-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                   ESB-2009.0050 -- [UNIX/Linux][Debian]
            New xulrunner packages fix several vulnerabilities
                              15 January 2009

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:              xulrunner
Publisher:            Debian
Operating System:     Debian GNU/Linux 4.0
                      UNIX variants (UNIX, Linux, OSX)
Impact:               Execute Arbitrary Code/Commands
                      Cross-site Scripting
                      Denial of Service
                      Inappropriate Access
                      Provide Misleading Information
Access:               Remote/Unauthenticated
CVE Names:            CVE-2008-5512 CVE-2008-5511 CVE-2008-5508
                      CVE-2008-5507 CVE-2008-5506 CVE-2008-5503
                      CVE-2008-5500

Ref:                  ESB-2009.0015

Original Bulletin:    http://www.debian.org/security/2009/dsa-1704

Comment: This advisory references vulnerabilities in products which run on
         platforms other than Debian. It is recommended that administrators
         running xulrunner check for an updated version of the software for
         their operating system.

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - ------------------------------------------------------------------------
Debian Security Advisory DSA-1704                    security@debian.org
http://www.debian.org/security/                           Steffen Joeris
January 14, 2009                      http://www.debian.org/security/faq
- - ------------------------------------------------------------------------

Package        : xulrunner
Vulnerability  : several vulnerabilities
Problem type   : remote
Debian-specific: no
CVE ID         : CVE-2008-5500 CVE-2008-5503 CVE-2008-5506 CVE-2008-5507 CVE-2008-5508 CVE-2008-5511 CVE-2008-5512

Several remote vulnerabilities have been discovered in Xulrunner, a
runtime environment for XUL applications. The Common Vulnerabilities and
Exposures project identifies the following problems:

CVE-2008-5500

   Jesse Ruderman  discovered that the layout engine is vulnerable to
   DoS attacks that might trigger memory corruption and an integer
   overflow. (MFSA 2008-60)

CVE-2008-5503

   Boris Zbarsky discovered that an information disclosure attack could
   be performed via XBL bindings. (MFSA 2008-61)

CVE-2008-5506

   Marius Schilder discovered that it is possible to obtain sensible
   data via a XMLHttpRequest. (MFSA 2008-64)

CVE-2008-5507

   Chris Evans discovered that it is possible to obtain sensible data
   via a JavaScript URL. (MFSA 2008-65)

CVE-2008-5508

   Chip Salzenberg discovered possible phishing attacks via URLs with
   leading whitespaces or control characters. (MFSA 2008-66)

CVE-2008-5511

   It was discovered that it is possible to perform cross-site scripting
   attacks via an XBL binding to an "unloaded document." (MFSA 2008-68)

CVE-2008-5512

   It was discovered that it is possible to run arbitrary JavaScript
   with chrome privileges via unknown vectors. (MFSA 2008-68)

For the stable distribution (etch) these problems have been fixed in
version 1.8.0.15~pre080614i-0etch1.

For the testing distribution (lenny) and the unstable distribution (sid)
these problems have been fixed in version 1.9.0.5-1.

We recommend that you upgrade your xulrunner packages.

Upgrade instructions
- - --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 4.0 alias etch
- - -------------------------------

Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.

Source archives:

  http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.15~pre080614i-0etch1.diff.gz
    Size/MD5 checksum:      971 73ec26e81ce6e401845eb070aa26d909
  http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.15~pre080614i-0etch1.dsc
    Size/MD5 checksum:     1981 87dd485ac774e78373be5a196cbc8320
  http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.15~pre080614i.orig.tar.gz
    Size/MD5 checksum: 43320191 82b3061f947787bf267a36513a6bd2dd

Architecture independent packages:

  http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-dev_1.8.0.15~pre080614i-0etch1_all.deb
    Size/MD5 checksum:   231436 f692e056f6eccb9633771a1b5d56d115
  http://security.debian.org/pool/updates/main/x/xulrunner/libxul-common_1.8.0.15~pre080614i-0etch1_all.deb
    Size/MD5 checksum:  1052120 9935f278d06c5256a1cb6d34f6b43777
  http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.8.0.15~pre080614i-0etch1_all.deb
    Size/MD5 checksum:   176532 03d96486a1cb92ca65b39376add42232
  http://security.debian.org/pool/updates/main/x/xulrunner/libxul-dev_1.8.0.15~pre080614i-0etch1_all.deb
    Size/MD5 checksum:  2638014 f4c9fed2489696b18ecedf945729ffa7
  http://security.debian.org/pool/updates/main/x/xulrunner/libsmjs1_1.8.0.15~pre080614i-0etch1_all.deb
    Size/MD5 checksum:    37402 033e412379eab51f4608530af659596a
  http://security.debian.org/pool/updates/main/x/xulrunner/libmozillainterfaces-java_1.8.0.15~pre080614i-0etch1_all.deb
    Size/MD5 checksum:  1032570 b8277c4699e9f2edc9131c525c72ac2a
  http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-dev_1.8.0.15~pre080614i-0etch1_all.deb
    Size/MD5 checksum:   208008 d6685b7c5a83eb2fc383ad2284e0c300
  http://security.debian.org/pool/updates/main/x/xulrunner/libsmjs-dev_1.8.0.15~pre080614i-0etch1_all.deb
    Size/MD5 checksum:    37436 a668ef6417fe2f868964b2e1f1cd9028

alpha architecture (DEC Alpha)

  http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d-dbg_1.8.0.15~pre080614i-0etch1_alpha.deb
    Size/MD5 checksum: 46039574 068112b86f727680427633606c026ee8
  http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d_1.8.0.15~pre080614i-0etch1_alpha.deb
    Size/MD5 checksum:   905956 ab2dae7df915ed9df912a45332feda25
  http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.8.0.15~pre080614i-0etch1_alpha.deb
    Size/MD5 checksum:    53462 1211c97fa83041bfdd3d89c5d0cbe49c
  http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-tools_1.8.0.15~pre080614i-0etch1_alpha.deb
    Size/MD5 checksum:   739356 038af743b90f988367f7cae810adca30
  http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d-dbg_1.8.0.15~pre080614i-0etch1_alpha.deb
    Size/MD5 checksum:   302966 7cf37ed3bd131afd5d77ac4b6a4a0e80
  http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.15~pre080614i-0etch1_alpha.deb
    Size/MD5 checksum:   293396 ebda2282ee4f81e8e972254522ab98ee
  http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-gnome-support_1.8.0.15~pre080614i-0etch1_alpha.deb
    Size/MD5 checksum:    71512 167d644c17e1fbeb7db1b586e1416516
  http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.8.0.15~pre080614i-0etch1_alpha.deb
    Size/MD5 checksum:   130252 738d7bacc1f2037e6fd34e094382a414
  http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d_1.8.0.15~pre080614i-0etch1_alpha.deb
    Size/MD5 checksum:  7348590 9b48fd7155a90c0d4b42a60b3ca87e21
  http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d_1.8.0.15~pre080614i-0etch1_alpha.deb
    Size/MD5 checksum:   162918 b4fb7360352ff7e3d3f4a1e4692f0399
  http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d_1.8.0.15~pre080614i-0etch1_alpha.deb
    Size/MD5 checksum:   386930 4b9a91448ef45dc0512a11197b568653
  http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d-dbg_1.8.0.15~pre080614i-0etch1_alpha.deb
    Size/MD5 checksum:  3189364 8375722343ed726036dafe752298217b
  http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d-dbg_1.8.0.15~pre080614i-0etch1_alpha.deb
    Size/MD5 checksum:   765528 e30aa7d614c04ed6ba755184d53b0f83

amd64 architecture (AMD x86_64 (AMD64))

  http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d_1.8.0.15~pre080614i-0etch1_amd64.deb
    Size/MD5 checksum:   149212 19ab1c22cd55db2bc8ee33be7fff759b
  http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d_1.8.0.15~pre080614i-0etch1_amd64.deb
    Size/MD5 checksum:   810610 5493e297887f037ed4cdd9c2150e68ed
  http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-gnome-support_1.8.0.15~pre080614i-0etch1_amd64.deb
    Size/MD5 checksum:    69626 4825855bdb9b5a8bb2c62436fde8ad7c
  http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d_1.8.0.15~pre080614i-0etch1_amd64.deb
    Size/MD5 checksum:  6345322 f975d16444059b3b9ae1b43c1a9c0cda
  http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d-dbg_1.8.0.15~pre080614i-0etch1_amd64.deb
    Size/MD5 checksum:   756112 af22a3727a03e9bda037a329ee21df65
  http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d-dbg_1.8.0.15~pre080614i-0etch1_amd64.deb
    Size/MD5 checksum:   305094 4855bb5ffe73a231bb2a0d701616e7eb
  http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.15~pre080614i-0etch1_amd64.deb
    Size/MD5 checksum:   279116 b7f981650c4b20db874b70a2bd6bc059
  http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d_1.8.0.15~pre080614i-0etch1_amd64.deb
    Size/MD5 checksum:   356260 dbec2df715586df57acd7228a3175ef9
  http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d-dbg_1.8.0.15~pre080614i-0etch1_amd64.deb
    Size/MD5 checksum: 45243162 2aba2e701aac5639822ce0e6ed911948
  http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.8.0.15~pre080614i-0etch1_amd64.deb
    Size/MD5 checksum:    53664 5d946fe8bf84c2e5514f0114ce77ac71
  http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.8.0.15~pre080614i-0etch1_amd64.deb
    Size/MD5 checksum:   126976 76ebe8f1cc4eb9a881fdea16732c2674
  http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-tools_1.8.0.15~pre080614i-0etch1_amd64.deb
    Size/MD5 checksum:   671242 269e0391c1bffea6f26c283457fdb5a3
  http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d-dbg_1.8.0.15~pre080614i-0etch1_amd64.deb
    Size/MD5 checksum:  3180000 ba7dcb523f47170cf40f8d07f078ff38

arm architecture (ARM)

  http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d-dbg_1.8.0.15~pre080614i-0etch1_arm.deb
    Size/MD5 checksum: 44767070 ff1a7f0d6d410e514b4fec797c978577
  http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d_1.8.0.15~pre080614i-0etch1_arm.deb
    Size/MD5 checksum:   732710 a077246fbfa402b28df5b7c94ca64f03
  http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d_1.8.0.15~pre080614i-0etch1_arm.deb
    Size/MD5 checksum:   326560 97d77b72fb59380c6dd65f2464b17748
  http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.15~pre080614i-0etch1_arm.deb
    Size/MD5 checksum:   260802 b517d6273306a6b2620717924d451c1e
  http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-gnome-support_1.8.0.15~pre080614i-0etch1_arm.deb
    Size/MD5 checksum:    63374 14f5f6627a23585127b48559da6e0b3e
  http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d-dbg_1.8.0.15~pre080614i-0etch1_arm.deb
    Size/MD5 checksum:   291166 727015b23b21585ad8bc15fa0c3c01c4
  http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-tools_1.8.0.15~pre080614i-0etch1_arm.deb
    Size/MD5 checksum:   594490 b3eb4a04bdc1d00d6d735c651de116f9
  http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.8.0.15~pre080614i-0etch1_arm.deb
    Size/MD5 checksum:    51382 5cbc748af5b9198cb129ce1fafd7a8d0
  http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.8.0.15~pre080614i-0etch1_arm.deb
    Size/MD5 checksum:   119438 6f3288cc981b5e5799bacf6befa8ce7c
  http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d_1.8.0.15~pre080614i-0etch1_arm.deb
    Size/MD5 checksum:   137188 8f3727780153f49902d4dd440f7a48ff
  http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d-dbg_1.8.0.15~pre080614i-0etch1_arm.deb
    Size/MD5 checksum:   705428 18ee2b57007cf41e8bc2888757c247c9
  http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d_1.8.0.15~pre080614i-0etch1_arm.deb
    Size/MD5 checksum:  5371364 d6ad1248c0949aaf3430662fbf367ded
  http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d-dbg_1.8.0.15~pre080614i-0etch1_arm.deb
    Size/MD5 checksum:  2970288 4b6793a379f21fc5eb06b98bd349a3e2

hppa architecture (HP PA RISC)

  http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d-dbg_1.8.0.15~pre080614i-0etch1_hppa.deb
    Size/MD5 checksum: 46155188 c37a7bf2fe01cb20fbe83b23c22c76c4
  http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d_1.8.0.15~pre080614i-0etch1_hppa.deb
    Size/MD5 checksum:   161944 c7498923bbb2ac0917b89f5e1bc1335d
  http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d-dbg_1.8.0.15~pre080614i-0etch1_hppa.deb
    Size/MD5 checksum:   302552 64dfa94053b2f5ebeca61307c7c687cf
  http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.8.0.15~pre080614i-0etch1_hppa.deb
    Size/MD5 checksum:   132346 77b099b16d12baab295fbbb44b8e4705
  http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d_1.8.0.15~pre080614i-0etch1_hppa.deb
    Size/MD5 checksum:   391234 9b574c8782603f7f12caa0c622b79c57
  http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d_1.8.0.15~pre080614i-0etch1_hppa.deb
    Size/MD5 checksum:  7553990 1ae462d397b8c4de85ed9bb44398fa68
  http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.15~pre080614i-0etch1_hppa.deb
    Size/MD5 checksum:   288610 2ee1dd5d5f8b1f2dc2f31f1b47ee0401
  http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-gnome-support_1.8.0.15~pre080614i-0etch1_hppa.deb
    Size/MD5 checksum:    71188 f22b185182ded01cad34df565e33fa34
  http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.8.0.15~pre080614i-0etch1_hppa.deb
    Size/MD5 checksum:    53706 4ecb4b3c07ace717767c0ac6ab631816
  http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d_1.8.0.15~pre080614i-0etch1_hppa.deb
    Size/MD5 checksum:   875004 3841afcdff3a1cf37041560718db619f
  http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d-dbg_1.8.0.15~pre080614i-0etch1_hppa.deb
    Size/MD5 checksum:  3105180 5d9c78af9a11d310200260b1862e1b77
  http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d-dbg_1.8.0.15~pre080614i-0etch1_hppa.deb
    Size/MD5 checksum:   753304 421db187ed2aaa135d7c6d1d72475cc1
  http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-tools_1.8.0.15~pre080614i-0etch1_hppa.deb
    Size/MD5 checksum:   704006 10305d20ffbd30ee9a8304b281ed410f

i386 architecture (Intel ia32)

  http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d-dbg_1.8.0.15~pre080614i-0etch1_i386.deb
    Size/MD5 checksum: 44716280 14630037caf61026b23b89cd2d7ee906
  http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d-dbg_1.8.0.15~pre080614i-0etch1_i386.deb
    Size/MD5 checksum:  3033738 a8d8501331ee08577ddc4c6ac79f8c82
  http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d_1.8.0.15~pre080614i-0etch1_i386.deb
    Size/MD5 checksum:   337330 52fc267a0badecc2f6ee63fdefbb6b27
  http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d_1.8.0.15~pre080614i-0etch1_i386.deb
    Size/MD5 checksum:  5385268 656b0080011c0922718459ae8d57a65f
  http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.8.0.15~pre080614i-0etch1_i386.deb
    Size/MD5 checksum:   118962 f4dcddae42b65530be240a88a1fb0dce
  http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.15~pre080614i-0etch1_i386.deb
    Size/MD5 checksum:   268382 2a9f3e60120236105c636de6eeec6b16
  http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d_1.8.0.15~pre080614i-0etch1_i386.deb
    Size/MD5 checksum:   140106 77d0dc883aca560cddda828961d8eb69
  http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-gnome-support_1.8.0.15~pre080614i-0etch1_i386.deb
    Size/MD5 checksum:    64110 1acc5d5b8309b9ddecb5ee1e5565083b
  http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.8.0.15~pre080614i-0etch1_i386.deb
    Size/MD5 checksum:    51204 6be1abbf15a3a7bef4972047be976c5d
  http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d_1.8.0.15~pre080614i-0etch1_i386.deb
    Size/MD5 checksum:   743240 e9497985c4d89ae570b7a32347002733
  http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d-dbg_1.8.0.15~pre080614i-0etch1_i386.deb
    Size/MD5 checksum:   715094 2eb3ec027c357d16e522ddfba8a677c6
  http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d-dbg_1.8.0.15~pre080614i-0etch1_i386.deb
    Size/MD5 checksum:   296684 2c92c0cfc031d09f2b064e9195f6832b
  http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-tools_1.8.0.15~pre080614i-0etch1_i386.deb
    Size/MD5 checksum:   628686 962d21ec6b9ecf88bec3a6e65fc51d5c

ia64 architecture (Intel ia64)

  http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d-dbg_1.8.0.15~pre080614i-0etch1_ia64.deb
    Size/MD5 checksum:   287808 d87e43a55b54420373bf40db42e91152
  http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-tools_1.8.0.15~pre080614i-0etch1_ia64.deb
    Size/MD5 checksum:   937358 91e2ec2a7b2c406b96a9c912e9e8ca36
  http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.8.0.15~pre080614i-0etch1_ia64.deb
    Size/MD5 checksum:    58184 71a0cd0e35e1743698a3a246f20f4d0a
  http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d_1.8.0.15~pre080614i-0etch1_ia64.deb
    Size/MD5 checksum:   533280 985c52b70f2dc075da26cea1a97df109
  http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d_1.8.0.15~pre080614i-0etch1_ia64.deb
    Size/MD5 checksum:  1121834 19c744b9995ccdd855212e4ad6eb07ad
  http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d-dbg_1.8.0.15~pre080614i-0etch1_ia64.deb
    Size/MD5 checksum:   756020 a7cbe4174c6a39f3b8e1365193ed80ef
  http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d_1.8.0.15~pre080614i-0etch1_ia64.deb
    Size/MD5 checksum:  9685590 763fa7e7d9cf7ad6cc95b2b924a894ce
  http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d_1.8.0.15~pre080614i-0etch1_ia64.deb
    Size/MD5 checksum:   199030 bab7b1f432fc24acc1ff56857ee18a0f
  http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.8.0.15~pre080614i-0etch1_ia64.deb
    Size/MD5 checksum:   151088 560b8d6be4b0ad31fcc2159ac3d72649
  http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.15~pre080614i-0etch1_ia64.deb
    Size/MD5 checksum:   334942 81225ca738fb8f78974f321af108d866
  http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d-dbg_1.8.0.15~pre080614i-0etch1_ia64.deb
    Size/MD5 checksum:  3052352 ab57bb5032c35aa66bdf47e777e72b37
  http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d-dbg_1.8.0.15~pre080614i-0etch1_ia64.deb
    Size/MD5 checksum: 45460812 9c2a67cf26debcdea09421c2e330b120
  http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-gnome-support_1.8.0.15~pre080614i-0etch1_ia64.deb
    Size/MD5 checksum:    81142 2cf21c543bbb34561f6c2828ab7a08d0

mips architecture (MIPS (Big Endian))

  http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d-dbg_1.8.0.15~pre080614i-0etch1_mips.deb
    Size/MD5 checksum: 46786690 9ccb2a732e0a2a49d1f1f9d5d68cef86
  http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.8.0.15~pre080614i-0etch1_mips.deb
    Size/MD5 checksum:   119034 0a10831d2377b7278cfbdb2e90574535
  http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d_1.8.0.15~pre080614i-0etch1_mips.deb
    Size/MD5 checksum:  5955860 db51379ca6bba623c738ec7cae30271a
  http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d_1.8.0.15~pre080614i-0etch1_mips.deb
    Size/MD5 checksum:   809332 94a939e3ca873e217ef215fce9b63dc1
  http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-tools_1.8.0.15~pre080614i-0etch1_mips.deb
    Size/MD5 checksum:   671304 fd3252bd400f87abc8350617d3a31c25
  http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-gnome-support_1.8.0.15~pre080614i-0etch1_mips.deb
    Size/MD5 checksum:    65610 632f5a86ddeed0e5ff6747189b4d9169
  http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.8.0.15~pre080614i-0etch1_mips.deb
    Size/MD5 checksum:    52820 b1a2dccc6643955c7763fd2920f22418
  http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.15~pre080614i-0etch1_mips.deb
    Size/MD5 checksum:   274358 10a1723ef97b4c11a3bb081d571e20c6
  http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d-dbg_1.8.0.15~pre080614i-0etch1_mips.deb
    Size/MD5 checksum:   312858 bf8db163f331cfbc9f1df9982813eab3
  http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d-dbg_1.8.0.15~pre080614i-0etch1_mips.deb
    Size/MD5 checksum:   786828 9a1b768ccfae0c4dc5688c3362a2d9fc
  http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d_1.8.0.15~pre080614i-0etch1_mips.deb
    Size/MD5 checksum:   352918 47b68c4cd5fdb3b5c8b2252e4cec0bd1
  http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d-dbg_1.8.0.15~pre080614i-0etch1_mips.deb
    Size/MD5 checksum:  3290808 61bae851c0f69a4a8499855db0a2bf44
  http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d_1.8.0.15~pre080614i-0etch1_mips.deb
    Size/MD5 checksum:   147064 c220f1717506e0f721b214c23344aae4

mipsel architecture (MIPS (Little Endian))

  http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d_1.8.0.15~pre080614i-0etch1_mipsel.deb
    Size/MD5 checksum:   146654 66f51faead5bb8643b378056f7e91200
  http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d_1.8.0.15~pre080614i-0etch1_mipsel.deb
    Size/MD5 checksum:   351756 cdbd6d5cc056fe7ab22e99c0b4b17303
  http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d_1.8.0.15~pre080614i-0etch1_mipsel.deb
    Size/MD5 checksum:  5758508 d2a8f3588c96dbd86a313415f942b796
  http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-gnome-support_1.8.0.15~pre080614i-0etch1_mipsel.deb
    Size/MD5 checksum:    65448 2e91580fd824a483cf15e41329ee54d6
  http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-tools_1.8.0.15~pre080614i-0etch1_mipsel.deb
    Size/MD5 checksum:   670958 9ce924c9c7c373bcb66c3d142598b960
  http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d-dbg_1.8.0.15~pre080614i-0etch1_mipsel.deb
    Size/MD5 checksum:   767374 db65bedd1451e3d002996607504f832c
  http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d-dbg_1.8.0.15~pre080614i-0etch1_mipsel.deb
    Size/MD5 checksum:  3187790 205442831b53abed47347494afd74c13
  http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d-dbg_1.8.0.15~pre080614i-0etch1_mipsel.deb
    Size/MD5 checksum: 45388864 53ba9135abdeb81b127319c2965d654c
  http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.8.0.15~pre080614i-0etch1_mipsel.deb
    Size/MD5 checksum:   118792 ebeeb6e0b3fa9697fc4d519dbf3445e3
  http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.8.0.15~pre080614i-0etch1_mipsel.deb
    Size/MD5 checksum:    52882 9a492c7f088e33795f4f519e6d1fdb00
  http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d_1.8.0.15~pre080614i-0etch1_mipsel.deb
    Size/MD5 checksum:   785634 15195ea21bea73366c040ec35205b411
  http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d-dbg_1.8.0.15~pre080614i-0etch1_mipsel.deb
    Size/MD5 checksum:   305972 7c6cf13047b77819016441211306def6
  http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.15~pre080614i-0etch1_mipsel.deb
    Size/MD5 checksum:   275352 7b73a4f8d7961a9e2e5be4a5edac6bb6

powerpc architecture (PowerPC)

  http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d-dbg_1.8.0.15~pre080614i-0etch1_powerpc.deb
    Size/MD5 checksum:   311370 dcc549b27be17ce12ad677571f7cd96c
  http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d-dbg_1.8.0.15~pre080614i-0etch1_powerpc.deb
    Size/MD5 checksum:   775168 dc939366bb688b507d7f02e281f49ff9
  http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-gnome-support_1.8.0.15~pre080614i-0etch1_powerpc.deb
    Size/MD5 checksum:    65310 08e712f2c7efc1ff4711a3fed99de972
  http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d-dbg_1.8.0.15~pre080614i-0etch1_powerpc.deb
    Size/MD5 checksum: 46973282 628962bbf1d65f90cd45c289f4e57eb2
  http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d_1.8.0.15~pre080614i-0etch1_powerpc.deb
    Size/MD5 checksum:   810170 3911108f3ad4ec7249de89579692a889
  http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d-dbg_1.8.0.15~pre080614i-0etch1_powerpc.deb
    Size/MD5 checksum:  3207248 c779f30b9617ce71eff5c7e38a50e700
  http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d_1.8.0.15~pre080614i-0etch1_powerpc.deb
    Size/MD5 checksum:   350370 89f7abf6fe0374a40df224d17547a326
  http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d_1.8.0.15~pre080614i-0etch1_powerpc.deb
    Size/MD5 checksum:   148354 e573866688369e0f33668e197ceb954a
  http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.8.0.15~pre080614i-0etch1_powerpc.deb
    Size/MD5 checksum:    54152 137b9de7b7d101e6751448f9b376c542
  http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.8.0.15~pre080614i-0etch1_powerpc.deb
    Size/MD5 checksum:   125070 9f3c03fc4dcf3b92af90f6dbb028ec3b
  http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-tools_1.8.0.15~pre080614i-0etch1_powerpc.deb
    Size/MD5 checksum:   641078 0d6cc0d69937519ec2a8b11c79620bba
  http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d_1.8.0.15~pre080614i-0etch1_powerpc.deb
    Size/MD5 checksum:  6113688 f14ea71428bbb9adc65fc9300af4dfaf
  http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.15~pre080614i-0etch1_powerpc.deb
    Size/MD5 checksum:   280116 934b5afcd4d54c8a9334209394725b76

s390 architecture (IBM S/390)

  http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d-dbg_1.8.0.15~pre080614i-0etch1_s390.deb
    Size/MD5 checksum:   757252 fbbf4aa51c254501839c5239898a1966
  http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-tools_1.8.0.15~pre080614i-0etch1_s390.deb
    Size/MD5 checksum:   688966 eadd50708786aa35fe3352133362268a
  http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d-dbg_1.8.0.15~pre080614i-0etch1_s390.deb
    Size/MD5 checksum: 46106184 f900f01b8a4d665783b488dba85e5368
  http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d-dbg_1.8.0.15~pre080614i-0etch1_s390.deb
    Size/MD5 checksum:  3183730 7570c50c80b825f39b21faae4304c39c
  http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.8.0.15~pre080614i-0etch1_s390.deb
    Size/MD5 checksum:    54394 14206509134b8cab968b770409f2721d
  http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.15~pre080614i-0etch1_s390.deb
    Size/MD5 checksum:   283734 e8f93eadcfedd43817fdef860a9b18f2
  http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d_1.8.0.15~pre080614i-0etch1_s390.deb
    Size/MD5 checksum:   900078 2fc17c17b2db9069640e5a5a8da4c55c
  http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d-dbg_1.8.0.15~pre080614i-0etch1_s390.deb
    Size/MD5 checksum:   307054 fad889ae074b09fe590bb6d256cea5e1
  http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-gnome-support_1.8.0.15~pre080614i-0etch1_s390.deb
    Size/MD5 checksum:    70250 83853ab4be095ccad382c53ecb31a2b8
  http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d_1.8.0.15~pre080614i-0etch1_s390.deb
    Size/MD5 checksum:  6818036 e8b4b094912ad1dc2eaa4246f4072b33
  http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.8.0.15~pre080614i-0etch1_s390.deb
    Size/MD5 checksum:   127826 35a3df9656c60848ee92ad37426f0e26
  http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d_1.8.0.15~pre080614i-0etch1_s390.deb
    Size/MD5 checksum:   160986 51635e7052198336a4560f42a8534809
  http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d_1.8.0.15~pre080614i-0etch1_s390.deb
    Size/MD5 checksum:   372762 44c448ce0bdd1fb906ce3fc0f1cae4db

sparc architecture (Sun SPARC/UltraSPARC)

  http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d_1.8.0.15~pre080614i-0etch1_sparc.deb
    Size/MD5 checksum:  5691378 fb92fb8595fe77b778bf2f10cec49c59
  http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d_1.8.0.15~pre080614i-0etch1_sparc.deb
    Size/MD5 checksum:   720372 d6905da5cd02841a3a1504bc2414e6c0
  http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.8.0.15~pre080614i-0etch1_sparc.deb
    Size/MD5 checksum:   119274 6ce21aa1465d61eab2441dea7e7dda47
  http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-gnome-support_1.8.0.15~pre080614i-0etch1_sparc.deb
    Size/MD5 checksum:    63586 04418e16def13078bdfb58e30864bec5
  http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.8.0.15~pre080614i-0etch1_sparc.deb
    Size/MD5 checksum:    51632 f4100de3c8fde3d8b45dc81af6a1d375
  http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-tools_1.8.0.15~pre080614i-0etch1_sparc.deb
    Size/MD5 checksum:   587454 7e843d8cbedddd2e158bbcceca21f109
  http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d-dbg_1.8.0.15~pre080614i-0etch1_sparc.deb
    Size/MD5 checksum:   677262 85da1319d7f5eb22a66c11947d3eb447
  http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d-dbg_1.8.0.15~pre080614i-0etch1_sparc.deb
    Size/MD5 checksum:  2853912 6aaad890cf6475d08323566c1d45d3c6
  http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d_1.8.0.15~pre080614i-0etch1_sparc.deb
    Size/MD5 checksum:   137004 23c70ffb48e7fe2f77314a19a731435e
  http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d_1.8.0.15~pre080614i-0etch1_sparc.deb
    Size/MD5 checksum:   323878 c27c6e54a5f9bae01bec83548ade9ea9
  http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.15~pre080614i-0etch1_sparc.deb
    Size/MD5 checksum:   260544 b3703da635436037b1cbed4cc04567d4
  http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d-dbg_1.8.0.15~pre080614i-0etch1_sparc.deb
    Size/MD5 checksum:   284548 afec3eadc60217b0f63bfd4efbb17a53
  http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d-dbg_1.8.0.15~pre080614i-0etch1_sparc.deb
    Size/MD5 checksum: 44808802 f7dd5d65267da83f9050a83d3131f953


  These files will probably be moved into the stable distribution on
  its next update.

- - ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkluSlEACgkQXm3vHE4uylqaSQCdHEKoQIiWiXHOm48S2S3v6cHS
kiQAoMoAN/iBzrG1wqUSgCr4Vq3R6Gd7
=KctC
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        http://www.auscert.org.au/render.html?cid=1980

If you believe that your computer system has been compromised or attacked in 
any way, we encourage you to let us know by completing the secure National IT 
Incident Reporting Form at:

        http://www.auscert.org.au/render.html?it=3192

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================

-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQCVAwUBSW5y+ih9+71yA2DNAQJEXwQAggQRAC1wISr5utq6gMkm/xTn6pCvu6bF
gMIYgC66EMQmWx0JXFFUrm+CLc/PpmmTeacqmKKwyEQQ/DSAG+KIAKJdBAWlHPTk
+JeQ+pFOqASGThVZdkL/37myyxsuwfTWNhfymVd1je0jVq53arPQIRkNQ0+meGsB
kFrECL1VSdY=
=n7GY
-----END PGP SIGNATURE-----