Summary: | mail-client/thunderbird*, net-www/mozilla-firebird*, net-www/mozilla: insecure temp files | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Matthias Geerdsen (RETIRED) <vorlon> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | mozilla |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | All | ||
URL: | https://bugzilla.mozilla.org/show_bug.cgi?id=251297 | ||
Whiteboard: | A4 [noglsa] koon | ||
Package list: | Runtime testing required: | --- |
Description
Matthias Geerdsen (RETIRED)
2004-10-26 06:13:05 UTC
for reference: http://secunia.com/advisories/12956/ http://securitytracker.com/alerts/2004/Oct/1011916.html http://securitytracker.com/alerts/2004/Oct/1011915.html ___ mozilla team, pls update/patch where appropriate Given the severity, that probably should wait for upstream next version... Mozilla team, please comment. I agree with Koon (speaking for the mozilla team unless Brad disagrees). This doesn't warrant a special distro-patched release. We'll wait for upstream Looks like it's fixed in Firefox 1.0, Thunderbird 0.9... even if http://www.mozilla.org/projects/security/known-vulnerabilities.html is not up to date. Dunno about a fixed version in Mozilla though. Firefox is fixed in version 1.0, according to http://www.squarefree.com/burningedge/releases/1.0.html Fixed in Mozilla 1.7.5, according to : http://www.mozilla.org/releases/mozilla1.7.5/changelog.html Waiting for mozilla-bin to reach 1.7.5. mozilla-1.7.5 : "x86 ppc sparc alpha amd64 ia64" mozilla-bin-1.7.5 : not in portage yet mozilla-firefox-1.0 : "x86 ppc sparc alpha amd64 ia64 arm" mozilla-firefox-bin-1.0 : ready >=mozilla-thunderbird-0.9 : "x86 ppc sparc alpha amd64 ia64" >=mozilla-thunderbird-bin-0.9 : "x86" mozilla team : please provide a mozilla-bin 1.7.5 arch teams : please start to test mozilla-1.7.5, mozilla-firefox-1.0 and mozilla-thunderbird[-bin]-1.0 and mark stable accordingly. mozilla-thunderbird-1.0 sparc stable. mozilla-firefox-1.0 was already sparc stable. now building, then testing mozilla-1.7.5. amd64 done. mozilla-1.7.5 sparc stable, we're done. On x86, should I mark mozilla-thunderbird 0.9 or 1.0 ? 1.0 is mostly a stabilized 0.9 release. As a Thunderbird user, I can only recomment marking the 1.0 version. From a security point of view, these two versions are probably identical (but changelogs are quite obscure on this). In brief, I would say, mark thunderbird-1.0, and if you can't, mark 0.9. mozilla-1.7.5 and thunderbird-1.0 are x86... re-add us if mozilla-bin needs to be tested... Alpha stable. mozilla team: please provide a mozilla-bin-1.7.5 ebuild. ok, 1.7.5-bin put in cvs. Marked x86 stable already. mozilla-1.7.5 : still needs "ppc" and "ia64" mozilla-bin-1.7.5 : ready >=mozilla-firefox-1.0 : still needs "ppc" "ia64" and "arm" mozilla-firefox-bin-1.0 : ready >=mozilla-thunderbird-0.9 : still needs "ppc" and "ia64" >=mozilla-thunderbird-bin-0.9 : ready ppc, ia64, arm : please test and mark stable Tested and marked mozilla-firefox-1.0 and mozilla-thunderbird-1.0 ppc stable. If no one else gets to it, I'll test mozilla-1.7.5 tomorrow. Please vote on GLSA need. This is a temporary disclosure of file attachment contents. I vote NO for this one. I vote NO as well. Closed without GLSA. arm, ia64, remember to mark mozilla 1.7.5 stable GLSA 200501-03 |