Skip Navigation

  • Home
  • Contact us
  • FAQ
  • Glossary
  • Public key
  • Sitemap
  • Cymraeg
  • What's new
CPNI - Centre for the Protection of National Infastructure

Advanced search

  • About CPNI
  • The threats
  • Security planning
  • Methods of attack
  • Protecting your assets
  • Products and services
    • CSIRTUK advisories
      • Advisories archive
    • General protective security publications
    • InfoSec briefings
    • InfoSec technical notes
    • InfoSec vulnerability disclosures
    • Good practice guidelines
    • Viewpoints
    • Information exchanges
    • Risk Management Delivery Group
  • Research
Home > Products and services > CSIRTUK advisories > Advisories archive > October 2005 > Debian Security Advisories - mozilla; module-assistant; mozilla-thunderbird; eric

October 2005

Debian Security Advisories - mozilla; module-assistant; mozilla-thunderbird; eric

ID: 00927
Ref: 867/2005
Date: 21 October 2005:09:29:39
Version: 1
Title: Debian Security Advisories - mozilla; module-assistant; mozilla-thunderbird; eric
Abstract: Description of various Debian product vulnerabilities
Vendors affected: Debian
Operating systems affected: Debian
Applications affected: Debian
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - --------------------------------------------------------------------------
Debian Security Advisory DSA 866-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
October 20th, 2005 http://www.debian.org/security/faq
- - --------------------------------------------------------------------------

Package : mozilla
Vulnerability : several
Problem type : remote
Debian-specific: no
CVE IDs : CAN-2005-2871 CAN-2005-2701 CAN-2005-2702 CAN-2005-2703
CAN-2005-2704 CAN-2005-2705 CAN-2005-2706 CAN-2005-2707
CAN-2005-2968
Debian Bug : 327366 329778

Several security-related problems have been discovered in Mozilla and
derived programs. The Common Vulnerabilities and Exposures project
identifies the following problems:

CAN-2005-2871

Tom Ferris discovered a bug in the IDN hostname handling of
Mozilla that allows remote attackers to cause a denial of service
and possibly execute arbitrary code via a hostname with dashes.

CAN-2005-2701

A buffer overflow allows remote attackers to execute arbitrary
code via an XBM image file that ends in a large number of spaces
instead of the expected end tag.

CAN-2005-2702

Mats Palmgren discovered a buffer overflow in the Unicode string
parser that allowas a specially crafted unicode sequences to
overflow a buffer and cause arbitrary code to be executed.

CAN-2005-2703

Remote attackers could spoof HTTP headers of XML HTTP requests
via XMLHttpRequest and possibly use the client to exploit
vulnerabilities in servers or proxies.

CAN-2005-2704

Remote attackers could spoof DOM objects via an XBL control that
implements an internal XPCOM interface.

CAN-2005-2705

Georgi Guninski discovered an integer overflow in the JavaScript
engine that might allow remote attackers to execute arbitrary
code.

CAN-2005-2706

Remote attackers could execute Javascript code with chrome
privileges via an about: page such as about:mozilla.

CAN-2005-2707

Remote attackers could spawn windows without user interface
components such as the address and status bar that could be used
to conduct spoofing or phishing attacks.

CAN-2005-2968

Peter Zelezny discovered that shell metacharacters are not
properly escaped when they are passed to a shell script and allow
the execution of arbitrary commands, e.g. when a malicious URL is
automatically copied from another program into Mozilla as default
browser.

For the stable distribution (sarge) these problems have been fixed in
version 1.7.8-1sarge3.

For the unstable distribution (sid) these problems have been fixed in
version 1.7.12-1.

We recommend that you upgrade your mozilla package.


Upgrade Instructions
- - --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.1 alias sarge
- - --------------------------------

Source archives:

http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge3.dsc
Size/MD5 checksum: 1123 8bcf5da1d244d5793c6848126887cb6e
http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge3.diff.gz
Size/MD5 checksum: 410904 c6a4dc4aa262b71eb3e2f927ccba5be0
http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8.orig.tar.gz
Size/MD5 checksum: 30589520 13c0f0331617748426679e8f2e9f537a

Alpha architecture:

http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge3_alpha.deb
Size/MD5 checksum: 168068 0f0d0d688c3ab7cc560f8fd9d6c25d42
http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge3_alpha.deb
Size/MD5 checksum: 141750 2ae997e1246b9b1622206b501bea6600
http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge3_alpha.deb
Size/MD5 checksum: 184954 4abf2c0225afacf0aa1e1ba3dd800f4b
http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge3_alpha.deb
Size/MD5 checksum: 851320 2322e9672808b8dbd61ce546c34ae48d
http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge3_alpha.deb
Size/MD5 checksum: 1034 ccbb5b52c82a76d6068fb1e566cfc0e8
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge3_alpha.deb
Size/MD5 checksum: 11473888 416d49672810722e9d6a4744ba720801
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge3_alpha.deb
Size/MD5 checksum: 403252 54b0512cf811dca554b670fdd86d49bc
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge3_alpha.deb
Size/MD5 checksum: 158332 27c845b849ff9572f4dc422f49a245bb
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge3_alpha.deb
Size/MD5 checksum: 3356504 309d86cb85b51f705a90305234bdd349
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge3_alpha.deb
Size/MD5 checksum: 122294 9da4fba65b40fb381f7c286845db016c
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge3_alpha.deb
Size/MD5 checksum: 204138 daba15cfb57b4e90f82f6d5d9229dadd
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge3_alpha.deb
Size/MD5 checksum: 1937032 e3e3b5b01ccc599e80802ea5542be2a8
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge3_alpha.deb
Size/MD5 checksum: 212304 34a959e6684c4d2420ec8b171431337f

AMD64 architecture:

http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge3_amd64.deb
Size/MD5 checksum: 168070 468e694be0ebaa5ce4e16ea0c4406189
http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge3_amd64.deb
Size/MD5 checksum: 140860 ee10c3ff4a930822c9429adc52bc45ec
http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge3_amd64.deb
Size/MD5 checksum: 184958 fd569d871b83791830e2a34bb6d7057d
http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge3_amd64.deb
Size/MD5 checksum: 709690 daa6df6f1136911cebd67b65e5ae0d8c
http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge3_amd64.deb
Size/MD5 checksum: 1034 7506e80353b173f5937fa81b5226c46f
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge3_amd64.deb
Size/MD5 checksum: 10945966 04cc79158e4dbd34d4914c74b77bf171
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge3_amd64.deb
Size/MD5 checksum: 403278 ac4204e9a030cedbcc2d70f9cf29ec74
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge3_amd64.deb
Size/MD5 checksum: 158332 a948ab9d30f0f70ed531df741bbef633
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge3_amd64.deb
Size/MD5 checksum: 3350620 ed6b86963e5633e930efa04cbf49c23a
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge3_amd64.deb
Size/MD5 checksum: 121188 461d803a26259e607a8ae88227bb8f9b
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge3_amd64.deb
Size/MD5 checksum: 204146 57847a442a198b0292cb7342aa601f6a
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge3_amd64.deb
Size/MD5 checksum: 1935958 ecf18b188b80e21b5d453a5f10c98eec
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge3_amd64.deb
Size/MD5 checksum: 204120 adedcdc7ce580e37aa1691e1f0017465

ARM architecture:

http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge3_arm.deb
Size/MD5 checksum: 168072 1680de3cf45d25f199169df90198d91b
http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge3_arm.deb
Size/MD5 checksum: 119254 ed0841a82dcbff6f50eaf86884123139
http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge3_arm.deb
Size/MD5 checksum: 184958 760e7eca4f231c8b710679223a1509f4
http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge3_arm.deb
Size/MD5 checksum: 626902 b827e60ee8ef0451819d2b35d94e0cde
http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge3_arm.deb
Size/MD5 checksum: 1034 4067826ca023d09accef5e01cdcf8927
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge3_arm.deb
Size/MD5 checksum: 9199650 6c0531d03c913bdd833244c09c69a755
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge3_arm.deb
Size/MD5 checksum: 403318 8528b835eb767963139990e95ac22479
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge3_arm.deb
Size/MD5 checksum: 158370 63bf5489d67b03f59914660f5e3fbc19
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge3_arm.deb
Size/MD5 checksum: 3340150 7677f622511082306114f5975a1fdfd5
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge3_arm.deb
Size/MD5 checksum: 112664 6a63c4b71535b14a2951b496bb1737ee
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge3_arm.deb
Size/MD5 checksum: 204180 a721d46a7ae817223a25a917d7b75b59
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge3_arm.deb
Size/MD5 checksum: 1604374 b8c9560bc78a2b11dfa47b909a134915
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge3_arm.deb
Size/MD5 checksum: 168724 68e4814d6b8a48ae504c0348e8ba5339

Intel IA-32 architecture:

http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge3_i386.deb
Size/MD5 checksum: 170348 3a338ed93f9999e56e8de24750380951
http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge3_i386.deb
Size/MD5 checksum: 131660 371c4a5c674351727d2dafe5981ed459
http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge3_i386.deb
Size/MD5 checksum: 187124 8d536c4dc957e4448d1ca923ff7504e1
http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge3_i386.deb
Size/MD5 checksum: 656500 9a48b94605f82038226bdfae108437ad
http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge3_i386.deb
Size/MD5 checksum: 1032 e00305ced1db4728dc26cbde13f0c875
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge3_i386.deb
Size/MD5 checksum: 10323428 d781aa4f05704110d987cd24ff60787b
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge3_i386.deb
Size/MD5 checksum: 403498 d0b31286d891952b68f8f96244264933
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge3_i386.deb
Size/MD5 checksum: 158350 cac6b890d307df1f55f64c5ffa6aa0ec
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge3_i386.deb
Size/MD5 checksum: 3591928 60af02162969c248eea0960220b8c494
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge3_i386.deb
Size/MD5 checksum: 116678 1aac8406b1c144c534bcb59cbf2915e5
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge3_i386.deb
Size/MD5 checksum: 204160 b5b7c32fba5f1e20f7e9180888a36c86
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge3_i386.deb
Size/MD5 checksum: 1816024 4a576d88be7edd2557b00e0f27b475ca
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge3_i386.deb
Size/MD5 checksum: 192474 4a5c07772c5ae39ae8567f50ddd87510

Intel IA-64 architecture:

http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge3_ia64.deb
Size/MD5 checksum: 168074 34194b2472f75c435e4888d035751c7e
http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge3_ia64.deb
Size/MD5 checksum: 169256 69f323c191a107e6d13131457bcb4201
http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge3_ia64.deb
Size/MD5 checksum: 184942 1c81683df7075e3ff638943fd66da558
http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge3_ia64.deb
Size/MD5 checksum: 961618 d70bed86c7064819420484ef09f747fa
http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge3_ia64.deb
Size/MD5 checksum: 1034 8942e83eb30f9c784fda07e000ffd2cb
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge3_ia64.deb
Size/MD5 checksum: 12935870 d31336ee6f759a56f0c5a031be5db2a0
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge3_ia64.deb
Size/MD5 checksum: 403266 af925e5281bb125f9b9dcb8118ede048
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge3_ia64.deb
Size/MD5 checksum: 158328 0c6de22bd54959f4ef12a7ee148d0a1c
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge3_ia64.deb
Size/MD5 checksum: 3376324 f1d100626a6b892fbe560613db00d4e1
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge3_ia64.deb
Size/MD5 checksum: 125600 99bf7b1eac7fd3b9325292c6bb01983c
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge3_ia64.deb
Size/MD5 checksum: 204150 7b429e1c119fb0c6f99b73202dd47340
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge3_ia64.deb
Size/MD5 checksum: 2302138 90d4d4480fddd4b33843d5ede6c6432b
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge3_ia64.deb
Size/MD5 checksum: 242290 19ef32ec7a3d8112bd262a972abc3244

HP Precision architecture:

http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge3_hppa.deb
Size/MD5 checksum: 168074 857d31e6f4765f484dcf2188dcc98179
http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge3_hppa.deb
Size/MD5 checksum: 151784 93fad6b80c013029fcb2a05d1a894f62
http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge3_hppa.deb
Size/MD5 checksum: 184934 a68dbc505fc8c4816adb46a5a3c82c67
http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge3_hppa.deb
Size/MD5 checksum: 749684 997993f03e0ff8d8feae6ea7a0ee4dff
http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge3_hppa.deb
Size/MD5 checksum: 1036 ad7167f505365eed5c800f3a6d824a16
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge3_hppa.deb
Size/MD5 checksum: 12151356 c3088480f9d891e0668475c630871fa1
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge3_hppa.deb
Size/MD5 checksum: 403266 4b3a2d2248051b60f2c8193fff5e0027
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge3_hppa.deb
Size/MD5 checksum: 158348 52d42654912ce2b829e74f4cae61e5f3
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge3_hppa.deb
Size/MD5 checksum: 3357118 030f4677e561c75940a23fc17c53186b
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge3_hppa.deb
Size/MD5 checksum: 123528 575de4da90909f637a8209a8b5206a75
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge3_hppa.deb
Size/MD5 checksum: 204160 52cb13a773c8cf6720444832773b2a6d
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge3_hppa.deb
Size/MD5 checksum: 2135076 95b9731fc144da69aa8a565129285867
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge3_hppa.deb
Size/MD5 checksum: 216088 0b580da8010bc446450437c4bef6a852

Motorola 680x0 architecture:

http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge3_m68k.deb
Size/MD5 checksum: 168086 5baab34b027715db138a553fa6186ca2
http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge3_m68k.deb
Size/MD5 checksum: 120922 30aefe61290eea8ecd5d3bb394393cc3
http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge3_m68k.deb
Size/MD5 checksum: 184978 d28e4c157e0f7f8d7e6365871325472d
http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge3_m68k.deb
Size/MD5 checksum: 594988 d0fbe7576e14d79a8a26a6aca6febe54
http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge3_m68k.deb
Size/MD5 checksum: 1040 df7a707868c3782e3e185f51398652ec
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge3_m68k.deb
Size/MD5 checksum: 9694422 d35904c88782014105ad627782a4d647
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge3_m68k.deb
Size/MD5 checksum: 403392 e9baf3831aabc80453fc932a21705f55
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge3_m68k.deb
Size/MD5 checksum: 158404 64d9cacaee7eddbbebcba896d91a3fb8
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge3_m68k.deb
Size/MD5 checksum: 3336022 410c6771807a58f84fbc68f4efe5d8c0
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge3_m68k.deb
Size/MD5 checksum: 114488 ce1439ec5417be6c5331a4d36b2d0ad3
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge3_m68k.deb
Size/MD5 checksum: 204204 b0586fecf23027fbb2da77ab2a087374
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge3_m68k.deb
Size/MD5 checksum: 1683046 202452b798d007b686cfc73b4828e6e4
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge3_m68k.deb
Size/MD5 checksum: 174656 0576d4e28cff50f35b3b792820a891ee

Big endian MIPS architecture:

http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge3_mips.deb
Size/MD5 checksum: 168074 6e600772f1ae9937fad3a85e2d2a819b
http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge3_mips.deb
Size/MD5 checksum: 135780 da21f8ecfc98011cab3878329edf0e90
http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge3_mips.deb
Size/MD5 checksum: 184964 eb695db44835f788ffd161d9a09bc07e
http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge3_mips.deb
Size/MD5 checksum: 720760 df7ed9e05f5feb97ad5b5aed6a8c1cb9
http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge3_mips.deb
Size/MD5 checksum: 1030 9e7a23c2f26c00651603614bfffcadf7
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge3_mips.deb
Size/MD5 checksum: 10717192 7532d54da0609102c98779fcb91342ab
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge3_mips.deb
Size/MD5 checksum: 403276 b7e6d63030f2507aa6a0edf202a5fcf5
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge3_mips.deb
Size/MD5 checksum: 158342 c0e3c0a92974c016ebe747abe219025a
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge3_mips.deb
Size/MD5 checksum: 3356424 475fa0b07bf51ff03deae78dbe03e49a
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge3_mips.deb
Size/MD5 checksum: 117650 0c5e2d08ec8f6994fd25249412905810
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge3_mips.deb
Size/MD5 checksum: 204154 6dc1f043fd9711ef85e746fa68343466
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge3_mips.deb
Size/MD5 checksum: 1795494 2902bb4f3409ca9bf1bf5db9f156f4f5
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge3_mips.deb
Size/MD5 checksum: 189686 03ba2c9ff569a7fd9c5662593a79a203

Little endian MIPS architecture:

http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge3_mipsel.deb
Size/MD5 checksum: 168078 dc38711d28268f3612fb63aab9e81e48
http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge3_mipsel.deb
Size/MD5 checksum: 135722 82e9e23f175607d8df77972ebf1ff567
http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge3_mipsel.deb
Size/MD5 checksum: 184960 56362daf4f5ece4a42f70d4d679b8920
http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge3_mipsel.deb
Size/MD5 checksum: 710146 6ff64a6b95ae5a9769f1137b515bb718
http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge3_mipsel.deb
Size/MD5 checksum: 1036 0c163e3c37edcce0f892385bba98ae68
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge3_mipsel.deb
Size/MD5 checksum: 10595798 8c436a58b72d41a17be8b5bd1ba937d0
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge3_mipsel.deb
Size/MD5 checksum: 403298 74b98bdc891109b89396b728c3a350d6
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge3_mipsel.deb
Size/MD5 checksum: 158360 0abb0b8f6b9a66598faedc36a4c6aeef
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge3_mipsel.deb
Size/MD5 checksum: 3357168 6c6ade8883db324618c8eb087204b848
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge3_mipsel.deb
Size/MD5 checksum: 117230 2a3525c7ae141f632ea91d7f9c53d867
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge3_mipsel.deb
Size/MD5 checksum: 204168 8f9b446f41a6ed4377aeabadbb5f727a
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge3_mipsel.deb
Size/MD5 checksum: 1777632 a89dff300509a955328983a11fa9715f
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge3_mipsel.deb
Size/MD5 checksum: 187280 4e690552ec6beb0984781e3d02d6ae0b

PowerPC architecture:

http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge3_powerpc.deb
Size/MD5 checksum: 168070 2910309767f54c3d9179e41d6609071c
http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge3_powerpc.deb
Size/MD5 checksum: 126254 b48a81baa031c2f66a41138694092bde
http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge3_powerpc.deb
Size/MD5 checksum: 184970 885947f4a6c993fe56b9d7ca7a4d0a49
http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge3_powerpc.deb
Size/MD5 checksum: 713902 a3f5f45ebfcb4572eee055f34ddc6d3c
http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge3_powerpc.deb
Size/MD5 checksum: 1032 a79846dc6dee5341341dfc0efb839da5
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge3_powerpc.deb
Size/MD5 checksum: 9692218 c4c97459a3358dd97f2bb13adb6617b1
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge3_powerpc.deb
Size/MD5 checksum: 403262 327617a0606e4403989f357bc5816f00
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge3_powerpc.deb
Size/MD5 checksum: 158338 7223c837a306972a49005963272827d0
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge3_powerpc.deb
Size/MD5 checksum: 3338984 438eeba7c05594e72b934aa3ff0d6b00
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge3_powerpc.deb
Size/MD5 checksum: 114572 3dc6efa3ec953457adef9e86e2218252
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge3_powerpc.deb
Size/MD5 checksum: 204148 cdb236b98cdd04ea38c4cfeae882dddd
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge3_powerpc.deb
Size/MD5 checksum: 1642994 83c2648f40675e1166c38642e5c018fc
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge3_powerpc.deb
Size/MD5 checksum: 175488 f91f3374e33d102f2e80f47845bbd37a

IBM S/390 architecture:

http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge3_s390.deb
Size/MD5 checksum: 168076 9b7c95dae196bca9760da3044314101c
http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge3_s390.deb
Size/MD5 checksum: 151560 2d8299d552d5aefb1909635cd6855178
http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge3_s390.deb
Size/MD5 checksum: 184944 026e95bb0540d3adefc663ef05c30d26
http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge3_s390.deb
Size/MD5 checksum: 793916 4af6b6eff683ecea1c0774e87a9824a4
http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge3_s390.deb
Size/MD5 checksum: 1036 5deff17e56c5bbb63c62abde258dec81
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge3_s390.deb
Size/MD5 checksum: 11316324 577ebed78cd6b3967932766a559b8138
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge3_s390.deb
Size/MD5 checksum: 403278 497e377c89b6efcff42109fe8056bf2f
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge3_s390.deb
Size/MD5 checksum: 158342 3add2de4c148f0a9b10c8d2a1332a152
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge3_s390.deb
Size/MD5 checksum: 3351434 4e3097be4aea2a697126b9a65c459b31
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge3_s390.deb
Size/MD5 checksum: 121362 cd9ba2c09ca95d7a642d0d786211998e
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge3_s390.deb
Size/MD5 checksum: 204160 1171d20b501f7753313fdaf23a41c024
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge3_s390.deb
Size/MD5 checksum: 1944682 2049277c30f63f1d615cc627eb2cec4f
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge3_s390.deb
Size/MD5 checksum: 213338 5a916db53bef94506e6b0d6f1df9376f

Sun Sparc architecture:

http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge3_sparc.deb
Size/MD5 checksum: 168074 53076a1fba2d330bd5571cb4fea4fa95
http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge3_sparc.deb
Size/MD5 checksum: 123456 818e82c6902a8eb7ff83e5e9ee49d638
http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge3_sparc.deb
Size/MD5 checksum: 184950 9ed1a72a7ad2f7822c45b640fc12db2d
http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge3_sparc.deb
Size/MD5 checksum: 667752 f51a3e38c77d915b56fc4dc858542df0
http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge3_sparc.deb
Size/MD5 checksum: 1038 2c6c69ca282a5b3795400a4a6be97dab
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge3_sparc.deb
Size/MD5 checksum: 9363540 21cd6ebf954090ec18d4440ca3b42ea3
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge3_sparc.deb
Size/MD5 checksum: 403306 b2c9c63ba99a77f2c201a131982913d7
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge3_sparc.deb
Size/MD5 checksum: 158338 5e7b31b5566dfcb672fc77304e397bc2
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge3_sparc.deb
Size/MD5 checksum: 3339922 e85b9b0a8bb22ba133603e5079176c24
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge3_sparc.deb
Size/MD5 checksum: 112514 5e9c038d6af9878049b337fc7752acca
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge3_sparc.deb
Size/MD5 checksum: 204154 2c38ffa9843ed399eeb91c497c512db9
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge3_sparc.deb
Size/MD5 checksum: 1583742 ea09d4a4dbf10fb80f35e6ff6da8c690
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge3_sparc.deb
Size/MD5 checksum: 167912 7c07aaca4dcc3a97589237a0b7ffa650


These files will probably be moved into the stable distribution on
its next update.

- - ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show ' and http://packages.debian.org/

- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)

iD8DBQFDVy6yW5ql+IAeqTIRAhJ2AKCzDWZWymjU0a+MQ/YP2Ot0Z/KLLQCeMLhf
jDP9xzoCAxmIUQsVvfX8CNE=
=ioS5
- -----END PGP SIGNATURE-----

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - --------------------------------------------------------------------------
Debian Security Advisory DSA 867-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
October 20th, 2005 http://www.debian.org/security/faq
- - --------------------------------------------------------------------------

Package : module-assistant
Vulnerability : insecure temporary file
Problem type : local
Debian-specific: yes
CVE ID : CAN-2005-3121

Eduard Bloch discovered that a rule file in module-assistant, a tool
to ease the creation of module packages, creates a temporary file in
an insecure fashion. It is usually executed from other packages as
well.

The old stable distribution (woody) does not contain a module-assistant
package.

For the stable distribution (sarge) this problem has been fixed in
version 0.9sarge1.

For the unstable distribution (sid) this problem has been fixed in
version 0.9.10.

We recommend that you upgrade your module-assistant package.


Upgrade Instructions
- - --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.1 alias sarge
- - --------------------------------

Source archives:

http://security.debian.org/pool/updates/main/m/module-assistant/module-assistant_0.9sarge1.dsc
Size/MD5 checksum: 547 8b180e18564389093ca82a9269996187
http://security.debian.org/pool/updates/main/m/module-assistant/module-assistant_0.9sarge1.tar.gz
Size/MD5 checksum: 72635 3ca34cff020ac117570a1fdb05626512

Architecture independent components:

http://security.debian.org/pool/updates/main/m/module-assistant/module-assistant_0.9sarge1_all.deb
Size/MD5 checksum: 71812 a793ec02a1d6a0514c7239085403a1b7


These files will probably be moved into the stable distribution on
its next update.

- - ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show ' and http://packages.debian.org/

- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)

iD8DBQFDV3gPW5ql+IAeqTIRAjz0AJ9rkzS1pMhyJhu3TzFf+lqw9uEc1ACfVZpn
L4AJMrLQO1YGan/KFjLj99o=
=oxEg
- -----END PGP SIGNATURE-----

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - --------------------------------------------------------------------------
Debian Security Advisory DSA 868-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
October 20th, 2005 http://www.debian.org/security/faq
- - --------------------------------------------------------------------------

Package : mozilla-thunderbird
Vulnerability : several
Problem type : remote
Debian-specific: no
CVE IDs : CAN-2005-2871 CAN-2005-2701 CAN-2005-2702 CAN-2005-2703
CAN-2005-2704 CAN-2005-2705 CAN-2005-2706 CAN-2005-2707
CAN-2005-2968
CERT advisory : VU#573857
BugTraq ID : 14784
Debian Bug : 327366 329778

Several security-related problems have been discovered in Mozilla and
derived programs. Some of the following problems don't exactly apply
to Mozilla Thunderbird, even though the code is present. In order to
keep the codebase in sync with upstream it has been altered
nevertheless. The Common Vulnerabilities and Exposures project
identifies the following problems:

CAN-2005-2871

Tom Ferris discovered a bug in the IDN hostname handling of
Mozilla that allows remote attackers to cause a denial of service
and possibly execute arbitrary code via a hostname with dashes.

CAN-2005-2701

A buffer overflow allows remote attackers to execute arbitrary
code via an XBM image file that ends in a large number of spaces
instead of the expected end tag.

CAN-2005-2702

Mats Palmgren discovered a buffer overflow in the Unicode string
parser that allowas a specially crafted unicode sequences to
overflow a buffer and cause arbitrary code to be executed.

CAN-2005-2703

Remote attackers could spoof HTTP headers of XML HTTP requests
via XMLHttpRequest and possibly use the client to exploit
vulnerabilities in servers or proxies.

CAN-2005-2704

Remote attackers could spoof DOM objects via an XBL control that
implements an internal XPCOM interface.

CAN-2005-2705

Georgi Guninski discovered an integer overflow in the JavaScript
engine that might allow remote attackers to execute arbitrary
code.

CAN-2005-2706

Remote attackers could execute Javascript code with chrome
privileges via an about: page such as about:mozilla.

CAN-2005-2707

Remote attackers could spawn windows without user interface
components such as the address and status bar that could be used
to conduct spoofing or phishing attacks.

CAN-2005-2968

Peter Zelezny discovered that shell metacharacters are not
properly escaped when they are passed to a shell script and allow
the execution of arbitrary commands, e.g. when a malicious URL is
automatically copied from another program into Mozilla as default
browser.

For the stable distribution (sarge) these problems have been fixed in
version 1.0.2-2.sarge1.0.7.

For the unstable distribution (sid) these problems have been fixed in
version 1.0.7-1.

We recommend that you upgrade your mozilla-thunderbird package.


Upgrade Instructions
- - --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.1 alias sarge
- - --------------------------------

Source archives:

http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.7.dsc
Size/MD5 checksum: 997 303ed28d7dac19a27a47c23819f80bd7
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.7.diff.gz
Size/MD5 checksum: 210991 79fbaf89373ea1d4698942f289b556d2
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2.orig.tar.gz
Size/MD5 checksum: 33288906 806175393a226670aa66060452d31df4

Alpha architecture:

http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.7_alpha.deb
Size/MD5 checksum: 12829612 e50199388042e84de94d2b015484fedc
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.7_alpha.deb
Size/MD5 checksum: 3269804 1b50a6a5ca2df178025f4bfb9e72ef7d
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.7_alpha.deb
Size/MD5 checksum: 145778 4bffbad43fba608ae24f64b36d936c99
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.7_alpha.deb
Size/MD5 checksum: 27290 f979f0128931281a2eb004910b8ba5c8

http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.7_alpha.deb
Size/MD5 checksum: 83080 d39767ad00fc79d6dd014d20aa2b94e9

AMD64 architecture:

http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.7_amd64.deb
Size/MD5 checksum: 12240810 5ac70842faf52d027c0376bc5d4f60e5
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.7_amd64.deb
Size/MD5 checksum: 3270622 60d3f2eecebb4806bfaef54db73d26c6
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.7_amd64.deb
Size/MD5 checksum: 144798 152536a2fa4d71b41a73f614824809c5
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.7_amd64.deb
Size/MD5 checksum: 27280 21aaf659e40e08d2434fca10e8a97a5b

http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.7_amd64.deb
Size/MD5 checksum: 82972 dc0c6b48cbbdc2c0f39e30ab930ac612

ARM architecture:

http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.7_arm.deb
Size/MD5 checksum: 10328712 2e587b8809aeda36023974b42693e4f2
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.7_arm.deb
Size/MD5 checksum: 3265014 ce2fcff9b73b5c2ba69ad3a8c47fdd83
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.7_arm.deb
Size/MD5 checksum: 136886 b13673a24d714b375b54c17ce7a8a308
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.7_arm.deb
Size/MD5 checksum: 27308 a2a3d30505885a521b703b99b40ebd66
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.7_arm.deb
Size/MD5 checksum: 74954 039d4f13961625a42dbeaac125e0a125

Intel IA-32 architecture:

http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.7_i386.deb
Size/MD5 checksum: 11550326 fc8572c0a89b914fc288fd638e224213
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.7_i386.deb
Size/MD5 checksum: 3497080 02fbded3b5e503def6c29f32c34b24d1
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.7_i386.deb
Size/MD5 checksum: 140456 a90c517acdcaf177b4585cf8f9e35344
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.7_i386.deb
Size/MD5 checksum: 27286 ec039bd40938c0d6bb87874cc8703c25
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.7_i386.deb
Size/MD5 checksum: 81696 ecf0d09362306bcd6c8a65c2e779f792

Intel IA-64 architecture:

http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.7_ia64.deb
Size/MD5 checksum: 14602590 f69ca59b99191b96a3a8dbd69f2652b1
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.7_ia64.deb
Size/MD5 checksum: 3284198 ea4287ce4ba1b6f36ab96d419528d8e3
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.7_ia64.deb
Size/MD5 checksum: 149120 8c288112472ef49da43cdfd24b9524ac
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.7_ia64.deb
Size/MD5 checksum: 27286 789de6fbe31cf969076e3ef19bcc9319
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.7_ia64.deb
Size/MD5 checksum: 100774 b27c9fb9fef1cb19959953d8cb13e74a

HP Precision architecture:

http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.7_hppa.deb
Size/MD5 checksum: 13550208 82ea35b6046092051ee9e7212f160403
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.7_hppa.deb
Size/MD5 checksum: 3275452 06778a5a45f737f5f0fffa8f7e2648f1
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.7_hppa.deb
Size/MD5 checksum: 147020 9ebbdd2d3bc44c45d0752c62c68e527e
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.7_hppa.deb
Size/MD5 checksum: 27294 2a7860aedde7c3535fd19105121c2043
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.7_hppa.deb
Size/MD5 checksum: 90916 4a602f8c63d22f80fabb10e2019402e2

Motorola 680x0 architecture:

http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.7_m68k.deb
Size/MD5 checksum: 10774276 d3ea2f30a593a8ec702230168a59fc24
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.7_m68k.deb
Size/MD5 checksum: 3263230 5757de718fb0c34c9db6affcb554068f
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.7_m68k.deb
Size/MD5 checksum: 138658 6f3f3b329ee12275eb6eea3be2d9c59a
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.7_m68k.deb
Size/MD5 checksum: 27318 b9e4fe5b540bc544eab853b8077cc2d3
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.7_m68k.deb
Size/MD5 checksum: 76178 8aa668acaf233693e6bc55d3d3f983e0

Big endian MIPS architecture:

http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.7_mips.deb
Size/MD5 checksum: 11933302 e1859aeb3cba8f716f6358499c79a6c6
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.7_mips.deb
Size/MD5 checksum: 3269570 383accb42b1d5cb16ed669ebdeea3db0
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.7_mips.deb
Size/MD5 checksum: 141722 f94d559a76c4488fd29ca08f2a5aa2e4
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.7_mips.deb
Size/MD5 checksum: 27288 d44eb068d5211f6ec32a912c7158b95c
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.7_mips.deb
Size/MD5 checksum: 78500 cf4e68bdc3956dc3ad780ed88188667c

Little endian MIPS architecture:

http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.7_mipsel.deb
Size/MD5 checksum: 11793468 99b3eb9576dc324920f2217c9eb153ef
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.7_mipsel.deb
Size/MD5 checksum: 3270338 5c13a33de951afe85fed1adb014be4ab
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.7_mipsel.deb
Size/MD5 checksum: 141292 8fe41e9685ddbdd396fd73354867f49b
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.7_mipsel.deb
Size/MD5 checksum: 27304 3f96914c37025c901090a86cb6a2fc07

http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.7_mipsel.deb
Size/MD5 checksum: 78350 37448dc23ebcf8d8a7a5431d579c6670

PowerPC architecture:

http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.7_powerpc.deb
Size/MD5 checksum: 10892752 c4642646840672162e058dd2ca7a3309
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.7_powerpc.deb
Size/MD5 checksum: 3263168 6e5b333f01170824eaf06b219caea6ab
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.7_powerpc.deb
Size/MD5 checksum: 138680 ff10d8c364f08f8d6dbf3c01c1aa19df
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.7_powerpc.deb
Size/MD5 checksum: 27296 1112ef17ba7fcd97b5e9ef96ea2a03ab

http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.7_powerpc.deb
Size/MD5 checksum: 75032 6083403690046238fa54fb19262f19da

IBM S/390 architecture:

http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.7_s390.deb
Size/MD5 checksum: 12685000 d9dcc7200f471840874dd933e327d6ea
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.7_s390.deb
Size/MD5 checksum: 3270478 c7164fc9fc49387916f7d4f2d46d369f
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.7_s390.deb
Size/MD5 checksum: 145108 766d10f0d52d8f877ae10291c7f092a7
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.7_s390.deb
Size/MD5 checksum: 27292 5d5a68b544e284c162476096ea263eda
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.7_s390.deb
Size/MD5 checksum: 82992 8648e3e4157d11344b483d3997156af0

Sun Sparc architecture:

http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.7_sparc.deb
Size/MD5 checksum: 11157174 d19fc8bcdc091d58abac26844734568b
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.7_sparc.deb
Size/MD5 checksum: 3267158 1f4f1ab1f525c261be893df79a77639b
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.7_sparc.deb
Size/MD5 checksum: 138358 eeb8d91cc46daf6020a7f60d17ccdb7c
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.7_sparc.deb
Size/MD5 checksum: 27304 9786860d3265d8dd03c964df8afbc5ab

http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.7_sparc.deb
Size/MD5 checksum: 76782 7231203489126cc4f3ad6d68fa863783


These files will probably be moved into the stable distribution on
its next update.

- - ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show ' and http://packages.debian.org/

- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)

iD8DBQFDV7OlW5ql+IAeqTIRAhAZAJ9ouBVCX5NqvzfVcN5yrWiqOBcXHgCcCyMj
QLr52b+eA+zH7DH118ku2W8=
=HHTM
- -----END PGP SIGNATURE-----

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - --------------------------------------------------------------------------
Debian Security Advisory DSA 869-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
October 21st, 2005 http://www.debian.org/security/faq
- - --------------------------------------------------------------------------

Package : eric
Vulnerability : missing input sanitising
Problem type : local (remote)
Debian-specific: no
CVE ID : CAN-2005-3068
Debian Bug : 330893

The developers of eric, a full featured Python IDE, have fixed a bug
in the processing of project files that could lead to the execution of
arbitrary code.

The old stable distribution (woody) does not contain an eric package.

For the stable distribution (sarge) this problem has been fixed in
version 3.6.2-2.

For the unstable distribution (sid) this problem has been fixed in
version 3.7.2-1.

We recommend that you upgrade your eric package.


Upgrade Instructions
- - --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.1 alias sarge
- - --------------------------------

Source archives:

http://security.debian.org/pool/updates/main/e/eric/eric_3.6.2-2.dsc
Size/MD5 checksum: 579 05a3dde271a09b3dfea7f43200f22011
http://security.debian.org/pool/updates/main/e/eric/eric_3.6.2-2.diff.gz
Size/MD5 checksum: 9935 deab4c118e9e349f2424a3a84becfc28
http://security.debian.org/pool/updates/main/e/eric/eric_3.6.2.orig.tar.gz
Size/MD5 checksum: 2161575 1fdcba2aa0f4c0fce2a7c49668cebd60

Architecture independent components:

http://security.debian.org/pool/updates/main/e/eric/eric_3.6.2-2_all.deb
Size/MD5 checksum: 1615108 3d65cdba469df986b25b93085980361e


These files will probably be moved into the stable distribution on
its next update.

- - ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show ' and http://packages.debian.org/

- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)

iD8DBQFDWGeUW5ql+IAeqTIRAk1aAJ9HpQe/Fxa3vX1kpUWRXTW7Faq3cACdFZad
m8kUEwC2MsgrUPzo8H/h2bc=
=/RtH
- -----END PGP SIGNATURE-----

  • Accessibility |
  • Terms and conditions |
  • Privacy statement |
  • Data protection act |
  • Freedom of information |