Accepted mozilla-firefox 1.0.4-2sarge5 (source i386)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Sun, 25 Sep 2005 02:32:14 -0400
Source: mozilla-firefox
Binary: mozilla-firefox mozilla-firefox-gnome-support mozilla-firefox-dom-inspector
Architecture: source i386
Version: 1.0.4-2sarge5
Distribution: stable-security
Urgency: critical
Maintainer: Eric Dorland <eric@debian.org>
Changed-By: Eric Dorland <eric@debian.org>
Description:
mozilla-firefox - lightweight web browser based on Mozilla
mozilla-firefox-dom-inspector - tool for inspecting the DOM of pages in Mozilla Firefox
mozilla-firefox-gnome-support - Support for Gnome in Mozilla Firefox
Closes: 327452
Changes:
mozilla-firefox (1.0.4-2sarge5) stable-security; urgency=critical
.
* Fixes for MFSA-2005-58 taken from CVS, which comprises the following
issues (Thanks to Alexander Sack and Noah Meyerhans):
* layout/html/base/src/nsTextTransformer.cpp,
content/shared/src/nsBidiUtils.cpp: Fix for "Crash on 'zero-width
non-joiner' sequence", aka CAN-2005-2702, bz#296134.
* netwerk/protocol/http/src/nsHttpChannel.cpp,
extensions/xmlextras/base/src/nsXMLHttpRequest.cpp: Fix for
"XMLHttpRequest header spoofing", aka CAN-2005-2703, bz#297078 and
bz#302263.
* content/xbl/src/nsXBLContentSink.cpp: Fix for "Object spoofing using
XBL <implements>", aka CAN-2005-2704, bz#299518.
* modules/libpr0n/decoders/xbm/nsXBMDecoder.h,
modules/libpr0n/decoders/xbm/nsXBMDecoder.cpp: Fix for "Heap overrun
in XBM image processing", aka CAN-2005-2701, bz#300936.
* dom/src/base/nsGlobalWindow.h, dom/src/base/nsGlobalWindow.cpp,
embedding/components/windowwatcher/public/nsIWindowWatcher.idl,
embedding/components/windowwatcher/public/nsPIWindowWatcher.idl: Fix
for "Chrome window spoofing", aka CAN-2005-2707, bz#306804.
* js/src/jsstr.c: Fix "JavaScript integer overflow", aka CAN-2005-2705,
bz#303213.
* netwerk/protocol/about/src/nsAboutRedirector.cpp,
caps/src/nsScriptSecurityManager.cpp: Fix for "Privilege escalation
using about: scheme", aka CAN-2005-2706, bz#304754 and bz#306261.
.
* netwerk/base/src/nsStandardURL.h, netwerk/base/src/nsStandardURL.cpp:
Fix for MFSA-2005-57 "IDN heap overrun", aka CAN-2005-2871. This is a
better fix than was provided in 1.0.4-2sarge4. (Closes: #327452)
.
* browser/app/mozilla.in, webshell/tests/viewer/mozilla-viewer.sh,
xpfe/bootstrap/mozilla.in: Fix for MFSA-2005-59 " Command-line
handling on Linux allows shell execution", aka CAN-2005-2968,
bz#307185. The Debian packages do not use these scripts so is not
affected by this advisory, but the files are in the source package, so
better safe than sorry.
Files:
bf9cf2b7106335cccc2afb10f6386c57 1001 web optional mozilla-firefox_1.0.4-2sarge5.dsc
d3f81e09a762be3c51aa20655ada5d32 332598 web optional mozilla-firefox_1.0.4-2sarge5.diff.gz
795a6aa3ca33a5e328e863612ceb0ac3 8891730 web optional mozilla-firefox_1.0.4-2sarge5_i386.deb
5e5d92e6c30a1d677edcc2fd9beb1861 157566 web optional mozilla-firefox-dom-inspector_1.0.4-2sarge5_i386.deb
885991c2f4580f06f12ba1cc6ff456ac 54820 web optional mozilla-firefox-gnome-support_1.0.4-2sarge5_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
iD8DBQFDNllfYemOzxbZcMYRAo2AAKC0IxS9kX+Luz6i/n9DSZ7syBo7swCgiKiE
z5Tu07Zf2DWrG481ChTuTpA=
=RwAR
-----END PGP SIGNATURE-----
Accepted:
mozilla-firefox-dom-inspector_1.0.4-2sarge5_i386.deb
to pool/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge5_i386.deb
mozilla-firefox-gnome-support_1.0.4-2sarge5_i386.deb
to pool/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge5_i386.deb
mozilla-firefox_1.0.4-2sarge5.diff.gz
to pool/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge5.diff.gz
mozilla-firefox_1.0.4-2sarge5.dsc
to pool/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge5.dsc
mozilla-firefox_1.0.4-2sarge5_i386.deb
to pool/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge5_i386.deb