Bug 189137
Summary: | multiple critical Firefox, Mozilla vulnerabilities (CVE-2006-0749, CVE-2006-1724, et al.) | ||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Product: | [Retired] Fedora Legacy | Reporter: | David Eisenstein <deisenst> | ||||||||||
Component: | firefox | Assignee: | Fedora Legacy Bugs <bugs> | ||||||||||
Status: | CLOSED ERRATA | QA Contact: | |||||||||||
Severity: | urgent | Docs Contact: | |||||||||||
Priority: | high | ||||||||||||
Version: | fc3 | CC: | pekkas | ||||||||||
Target Milestone: | --- | Keywords: | Security | ||||||||||
Target Release: | --- | ||||||||||||
Hardware: | All | ||||||||||||
OS: | Linux | ||||||||||||
URL: | http://www.zerodayinitiative.com/advisories/ZDI-06-009.html | ||||||||||||
Whiteboard: | impact=critical, LEGACY, rh73, rh90, 1, 2, 3 | ||||||||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||||||||
Doc Text: | Story Points: | --- | |||||||||||
Clone Of: | Environment: | ||||||||||||
Last Closed: | 2006-06-06 23:22:29 UTC | Type: | --- | ||||||||||
Regression: | --- | Mount Type: | --- | ||||||||||
Documentation: | --- | CRM: | |||||||||||
Verified Versions: | Category: | --- | |||||||||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||||||
Cloudforms Team: | --- | Target Upstream Version: | |||||||||||
Embargoed: | |||||||||||||
Attachments: |
|
Description
David Eisenstein
2006-04-17 16:31:17 UTC
Mozilla updates seem to have been pushed out for RHEL as well now. I'll tackle this if no one else is currently doing it. Nobody seems to be stepping up... I could probably do publish QA, depending on whether I have net access on travel. Marc told me this evening that he is building Mozilla and has already built Firefox on his home machine. He said he'd post them here in the next day or so... He also indicated that we will track both Mozilla and Firefox packages here in this bug ticket. Redhat issued RHSA-2006:0329-01 for Mozilla in RHEL's 2.1, 3, & 4. <http://rhn.redhat.com/errata/RHSA-2006-0329.html> I've not seen any Fedora Core packages released yet for Mozilla, and it appears FC's bugs (for Mozilla) are still embargoed. I am writing a note to security-response-team to see if they can open those bugs up, since those vulnerabilities are now public knowledge. I will open a new bug report for the related Mozilla Thunderbird bug. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Here are updated firefox, mozilla, galeon, devhelp and epiphany packages to QA: 7.3: 066665153a4f3643327f3107a52064081209456a 7.3/galeon-1.2.14-0.73.6.legacy.src.rpm 22bfc4cc06955ba771ed010e97746b9fb1932f07 7.3/mozilla-1.7.13-0.73.1.legacy.src.rpm 9: eb1ec89fe7e121c788ae9d398d564e546be1fe3a 9/galeon-1.2.14-0.90.6.legacy.src.rpm 3552d71bf822a9ce323700722dea45f60efe4dcb 9/mozilla-1.7.13-0.90.1.legacy.src.rpm fc1: 595447482cb41a3b58d127662a84f17cb4b3b3aa 1/epiphany-1.0.8-1.fc1.6.legacy.src.rpm 6ef86905444692d9280b26f4d165ad782e6d7476 1/mozilla-1.7.13-1.1.1.legacy.src.rpm fc2: 6f3eefef4f197341271c7317056c093f19b81ab9 2/devhelp-0.9.1-0.2.10.legacy.src.rpm e1d4a7372e9ffe1e14669a40f6d742d88602ff1a 2/epiphany-1.2.10-0.2.7.legacy.src.rpm 748cd38b0e47c462802a2bdb92425704f7ae39e0 2/mozilla-1.7.13-1.2.1.legacy.src.rpm fc3: a4318f1b301f5fbf51f4d3b77f03809a4e72e42a 3/devhelp-0.9.2-2.3.7.legacy.src.rpm 8e80c9d6d816cd39d70f621d0ef3933b3edcad72 3/epiphany-1.4.9-1.1.legacy.src.rpm 01005aa6085b0dd308cee01b5d224de59d725ea1 3/firefox-1.0.8-1.1.fc3.1.legacy.src.rpm a98fc53dc8d63604184d55628929e0741519a245 3/mozilla-1.7.13-1.3.1.legacy.src.rpm http://www.infostrategique.com/linuxrpms/legacy/7.3/galeon-1.2.14-0.73.6.legacy.src.rpm http://www.infostrategique.com/linuxrpms/legacy/7.3/mozilla-1.7.13-0.73.1.legacy.src.rpm http://www.infostrategique.com/linuxrpms/legacy/9/galeon-1.2.14-0.90.6.legacy.src.rpm http://www.infostrategique.com/linuxrpms/legacy/9/mozilla-1.7.13-0.90.1.legacy.src.rpm http://www.infostrategique.com/linuxrpms/legacy/1/epiphany-1.0.8-1.fc1.6.legacy.src.rpm http://www.infostrategique.com/linuxrpms/legacy/1/mozilla-1.7.13-1.1.1.legacy.src.rpm http://www.infostrategique.com/linuxrpms/legacy/2/devhelp-0.9.1-0.2.10.legacy.src.rpm http://www.infostrategique.com/linuxrpms/legacy/2/epiphany-1.2.10-0.2.7.legacy.src.rpm http://www.infostrategique.com/linuxrpms/legacy/2/mozilla-1.7.13-1.2.1.legacy.src.rpm http://www.infostrategique.com/linuxrpms/legacy/3/devhelp-0.9.2-2.3.7.legacy.src.rpm http://www.infostrategique.com/linuxrpms/legacy/3/epiphany-1.4.9-1.1.legacy.src.rpm http://www.infostrategique.com/linuxrpms/legacy/3/firefox-1.0.8-1.1.fc3.1.legacy.src.rpm http://www.infostrategique.com/linuxrpms/legacy/3/mozilla-1.7.13-1.3.1.legacy.src.rpm -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (GNU/Linux) iD8DBQFES9vvLMAs/0C4zNoRAokzAKCf5wI6awU55f2mhXF/ENoExzB2zgCfUBiO DRWepikHeqWrKSrm4EFKkRM= =JMzR -----END PGP SIGNATURE----- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 QA w/ rpm-build-compare.sh: - source integrity good - spec file changes minimal - patches minimal and OK (when they exist at all, e.g., epiphany) +PUBLISH RHL73, RHL9, FC1, FC2, FC3 Thanks to Marc for the heavy lifting, as usual. 22bfc4cc06955ba771ed010e97746b9fb1932f07 mozilla-1.7.13-0.73.1.legacy.src.rpm 3552d71bf822a9ce323700722dea45f60efe4dcb mozilla-1.7.13-0.90.1.legacy.src.rpm 6ef86905444692d9280b26f4d165ad782e6d7476 mozilla-1.7.13-1.1.1.legacy.src.rpm 748cd38b0e47c462802a2bdb92425704f7ae39e0 mozilla-1.7.13-1.2.1.legacy.src.rpm a98fc53dc8d63604184d55628929e0741519a245 mozilla-1.7.13-1.3.1.legacy.src.rpm 01005aa6085b0dd308cee01b5d224de59d725ea1 firefox-1.0.8-1.1.fc3.1.legacy.src.rpm 358c7ef4ce9b3bc4274dd2437fd17bd4e19a6c06 galeon-1.2.14-0.73.6.legacy.src.rpm eb1ec89fe7e121c788ae9d398d564e546be1fe3a galeon-1.2.14-0.90.6.legacy.src.rpm 595447482cb41a3b58d127662a84f17cb4b3b3aa epiphany-1.0.8-1.fc1.6.legacy.src.rpm e1d4a7372e9ffe1e14669a40f6d742d88602ff1a epiphany-1.2.10-0.2.7.legacy.src.rpm 8e80c9d6d816cd39d70f621d0ef3933b3edcad72 epiphany-1.4.9-1.1.legacy.src.rpm 6f3eefef4f197341271c7317056c093f19b81ab9 devhelp-0.9.1-0.2.10.legacy.src.rpm a4318f1b301f5fbf51f4d3b77f03809a4e72e42a devhelp-0.9.2-2.3.7.legacy.src.rpm -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQFEV7JVGHbTkzxSL7QRAj3fAJ9m1HXTNHFtOSAl0vW0XOGD4q8WNwCfc34G /zLStcC/dJetzQ/piLD0WOE= =sn8h -----END PGP SIGNATURE----- Created attachment 128973 [details]
Proposed mozilla Test Update Notification
Here's a proposed Test Update Notification for Mozilla and its dependents.
Needs to have exact package names/SHA1-sums filled in once packages are built
and fully ready.
Created attachment 128974 [details]
Proposed Test Update Notification for firefox-1.0.8 for FC3
Here's a proposed Test Update Notification for Mozilla Firefox.
Needs to have exact package names/SHA1-sums filled in once packages are built
and fully ready.
These packages were pushed to updates-testing. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 QA for RHL9. Signature OK, upgrades OK, basic browsing including Java plugin seems to work fine. +VERIFY RHL9 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQFEacG4GHbTkzxSL7QRAtJ6AJ45/pDeOTcg6fN5Xs8/yTRunVFdIgCcCrU8 b5t9549NhjP4m16YlJbDGCE= =N2Ub -----END PGP SIGNATURE----- Timeout in 2 weeks. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Testing for FC1 versions of mozilla and epiphany: SHA1SUM Package ========================================__========================================= 3d510a0a221fd0af801d32075cfec02b54e07422__mozilla-1.7.13-1.1.1.legacy.i386.rpm fac226fb8ed3c08bd5c38729ca4bdcb7cbfa7155__mozilla-mail-1.7.13-1.1.1.legacy.i386.rpm 50de7263571cfdca103af679b2b4824cf5e4b733__mozilla-nspr-1.7.13-1.1.1.legacy.i386.rpm 231222af647baca7cf8ad3aa70102baf065844ea__mozilla-nss-1.7.13-1.1.1.legacy.i386.rpm 4278190ae02b1ba55ab8f7bff797aa0b7c6367cf__epiphany-1.0.8-1.fc1.6.legacy.i386.rpm * Packages install fine * Packages run fine * Have been running mozilla and mozilla-mail for about a week, no issues to report. VERIFY++ FC1 mozilla and epiphany -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (GNU/Linux) iD8DBQFEdvZ8xou1V/j9XZwRAlBeAKDpLGRlC9ALKW2ZPEAuXBSi1eBtsQCgvgzI vS5xggcwBeqwQXn3c5yiQVM= =5H0C -----END PGP SIGNATURE----- Timeout shortened to one week, and thus over. Created attachment 130447 [details]
Proposed FLSA for mozilla
Created attachment 130483 [details]
Proposed FLSA for firefox
Packages were released to updates. |