Accepted firefox 1.5.dfsg+1.5.0.10-0ubuntu0.5.10.1 (source)
Ubuntu Installer
archive at ubuntu.com
Tue Feb 27 16:57:39 GMT 2007
Accepted:
OK: firefox_1.5.dfsg+1.5.0.10-0ubuntu0.5.10.1.dsc
-> Component: main Section: web
OK: firefox_1.5.dfsg+1.5.0.10.orig.tar.gz
OK: firefox_1.5.dfsg+1.5.0.10-0ubuntu0.5.10.1.diff.gz
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Wed, 21 Jan 2007 18:00:00 +0100
Source: firefox
Binary: firefox-gnome-support firefox-dom-inspector firefox-dev mozilla-firefox mozilla-firefox-dev firefox
Architecture: source
Version: 1.5.dfsg+1.5.0.10-0ubuntu0.5.10.1
Distribution: breezy-security
Urgency: low
Maintainer: Eric Dorland <eric at debian.org>
Changed-By: Alexander Sack <asac at ubuntu.com>
Description:
firefox - lightweight web browser based on Mozilla
firefox-dev - Development files for Mozilla Firefox
firefox-dom-inspector - tool for inspecting the DOM of pages in Mozilla Firefox
firefox-gnome-support - Support for Gnome in Mozilla Firefox
mozilla-firefox - Transition package for firefox rename
mozilla-firefox-dev - dummy transitional package
Changes:
firefox (1.5.dfsg+1.5.0.10-0ubuntu0.5.10.1) breezy-security; urgency=low
.
* New upstream security update:
* MFSA2007-01 - Crashes with evidence of memory corruption
(rv:1.8.0.10/1.8.1.2):
- CVE-2007-0775 - layout engine crashes
- CVE-2007-0776 - SVG
- CVE-2007-0777 - javascript engine corruption
* MFSA2007-02 - Improvements to help protect against Cross-Site
Scripting attacks:
- CVE-2007-0995 - Invalid trailing characters in HTML tag attributes
- CVE-2007-0996 - Child frame character set inheritance
- CVE-2006-6077 - Injected password forms
* MFSA2007-03 aka CVE-2007-0778: Information disclosure through cache
collisions
* MFSA2007-04 aka CVE-2007-0779: Spoofing using custom cursor and CSS3
hotspot
* MFSA2007-05 aka CVE-2007-0780, CVE-2007-0800: XSS and local file access
by opening blocked popups
* MFSA2007-06 aka CVE-2007-0008, CVE-2007-0009: Mozilla Network Security
Services (NSS) SSLv2 buffer overflow
* MFSA2007-07 aka CVE-2007-0981: Embedded nulls in location.hostname
confuse same-domain checks
* security/nss/lib/freebl/unix_rand.c: drop no-netstat on linux patch, as
this is now dealt with by #ifdef DO_NETSTAT
* toolkit/components/passwordmgr/base/nsPasswordManager.cpp: adapt to
changes in underlying codebase
* security/coreconf/rules.mk: some ppc64 code has been applied upstream;
dropping our patch.
Files:
eac4c86acb16ad4cf85604e5cc9f441c 1063 web optional firefox_1.5.dfsg+1.5.0.10-0ubuntu0.5.10.1.dsc
d55d439c238064ddcedb8fabb6089ff2 44679183 web optional firefox_1.5.dfsg+1.5.0.10.orig.tar.gz
76744cf2123e13143408e37deb2311c0 176831 web optional firefox_1.5.dfsg+1.5.0.10-0ubuntu0.5.10.1.diff.gz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFF4wyrDecnbV4Fd/IRAogFAJwMO7r0oOEz2fP/PmHsqTcEHVP1DgCgo+/k
rtzNIoDrfhvFN8IOLhkPeRg=
=gpdH
-----END PGP SIGNATURE-----
More information about the breezy-changes
mailing list