mozilla security updated (proposed) needs testing.

Eric Dorland eric at debian.org
Sat Jun 17 23:00:05 UTC 2006


* Alexander Sack (asac at debian.org) wrote:
> 
> Please, test the mozilla suite I just uploaded (2:1.7.8-1sarge7). Keep your
> eyes open regressions and especially if it breaks any dependents or extensions.
> 
> You can grab it from here:
> 
>   http://people.debian.org/~asac/security/

Thanks again for your excellent work on these issues. I appear to be
missing the 0021-mfsa2006-32-Part-5-7-327712.txt from the patches set
you sent the other day. I'm almost done creating firefox packages
based on these patches as well. 
 
> The changes are:
> 
>  mozilla (2:1.7.8-1sarge7) stable-security; urgency=critical
>    - added mozilla 1.7.14 patches in debian/patches that fix various
>      security issues:
>      + CVE-2006-2787     : 1_0001-mfsa2006-31-319263-336601-336313.txt
>      + CVE-2006-2786 1/2 : 1_0002-mfsa2006-33-Part-1-2-329746.txt
>      + CVE-2006-2786 2/2 : 1_0003-mfsa2006-33-Part-2-2-330214.txt
>      + CVE-2006-2785 2/2 : 1_0004-mfsa2006-34-Part2-2-329521-suite.txt
>      + CVE-2006-2775     : 1_0005-mfsa2006-35-329677.txt
>      + CVE-2006-2784     : 1_0006-mfsa2006-36-330037.txt
>      + CVE-2006-2776     : 1_0007-mfsa2006-37-330773-with-belt-and-braces.txt
>      + CVE-2006-2778     : 1_0008-mfsa2006-38-330897.txt
>      + CVE-2006-1942     : 1_0009-mfsa2006-39-CVE-2006-1942-334341-suite.txt
>      + CVE-2006-2781     : 1_0010-mfsa2006-40-334384.txt
>      + CVE-2006-2782     : 1_0011-mfsa2006-41-334977.txt
>      + CVE-2006-2783     : 1_0012-mfsa2006-42-335816.txt
>      + CVE-2006-2777     : 1_0013-mfsa2006-43-336830.txt
>      + CVE-2006-2779 3/6 : 1_0014-mfsa2006-32-Part-3-7-326501.txt
>      + CVE-2006-2779 4/6 : 1_0015-mfsa2006-32-Part-4a-7-326931.txt
>      + CVE-2006-2785 2/2 : 1_0015-mfsa2006-34-Part-1-2-xpfe-329468-suite.txt
>      + CVE-2006-2779 4/6 : 1_0016-mfsa2006-32-Part-4b-7-329219.txt
>      + CVE-2006-2779 4/6 : 1_0017-mfsa2006-32-Part-4c-7-330818-proper-aviary.txt
>      + CVE-2006-2779 6/6 : 1_0018-mfsa2006-32-Part-6-7-332971.txt
>      + CVE-2006-2780     : 1_0019-js-src-jsstr.c-335535-mfsa2006-32-Part-7-7.txt
>      + CVE-2006-2779 5/6 : 1_0021-mfsa2006-32-Part-5-7-327712.txt
>    - Note: CVE-2006-2779 (mfsa2006-32) is only partially fixed. Missing are
>      tricky parts 1/6 and 2/6 from advisory:
>       1/6: Removing nested <option>s from a select (Jesse Ruderman)
>         https://bugzilla.mozilla.org/show_bug.cgi?id=324918
>       2/Crashes during DOMNodeRemoved mutation 
>         https://bugzilla.mozilla.org/show_bug.cgi?id=325730
>         https://bugzilla.mozilla.org/show_bug.cgi?id=329982event6: 
> 
> 
>  - Alexander
> 

-- 
Eric Dorland <eric at kuroneko.ca>
ICQ: #61138586, Jabber: hooty at jabber.com
1024D/16D970C6 097C 4861 9934 27A0 8E1C  2B0A 61E9 8ECF 16D9 70C6

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.alioth.debian.org/pipermail/pkg-mozilla-maintainers/attachments/20060617/79d66f8a/attachment.pgp


More information about the pkg-mozilla-maintainers mailing list