From:
[email protected]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ------------------------------------------------------------------------ Debian Security Advisory DSA-1873-1
[email protected] http://www.debian.org/security/ Moritz Muehlenhoff
August 26, 2009
http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : xulrunner
Vulnerability : programming error
Problem type : remote
Debian-specific: no
CVE Id(s) : CVE-2009-2654
Juan Pablo Lopez Yacubian discovered that incorrect handling of invalid
URLs could be used for spoofing the location bar and the SSL certificate
status of a web page.
Xulrunner is no longer supported for the old stable distribution (etch).
For the stable distribution (lenny), this problem has been fixed in
version 1.9.0.13-0lenny1.
For the unstable distribution (sid), this problem has been fixed in
version 1.9.0.13-1.
We recommend that you upgrade your xulrunner packages.
Upgrade instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 5.0 alias lenny
- --------------------------------
Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
Source archives:
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.9.0.13-0lenny1.dsc
Size/MD5 checksum: 1784 3cb69f62da64dd1811ba2390cda7ad70
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.9.0.13.orig.tar.gz
Size/MD5 checksum: 44087336 54f6301790198d83d9781a8d107d903f
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.9.0.13-0lenny1.diff.gz
Size/MD5 checksum: 116763 193df5562df81a7d2cc54624fd2a0f51
Architecture independent packages:
http://security.debian.org/pool/updates/main/x/xulrunner/libmozillainterfaces-java_1.9.0.13-0lenny1_all.deb
Size/MD5 checksum: 1463692 3b7d737dad1999992c031048c503b67f
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.13-0lenny1_alpha.deb
Size/MD5 checksum: 3650174 f2d621d2e631411a1893b76416f35698
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.13-0lenny1_alpha.deb
Size/MD5 checksum: 163726 4cb583d327edcd3edc684fa0426caab1
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.13-0lenny1_alpha.deb
Size/MD5 checksum: 51076842 1350fb7090a2690e36b8709f653b561b
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.13-0lenny1_alpha.deb
Size/MD5 checksum: 111814 4bb1d9a1370d0622e866ff6210f18066
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.13-0lenny1_alpha.deb
Size/MD5 checksum: 9490426 215edc3094a23db0c6adabd50884a3a0
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.13-0lenny1_alpha.deb
Size/MD5 checksum: 936830 ff33f0f1af57ae59db2aaa6598985adf
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.13-0lenny1_alpha.deb
Size/MD5 checksum: 221362 1d2d8cbb54b693fde85dd515b55d9922
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.13-0lenny1_alpha.deb
Size/MD5 checksum: 431216 d2ddb135a2c4a8cc03c1be10f6ca82f8
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.13-0lenny1_alpha.deb
Size/MD5 checksum: 71488 368acbceaa33290726ee9f91b1f389f8
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.13-0lenny1_amd64.deb
Size/MD5 checksum: 151740 9106bb0c5d9e8625604f613f5194ae1a
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.13-0lenny1_amd64.deb
Size/MD5 checksum: 373904 0bc676e23d286be9271b3fd364a9c836
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.13-0lenny1_amd64.deb
Size/MD5 checksum: 101310 221078690fc300a9fcf87a26bd4800bb
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.13-0lenny1_amd64.deb
Size/MD5 checksum: 3286694 f72eb5cd02d92766474a20579aa74a8b
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.13-0lenny1_amd64.deb
Size/MD5 checksum: 7717078 a49f4154a3e5e4a6522ca7ea58d0cf79
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.13-0lenny1_amd64.deb
Size/MD5 checksum: 69392 3730969373079331b269890cb104629e
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.13-0lenny1_amd64.deb
Size/MD5 checksum: 222702 c98d1bbf8f80c512a7eea7f94eaf8952
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.13-0lenny1_amd64.deb
Size/MD5 checksum: 889904 a7c23d16ff8d30bc16767f6af21c23e3
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.13-0lenny1_amd64.deb
Size/MD5 checksum: 50310800 c8555989c076088e089e838de0c358f0
arm architecture (ARM)
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.13-0lenny1_arm.deb
Size/MD5 checksum: 67760 647d54e6c11674dac17de983be62ba50
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.13-0lenny1_arm.deb
Size/MD5 checksum: 221772 ab8d0eea1b0bf9b6c200803b4192f629
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.13-0lenny1_arm.deb
Size/MD5 checksum: 83654 fc7e855940039a4fff5eb80c625beebe
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.13-0lenny1_arm.deb
Size/MD5 checksum: 350400 534ba7ef0348ff992af810ffeb1f76d8
[continued in next message]
--- SoupGate-Win32 v1.05
* Origin: you cannot sedate... all the things you hate (1:229/2)