-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                   ESB-2007.0586 -- [UNIX/Linux][Debian]
     New iceweasel, iceape and xulrunner packages fix vulnerabilities
                               6 August 2007

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:              XULRunner
                      iceweasel
                      iceape
Publisher:            Debian
Operating System:     UNIX variants (UNIX, Linux, OSX)
                      Debian GNU/Linux 4.0
Impact:               Execute Arbitrary Code/Commands
Access:               Remote/Unauthenticated
CVE Names:            CVE-2007-3845 CVE-2007-3844

Ref:                  ESB-2007.0576

Original Bulletin:    http://www.debian.org/security/2007/dsa-1344
                      http://www.debian.org/security/2007/dsa-1345
                      http://www.debian.org/security/2007/dsa-1346

Comment: This bulletin contains three separate Debian advisories,
         addressing the same vulnerabilities in the Mozilla-based
         packages iceweasel, iceape and xulrunner.
         
         These products also run on platforms other than Debian. It is
         recommended that administrators running XULRunner, iceweasel or
         iceape check for an updated version of the software for their
         operating system.

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - --------------------------------------------------------------------------
Debian Security Advisory DSA 1344-1                    security@debian.org
http://www.debian.org/security/                         Moritz Muehlenhoff
August 3rd, 2007                        http://www.debian.org/security/faq
- - --------------------------------------------------------------------------

Package        : iceweasel
Vulnerability  : several
Problem-Type   : remote
Debian-specific: no
CVE ID         : CVE-2007-3844 CVE-2007-3845

Several remote vulnerabilities have been discovered in the Iceweasel web
browser, an unbranded version of the Firefox browser. The Common 
Vulnerabilities and Exposures project identifies the following problems:

CVE-2007-3844

    "moz_bug_r_a4" discovered that a regression in the handling of
    "about:blank" windows used by addons may lead to an attacker being
    able to modify the content of web sites.

CVE-2007-3845

    Jesper Johansson discovered that missing sanitising of double-quotes
    and spaces in URIs passed to external programs may allow an attacker
    to pass arbitrary arguments to the helper program if the user is
    tricked into opening a malformed web page.

The Mozilla products in the oldstable distribution (sarge) are no longer
supported with with security updates.

For the stable distribution (etch) these problems have been fixed in version
2.0.0.6-0etch1.

For the unstable distribution (sid) these problems have been fixed in version
2.0.0.6-1.

We recommend that you upgrade your iceweasel packages.


Upgrade Instructions
- - --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 4.0 alias etch
- - -------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.6-0etch1.dsc
      Size/MD5 checksum:     1286 6c5645d987f92f3ca740f6f8b32e629e
    http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.6-0etch1.diff.gz
      Size/MD5 checksum:   185637 9eec31b6ee5e26f7ab5c821276c7b07f
    http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.6.orig.tar.gz
      Size/MD5 checksum: 43921246 7926906f722ce63f1dc265584d4eedbb

  Architecture independent components:

    http://security.debian.org/pool/updates/main/i/iceweasel/firefox-dom-inspector_2.0.0.6-0etch1_all.deb
      Size/MD5 checksum:    53778 2ad158343a2ca999ad67c1e887e0f9a4
    http://security.debian.org/pool/updates/main/i/iceweasel/firefox-gnome-support_2.0.0.6-0etch1_all.deb
      Size/MD5 checksum:    53742 864665a331bb50b7f0b3e4710712fd4b
    http://security.debian.org/pool/updates/main/i/iceweasel/firefox_2.0.0.6-0etch1_all.deb
      Size/MD5 checksum:    53898 ab7dc7ed35b05c831a6a85c5c9bbd089
    http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dom-inspector_2.0.0.6-0etch1_all.deb
      Size/MD5 checksum:   235008 9794664bc04f4fdf58dc495c08e963f0
    http://security.debian.org/pool/updates/main/i/iceweasel/mozilla-firefox-dom-inspector_2.0.0.6-0etch1_all.deb
      Size/MD5 checksum:    53624 70bd9857cefdb0201189dfbc5195c374
    http://security.debian.org/pool/updates/main/i/iceweasel/mozilla-firefox-gnome-support_2.0.0.6-0etch1_all.deb
      Size/MD5 checksum:    53622 8a69ff7e8a0188ff7a3b49cd675c67c2
    http://security.debian.org/pool/updates/main/i/iceweasel/mozilla-firefox_2.0.0.6-0etch1_all.deb
      Size/MD5 checksum:    54420 91dcdf7f9efd927051f9c264a32ab53e

  Alpha architecture:

    http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.6-0etch1_alpha.deb
      Size/MD5 checksum: 11544126 14bcc2e02395e3110ec923e2f41b3e29
    http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.6-0etch1_alpha.deb
      Size/MD5 checksum: 51004986 50d1abe0929c6ac00da6f6e8a16a9b6a
    http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.6-0etch1_alpha.deb
      Size/MD5 checksum:    90654 0f46e4bda500f82cccda7fbc0df2fea6

  AMD64 architecture:

    http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.6-0etch1_amd64.deb
      Size/MD5 checksum: 10111134 0ca8d2dc23e248d6768ff964e036b804
    http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.6-0etch1_amd64.deb
      Size/MD5 checksum: 49984960 b271726a43c4bb31a6bfccec43281635
    http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.6-0etch1_amd64.deb
      Size/MD5 checksum:    87532 e4efccda84573a4365aaa3a3e1ccb624

  ARM architecture:

    http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.6-0etch1_arm.deb
      Size/MD5 checksum:  9157128 23228833df46ff483b3e3fce84b5bf33
    http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.6-0etch1_arm.deb
      Size/MD5 checksum: 49095538 dab2c26a8bdc39f50bd111e1cc7d7390
    http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.6-0etch1_arm.deb
      Size/MD5 checksum:    80964 813eb6eaaffd5b692f7ddbfc47041bf5

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.6-0etch1_hppa.deb
      Size/MD5 checksum: 11014234 a18629f4efc11a6d4ecd89fe84515f53
    http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.6-0etch1_hppa.deb
      Size/MD5 checksum: 50373572 5a15829f2665f64443836009ea21063b
    http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.6-0etch1_hppa.deb
      Size/MD5 checksum:    89036 34d450b917e57b5ca585468d2613dc0f

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.6-0etch1_i386.deb
      Size/MD5 checksum:  9083732 772d097f5b7092e6c6a69e6641a5934a
    http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.6-0etch1_i386.deb
      Size/MD5 checksum: 49398796 77d7a1a636b9887249169b2eb6003b94
    http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.6-0etch1_i386.deb
      Size/MD5 checksum:    81472 0d626e54ef0e4478cccda71c5f9b110b

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.6-0etch1_ia64.deb
      Size/MD5 checksum: 14098356 6414baef68a590e028d253b6840cd6d2
    http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.6-0etch1_ia64.deb
      Size/MD5 checksum: 50343230 8f27cfd66eba3d9058d03b75c59a214d
    http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.6-0etch1_ia64.deb
      Size/MD5 checksum:    99828 58778a84d9d4c059d9e829d009ff54f6

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.6-0etch1_mipsel.deb
      Size/MD5 checksum: 10723240 238e11b88a30a2f861b214bb91ed2904
    http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.6-0etch1_mipsel.deb
      Size/MD5 checksum: 52347770 1c81b1075719d0615a0ca1d7130baae8
    http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.6-0etch1_mipsel.deb
      Size/MD5 checksum:    82638 c266fa51db7e2477d0032491025e29e0

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.6-0etch1_powerpc.deb
      Size/MD5 checksum:  9898412 522fd840d7027f697e323566648c3131
    http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.6-0etch1_powerpc.deb
      Size/MD5 checksum: 51798476 0c268ca194a1c9fe1013f1adc4e6614b
    http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.6-0etch1_powerpc.deb
      Size/MD5 checksum:    83174 5d812a2ad6841945fe2ee3da76215301

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.6-0etch1_s390.deb
      Size/MD5 checksum: 10320458 5674ea90f298ba4a06a7eb408a25ad12
    http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.6-0etch1_s390.deb
      Size/MD5 checksum: 50666870 bd4cb8f829573bcb5d4958593dec9b8c
    http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.6-0etch1_s390.deb
      Size/MD5 checksum:    87550 6c2e27336d1b6ce1ec53d42ac419a38b

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.6-0etch1_sparc.deb
      Size/MD5 checksum:  9107982 cecf07a2546c06069e32d4b5af35bfae
    http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.6-0etch1_sparc.deb
      Size/MD5 checksum: 49010048 898a9bd9a7e17e7b4bd055c485180389
    http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.6-0etch1_sparc.deb
      Size/MD5 checksum:    81330 25467c48b6f67b16c7f035a6f335a7d5


  These files will probably be moved into the stable distribution on
  its next update.

- - ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFGs1A4Xm3vHE4uyloRAi/QAKCabXPwejAnGBcabW6taJ717b2+vACg3E9X
v3rrrb/TFXr5p698LvqsyxA=
=LpNz
- -----END PGP SIGNATURE-----



- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - --------------------------------------------------------------------------
Debian Security Advisory DSA 1346-1                    security@debian.org
http://www.debian.org/security/                         Moritz Muehlenhoff
August 4th, 2007                        http://www.debian.org/security/faq
- - --------------------------------------------------------------------------

Package        : iceape
Vulnerability  : several
Problem-Type   : remote
Debian-specific: no
CVE ID         : CVE-2007-3844 CVE-2007-3845

Several remote vulnerabilities have been discovered in the Iceape internet
suite, an unbranded version of the Seamonkey Internet Suite. The Common
Vulnerabilities and Exposures project identifies the following problems:

CVE-2007-3844

    "moz_bug_r_a4" discovered that a regression in the handling of
    "about:blank" windows used by addons may lead to an attacker being
    able to modify the content of web sites.

CVE-2007-3845

    Jesper Johansson discovered that missing sanitising of double-quotes
    and spaces in URIs passed to external programs may allow an attacker
    to pass arbitrary arguments to the helper program if the user is
    tricked into opening a malformed web page.

The Mozilla products in the oldstable distribution (sarge) are no longer
supported with with security updates.

For the stable distribution (etch) these problems have been fixed in version
1.0.10~pre070720-0etch3.

For the unstable distribution (sid) these problems have been fixed in version
1.1.3-2.

We recommend that you upgrade your iceape packages.


Upgrade Instructions
- - --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 4.0 alias etch
- - -------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/i/iceape/iceape_1.0.10~pre070720-0etch3.dsc
      Size/MD5 checksum:     1436 66da445dd4b97ad09509205d9c95cb91
    http://security.debian.org/pool/updates/main/i/iceape/iceape_1.0.10~pre070720-0etch3.diff.gz
      Size/MD5 checksum:   270276 c15adacbf5473e5088c4f86c24723f90
    http://security.debian.org/pool/updates/main/i/iceape/iceape_1.0.10~pre070720.orig.tar.gz
      Size/MD5 checksum: 43473332 245a8a7774ff47ef91177724130f8ea4

  Architecture independent components:

    http://security.debian.org/pool/updates/main/i/iceape/iceape-chatzilla_1.0.10~pre070720-0etch3_all.deb
      Size/MD5 checksum:   278862 e4bc75a794055347e6d783753ce15686
    http://security.debian.org/pool/updates/main/i/iceape/iceape-dev_1.0.10~pre070720-0etch3_all.deb
      Size/MD5 checksum:  3660096 6368fe33d6695c463723a0d779dbbf68
    http://security.debian.org/pool/updates/main/i/iceape/iceape_1.0.10~pre070720-0etch3_all.deb
      Size/MD5 checksum:    27976 eb5c9c2fe5656ad05dbf1bbe61fd1400
    http://security.debian.org/pool/updates/main/i/iceape/mozilla-browser_1.8+1.0.10~pre070720-0etch3_all.deb
      Size/MD5 checksum:    27512 0270d732726aa2fbc42636df4f53fe82
    http://security.debian.org/pool/updates/main/i/iceape/mozilla-calendar_1.8+1.0.10~pre070720-0etch3_all.deb
      Size/MD5 checksum:    26582 1ba43b858739aadc4a72caff8ad6a352
    http://security.debian.org/pool/updates/main/i/iceape/mozilla-chatzilla_1.8+1.0.10~pre070720-0etch3_all.deb
      Size/MD5 checksum:    26598 79cf169ca98208457d7836987ec6ff2a
    http://security.debian.org/pool/updates/main/i/iceape/mozilla-dev_1.8+1.0.10~pre070720-0etch3_all.deb
      Size/MD5 checksum:    26710 8c8d9a876c911ee6c13a7584adb17f70
    http://security.debian.org/pool/updates/main/i/iceape/mozilla-dom-inspector_1.8+1.0.10~pre070720-0etch3_all.deb
      Size/MD5 checksum:    26624 e9fed3b1ba4a5599a94766870558a491
    http://security.debian.org/pool/updates/main/i/iceape/mozilla-js-debugger_1.8+1.0.10~pre070720-0etch3_all.deb
      Size/MD5 checksum:    26614 d935253d3d6d08e97f417f4920fc79df
    http://security.debian.org/pool/updates/main/i/iceape/mozilla-mailnews_1.8+1.0.10~pre070720-0etch3_all.deb
      Size/MD5 checksum:    26598 285a27b44dd417d238495bb93da923a6
    http://security.debian.org/pool/updates/main/i/iceape/mozilla-psm_1.8+1.0.10~pre070720-0etch3_all.deb
      Size/MD5 checksum:    26586 c29d3a05295a95d6aefba315d988f120
    http://security.debian.org/pool/updates/main/i/iceape/mozilla_1.8+1.0.10~pre070720-0etch3_all.deb
      Size/MD5 checksum:    26570 9be19c8b022e56b5c5c1fbafba3f61a9

  Alpha architecture:

    http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.10~pre070720-0etch3_alpha.deb
      Size/MD5 checksum: 12871490 29796a3ab6f29f7d2a31bc211d1a3b38
    http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.10~pre070720-0etch3_alpha.deb
      Size/MD5 checksum:   625596 ce4437c9fbabfa7f4fe553626524d481
    http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.10~pre070720-0etch3_alpha.deb
      Size/MD5 checksum: 60581292 0b0789d0cbee8e46fd78d3e01b84674b
    http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.10~pre070720-0etch3_alpha.deb
      Size/MD5 checksum:   197156 632847a3944ebbffee5bae33ad7f48f9
    http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.10~pre070720-0etch3_alpha.deb
      Size/MD5 checksum:    53392 0a98fe620b0b49eafd4055926741afa5
    http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.10~pre070720-0etch3_alpha.deb
      Size/MD5 checksum:  2282124 74d9e8b8fc063d9a2c0c1bea1d4daac9

  AMD64 architecture:

    http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.10~pre070720-0etch3_amd64.deb
      Size/MD5 checksum: 11649922 598b82ffb6bf8efd8fa831bedbb9ff6b
    http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.10~pre070720-0etch3_amd64.deb
      Size/MD5 checksum:   608826 10ecf3acf60df3afd0aab632d2da18f8
    http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.10~pre070720-0etch3_amd64.deb
      Size/MD5 checksum: 59572054 8bcb5249b318a29f3d893e76f8562e3c
    http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.10~pre070720-0etch3_amd64.deb
      Size/MD5 checksum:   194242 8d266d5d6efcf0ee4ce55a01d1849327
    http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.10~pre070720-0etch3_amd64.deb
      Size/MD5 checksum:    52854 4548aa9e07c47ba2e0cea1983aed22cb
    http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.10~pre070720-0etch3_amd64.deb
      Size/MD5 checksum:  2090946 2b4b2ce133068921c92ea527341af22d

  ARM architecture:

    http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.10~pre070720-0etch3_arm.deb
      Size/MD5 checksum: 10388778 91db8be09bc2644647994501dd4e9f94
    http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.10~pre070720-0etch3_arm.deb
      Size/MD5 checksum:   582276 f5084bb84bcee566ca6cdc3031f0115b
    http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.10~pre070720-0etch3_arm.deb
      Size/MD5 checksum: 58736630 7be68d5adf5869815fe126b32aa2780d
    http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.10~pre070720-0etch3_arm.deb
      Size/MD5 checksum:   188318 ecb4535d6a70879e5cf3b40e91c3feba
    http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.10~pre070720-0etch3_arm.deb
      Size/MD5 checksum:    47546 2245934b83783b9ce219ede8d24e8685
    http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.10~pre070720-0etch3_arm.deb
      Size/MD5 checksum:  1907286 b3c092e8321386b382d40ced0a9656ee

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.10~pre070720-0etch3_i386.deb
      Size/MD5 checksum: 10458656 39010ec6c30a9de7839047382f1b410e
    http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.10~pre070720-0etch3_i386.deb
      Size/MD5 checksum:   588168 afd7de7e03cf0c48fa7f3e5452775d09
    http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.10~pre070720-0etch3_i386.deb
      Size/MD5 checksum: 58650042 adb7d80b3b9953647cb220cfe80e8628
    http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.10~pre070720-0etch3_i386.deb
      Size/MD5 checksum:   188950 3c30bf530070b2a8c676a2be126a89b4
    http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.10~pre070720-0etch3_i386.deb
      Size/MD5 checksum:    47928 48e2e91f605b7acc76cae0f6ec3b64e0
    http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.10~pre070720-0etch3_i386.deb
      Size/MD5 checksum:  1889960 12b3fee32c72f4d820fb3bb69bbfafa3

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.10~pre070720-0etch3_ia64.deb
      Size/MD5 checksum: 15768358 87221c7a15933a1d33d6aaec573edecd
    http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.10~pre070720-0etch3_ia64.deb
      Size/MD5 checksum:   661030 2c2838943b8eb3ecc818e7031f372c25
    http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.10~pre070720-0etch3_ia64.deb
      Size/MD5 checksum: 59850658 53354ad4f8c5abc614e724907259e324
    http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.10~pre070720-0etch3_ia64.deb
      Size/MD5 checksum:   203906 b9d1918e0bfb6d8122e12ce94892e0de
    http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.10~pre070720-0etch3_ia64.deb
      Size/MD5 checksum:    61424 833205aabbf5d43d7aa37be16191e7db
    http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.10~pre070720-0etch3_ia64.deb
      Size/MD5 checksum:  2815984 cd1d559271c3be01cf992b54781f475f

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.10~pre070720-0etch3_mipsel.deb
      Size/MD5 checksum: 10896410 48d9112257bfe46d49873d48e9a978d9
    http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.10~pre070720-0etch3_mipsel.deb
      Size/MD5 checksum:   595110 8befb8dde48b2c26ef35a24e5941c6ea
    http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.10~pre070720-0etch3_mipsel.deb
      Size/MD5 checksum: 59789352 2ba792d018a5d4aa018d2f8cb4ec1701
    http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.10~pre070720-0etch3_mipsel.deb
      Size/MD5 checksum:   190420 cf969199ea40531e7e1f78c2623474cf
    http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.10~pre070720-0etch3_mipsel.deb
      Size/MD5 checksum:    49222 2721ccffcbc295cd4833fea0ffffb110
    http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.10~pre070720-0etch3_mipsel.deb
      Size/MD5 checksum:  1940716 a68d1d02af83dc2ec221c29b34733411

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.10~pre070720-0etch3_powerpc.deb
      Size/MD5 checksum: 11296084 21422a619f4c19e27c3a83fcd05df7e8
    http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.10~pre070720-0etch3_powerpc.deb
      Size/MD5 checksum:   595570 7a54ea060357043d238b7f6f0f2950ac
    http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.10~pre070720-0etch3_powerpc.deb
      Size/MD5 checksum: 61574438 2758cdb970409d44f9679f15f377559c
    http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.10~pre070720-0etch3_powerpc.deb
      Size/MD5 checksum:   191292 e32d670d121005099e31bdb600fd823b
    http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.10~pre070720-0etch3_powerpc.deb
      Size/MD5 checksum:    48856 c9a3281ab7d456a0fccd756a3f41ea7f
    http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.10~pre070720-0etch3_powerpc.deb
      Size/MD5 checksum:  2005666 cfec107045392dbadffc0694735ec670

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.10~pre070720-0etch3_s390.deb
      Size/MD5 checksum: 12271986 f3449eea99beebf302ef531e319e0d9d
    http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.10~pre070720-0etch3_s390.deb
      Size/MD5 checksum:   610992 1fb0e07075f063c74b7697007b99dbb7
    http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.10~pre070720-0etch3_s390.deb
      Size/MD5 checksum: 60330846 5853467308184dd3b4bc4f57d0d7b96f
    http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.10~pre070720-0etch3_s390.deb
      Size/MD5 checksum:   196098 634f4353e389c2b0bc322981f0be9f3c
    http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.10~pre070720-0etch3_s390.deb
      Size/MD5 checksum:    53438 a1cca7e4b89cdd2869480b7ad5426848
    http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.10~pre070720-0etch3_s390.deb
      Size/MD5 checksum:  2184940 66189e26fe37accc875c5464f186f340

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.10~pre070720-0etch3_sparc.deb
      Size/MD5 checksum: 10642440 711f992794dbce40c041b6523d25efc8
    http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.10~pre070720-0etch3_sparc.deb
      Size/MD5 checksum:   584580 b051c601a46ab372fb55010664604631
    http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.10~pre070720-0etch3_sparc.deb
      Size/MD5 checksum: 58473150 b88be50b4d70ffdd13b6bc3b7a4cb211
    http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.10~pre070720-0etch3_sparc.deb
      Size/MD5 checksum:   188878 b35ef540f8c377f8d00c391dddea72cb
    http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.10~pre070720-0etch3_sparc.deb
      Size/MD5 checksum:    47512 23735ff78cb04ce1da6b8be26df047dc
    http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.10~pre070720-0etch3_sparc.deb
      Size/MD5 checksum:  1894918 c145962558e653604fe6024d6d86eb9b


  These files will probably be moved into the stable distribution on
  its next update.

- - ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFGtGiqXm3vHE4uyloRAqZlAJ9iFieUQEfpSvFsf3hr0YvI/CTUVQCfVftq
yEy98P8qlJkoLsNR7M8plRw=
=fmyS
- -----END PGP SIGNATURE-----



- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - --------------------------------------------------------------------------
Debian Security Advisory DSA 1345-1                    security@debian.org
http://www.debian.org/security/                         Moritz Muehlenhoff
August 4th, 2007                        http://www.debian.org/security/faq
- - --------------------------------------------------------------------------

Package        : xulrunner
Vulnerability  : several
Problem-Type   : remote
Debian-specific: no
CVE ID         : CVE-2007-3844 CVE-2007-3845

Several remote vulnerabilities have been discovered in Xulrunner, a
runtime environment for XUL applications. The Common Vulnerabilities
and Exposures project identifies the following problems:

CVE-2007-3844

    "moz_bug_r_a4" discovered that a regression in the handling of
    "about:blank" windows used by addons may lead to an attacker being
    able to modify the content of web sites.

CVE-2007-3845

    Jesper Johansson discovered that missing sanitising of double-quotes
    and spaces in URIs passed to external programs may allow an attacker
    to pass arbitrary arguments to the helper program if the user is
    tricked into opening a malformed web page.

The oldstable distribution (sarge) doesn't include xulrunner.

For the stable distribution (etch) these problems have been fixed in version
1.8.0.13~pre070720-0etch3.

For the unstable distribution (sid) these problems have been fixed in version
1.8.1.6-1.

We recommend that you upgrade your xulrunner packages.


Upgrade Instructions
- - --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 4.0 alias etch
- - -------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.13~pre070720-0etch3.dsc
      Size/MD5 checksum:     1343 dbd3a3e5bb2625c5d7fca33f4b7fd0c7
    http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.13~pre070720-0etch3.diff.gz
      Size/MD5 checksum:   145744 68b03625cd8b9dfb9e21c6bbac6f05f5
    http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.13~pre070720.orig.tar.gz
      Size/MD5 checksum: 41410770 e30ab38e9926b780baf7b500fb6201ab

  Architecture independent components:

    http://security.debian.org/pool/updates/main/x/xulrunner/libmozillainterfaces-java_1.8.0.13~pre070720-0etch3_all.deb
      Size/MD5 checksum:  1025812 2dee7c156facf681e14e97dbe9e4ec61
    http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.8.0.13~pre070720-0etch3_all.deb
      Size/MD5 checksum:   175276 2d0744fde889898d039fe88bf261f7fe
    http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-dev_1.8.0.13~pre070720-0etch3_all.deb
      Size/MD5 checksum:   206342 2730bcfc7ec21a5fcf3be768429a633e
    http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-dev_1.8.0.13~pre070720-0etch3_all.deb
      Size/MD5 checksum:   229870 ac01cb6a914ea2948fa0b40006327d31
    http://security.debian.org/pool/updates/main/x/xulrunner/libsmjs-dev_1.8.0.13~pre070720-0etch3_all.deb
      Size/MD5 checksum:    35198 c6e48ade347877975bab6a917dd6fb6e
    http://security.debian.org/pool/updates/main/x/xulrunner/libsmjs1_1.8.0.13~pre070720-0etch3_all.deb
      Size/MD5 checksum:    35162 3a2f2d4b3040efe0a27333916b47bda8
    http://security.debian.org/pool/updates/main/x/xulrunner/libxul-common_1.8.0.13~pre070720-0etch3_all.deb
      Size/MD5 checksum:  1048126 df59b35db38a5b01ab2532840274a452
    http://security.debian.org/pool/updates/main/x/xulrunner/libxul-dev_1.8.0.13~pre070720-0etch3_all.deb
      Size/MD5 checksum:  2630136 0e40d0620546e4b87507116a8f794724

  Alpha architecture:

    http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d_1.8.0.13~pre070720-0etch3_alpha.deb
      Size/MD5 checksum:   384452 0e7c982f22dbd8fc25501f17c3503f67
    http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d-dbg_1.8.0.13~pre070720-0etch3_alpha.deb
      Size/MD5 checksum:   763812 9928525686432e64b56d214f4ab24d5b
    http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d_1.8.0.13~pre070720-0etch3_alpha.deb
      Size/MD5 checksum:   160592 d96aee2d9141d9c738ef70ce57e56653
    http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d-dbg_1.8.0.13~pre070720-0etch3_alpha.deb
      Size/MD5 checksum:   300318 b9a064a38970fc166dc49a9a21527f79
    http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d_1.8.0.13~pre070720-0etch3_alpha.deb
      Size/MD5 checksum:   905726 c7b12d8206652435ca1ad7caa6197c4c
    http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d-dbg_1.8.0.13~pre070720-0etch3_alpha.deb
      Size/MD5 checksum:  3185688 73edb6bb50e61b9fcd0022d7448a2c56
    http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-tools_1.8.0.13~pre070720-0etch3_alpha.deb
      Size/MD5 checksum:   737654 ad3eda0c05d7d0aabba837cd1c5b4e54
    http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d_1.8.0.13~pre070720-0etch3_alpha.deb
      Size/MD5 checksum:  7319242 78fc18a284f304afc5658c719bce3481
    http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d-dbg_1.8.0.13~pre070720-0etch3_alpha.deb
      Size/MD5 checksum: 45904322 8be0d432242e9129700f387ced0439a5
    http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.8.0.13~pre070720-0etch3_alpha.deb
      Size/MD5 checksum:   129512 db20c210605c0411a1b105f93cbc3a1c
    http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.8.0.13~pre070720-0etch3_alpha.deb
      Size/MD5 checksum:    51608 4f81fbf2bbc1489bf80a2ae36ba297d9
    http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.13~pre070720-0etch3_alpha.deb
      Size/MD5 checksum:   290464 e49153c41f2bedba00cdad598859e6db
    http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-gnome-support_1.8.0.13~pre070720-0etch3_alpha.deb
      Size/MD5 checksum:    70000 21a181f109a1d718acfb91eca58ab46d

  AMD64 architecture:

    http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d_1.8.0.13~pre070720-0etch3_amd64.deb
      Size/MD5 checksum:   353990 64169b5b446712290f034f9fa54de9b3
    http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d-dbg_1.8.0.13~pre070720-0etch3_amd64.deb
      Size/MD5 checksum:   752414 fbb3938ab8d8ccbeaf616fd5c2e04787
    http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d_1.8.0.13~pre070720-0etch3_amd64.deb
      Size/MD5 checksum:   147248 bde468e71342ca5426f223b3a139eb39
    http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d-dbg_1.8.0.13~pre070720-0etch3_amd64.deb
      Size/MD5 checksum:   303022 78d35fedf52d632328b443814e932b73
    http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d_1.8.0.13~pre070720-0etch3_amd64.deb
      Size/MD5 checksum:   807974 9a0e5e8c32f8fdf994746ac9962cd731
    http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d-dbg_1.8.0.13~pre070720-0etch3_amd64.deb
      Size/MD5 checksum:  3172586 3b169384d33f2bb857846cd231904a33
    http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-tools_1.8.0.13~pre070720-0etch3_amd64.deb
      Size/MD5 checksum:   669080 a90ff5b76c702b721f118d6a4d54c477
    http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d_1.8.0.13~pre070720-0etch3_amd64.deb
      Size/MD5 checksum:  6315934 f536f2cb79fa15c5dcd01dcd6a2f9246
    http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d-dbg_1.8.0.13~pre070720-0etch3_amd64.deb
      Size/MD5 checksum: 45115198 0081a4a1cfcc624bd90295bf76bb8f9c
    http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.8.0.13~pre070720-0etch3_amd64.deb
      Size/MD5 checksum:   124516 5ff71a37e8656513e7c65d5a2d249ecf
    http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.8.0.13~pre070720-0etch3_amd64.deb
      Size/MD5 checksum:    51432 fec31a840d8bbb92109f0e8990df5b7e
    http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.13~pre070720-0etch3_amd64.deb
      Size/MD5 checksum:   276528 813e9892b2af0309ee6f5e5ecf899b9e
    http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-gnome-support_1.8.0.13~pre070720-0etch3_amd64.deb
      Size/MD5 checksum:    67888 8d15b6f08630b24d1cbc08e59d098ae4

  ARM architecture:

    http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d_1.8.0.13~pre070720-0etch3_arm.deb
      Size/MD5 checksum:   324456 b6e3fcf84e32b9873bc6957caa71cf92
    http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d-dbg_1.8.0.13~pre070720-0etch3_arm.deb
      Size/MD5 checksum:   702384 9137800b2bd6954b75cac374d2234271
    http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d_1.8.0.13~pre070720-0etch3_arm.deb
      Size/MD5 checksum:   134584 0b6702d5592acbd8324d39b6dec651f3
    http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d-dbg_1.8.0.13~pre070720-0etch3_arm.deb
      Size/MD5 checksum:   289904 2e5a46af1aea795a77df1c2f864f4dc7
    http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d_1.8.0.13~pre070720-0etch3_arm.deb
      Size/MD5 checksum:   730166 2fe617ec200410b2aa3c943717056d0d
    http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d-dbg_1.8.0.13~pre070720-0etch3_arm.deb
      Size/MD5 checksum:  2966096 9b09d87d7791b0c8d7606eda20dab381
    http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-tools_1.8.0.13~pre070720-0etch3_arm.deb
      Size/MD5 checksum:   592994 ed93a2d9c5d4addcd8e58f02484293f1
    http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d_1.8.0.13~pre070720-0etch3_arm.deb
      Size/MD5 checksum:  5349820 ed66d997634fc83d01598e48dd5ef059
    http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d-dbg_1.8.0.13~pre070720-0etch3_arm.deb
      Size/MD5 checksum: 44632536 66a6042b7cc967ed43ed0409bb355b29
    http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.8.0.13~pre070720-0etch3_arm.deb
      Size/MD5 checksum:   116548 da6448268aab2fec2d80eea3b263b216
    http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.8.0.13~pre070720-0etch3_arm.deb
      Size/MD5 checksum:    49820 84755a5c85b1572b2acd104c6dad27c9
    http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.13~pre070720-0etch3_arm.deb
      Size/MD5 checksum:   263642 5a4dc3d7f6ab50edfa7a74273d32b808
    http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-gnome-support_1.8.0.13~pre070720-0etch3_arm.deb
      Size/MD5 checksum:    61994 33851f80ee386d38b025edf2be362f62

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d_1.8.0.13~pre070720-0etch3_hppa.deb
      Size/MD5 checksum:   388350 2d4afd12c16479b1a7a065027ad4d2b8
    http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d-dbg_1.8.0.13~pre070720-0etch3_hppa.deb
      Size/MD5 checksum:   749940 6bd37e6472a3c381178f3f110b75082f
    http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d_1.8.0.13~pre070720-0etch3_hppa.deb
      Size/MD5 checksum:   158980 d4b6db0e6c9e00d674e0e087d7c0680f
    http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d-dbg_1.8.0.13~pre070720-0etch3_hppa.deb
      Size/MD5 checksum:   300290 060519cfd7cc2748613cbb7e75f2e3f1
    http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d_1.8.0.13~pre070720-0etch3_hppa.deb
      Size/MD5 checksum:   873494 c837ba8f7152e9a3457bedf436f7e100
    http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d-dbg_1.8.0.13~pre070720-0etch3_hppa.deb
      Size/MD5 checksum:  3101738 f502fcfd1ddb27c1ab44df1ad492a87f
    http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-tools_1.8.0.13~pre070720-0etch3_hppa.deb
      Size/MD5 checksum:   702216 ff4a8270dc00bbbb2b0b2f556cdd0267
    http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d_1.8.0.13~pre070720-0etch3_hppa.deb
      Size/MD5 checksum:  7521276 96cbbe3b811fd1e9a0d5d8068e818384
    http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d-dbg_1.8.0.13~pre070720-0etch3_hppa.deb
      Size/MD5 checksum: 46018326 1147715127aaf8d92222c7e3d9a3e82b
    http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.8.0.13~pre070720-0etch3_hppa.deb
      Size/MD5 checksum:   131808 e9c1e62192683d6a426f944316259e99
    http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.8.0.13~pre070720-0etch3_hppa.deb
      Size/MD5 checksum:    52056 db9130c84cc09631306d97f287ccf85a
    http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.13~pre070720-0etch3_hppa.deb
      Size/MD5 checksum:   285832 623e22c660ca0640666db3709779c24b
    http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-gnome-support_1.8.0.13~pre070720-0etch3_hppa.deb
      Size/MD5 checksum:    69550 ac2297bc75082c8c0eb2d32d0b2ed248

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d_1.8.0.13~pre070720-0etch3_i386.deb
      Size/MD5 checksum:   334030 29bd14bde68260ac4b273dcd1b2b930e
    http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d-dbg_1.8.0.13~pre070720-0etch3_i386.deb
      Size/MD5 checksum:   710022 6e67f0b53a7a68282aa3b549bebd3324
    http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d_1.8.0.13~pre070720-0etch3_i386.deb
      Size/MD5 checksum:   138128 7cdc1f50dae06c0fa91299bc3a37d7ef
    http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d-dbg_1.8.0.13~pre070720-0etch3_i386.deb
      Size/MD5 checksum:   294884 ca71776d77041655ae3b89caf4d7b8ac
    http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d_1.8.0.13~pre070720-0etch3_i386.deb
      Size/MD5 checksum:   741046 58b3e4bbc2e4d9b2b87f566516af131a
    http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d-dbg_1.8.0.13~pre070720-0etch3_i386.deb
      Size/MD5 checksum:  3032634 834ee201037a557aa37f23aa53c7d35a
    http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-tools_1.8.0.13~pre070720-0etch3_i386.deb
      Size/MD5 checksum:   626706 b72ee37d8b4655e3884b2b573e7cca87
    http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d_1.8.0.13~pre070720-0etch3_i386.deb
      Size/MD5 checksum:  5359414 d7cfd6f15b967c84338b2d8efb4345c1
    http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d-dbg_1.8.0.13~pre070720-0etch3_i386.deb
      Size/MD5 checksum: 44592224 7089d3970af58cbcbc1a61e1fc962389
    http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.8.0.13~pre070720-0etch3_i386.deb
      Size/MD5 checksum:   116636 267a8858ec21278df9798932e9be0f67
    http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.8.0.13~pre070720-0etch3_i386.deb
      Size/MD5 checksum:    50130 6e56d289007a3708f8c913a05915df5f
    http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.13~pre070720-0etch3_i386.deb
      Size/MD5 checksum:   266444 43d61b81435cc12ceac5b2fef87bde84
    http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-gnome-support_1.8.0.13~pre070720-0etch3_i386.deb
      Size/MD5 checksum:    62282 3c3a9697ef21fafeb94a79193dd65408

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d_1.8.0.13~pre070720-0etch3_ia64.deb
      Size/MD5 checksum:   530230 b6e66f61e5c687dddce60be51c0bee5c
    http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d-dbg_1.8.0.13~pre070720-0etch3_ia64.deb
      Size/MD5 checksum:   755416 93bf2e2bf9fafb05cdba808111d3068f
    http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d_1.8.0.13~pre070720-0etch3_ia64.deb
      Size/MD5 checksum:   197504 72f57a8bb0713338aa0f9825643e0afb
    http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d-dbg_1.8.0.13~pre070720-0etch3_ia64.deb
      Size/MD5 checksum:   285800 0aa4fd02e0bf3d1cfdd9a9ecd47c9d2a
    http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d_1.8.0.13~pre070720-0etch3_ia64.deb
      Size/MD5 checksum:  1121086 75d93105d77e57b4921e7a053dea4263
    http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d-dbg_1.8.0.13~pre070720-0etch3_ia64.deb
      Size/MD5 checksum:  3051290 bedb9d006974240a4f96caf1ea835833
    http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-tools_1.8.0.13~pre070720-0etch3_ia64.deb
      Size/MD5 checksum:   936622 5fb55dceb961649d9b5cd88963e99ba9
    http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d_1.8.0.13~pre070720-0etch3_ia64.deb
      Size/MD5 checksum:  9646400 5d1e432bd6dc3bb7bc3d7375778b0e5c
    http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d-dbg_1.8.0.13~pre070720-0etch3_ia64.deb
      Size/MD5 checksum: 45309820 bdfeb9abe2967581e83050e92b43082e
    http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.8.0.13~pre070720-0etch3_ia64.deb
      Size/MD5 checksum:   148336 dcc13d4f93f66cf93df4750aadda865b
    http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.8.0.13~pre070720-0etch3_ia64.deb
      Size/MD5 checksum:    55944 17aad342c3dcd24faba7af0255200f04
    http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.13~pre070720-0etch3_ia64.deb
      Size/MD5 checksum:   332004 bf7ab811210da474b4ac0ee62d0dac3b
    http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-gnome-support_1.8.0.13~pre070720-0etch3_ia64.deb
      Size/MD5 checksum:    79478 bf2e45a5a5685df1868714f20c88e9bd

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d_1.8.0.13~pre070720-0etch3_mipsel.deb
      Size/MD5 checksum:   349394 99ed07237972f5aae7bd7b47470c7631
    http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d-dbg_1.8.0.13~pre070720-0etch3_mipsel.deb
      Size/MD5 checksum:   764436 4a8758ccd2c25b377eb2e77649921d4d
    http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d_1.8.0.13~pre070720-0etch3_mipsel.deb
      Size/MD5 checksum:   144654 546e40d757d6d37762a528d41b63542e
    http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d-dbg_1.8.0.13~pre070720-0etch3_mipsel.deb
      Size/MD5 checksum:   304438 e8d10bf5c1738e0388acf635b5b6bdb2
    http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d_1.8.0.13~pre070720-0etch3_mipsel.deb
      Size/MD5 checksum:   784226 d8d394553ca107149dcf22ea273be18c
    http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d-dbg_1.8.0.13~pre070720-0etch3_mipsel.deb
      Size/MD5 checksum:  3185512 da78429b9b816e8834c946d10c6f8f93
    http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-tools_1.8.0.13~pre070720-0etch3_mipsel.deb
      Size/MD5 checksum:   669116 2613da1fd7dc28cd05eeb51e0e702071
    http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d_1.8.0.13~pre070720-0etch3_mipsel.deb
      Size/MD5 checksum:  5731608 10f7c5bf1d3aab81ec1ed2351f69e636
    http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d-dbg_1.8.0.13~pre070720-0etch3_mipsel.deb
      Size/MD5 checksum: 45254888 bbe5c3acc0dee48d15f2cc1135d76c86
    http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.8.0.13~pre070720-0etch3_mipsel.deb
      Size/MD5 checksum:   117194 ef0384146d78751dfccbe60eaf199a8d
    http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.8.0.13~pre070720-0etch3_mipsel.deb
      Size/MD5 checksum:    50646 6daeeda22f93cd3f428a1ad16a983597
    http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.13~pre070720-0etch3_mipsel.deb
      Size/MD5 checksum:   273098 436aee983bdd918bf026f39b243ded25
    http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-gnome-support_1.8.0.13~pre070720-0etch3_mipsel.deb
      Size/MD5 checksum:    63556 249337178df86f8a96ab3f0933e610e5

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d_1.8.0.13~pre070720-0etch3_powerpc.deb
      Size/MD5 checksum:   347886 1ec5e4a25f50a6b93461e104dadadd70
    http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d-dbg_1.8.0.13~pre070720-0etch3_powerpc.deb
      Size/MD5 checksum:   772024 7790fac9f70877c44867cb2d1c6545be
    http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d_1.8.0.13~pre070720-0etch3_powerpc.deb
      Size/MD5 checksum:   146442 85cc5f50518aaf7a70fc6ccd36d367f3
    http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d-dbg_1.8.0.13~pre070720-0etch3_powerpc.deb
      Size/MD5 checksum:   309686 f40e1758df0c3b1e53c22f7cef6ba606
    http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d_1.8.0.13~pre070720-0etch3_powerpc.deb
      Size/MD5 checksum:   808802 f35b85cf0f24b6bcf5959fd5851f8dae
    http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d-dbg_1.8.0.13~pre070720-0etch3_powerpc.deb
      Size/MD5 checksum:  3206828 de8bd6a0bd8809548abfb7bb12009f4e
    http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-tools_1.8.0.13~pre070720-0etch3_powerpc.deb
      Size/MD5 checksum:   638744 a008710c0f0dac99b6b89f5948640240
    http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d_1.8.0.13~pre070720-0etch3_powerpc.deb
      Size/MD5 checksum:  6067218 44f36d438a2941090ea2afa8f2a2ba62
    http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d-dbg_1.8.0.13~pre070720-0etch3_powerpc.deb
      Size/MD5 checksum: 46659394 338c04684890476a1ee202d91edf4dd8
    http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.8.0.13~pre070720-0etch3_powerpc.deb
      Size/MD5 checksum:   122346 c4f1efda60350b2686f5f12eb85bffa9
    http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.8.0.13~pre070720-0etch3_powerpc.deb
      Size/MD5 checksum:    51908 8bdab1ad9e6f27b854f1dc435161d992
    http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.13~pre070720-0etch3_powerpc.deb
      Size/MD5 checksum:   277148 fac05ee30ce0e36c2d0a3c5c74c76d17
    http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-gnome-support_1.8.0.13~pre070720-0etch3_powerpc.deb
      Size/MD5 checksum:    63542 9e069d009f5bbaa1ca89975ee41a07b2

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d_1.8.0.13~pre070720-0etch3_s390.deb
      Size/MD5 checksum:   370830 1db8096c773d1bf0bb3e1ade998b0047
    http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d-dbg_1.8.0.13~pre070720-0etch3_s390.deb
      Size/MD5 checksum:   754672 e446cd658e81652293bd58b5cc4b5d9d
    http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d_1.8.0.13~pre070720-0etch3_s390.deb
      Size/MD5 checksum:   159026 014091760e051c31117d57a2cf8e228b
    http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d-dbg_1.8.0.13~pre070720-0etch3_s390.deb
      Size/MD5 checksum:   305208 1b3797d6c32fa751837eb923c53d6763
    http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d_1.8.0.13~pre070720-0etch3_s390.deb
      Size/MD5 checksum:   897298 913a9864763e8a682476998efe2b75d2
    http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d-dbg_1.8.0.13~pre070720-0etch3_s390.deb
      Size/MD5 checksum:  3179912 1f4ed8feff056a62b8a687128a413c6c
    http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-tools_1.8.0.13~pre070720-0etch3_s390.deb
      Size/MD5 checksum:   687354 ab90e3a1585d5b56b1510a78f178d1a4
    http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d_1.8.0.13~pre070720-0etch3_s390.deb
      Size/MD5 checksum:  6789624 4f4e2524afd72dedee2dd0b42392b63d
    http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d-dbg_1.8.0.13~pre070720-0etch3_s390.deb
      Size/MD5 checksum: 45980748 547322da2ee28419c3751725889b9374
    http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.8.0.13~pre070720-0etch3_s390.deb
      Size/MD5 checksum:   125362 0fad68b653d293531f7f5fa56e4619dd
    http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.8.0.13~pre070720-0etch3_s390.deb
      Size/MD5 checksum:    52140 952eac3ac0b6d36e5e53f22334a3db35
    http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.13~pre070720-0etch3_s390.deb
      Size/MD5 checksum:   280996 fbb1766d8c8f829ca56590e98fc4da79
    http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-gnome-support_1.8.0.13~pre070720-0etch3_s390.deb
      Size/MD5 checksum:    68484 be027287e3c40671569a417061288f74

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d_1.8.0.13~pre070720-0etch3_sparc.deb
      Size/MD5 checksum:   321698 5f005606847d2ad573b35fc80706f812
    http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d-dbg_1.8.0.13~pre070720-0etch3_sparc.deb
      Size/MD5 checksum:   673540 cc2dcb4786d0d5aa4859d12758124daf
    http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d_1.8.0.13~pre070720-0etch3_sparc.deb
      Size/MD5 checksum:   135230 288154a62f5c8b06eb5c7d2078005cfa
    http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d-dbg_1.8.0.13~pre070720-0etch3_sparc.deb
      Size/MD5 checksum:   282638 454888e97cec5eda028956416251c38c
    http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d_1.8.0.13~pre070720-0etch3_sparc.deb
      Size/MD5 checksum:   718390 d5d25644099147ddcb05fa5dd62dce14
    http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d-dbg_1.8.0.13~pre070720-0etch3_sparc.deb
      Size/MD5 checksum:  2853770 426df3b7a2bd4ef95d90d1f1dcfcbd5d
    http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-tools_1.8.0.13~pre070720-0etch3_sparc.deb
      Size/MD5 checksum:   584568 2116124ab1648ee6f65c06e08e30e825
    http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d_1.8.0.13~pre070720-0etch3_sparc.deb
      Size/MD5 checksum:  5667558 e09dec2fb265e508c054530d979a487c
    http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d-dbg_1.8.0.13~pre070720-0etch3_sparc.deb
      Size/MD5 checksum: 44689266 b21e7efbe1b3e20e94073d4f35184cf4
    http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.8.0.13~pre070720-0etch3_sparc.deb
      Size/MD5 checksum:   117398 a6559c72521efcf839e58b3812b01ebd
    http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.8.0.13~pre070720-0etch3_sparc.deb
      Size/MD5 checksum:    50020 b4ed31862abc6d43aa3b5753ac9d9daa
    http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.13~pre070720-0etch3_sparc.deb
      Size/MD5 checksum:   259470 69690b07059b1b00c551c17011c8caf9
    http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-gnome-support_1.8.0.13~pre070720-0etch3_sparc.deb
      Size/MD5 checksum:    61834 47fc11640a7330165a6dbfb2dd2049a4


  These files will probably be moved into the stable distribution on
  its next update.

- - ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFGtGX5Xm3vHE4uyloRAtOHAJ9bmqAmSGdFcjALIuRyDFOILmhDOQCeJIHS
ButLX+sr7mvMTMLmLok6ICo=
=N+9U
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        http://www.auscert.org.au/render.html?cid=1980

If you believe that your computer system has been compromised or attacked in 
any way, we encourage you to let us know by completing the secure National IT 
Incident Reporting Form at:

        http://www.auscert.org.au/render.html?it=3192

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================

-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQCVAwUBRrZ1uyh9+71yA2DNAQJ+/AP8DrLT/xAoiaHMvqT/j4/1RcJHXI+vptUL
xj3YpxmHqUrl276aRjMzXW282YtdThGO0kuhq7rwFNxcR2+6xLM8NBjEMoPv4EX+
emhSAWE5LvYCBLvEWV9O5z+SeV5kV2A/yuA6tlaLjf6zN1NwiYMkKsRnMGSK7u+5
qjkFCIrHejU=
=4bJO
-----END PGP SIGNATURE-----