mozilla security updated (proposed) needs testing.
Eric Dorland
eric at debian.org
Sat Jun 17 23:00:05 UTC 2006
* Alexander Sack (asac at debian.org) wrote:
>
> Please, test the mozilla suite I just uploaded (2:1.7.8-1sarge7). Keep your
> eyes open regressions and especially if it breaks any dependents or extensions.
>
> You can grab it from here:
>
> http://people.debian.org/~asac/security/
Thanks again for your excellent work on these issues. I appear to be
missing the 0021-mfsa2006-32-Part-5-7-327712.txt from the patches set
you sent the other day. I'm almost done creating firefox packages
based on these patches as well.
> The changes are:
>
> mozilla (2:1.7.8-1sarge7) stable-security; urgency=critical
> - added mozilla 1.7.14 patches in debian/patches that fix various
> security issues:
> + CVE-2006-2787 : 1_0001-mfsa2006-31-319263-336601-336313.txt
> + CVE-2006-2786 1/2 : 1_0002-mfsa2006-33-Part-1-2-329746.txt
> + CVE-2006-2786 2/2 : 1_0003-mfsa2006-33-Part-2-2-330214.txt
> + CVE-2006-2785 2/2 : 1_0004-mfsa2006-34-Part2-2-329521-suite.txt
> + CVE-2006-2775 : 1_0005-mfsa2006-35-329677.txt
> + CVE-2006-2784 : 1_0006-mfsa2006-36-330037.txt
> + CVE-2006-2776 : 1_0007-mfsa2006-37-330773-with-belt-and-braces.txt
> + CVE-2006-2778 : 1_0008-mfsa2006-38-330897.txt
> + CVE-2006-1942 : 1_0009-mfsa2006-39-CVE-2006-1942-334341-suite.txt
> + CVE-2006-2781 : 1_0010-mfsa2006-40-334384.txt
> + CVE-2006-2782 : 1_0011-mfsa2006-41-334977.txt
> + CVE-2006-2783 : 1_0012-mfsa2006-42-335816.txt
> + CVE-2006-2777 : 1_0013-mfsa2006-43-336830.txt
> + CVE-2006-2779 3/6 : 1_0014-mfsa2006-32-Part-3-7-326501.txt
> + CVE-2006-2779 4/6 : 1_0015-mfsa2006-32-Part-4a-7-326931.txt
> + CVE-2006-2785 2/2 : 1_0015-mfsa2006-34-Part-1-2-xpfe-329468-suite.txt
> + CVE-2006-2779 4/6 : 1_0016-mfsa2006-32-Part-4b-7-329219.txt
> + CVE-2006-2779 4/6 : 1_0017-mfsa2006-32-Part-4c-7-330818-proper-aviary.txt
> + CVE-2006-2779 6/6 : 1_0018-mfsa2006-32-Part-6-7-332971.txt
> + CVE-2006-2780 : 1_0019-js-src-jsstr.c-335535-mfsa2006-32-Part-7-7.txt
> + CVE-2006-2779 5/6 : 1_0021-mfsa2006-32-Part-5-7-327712.txt
> - Note: CVE-2006-2779 (mfsa2006-32) is only partially fixed. Missing are
> tricky parts 1/6 and 2/6 from advisory:
> 1/6: Removing nested <option>s from a select (Jesse Ruderman)
> https://bugzilla.mozilla.org/show_bug.cgi?id=324918
> 2/Crashes during DOMNodeRemoved mutation
> https://bugzilla.mozilla.org/show_bug.cgi?id=325730
> https://bugzilla.mozilla.org/show_bug.cgi?id=329982event6:
>
>
> - Alexander
>
--
Eric Dorland <eric at kuroneko.ca>
ICQ: #61138586, Jabber: hooty at jabber.com
1024D/16D970C6 097C 4861 9934 27A0 8E1C 2B0A 61E9 8ECF 16D9 70C6
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.alioth.debian.org/pipermail/pkg-mozilla-maintainers/attachments/20060617/79d66f8a/attachment.pgp
More information about the pkg-mozilla-maintainers
mailing list