-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.7 Date: Wed, 31 Aug 2005 06:00:00 +0100 Source: mozilla Binary: mozilla mozilla-calendar mozilla-dom-inspector libnspr4 mozilla-js-debugger mozilla-browser libnss3 libnspr-dev mozilla-chatzilla mozilla-psm mozilla-mailnews libnss-dev mozilla-dev Architecture: source i386 Version: 2:1.7.8-1sarge2 Distribution: stable-security Urgency: critical Maintainer: Takuo KITAME <kitame@debian.org> Changed-By: Alexander Sack <asac@debian.org> Description: libnspr-dev - Netscape Portable Runtime library - development files libnspr4 - Netscape Portable Runtime Library libnss-dev - Network Security Service Libraries - development libnss3 - Network Security Service Libraries - runtime mozilla - The Mozilla Internet application suite - meta package mozilla-browser - The Mozilla Internet application suite - core and browser mozilla-calendar - Todo organizer,calendar and reminder,integrated with Mozilla suit mozilla-chatzilla - Mozilla Web Browser - irc client mozilla-dev - The Mozilla Internet application suite - development files mozilla-dom-inspector - A tool for inspecting the DOM of pages in Mozilla. mozilla-js-debugger - JavaScript debugger for use with Mozilla mozilla-mailnews - The Mozilla Internet application suite - mail and news support mozilla-psm - The Mozilla Internet application suite - Personal Security Manage Closes: 325851 Changes: mozilla (2:1.7.8-1sarge2) stable-security; urgency=critical . * previous version was MFSA 2005-51 aka CAN-2004-0718. The change has been reverted and reapplied by this version. * fix multiple security issues. Reverts all changes made by previous security release 2:1.7.8-1.sarge1, because this one fixes all bugs. (Closes: 325851) + CAN-2005-2270/MFSA 2005-56 Code execution through shared function objects + CAN-2005-2269/MFSA 2005-55 XHTML node spoofing + CAN-2005-2268/MFSA 2005-54 Javascript prompt origin spoofing + CAN-2005-2266/MFSA 2005-52 Same origin violation: frame calling top.focus() + CAN-2005-1937/MFSA 2005-51 The return of frame-injection spoofing + CAN-2005-2265/MFSA 2005-50 Possibly exploitable crash in InstallVersion.compareTo() + CAN-2005-2263/MFSA 2005-48 Same-origin violation with InstallTrigger callback + CAN-2005-2261/MFSA 2005-46 XBL scripts ran even when Javascript disabled + CAN-2005-2260/MFSA 2005-45 Content-generated event vulnerabilities * adapted overthespot.diff to changes needed by security patch Files: c48d385962c84c57d6085e04483fe01c 1123 web optional mozilla_1.7.8-1sarge2.dsc e786529434e3cd0d0cdc9371fe5d727c 397348 web optional mozilla_1.7.8-1sarge2.diff.gz 8401dcc3b9c2ac3c5e956d4d93c43724 1032 web optional mozilla_1.7.8-1sarge2_i386.deb b56563023bd65f213db1f0a138b4a38f 10322448 web optional mozilla-browser_1.7.8-1sarge2_i386.deb fbfcb714a164679a87b41f1896eeef4a 3591808 devel optional mozilla-dev_1.7.8-1sarge2_i386.deb 2cc3dddc6921aafdf749c31a9e69e2e6 1816046 mail optional mozilla-mailnews_1.7.8-1sarge2_i386.deb 16a81c7add5e724e2dd65396a3121350 158354 net optional mozilla-chatzilla_1.7.8-1sarge2_i386.deb eebc8cefb2d6689f1e708cd915fa93ad 192476 web optional mozilla-psm_1.7.8-1sarge2_i386.deb 3f8cbaee36be34d4709a600ec0d3cf0a 116676 web optional mozilla-dom-inspector_1.7.8-1sarge2_i386.deb 9694bdc6d612132e760a9b645cc7d7d1 204164 devel optional mozilla-js-debugger_1.7.8-1sarge2_i386.deb dd9f36972a06aa2e0b153fa9f3d0009f 403494 misc optional mozilla-calendar_1.7.8-1sarge2_i386.deb 072f3d046ce9cdc9f78f9b4ffd2e892b 130860 libs optional libnspr4_1.7.8-1sarge2_i386.deb 7e785c6ca8fccb661b4dec78aa7251d8 170348 libdevel optional libnspr-dev_1.7.8-1sarge2_i386.deb 5ba9ea0be3b85aed6bad309f610c841a 655690 libs optional libnss3_1.7.8-1sarge2_i386.deb 6683024c42d5d434eb0014588af87b0f 187128 libdevel optional libnss-dev_1.7.8-1sarge2_i386.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQFDFaUDv8pLOKgkuT8RAsk6AJ0fy+Iw/oko8+udDJKo7W6Ag0iBZwCg2ahB yLyR4c+jCHgp5Nu0bRlUhkg= =tt6V -----END PGP SIGNATURE----- Accepted: libnspr-dev_1.7.8-1sarge2_i386.deb to pool/main/m/mozilla/libnspr-dev_1.7.8-1sarge2_i386.deb libnspr4_1.7.8-1sarge2_i386.deb to pool/main/m/mozilla/libnspr4_1.7.8-1sarge2_i386.deb libnss-dev_1.7.8-1sarge2_i386.deb to pool/main/m/mozilla/libnss-dev_1.7.8-1sarge2_i386.deb libnss3_1.7.8-1sarge2_i386.deb to pool/main/m/mozilla/libnss3_1.7.8-1sarge2_i386.deb mozilla-browser_1.7.8-1sarge2_i386.deb to pool/main/m/mozilla/mozilla-browser_1.7.8-1sarge2_i386.deb mozilla-calendar_1.7.8-1sarge2_i386.deb to pool/main/m/mozilla/mozilla-calendar_1.7.8-1sarge2_i386.deb mozilla-chatzilla_1.7.8-1sarge2_i386.deb to pool/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge2_i386.deb mozilla-dev_1.7.8-1sarge2_i386.deb to pool/main/m/mozilla/mozilla-dev_1.7.8-1sarge2_i386.deb mozilla-dom-inspector_1.7.8-1sarge2_i386.deb to pool/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge2_i386.deb mozilla-js-debugger_1.7.8-1sarge2_i386.deb to pool/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge2_i386.deb mozilla-mailnews_1.7.8-1sarge2_i386.deb to pool/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge2_i386.deb mozilla-psm_1.7.8-1sarge2_i386.deb to pool/main/m/mozilla/mozilla-psm_1.7.8-1sarge2_i386.deb mozilla_1.7.8-1sarge2.diff.gz to pool/main/m/mozilla/mozilla_1.7.8-1sarge2.diff.gz mozilla_1.7.8-1sarge2.dsc to pool/main/m/mozilla/mozilla_1.7.8-1sarge2.dsc mozilla_1.7.8-1sarge2_i386.deb to pool/main/m/mozilla/mozilla_1.7.8-1sarge2_i386.deb -- To UNSUBSCRIBE, email to debian-testing-changes-request@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
