[SECURITY] [DSA 1669-1] New xulrunner packages fix several vulnerabilities

To: debian-security-announce@lists.debian.org
Subject: [SECURITY] [DSA 1669-1] New xulrunner packages fix several vulnerabilities
From: Moritz Muehlenhoff <jmm@debian.org>
Date: Sun, 23 Nov 2008 21:29:40 +0100
Message-id: <[🔎] 20081123202940.GA7129@galadriel.inutil.org>
Reply-to: debian-security@lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
Debian Security Advisory DSA-1669-1                  security@debian.org
http://www.debian.org/security/                       Moritz Muehlenhoff
November 23, 2008                     http://www.debian.org/security/faq
- ------------------------------------------------------------------------

Package        : xulrunner
Vulnerability  : several
Problem-Type   : remote
Debian-specific: no
CVE ID         : CVE-2008-0016 CVE-2008-3835 CVE-2008-3836 CVE-2008-3837 CVE-2008-4058 CVE-2008-4059 CVE-2008-4060 CVE-2008-4061 CVE-2008-4062 CVE-2008-4065 CVE-2008-4066 CVE-2008-4067 CVE-2008-4068 CVE-2008-4069 CVE-2008-4582 CVE-2008-5012 CVE-2008-5013 CVE-2008-5014 CVE-2008-5017 CVE-2008-5018 CVE-2008-0017 CVE-2008-5021 CVE-2008-5022 CVE-2008-5023 CVE-2008-5024

Several remote vulnerabilities have been discovered in Xulrunner, a
runtime environment for XUL applications. The Common Vulnerabilities
and Exposures project identifies the following problems:

CVE-2008-0016

   Justin Schuh, Tom Cross and Peter Williams discovered a buffer
   overflow in the parser for UTF-8 URLs, which may lead to the
   execution of arbitrary code.

CVE-2008-3835

   "moz_bug_r_a4" discovered that the same-origin check in
   nsXMLDocument::OnChannelRedirect() could by bypassed.

CVE-2008-3836

   "moz_bug_r_a4" discovered that several vulnerabilities in
   feedWriter could lead to Chrome privilege escalation.

CVE-2008-3837

   Paul Nickerson discovered that an attacker could move windows
   during a mouse click, resulting in unwanted action triggered by
   drag-and-drop.

CVE-2008-4058

   "moz_bug_r_a4" discovered a vulnerability which can result in
   Chrome privilege escalation through XPCNativeWrappers.

CVE-2008-4059

   "moz_bug_r_a4" discovered a vulnerability which can result in
   Chrome privilege escalation through XPCNativeWrappers.

CVE-2008-4060

   Olli Pettay and "moz_bug_r_a4" discovered a Chrome privilege
   escalation vulnerability in XSLT handling.

CVE-2008-4061

   Jesse Ruderman discovered a crash in the layout engine, which might
   allow the execution of arbitrary code.

CVE-2008-4062

   Igor Bukanov, Philip Taylor, Georgi Guninski and Antoine Labour
   discovered crashes in the Javascript engine, which might allow the
   execution of arbitrary code.

CVE-2008-4065

   Dave Reed discovered that some Unicode byte order marks are
   stripped from Javascript code before execution, which can result in
   code being executed, which were otherwise part of a quoted string.

CVE-2008-4066

   Gareth Heyes discovered that some Unicode surrogate characters are
   ignored by the HTML parser.

CVE-2008-4067

   Boris Zbarsky discovered that resource: URls allow directory
   traversal when using URL-encoded slashes.

CVE-2008-4068

   Georgi Guninski discovered that resource: URLs could bypass local
   access restrictions.

CVE-2008-4069

   Billy Hoffman discovered that the XBM decoder could reveal
   uninitialised memory.

CVE-2008-4582

   Liu Die Yu discovered an information leak through local shortcut
   files.

CVE-2008-5012

   Georgi Guninski, Michal Zalewski and Chris Evan discovered that
   the canvas element could be used to bypass same-origin
   restrictions.

CVE-2008-5013

   It was discovered that insufficient checks in the Flash plugin glue
   code could lead to arbitrary code execution.

CVE-2008-5014

   Jesse Ruderman discovered that a programming error in the
   window.__proto__.__proto__ object could lead to arbitrary code
   execution.

CVE-2008-5017

   It was discovered that crashes in the layout engine could lead to
   arbitrary code execution.

CVE-2008-5018

   It was discovered that crashes in the Javascript engine could lead to
   arbitrary code execution.

CVE-2008-0017
   
   Justin Schuh discovered that a buffer overflow in http-index-format
   parser could lead to arbitrary code execution.

CVE-2008-5021

   It was discovered that a crash in the nsFrameManager might lead to
   the execution of arbitrary code.

CVE-2008-5022

   "moz_bug_r_a4" discovered that the same-origin check in
   nsXMLHttpRequest::NotifyEventListeners() could be bypassed.

CVE-2008-5023

   Collin Jackson discovered that the -moz-binding property bypasses
   security checks on codebase principals.

CVE-2008-5024

   Chris Evans discovered that quote characters were improperly
   escaped in the default namespace of E4X documents.

For the stable distribution (etch), these problems have been fixed in
version 1.8.0.15~pre080614h-0etch1. Packages for mips will be provided
later.

For the upcoming stable distribution (lenny) and the unstable
distribution (sid), these problems have been fixed in version 1.9.0.4-1.

We recommend that you upgrade your xulrunner packages.

Upgrade instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 4.0 alias etch
- -------------------------------

Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.

Source archives:

  http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.15~pre080614h.orig.tar.gz
    Size/MD5 checksum: 43763318 269ce29df92d5053f6d0fc659717c18b
  http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.15~pre080614h-0etch1.diff.gz
    Size/MD5 checksum:   144529 7f517d4bd904df70b6ead61c85e5eb71
  http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.15~pre080614h-0etch1.dsc
    Size/MD5 checksum:     1984 2f56bfad80749a3af01a185cfc3a19e5

Architecture independent packages:

  http://security.debian.org/pool/updates/main/x/xulrunner/libsmjs-dev_1.8.0.15~pre080614h-0etch1_all.deb
    Size/MD5 checksum:    37108 ac110712c554bc90e6156ddf375c20e6
  http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-dev_1.8.0.15~pre080614h-0etch1_all.deb
    Size/MD5 checksum:   231230 75b9b3c909279253b358fe73c87ae920
  http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.8.0.15~pre080614h-0etch1_all.deb
    Size/MD5 checksum:   176254 6bffe2de1c86a23ea69141da310df072
  http://security.debian.org/pool/updates/main/x/xulrunner/libsmjs1_1.8.0.15~pre080614h-0etch1_all.deb
    Size/MD5 checksum:    37070 a83bac43079f44db9c6a8ba23638481a
  http://security.debian.org/pool/updates/main/x/xulrunner/libxul-dev_1.8.0.15~pre080614h-0etch1_all.deb
    Size/MD5 checksum:  2637220 39ab7259a30e82173bd736ff4d26b366
  http://security.debian.org/pool/updates/main/x/xulrunner/libxul-common_1.8.0.15~pre080614h-0etch1_all.deb
    Size/MD5 checksum:  1051896 e9a4021391f5153eaca415b5f6e93fe6
  http://security.debian.org/pool/updates/main/x/xulrunner/libmozillainterfaces-java_1.8.0.15~pre080614h-0etch1_all.deb
    Size/MD5 checksum:  1032080 388688d0bfcb0a5c4abde96f9fb24c98
  http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-dev_1.8.0.15~pre080614h-0etch1_all.deb
    Size/MD5 checksum:   207752 516386bf8588e6210ac121d38cc67308

alpha architecture (DEC Alpha)

  http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.15~pre080614h-0etch1_alpha.deb
    Size/MD5 checksum:   292440 187aad52fc63d5fdca6521359b6a360a
  http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d_1.8.0.15~pre080614h-0etch1_alpha.deb
    Size/MD5 checksum:   386628 536f366c637868a9f27746f776d37a31
  http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d_1.8.0.15~pre080614h-0etch1_alpha.deb
    Size/MD5 checksum:  7346254 4b946a8f3cde017ff0580a9a97687e7e
  http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d-dbg_1.8.0.15~pre080614h-0etch1_alpha.deb
    Size/MD5 checksum:   765180 673c7bd51731495926293ff92301b327
  http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-tools_1.8.0.15~pre080614h-0etch1_alpha.deb
    Size/MD5 checksum:   739026 d96d09c1ecbf280a77ee5f4fe4a7d1a3
  http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d-dbg_1.8.0.15~pre080614h-0etch1_alpha.deb
    Size/MD5 checksum:  3188906 5cfc3218c50b909a4e64e06d09774224
  http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.8.0.15~pre080614h-0etch1_alpha.deb
    Size/MD5 checksum:    53106 20768cf8e831ad71f45cccb657eb3448
  http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-gnome-support_1.8.0.15~pre080614h-0etch1_alpha.deb
    Size/MD5 checksum:    71212 0f8fe3e84b4faf38d25347f3dfdc463d
  http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d-dbg_1.8.0.15~pre080614h-0etch1_alpha.deb
    Size/MD5 checksum:   302616 01109cc8d78492dbbbcbad4756255e8b
  http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d_1.8.0.15~pre080614h-0etch1_alpha.deb
    Size/MD5 checksum:   162612 9af11053277aa8398ed4852890076b41
  http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.8.0.15~pre080614h-0etch1_alpha.deb
    Size/MD5 checksum:   129930 7b03aa5bcfb76b15d860621806ffbccb
  http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d_1.8.0.15~pre080614h-0etch1_alpha.deb
    Size/MD5 checksum:   905638 3a558f50e394d109e4d306559b48283a
  http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d-dbg_1.8.0.15~pre080614h-0etch1_alpha.deb
    Size/MD5 checksum: 46017420 d5f238086f7f77270d31a3d34c4b9a35

amd64 architecture (AMD x86_64 (AMD64))

  http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d-dbg_1.8.0.15~pre080614h-0etch1_amd64.deb
    Size/MD5 checksum:  3177838 69775ab87c4c2677faf2fbe8ed1c4617
  http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d_1.8.0.15~pre080614h-0etch1_amd64.deb
    Size/MD5 checksum:   148946 d179d55f788e6fbaf2259446d79c342c
  http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d_1.8.0.15~pre080614h-0etch1_amd64.deb
    Size/MD5 checksum:   356028 7e6147ae3531fb175cdf637a25f4dc33
  http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.8.0.15~pre080614h-0etch1_amd64.deb
    Size/MD5 checksum:   126632 7795ccbd3edeb72623450ec3b0c407f9
  http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d_1.8.0.15~pre080614h-0etch1_amd64.deb
    Size/MD5 checksum:   810296 09a7217cbe1b1180c71ae7b16a306747
  http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-gnome-support_1.8.0.15~pre080614h-0etch1_amd64.deb
    Size/MD5 checksum:    69360 2e6a6559a22ce55f2b6b9331b0bfbd68
  http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d-dbg_1.8.0.15~pre080614h-0etch1_amd64.deb
    Size/MD5 checksum:   755560 ade61fc66030701ba9d62086288403bf
  http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.15~pre080614h-0etch1_amd64.deb
    Size/MD5 checksum:   278728 9124a96cd6b202d076a35829b542f6f6
  http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d_1.8.0.15~pre080614h-0etch1_amd64.deb
    Size/MD5 checksum:  6343406 7683694615827e8674c59034978b86b1
  http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-tools_1.8.0.15~pre080614h-0etch1_amd64.deb
    Size/MD5 checksum:   671010 7984141447417ad48f657e5752a197c5
  http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d-dbg_1.8.0.15~pre080614h-0etch1_amd64.deb
    Size/MD5 checksum: 45217322 e18a8c41099328f6979c27614a81b83c
  http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.8.0.15~pre080614h-0etch1_amd64.deb
    Size/MD5 checksum:    53340 803733e356f2f74037a6f3a7d9a4a91f
  http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d-dbg_1.8.0.15~pre080614h-0etch1_amd64.deb
    Size/MD5 checksum:   304624 36ced9e2336ccaa648a15c76707f8645

arm architecture (ARM)

  http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.8.0.15~pre080614h-0etch1_arm.deb
    Size/MD5 checksum:    50992 e655c2956e96e317f0a32c4122b34d3b
  http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d_1.8.0.15~pre080614h-0etch1_arm.deb
    Size/MD5 checksum:   732278 0f2bce0bc1d0b13b36c5b45465516b04
  http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d-dbg_1.8.0.15~pre080614h-0etch1_arm.deb
    Size/MD5 checksum: 44746676 980a58b4e66d48cb8e913a3846081001
  http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d_1.8.0.15~pre080614h-0etch1_arm.deb
    Size/MD5 checksum:  5368942 8a6560e2302db9686218205d5c347e16
  http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d-dbg_1.8.0.15~pre080614h-0etch1_arm.deb
    Size/MD5 checksum:   290778 305d1c3d9f893d75d6b92e7b02819bdb
  http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-gnome-support_1.8.0.15~pre080614h-0etch1_arm.deb
    Size/MD5 checksum:    63054 72ef44af146319f439a44197b7d4743a
  http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-tools_1.8.0.15~pre080614h-0etch1_arm.deb
    Size/MD5 checksum:   594214 7c6d64740f289185389b15b790d645ad
  http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d-dbg_1.8.0.15~pre080614h-0etch1_arm.deb
    Size/MD5 checksum:  2969882 9acb7cc81292692bedc12f523fb25f19
  http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.8.0.15~pre080614h-0etch1_arm.deb
    Size/MD5 checksum:   119110 249f11b4d5c08aa5d1bd4d74221e0c38
  http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d_1.8.0.15~pre080614h-0etch1_arm.deb
    Size/MD5 checksum:   136886 ce4ac4ba2050790518c8528c2a415f02
  http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d_1.8.0.15~pre080614h-0etch1_arm.deb
    Size/MD5 checksum:   326184 5c4f59cedea7db6e7dd5d9a9522c24c7
  http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.15~pre080614h-0etch1_arm.deb
    Size/MD5 checksum:   260186 a9ac930957d7416cc7a160b6044f96b3
  http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d-dbg_1.8.0.15~pre080614h-0etch1_arm.deb
    Size/MD5 checksum:   705170 fbdb65410c70fa8805ce72c0c97c179b

hppa architecture (HP PA RISC)

  http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d-dbg_1.8.0.15~pre080614h-0etch1_hppa.deb
    Size/MD5 checksum:   302322 61f8282f8cd276c69d24fa6824761a4e
  http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-tools_1.8.0.15~pre080614h-0etch1_hppa.deb
    Size/MD5 checksum:   703692 06452f715efa7e66c5d22e3866db2c0e
  http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d-dbg_1.8.0.15~pre080614h-0etch1_hppa.deb
    Size/MD5 checksum: 46134820 cd29259ebf9caf9dca35560e806f984b
  http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.8.0.15~pre080614h-0etch1_hppa.deb
    Size/MD5 checksum:    53462 27cc05a50b56afbe49b5fa3b30672e58
  http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d_1.8.0.15~pre080614h-0etch1_hppa.deb
    Size/MD5 checksum:   390962 9fed7a335de83d6333b1c2e5c9bedfea
  http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d_1.8.0.15~pre080614h-0etch1_hppa.deb
    Size/MD5 checksum:   161670 b9c1c8bfdf1db386d301dbb03d5c403c
  http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d_1.8.0.15~pre080614h-0etch1_hppa.deb
    Size/MD5 checksum:  7552110 91b773e5373158755289930d39ff7470
  http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.8.0.15~pre080614h-0etch1_hppa.deb
    Size/MD5 checksum:   132130 8a5c0d6d99049ab1a499c584a602d7dc
  http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d-dbg_1.8.0.15~pre080614h-0etch1_hppa.deb
    Size/MD5 checksum:   753050 bc5f4f2723836580fbfbaed5a71272b1
  http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.15~pre080614h-0etch1_hppa.deb
    Size/MD5 checksum:   287828 b0a84eacece17a811defbb7b30c757f7
  http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d-dbg_1.8.0.15~pre080614h-0etch1_hppa.deb
    Size/MD5 checksum:  3104660 47ab34d7126c8f64cbaa269f7a2afdd4
  http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-gnome-support_1.8.0.15~pre080614h-0etch1_hppa.deb
    Size/MD5 checksum:    70902 67634b0f71a03fd87476396172ccffe7
  http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d_1.8.0.15~pre080614h-0etch1_hppa.deb
    Size/MD5 checksum:   874810 ae271a1ca58484ddf43ba14d66387a06

i386 architecture (Intel ia32)

  http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d_1.8.0.15~pre080614h-0etch1_i386.deb
    Size/MD5 checksum:  5383100 25dfd28aef781b5ca352f0232aa211e9
  http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-gnome-support_1.8.0.15~pre080614h-0etch1_i386.deb
    Size/MD5 checksum:    63834 2691c48af147f802e684e030d3e04701
  http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d-dbg_1.8.0.15~pre080614h-0etch1_i386.deb
    Size/MD5 checksum: 44696504 d3f45db182ee59de39c86b5ea12ad01a
  http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d-dbg_1.8.0.15~pre080614h-0etch1_i386.deb
    Size/MD5 checksum:   714892 13951abf0a2c9030ed8ff163f6259351
  http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d-dbg_1.8.0.15~pre080614h-0etch1_i386.deb
    Size/MD5 checksum:   296446 b8a9da32c6184afac2f6649ce8ad5847
  http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d_1.8.0.15~pre080614h-0etch1_i386.deb
    Size/MD5 checksum:   139824 13cb243ffadc155900abb00835a6507b
  http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d-dbg_1.8.0.15~pre080614h-0etch1_i386.deb
    Size/MD5 checksum:  3033280 705838b8f872cd335ce180cbad03cdb1
  http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d_1.8.0.15~pre080614h-0etch1_i386.deb
    Size/MD5 checksum:   337086 87db12ec21885f3833560b334e1af3e4
  http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.8.0.15~pre080614h-0etch1_i386.deb
    Size/MD5 checksum:    50868 707ae35a901c3e9ae1ec40c3c00f7921
  http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d_1.8.0.15~pre080614h-0etch1_i386.deb
    Size/MD5 checksum:   742916 bd2ff5be8f3a94deaf104bafe477a9d3
  http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.8.0.15~pre080614h-0etch1_i386.deb
    Size/MD5 checksum:   118548 8ce74f7ef876172271c72c3c411cbd33
  http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.15~pre080614h-0etch1_i386.deb
    Size/MD5 checksum:   267924 7d8bcf96f9244594b9a937b6224fa097
  http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-tools_1.8.0.15~pre080614h-0etch1_i386.deb
    Size/MD5 checksum:   628432 e109e6b6aa054ced99a8844df67ced17

ia64 architecture (Intel ia64)

  http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.8.0.15~pre080614h-0etch1_ia64.deb
    Size/MD5 checksum:   150698 ab8c0d92e7ac8bb48b604d6ea36197e4
  http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d-dbg_1.8.0.15~pre080614h-0etch1_ia64.deb
    Size/MD5 checksum:   287530 c9db22cd56cc17dd619cbd95b3b45075
  http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d_1.8.0.15~pre080614h-0etch1_ia64.deb
    Size/MD5 checksum:   532996 b7c0eadd7ddd85642c761e29cf7cafc3
  http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d-dbg_1.8.0.15~pre080614h-0etch1_ia64.deb
    Size/MD5 checksum:   755714 eae62df93df4e8bb5f0deda5dd4ec4e9
  http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d-dbg_1.8.0.15~pre080614h-0etch1_ia64.deb
    Size/MD5 checksum:  3051824 e516b3a4601b8350faeff14a47b298b2
  http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.15~pre080614h-0etch1_ia64.deb
    Size/MD5 checksum:   334028 3a0cc332ff6b095193b7c70952d13532
  http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d-dbg_1.8.0.15~pre080614h-0etch1_ia64.deb
    Size/MD5 checksum: 45437166 c3a164f9d48b0c96277be51a441915dd
  http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d_1.8.0.15~pre080614h-0etch1_ia64.deb
    Size/MD5 checksum:  1121458 5f97e14d0837fc02241fec88c81f706a
  http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-gnome-support_1.8.0.15~pre080614h-0etch1_ia64.deb
    Size/MD5 checksum:    80872 a36655812bc3600a00ada31f7b5af8d7
  http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d_1.8.0.15~pre080614h-0etch1_ia64.deb
    Size/MD5 checksum:  9685646 1ec5fef153646e888c1e28c306e0edae
  http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.8.0.15~pre080614h-0etch1_ia64.deb
    Size/MD5 checksum:    57870 97e42348ab45451378fd360df57ee996
  http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d_1.8.0.15~pre080614h-0etch1_ia64.deb
    Size/MD5 checksum:   198742 bbba497dfc3b9e556082c6357e3dfde5
  http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-tools_1.8.0.15~pre080614h-0etch1_ia64.deb
    Size/MD5 checksum:   937264 e538ce36bc43ed941394d13ee0d52a53

mipsel architecture (MIPS (Little Endian))

  http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.15~pre080614h-0etch1_mipsel.deb
    Size/MD5 checksum:   274964 8cc829f5a01dabeb02357a57f26de510
  http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-gnome-support_1.8.0.15~pre080614h-0etch1_mipsel.deb
    Size/MD5 checksum:    65170 7ca8f4598376b9e35cf62096cd0663aa
  http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d_1.8.0.15~pre080614h-0etch1_mipsel.deb
    Size/MD5 checksum:   785530 464969451374f49191184fdd78363633
  http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d_1.8.0.15~pre080614h-0etch1_mipsel.deb
    Size/MD5 checksum:   351424 21b9b17a786ee9e8a28bff8e2cb7b067
  http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d-dbg_1.8.0.15~pre080614h-0etch1_mipsel.deb
    Size/MD5 checksum:  3187334 da69f74749bc9d111d4a1e4597b7a075
  http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.8.0.15~pre080614h-0etch1_mipsel.deb
    Size/MD5 checksum:    52554 fd3706c6cfccb0442e3b092e184adfbb
  http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.8.0.15~pre080614h-0etch1_mipsel.deb
    Size/MD5 checksum:   118606 3f78ef107edbf118d6da0a504b1a6c90
  http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d_1.8.0.15~pre080614h-0etch1_mipsel.deb
    Size/MD5 checksum:  5756448 5d27b51600c5aecf30d82872ea5ef976
  http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-tools_1.8.0.15~pre080614h-0etch1_mipsel.deb
    Size/MD5 checksum:   670678 861a749803d3906cd21d77e8f45ecae6
  http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d-dbg_1.8.0.15~pre080614h-0etch1_mipsel.deb
    Size/MD5 checksum:   305782 739ba0f2bcb1c8204734225044648734
  http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d-dbg_1.8.0.15~pre080614h-0etch1_mipsel.deb
    Size/MD5 checksum: 45367986 ff5cbe1732d1dae74bb822119d86a925
  http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d-dbg_1.8.0.15~pre080614h-0etch1_mipsel.deb
    Size/MD5 checksum:   766946 438965e5962147e88570d0f0502b43fd
  http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d_1.8.0.15~pre080614h-0etch1_mipsel.deb
    Size/MD5 checksum:   146350 3cdb4a00d928cd6d222841d961edcaf8

powerpc architecture (PowerPC)

  http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.8.0.15~pre080614h-0etch1_powerpc.deb
    Size/MD5 checksum:   124684 defd7a2555c14d3a0f06c971bea7a451
  http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d_1.8.0.15~pre080614h-0etch1_powerpc.deb
    Size/MD5 checksum:   810014 20a1a9dbf4a3ad3eb8fd0d35ee64342f
  http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d-dbg_1.8.0.15~pre080614h-0etch1_powerpc.deb
    Size/MD5 checksum: 46948440 e99e9c17fe4fff09ffa231ab61344926
  http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d-dbg_1.8.0.15~pre080614h-0etch1_powerpc.deb
    Size/MD5 checksum:  3207304 106c8e04e7e69a403629a08113af60b1
  http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.8.0.15~pre080614h-0etch1_powerpc.deb
    Size/MD5 checksum:    53822 06e6021788dfa6ed42f73c42dc42d4c6
  http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d_1.8.0.15~pre080614h-0etch1_powerpc.deb
    Size/MD5 checksum:   148102 9ee04ff3dbad84bebf8536adf942da51
  http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.15~pre080614h-0etch1_powerpc.deb
    Size/MD5 checksum:   279498 2a91ba4052440b688a084142034094b2
  http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d_1.8.0.15~pre080614h-0etch1_powerpc.deb
    Size/MD5 checksum:   350088 2cdf2cc81b27d7ecab9c8045f9fa3f4c
  http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d-dbg_1.8.0.15~pre080614h-0etch1_powerpc.deb
    Size/MD5 checksum:   774852 68f4364621232a4ccaf379739fe90844
  http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-tools_1.8.0.15~pre080614h-0etch1_powerpc.deb
    Size/MD5 checksum:   640770 caf3b284405fe5c5c630aa3079b03a98
  http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-gnome-support_1.8.0.15~pre080614h-0etch1_powerpc.deb
    Size/MD5 checksum:    65030 1fb0c63b382b718542a93f6a5044c5dd
  http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d_1.8.0.15~pre080614h-0etch1_powerpc.deb
    Size/MD5 checksum:  6111652 8084da84956a7dd10fb41a748571d1ce
  http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d-dbg_1.8.0.15~pre080614h-0etch1_powerpc.deb
    Size/MD5 checksum:   311138 dd2cdb789b213198e2d07793ff6cda7d

s390 architecture (IBM S/390)

  http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d_1.8.0.15~pre080614h-0etch1_s390.deb
    Size/MD5 checksum:   372540 2a5ba267a8fe0873efd38cd4b7901cc6
  http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.15~pre080614h-0etch1_s390.deb
    Size/MD5 checksum:   282950 45ee96102546cd3721b3035fa66625d5
  http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.8.0.15~pre080614h-0etch1_s390.deb
    Size/MD5 checksum:   127476 c84ebe0a16a997feec58a7e4b8cb680e
  http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d_1.8.0.15~pre080614h-0etch1_s390.deb
    Size/MD5 checksum:  6815988 904ffedb7cf2d3951fa3ba419db97bf8
  http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-tools_1.8.0.15~pre080614h-0etch1_s390.deb
    Size/MD5 checksum:   688656 68fe7ceca84ad73d3af368cafcc8bb8d
  http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d-dbg_1.8.0.15~pre080614h-0etch1_s390.deb
    Size/MD5 checksum:  3182688 e31c62d66bbc8c56803ad26bebdd759b
  http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.8.0.15~pre080614h-0etch1_s390.deb
    Size/MD5 checksum:    54072 143164871ff9749b6b6b4430cb32041b
  http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d-dbg_1.8.0.15~pre080614h-0etch1_s390.deb
    Size/MD5 checksum:   756986 e369095cb45670013a7842c16e4b705d
  http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-gnome-support_1.8.0.15~pre080614h-0etch1_s390.deb
    Size/MD5 checksum:    69980 9d100c8a6ce21bf7072068084fb0d686
  http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d-dbg_1.8.0.15~pre080614h-0etch1_s390.deb
    Size/MD5 checksum:   306772 7d5c5de6d3b220c4ed01f0f41fdee5bc
  http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d_1.8.0.15~pre080614h-0etch1_s390.deb
    Size/MD5 checksum:   899720 3ac2e0a53da7a24c693705e38222063e
  http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d_1.8.0.15~pre080614h-0etch1_s390.deb
    Size/MD5 checksum:   160818 24d85411a0b362051bf4a01071b62fba
  http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d-dbg_1.8.0.15~pre080614h-0etch1_s390.deb
    Size/MD5 checksum: 46082350 b519a68a5f31a04f0f5e236845487bde

sparc architecture (Sun SPARC/UltraSPARC)

  http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d_1.8.0.15~pre080614h-0etch1_sparc.deb
    Size/MD5 checksum:   719922 5bc9efc37cef094718adb36d5a016179
  http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d-dbg_1.8.0.15~pre080614h-0etch1_sparc.deb
    Size/MD5 checksum:   676172 b0241dcaf3f7153dc9145a9c5babe787
  http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-gnome-support_1.8.0.15~pre080614h-0etch1_sparc.deb
    Size/MD5 checksum:    63314 4e65fa183e0e12f543d0eb669c6d670d
  http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.8.0.15~pre080614h-0etch1_sparc.deb
    Size/MD5 checksum:    51986 303f9de96490f0633aab95306fe30f05
  http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-tools_1.8.0.15~pre080614h-0etch1_sparc.deb
    Size/MD5 checksum:   586488 6236e767259e06e3d3b4c062ee6362a2
  http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d-dbg_1.8.0.15~pre080614h-0etch1_sparc.deb
    Size/MD5 checksum: 44786670 07e5e02fced64c2303043cffa255a4ee
  http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d_1.8.0.15~pre080614h-0etch1_sparc.deb
    Size/MD5 checksum:  5691050 3f4e9e5e4feff6a386094101820c9f11
  http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d_1.8.0.15~pre080614h-0etch1_sparc.deb
    Size/MD5 checksum:   323786 ec3a7690b2e154e51132d1983a72be3b
  http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d-dbg_1.8.0.15~pre080614h-0etch1_sparc.deb
    Size/MD5 checksum:  2854664 214407a606e9b94ab300ea306d1c0e18
  http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d_1.8.0.15~pre080614h-0etch1_sparc.deb
    Size/MD5 checksum:   136908 be6e397388eb412bcbf9ec6a014b00f5
  http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.8.0.15~pre080614h-0etch1_sparc.deb
    Size/MD5 checksum:   118720 346aa123c24a426716a1576c3c285dc6
  http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d-dbg_1.8.0.15~pre080614h-0etch1_sparc.deb
    Size/MD5 checksum:   284372 63ba1195ae71a92c6b780004c0c7e2da
  http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.15~pre080614h-0etch1_sparc.deb
    Size/MD5 checksum:   261348 690d1985e4d4cd1c5b076e76af55ac84

  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkkpvOsACgkQXm3vHE4uylqk/QCfcUJ0bKTZiaUbBByKV0IMMfn0
jScAoMccp5hon5x17e34NnJzW8aJGMDb
=ZybD
-----END PGP SIGNATURE-----
Reply to:
Prev by Date: [SECURITY] [DSA 1668-1] New hf packages fix execution of arbitrary code
Next by Date: [SECURITY] [DSA 1670-1] New enscript packages fix arbitrary code execution
Previous by thread: [SECURITY] [DSA 1668-1] New hf packages fix execution of arbitrary code
Next by thread: [SECURITY] [DSA 1670-1] New enscript packages fix arbitrary code execution
Index(es):
- Date
- Thread