1
close 326311 0.3.5-1pre1.1
close 326355 2.1.8-2.1
close 326362 0.6-7.2
close 326371 0.90beta1-10.1
close 326372 1.0-0.1
close 326378 0.1.17-4.3
close 326466 6.3.2-2.1
close 347129 6.3.2-2.1
close 347205 6.3.2-2.1
close 326489 0.3.7-2.1
close 326756 1.0.9-1.1
close 365518 1.0.9-1.1
close 327429 1.2-1.1
close 350429 1.2-1.1
close 327911 2.3.5-1.1
close 327718 0.6.0-8.2
close 327933 0.9.2-1.1
close 327936 0.8.5-1.1
close 327970 0.5.1-2.1
close 327984 1.3-2.1
close 327986 0.2.36-4.1
close 291328 0.2.36-4.1
close 327996 1.0-1.1
close 328002 1.0.0-9.1
close 328018 2.1.3-2.1
close 328039 1.18A-2.1
close 328172 1.002-0.2
close 328333 4.1.2-1.1
close 328334 1.34-7.1
close 328335 0.8.2-2.1
close 328352 0.13-3.1
close 328364 0.4.0-test5-2.1
close 329467 1.3.1
close 330446 0.1.83
close 333857 0.1.83
close 330666 6:6.2.4.5-0.2
close 330938 0.5.1-2.2

Bug Watch Updater (bug-watch-updater)
Changed in mozilla:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.