Those will be fixed in upcoming Mozilla 1.7.6 release: MFSA 2005-29 Internationalized Domain Name (IDN) homograph spoofing (Gentoo bug 81113) MFSA 2005-28 Unsafe /tmp/plugtmp directory exploitable to erase user's files (Gentoo bug 81011) MFSA 2005-27 Plugins can be used to load privileged content (CAN-2005-0527) (Gentoo bug 81307) MFSA 2005-26 Cross-site scripting by dropping javascript: link on tab (Gentoo bug 81307) MFSA 2005-25 Image drag and drop executable spoofing (Gentoo bug 81307) MFSA 2005-24 HTTP auth prompt tab spoofing MFSA 2005-20 XSLT can include stylesheets from arbitrary hosts MFSA 2005-18 Memory overwrite in string library (CAN-2005-0255) MFSA 2005-17 Install source spoofing with user:pass@host MFSA 2005-15 Heap overflow possible in UTF8 to Unicode conversion MFSA 2005-14 SSL "secure site" indicator spoofing MFSA 2005-13 Window Injection Spoofing (CAN-2004-1156) (Gentoo bug 73870)
Fixed in 1.7.6: MFSA 2005-29 Internationalized Domain Name (IDN) homograph spoofing MFSA 2005-28 Unsafe /tmp/plugtmp directory exploitable to erase user's files MFSA 2005-27 Plugins can be used to load privileged content MFSA 2005-26 Cross-site scripting by dropping javascript: link on tab MFSA 2005-25 Image drag and drop executable spoofing MFSA 2005-24 HTTP auth prompt tab spoofing MFSA 2005-23 Download dialog source spoofing MFSA 2005-20 XSLT can include stylesheets from arbitrary hosts MFSA 2005-18 Memory overwrite in string library MFSA 2005-17 Install source spoofing with user:pass@host MFSA 2005-16 Spoofing download and security dialogs with overlapping windows MFSA 2005-15 Heap overflow possible in UTF8 to Unicode conversion MFSA 2005-14 SSL "secure site" indicator spoofing MFSA 2005-13 Window Injection Spoofing Mozilla team, please bump
net-www/mozilla bumped to 1.7.6 thanks to brad, mozilla-bin still needed. CC-ing seemant so that he keeps us posted in case mozilla changes category.
Arches: please test and mark mozilla-1.7.6 stable...
mozilla-bin updated and bumped to stable.
Err, on x86.
The new ebuilds fails for me (ppc, USE includes ldap) on libldap50.so: ======= making ./libldap50.so ld -shared -Wl,-soname -Wl,libldap50.so -o libldap50.so ./abandon.o ./add.o ./bind.o ./cache.o ./charray.o ./charset.o ./compare.o ./compat.o ./control.o ./countvalues.o ./delete.o ./disptmpl.o ./dsparse.o ./error.o ./extendop.o ./free.o ./freevalues.o ./friendly.o ./getattr.o ./getdn.o ./getdxbyname.o ./getentry.o ./getfilter.o ./getoption.o ./getvalues.o ./memcache.o ./message.o ./modify.o ./open.o ./os-ip.o ./proxyauthctrl.o ./psearch.o ./referral.o ./regex.o ./rename.o ./request.o ./reslist.o ./result.o ./saslbind.o ./sbind.o ./search.o ./setoption.o ./sort.o ./sortctrl.o ./srchpref.o ./tmplout.o ./ufn.o ./unbind.o ./unescape.o ./url.o ./utf8.o ./vlistctrl.o -L/var/tmp/portage/mozilla-1.7.6/work/mozilla/dist/lib -llber50 ld: unrecognized option '-Wl,-soname' ld: use the --help option for usage information gmake[5]: *** [libldap50.so] Error 1 gmake[5]: *** Waiting for unfinished jobs....
The new ebuilds fails for me (x86, USE="nptl -kde -qt cdr tcltk -ipv6" with ldap installed) on libldap50.so: ======= making ./libldap50.so ld -shared -Wl,-soname -Wl,libldap50.so -o libldap50.so ./abandon.o ./add.o ./bind.o ./cache.o ./charray.o ./charset.o ./compare.o ./compat.o ./control.o ./countvalues.o ./delete.o ./disptmpl.o ./dsparse.o ./error.o ./extendop.o ./free.o ./freevalues.o ./friendly.o ./getattr.o ./getdn.o ./getdxbyname.o ./getentry.o ./getfilter.o ./getoption.o ./getvalues.o ./memcache.o ./message.o ./modify.o ./open.o ./os-ip.o ./proxyauthctrl.o ./psearch.o ./referral.o ./regex.o ./rename.o ./request.o ./reslist.o ./result.o ./saslbind.o ./sbind.o ./search.o ./setoption.o ./sort.o ./sortctrl.o ./srchpref.o ./tmplout.o ./ufn.o ./unbind.o ./unescape.o ./url.o ./utf8.o ./vlistctrl.o -L/var/tmp/portage/mozilla-1.7.6/work/mozilla/dist/lib -llber50 ld: unrecognized option '-Wl,-soname' ld: use the --help option for usage information gmake[5]: *** [libldap50.so] Error 1 gmake[5]: *** Waiting for unfinished jobs....
Ok, I fixed the ldap issue, I believe. Please update and test
SPARCtastic
Arches, please test and mark stable: mozilla-1.7.6-r1: alpha amd64 hppa ia64 ppc
Stable on ppc.
alpha and ia64 are done
on x86 the libldap50.so error is corrected Thanks.
all stable on amd64
GLSA 200503-30 hppa sould mark stable to benefit from GLSA
ebuild no longer in portage