Community update: mozilla-firefox-1.0.7-1ni.i586.rpm

root root@xxxxxxxxxxxxxxxxx
Thu Sep 22 12:01:02 CEST 2005 

Contributor: nived (Nived Gopalan)
Package: mozilla-firefox-1.0.7-1ni.i586.rpm
Section: community-2.2

The package will be made available in the specified section during the next
automatic repository refresh.

Changelog:

******
* Thu Sep 22 2005 Nived Gopalan <nived at comodo dot com> 1.0.7-1ni

- New upstream. Security Fixes.
- Peter Zelezny has discovered a vulnerability in Firefox, which can be 
  exploited by malicious people to compromise a user's system. The 
  vulnerability is caused due to the shell script used to launch Firefox 
  parsing shell commands that are enclosed within backticks in the URL 
  provided via the command line.

  The Common Vulnerabilities and Exposures project (cve.mitre.org) has
  assigned the name CAN-2005-2968 to this issue.

- Vendor fix for CAN-2005-2871. 
- Other stability and security fixes.

* Tue Sep 13 2005 Nived Gopalan <nived at comodo dot com> 1.0.6-2ni

- Security Fix:
  Tom Ferris has discovered a vulnerability in Firefox, which can be
  exploited by malicious people to cause a DoS (Denial of Service).

  The Common Vulnerabilities and Exposures project (cve.mitre.org) has
  assigned the name CAN-2005-2871 to this issue.

* Thu Jul 21 2005 Nived Gopalan <nived at comodo dot com> 1.0.6-1ni

- New upstream. Stability update.
- Restore API compatibility for extensions and web applications that 
  did not work in Firefox 1.0.5.

* Wed Jul 13 2005 Nived Gopalan <nived at comodo dot com> 1.0.5-1ni

- New upstream. Security Fixes.
- Michael Krax has discovered a security issue where standalone applications
  can run arbitrary code through the browser (MFSA 2005-53).
- Fix code execution through shared function objects (MFSA 2005-56).
- Fix script injection from Firefox sidebar panel using data (MFSA 2005-49).

* Fri May 13 2005 Nived Gopalan <nived at comodo dot com> 1.0.4-1ni

- Fix vulnerability in the firefox install confirmation dialog that 
  allows an attacker to supply a javascript: URL as the IconURL property,
  which will execute code (MFSA 2005-42).

  Fix security checks which could be bypassed by wrapping a javascript: url 
  in the view-source: pseudo-protocol (MFSA 2005-43) 

  Additional checks were added to make sure Javascript eval and Script 
  objects are run with the privileges of the context that created them,
  (MFSA 2005-44).

* Tue May 10 2005 Ajith Thampi <ajith at comodo dot com> 1.0.3-3ta

- Fixed File Conflicts

* Mon May 02 2005 Ajith Thampi <ajith at comodo dot com> 1.0.3-2ta

- Rebuilt

* Tue Apr 19 2005 Raghu <raghu at comodo dot com> 1.0.3-1ra

- New Upstream

* Mon Apr 11 2005 Bipin S  <bipin at comodo dot com> 1.0.2-1bi

- New upstream

* Tue Nov 16 2004 Chr. Toldnes <christht at trustix dot org> 1.0-2ct

- Cleanup

* Fri Nov 12 2004 Chr. Toldnes <christht at trustix dot org> 1.0-1ct

- New upstream version: 1.0

* Thu Nov 11 2004 Chr. Toldnes <christht at trustix dot org> 0.9.3-3ct

- Rebuild for 2.2

* Mon Aug 30 2004 Ajith Thampi <ajith at comodo dot com> 0.9.3-1ta

- New Upstream
- XFree86 changed to Xorg
- Added patch for nsFreeType2 issues

* Fri Feb 13 2004 Chr. Toldnes <christht at trustix dot org> 0.8-2ct

- Fixes i filelist

* Thu Feb 12 2004 Tor Hveem <torh at trustix dot org> 0.8-1th

- New upstream, changed name to firefox

* Tue Jan 20 2004 Chr. Toldnes <christht at trustix dot org> 0.7-9ct

- changed binary symlinks

* Tue Jan 20 2004 Chr. Toldnes <christht at trustix dot org> 0.7-8ct

- Renamed mozilla-firebird

* Wed Jan 14 2004 Chr. Toldnes <christht at trustix dot org> 0.7-7ct

- Big Rebuild

* Sun Jan 11 2004 Chr. Toldnes <christht at trustix dot org> 0.7-6ct

- Modified buildflags.

* Sat Jan 10 2004 Chr. Toldnes <christht at trustix dot org> 0.7-5ct

- 4ct was binary only
- Use build config from within mozilla source.

* Sun Jan 04 2004 Chr. Toldnes <christht at trustix dot org> 0.7-3ct

- Added some plugin howtos

* Wed Dec 31 2003 Chr. Toldnes <christht at trustix dot org> 0.7-2ct

- Now actually build firebird, not the old mozilla 1.5

* Tue Dec 23 2003 Chr. Toldnes <christht at trustix dot org> 0.7-1ct

- Initial release for Trustix Desktop 2.0
******

To access this package add the following to your /etc/swup/swup.conf:

site {# Community Contrib for 2.2
  name = "community-2.2"
  class = 10
  location = "http://tsldev.trustix.org/community-2.2/$basearch/rdfs/"
  regexp = ".*"
}

DISCLAIMER:

The packages in this repository is maintained by the Trustix User Community.
The packages comes with ABSOLUTELY NO WARRANTY.
Comodo Group Ltd does not accept any responsibility for the packages,
we only provide the infrastructure to access them.
If you find any of these packages to infridge on any copyright / patent law,
please notify us and we will deal with the problem.

More information about the tsl-contrib-discuss mailing list