-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.7 Date: Tue, 27 Sep 2005 13:00:00 +0100 Source: mozilla Binary: mozilla mozilla-calendar mozilla-dom-inspector libnspr4 mozilla-js-debugger mozilla-browser libnss3 libnspr-dev mozilla-chatzilla mozilla-psm mozilla-mailnews libnss-dev mozilla-dev Architecture: source i386 Version: 2:1.7.8-1sarge3 Distribution: stable-security Urgency: critical Maintainer: Takuo KITAME <kitame@debian.org> Changed-By: Alexander Sack <asac@debian.org> Description: libnspr-dev - Netscape Portable Runtime library - development files libnspr4 - Netscape Portable Runtime Library libnss-dev - Network Security Service Libraries - development libnss3 - Network Security Service Libraries - runtime mozilla - The Mozilla Internet application suite - meta package mozilla-browser - The Mozilla Internet application suite - core and browser mozilla-calendar - Todo organizer,calendar and reminder,integrated with Mozilla suit mozilla-chatzilla - Mozilla Web Browser - irc client mozilla-dev - The Mozilla Internet application suite - development files mozilla-dom-inspector - A tool for inspecting the DOM of pages in Mozilla. mozilla-js-debugger - JavaScript debugger for use with Mozilla mozilla-mailnews - The Mozilla Internet application suite - mail and news support mozilla-psm - The Mozilla Internet application suite - Personal Security Manage Closes: 321427 327366 329778 Changes: mozilla (2:1.7.8-1sarge3) stable-security; urgency=critical . * MFSA-2005-56a.debian: Regressions introduced by mozilla 1.7.9. Summary: Regressions introduced by mozilla 1.7.9 bugfix. There was no advisory for it (debian/patches/001_mfsa_2005-56a.patch) Closes: 321427 Bugzilla: 294307 301917 300749 Issues addressed: + Regressions introduced by mozilla 1.7.9 bugfix. * MFSA-2005-57: IDN heap overrun Summary: Tom Ferris reported a Firefox crash when processing a domain name consisting solely of soft-hyphen characters. (debian/patches/001_mfsa-2005-57.patch) Closes: 327366 CVE-Ids: CAN-2005-2871 Bugzilla: 307259 308281 Issues addressed: + CAN-2005-2871 - IDN heap overrun * MFSA-2005-58: Accumulated vendor advisory for multiple vulnerabilities Summary: Fixes for multiple vulnerabilities with an overall severity of "critical" have been released in Mozilla Firefox 1.0.7 and the Mozilla Suite 1.7.12 (debian/patches/001_mfsa-2005-58.patch) Closes: 329778 CVE-Ids: CAN-2005-2701 CAN-2005-2702 CAN-2005-2703 CAN-2005-2704 CAN-2005-2705 CAN-2005-2706 CAN-2005-2707 Bugzilla: 300936 296134 297078 302263 299518 303213 304754 306261 306804 291178 300853 301180 302100 Issues addressed: + CAN-2005-2701 - Heap overrun in XBM image processing + CAN-2005-2702 - Crash on "zero-width non-joiner" sequence + CAN-2005-2703 - XMLHttpRequest header spoofing + CAN-2005-2704 - Object spoofing using XBL <implements> + CAN-2005-2705 - JavaScript integer overflow + CAN-2005-2706 - Privilege escalation using about: scheme + CAN-2005-2707 - Chrome window spoofing + Regression fixes * MFSA-2005-59: Command-line handling on Linux allows shell execution Summary: URLs passed to Linux versions of Firefox on the command-line are not correctly protected against interpretation by the shell. As a result a malicious URL can result in the execution of shell commands with the privileges of the user. If Firefox is set as the default handler for web URLs then opening a URL in another program (for example, links in a mail or chat client) can result in shell command execution. (debian/patches/001_mfsa-2005-59.patch) Closes: - CVE-Ids: CAN-2005-2968 Bugzilla: 307185 Issues addressed: + CAN-2005-2968 - Command-line handling on Linux allows shell execution Files: 8bcf5da1d244d5793c6848126887cb6e 1123 web optional mozilla_1.7.8-1sarge3.dsc c6a4dc4aa262b71eb3e2f927ccba5be0 410904 web optional mozilla_1.7.8-1sarge3.diff.gz e00305ced1db4728dc26cbde13f0c875 1032 web optional mozilla_1.7.8-1sarge3_i386.deb d781aa4f05704110d987cd24ff60787b 10323428 web optional mozilla-browser_1.7.8-1sarge3_i386.deb 60af02162969c248eea0960220b8c494 3591928 devel optional mozilla-dev_1.7.8-1sarge3_i386.deb 4a576d88be7edd2557b00e0f27b475ca 1816024 mail optional mozilla-mailnews_1.7.8-1sarge3_i386.deb cac6b890d307df1f55f64c5ffa6aa0ec 158350 net optional mozilla-chatzilla_1.7.8-1sarge3_i386.deb 4a5c07772c5ae39ae8567f50ddd87510 192474 web optional mozilla-psm_1.7.8-1sarge3_i386.deb 1aac8406b1c144c534bcb59cbf2915e5 116678 web optional mozilla-dom-inspector_1.7.8-1sarge3_i386.deb b5b7c32fba5f1e20f7e9180888a36c86 204160 devel optional mozilla-js-debugger_1.7.8-1sarge3_i386.deb d0b31286d891952b68f8f96244264933 403498 misc optional mozilla-calendar_1.7.8-1sarge3_i386.deb 371c4a5c674351727d2dafe5981ed459 131660 libs optional libnspr4_1.7.8-1sarge3_i386.deb 3a338ed93f9999e56e8de24750380951 170348 libdevel optional libnspr-dev_1.7.8-1sarge3_i386.deb 9a48b94605f82038226bdfae108437ad 656500 libs optional libnss3_1.7.8-1sarge3_i386.deb 8d536c4dc957e4448d1ca923ff7504e1 187124 libdevel optional libnss-dev_1.7.8-1sarge3_i386.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQFDOVbKv8pLOKgkuT8RApqoAJ9cYUhUWUJf/+F9GXU/nyRSGQoP+wCgo1FI Aua57tXx/LHGKzqwsmVtJLs= =vAN7 -----END PGP SIGNATURE----- Accepted: libnspr-dev_1.7.8-1sarge3_i386.deb to pool/main/m/mozilla/libnspr-dev_1.7.8-1sarge3_i386.deb libnspr4_1.7.8-1sarge3_i386.deb to pool/main/m/mozilla/libnspr4_1.7.8-1sarge3_i386.deb libnss-dev_1.7.8-1sarge3_i386.deb to pool/main/m/mozilla/libnss-dev_1.7.8-1sarge3_i386.deb libnss3_1.7.8-1sarge3_i386.deb to pool/main/m/mozilla/libnss3_1.7.8-1sarge3_i386.deb mozilla-browser_1.7.8-1sarge3_i386.deb to pool/main/m/mozilla/mozilla-browser_1.7.8-1sarge3_i386.deb mozilla-calendar_1.7.8-1sarge3_i386.deb to pool/main/m/mozilla/mozilla-calendar_1.7.8-1sarge3_i386.deb mozilla-chatzilla_1.7.8-1sarge3_i386.deb to pool/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge3_i386.deb mozilla-dev_1.7.8-1sarge3_i386.deb to pool/main/m/mozilla/mozilla-dev_1.7.8-1sarge3_i386.deb mozilla-dom-inspector_1.7.8-1sarge3_i386.deb to pool/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge3_i386.deb mozilla-js-debugger_1.7.8-1sarge3_i386.deb to pool/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge3_i386.deb mozilla-mailnews_1.7.8-1sarge3_i386.deb to pool/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge3_i386.deb mozilla-psm_1.7.8-1sarge3_i386.deb to pool/main/m/mozilla/mozilla-psm_1.7.8-1sarge3_i386.deb mozilla_1.7.8-1sarge3.diff.gz to pool/main/m/mozilla/mozilla_1.7.8-1sarge3.diff.gz mozilla_1.7.8-1sarge3.dsc to pool/main/m/mozilla/mozilla_1.7.8-1sarge3.dsc mozilla_1.7.8-1sarge3_i386.deb to pool/main/m/mozilla/mozilla_1.7.8-1sarge3_i386.deb -- To UNSUBSCRIBE, email to debian-changes-REQUEST@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org