First Last Prev Next    No search results available      Search page      Enter new bug
Bug#: 66084
Alias:
Product:
Component:
Status: RESOLVED
Resolution: FIXED
Assigned To: Bryan Østergaard (RETIRED) <kloeri@gentoo.org>
Hardware:
OS:
Version:
Priority:
Severity:
Reporter: Doug Goldstein <cardoe@gentoo.org>
Add CC:
CC:
Remove selected CCs
URL:
Summary:
Status Whiteboard:
Keywords:
Flags: Requestee:
 
 
  ()

Filename Description Type Creator Created Size Actions
Create a New Attachment (proposed patch, testcase, etc.) View All

Bug 66084 depends on: Show dependency tree
Bug 66084 blocks:
Votes: 0    Show votes for this bug    Vote for this bug

Additional Comments: (this is where you put emerge --info)


Not eligible to see or edit group visibility for this bug.






View Bug Activity   |   Format For Printing   |   XML   |   Clone This Bug

Description:   Opened: 2004-10-01 22:00 0000 
The little periodic update ran on my system and it gave me the following
updates.

Critical Updates (1)
- data: Downloading fix      from ftp.mozilla.org
   You should install these updates immediately to protect your computer from
attack.

Firefox 1.0 Preview Release
- Firefox 1.0 Preview Release is available. We strongly recommend that you
install this upgrade as soon as possible.

Optional Components (2)
- Quality Feedback Utility
- The Document Inspector


Now it sounds like the top thing is a security issue.. However it should not
tell me to install Firefox 1.0 Preview Release as I have it installed already.

Mozilla/5.0 (X11; U; Linux i686; rv:1.7.3) Gecko/20040929 Firefox/0.10

That's from help about firefox. I have firefox-1.0_pre-r1 installed since the
day it came out.

------- Comment #1 From Doug Goldstein 2004-10-01 22:01:48 0000 ------- 
Well. I've got the answer.. Preview Release has been updated to .10.1 for a
security issue... URL is included above and here...

http://www.mozilla.org/press/mozilla-2004-10-01-02.html

------- Comment #2 From Luke Macken (RETIRED) 2004-10-01 22:36:13 0000 ------- 
*** Bug 66086 has been marked as a duplicate of this bug. ***

------- Comment #3 From Luke Macken (RETIRED) 2004-10-01 22:38:53 0000 ------- 
Mozilla guys, 
Sorry for the bug confusion, please bump to 0.10.1

------- Comment #4 From Thierry Carrez (RETIRED) 2004-10-02 02:00:44 0000 ------- 
Filesystem overwrite with user rights : downgrading severity

mozilla-firefox and mozilla-firefox-bin should be upgraded.

------- Comment #5 From Brad Laue (RETIRED) 2004-10-02 09:16:54 0000 ------- 
firefox and firefox-bin are updated to 0.10.1 and pushed to x86 stable.

------- Comment #6 From Luke Macken (RETIRED) 2004-10-02 18:58:11 0000 ------- 
archs, please mark mozilla-firefox-1.0_pre-r2 stable.

------- Comment #7 From SpanKY 2004-10-02 21:45:01 0000 ------- 
ia64 stable

------- Comment #8 From Jason Wever (RETIRED) 2004-10-03 07:09:45 0000 ------- 
stable on sparc

------- Comment #9 From Jochen Maes (RETIRED) 2004-10-03 12:15:49 0000 ------- 
stable on ppc

------- Comment #10 From Luke Macken (RETIRED) 2004-10-03 18:49:13 0000 ------- 
Not sure we should issue a GLSA for this issue since the user must download the
file [him|her]self in order to exploit this.

What does everyone else think?

------- Comment #11 From Thierry Carrez (RETIRED) 2004-10-04 00:55:52 0000 ------- 
I would have the same opinion. Waiting for someone else to play devil's
advocate...

------- Comment #12 From Allen Ziegenfus 2004-10-04 09:45:07 0000 ------- 
How should this update work? If I run firefox as root I can update for this fix
through the firefox interface and it seems to work (about box reports 0.10.1 as
the version number). However when I then run firefox as my normal app user I
don't see the new version number. If I try to update running as the normal user
I get an error. 

Do I need to rebuild firefox instead using the ebuild? If so, can alpha be
added to this ebuild?

------- Comment #13 From Bryan Østergaard (RETIRED) 2004-10-04 09:56:40 0000 ------- 
I'm having trouble emerging this on alpha. I'll keyword alpha as soon as those
problems are solved.

------- Comment #14 From Thierry Carrez (RETIRED) 2004-10-07 01:57:55 0000 ------- 
amd64: please mark mozilla-firefox-bin-1.0_pr-r1 stable too.

------- Comment #15 From Simon Stelling (RETIRED) 2004-10-07 06:13:53 0000 ------- 
done

------- Comment #16 From Dan Margolis (RETIRED) 2004-10-07 09:18:48 0000 ------- 
Limited DoS with (unlikely) user interaction. 

I'd say no GLSA>

------- Comment #17 From Kurt Lieber 2004-10-07 09:22:16 0000 ------- 
I can achieve the same result with improper use of the 'rm' command, so I vote
for  no GLSA.

------- Comment #18 From Thierry Carrez (RETIRED) 2004-10-07 09:23:30 0000 ------- 
Closing without GLSA
alpha: good luck with your testing
First Last Prev Next    No search results available      Search page      Enter new bug