[opensuse-security] Fwd: [security-announce] openSUSE-SU-2012:0258-1: critical: MozillaFirefox to 10.0.1
Hello, why is openSUSE 12.1 not listed under "Affected Products" in the security-announce but in the OBS/in bugzilla ? Regards Martin https://bugzilla.novell.com/show_bug.cgi?id=746616#c4 [Quote] Bernhard Wiedemann 2012-02-13 00:00:13 UTC This is an autogenerated message for OBS integration: This bug (746616) was mentioned in https://build.opensuse.org/request/show/104181 11.4 / MozillaFirefox https://build.opensuse.org/request/show/104182 12.1 / MozillaFirefox https://build.opensuse.org/request/show/104183 Factory / MozillaFirefox https://build.opensuse.org/request/show/104184 12.1 / MozillaThunderbird https://build.opensuse.org/request/show/104185 Factory / MozillaThunderbird https://build.opensuse.org/request/show/104186 11.4 / seamonkey https://build.opensuse.org/request/show/104187 12.1 / seamonkey https://build.opensuse.org/request/show/104188 Evergreen:11.2 / seamonkey https://build.opensuse.org/request/show/104189 Factory / seamonkey https://build.opensuse.org/request/show/104191 12.1 / xulrunner https://build.opensuse.org/request/show/104192 Factory / xulrunner [/Quote] ---------- Forwarded message ---------- From: <opensuse-security@opensuse.org> Date: 2012/2/14 Subject: [security-announce] openSUSE-SU-2012:0258-1: critical: MozillaFirefox to 10.0.1 To: opensuse-security-announce@opensuse.org openSUSE Security Update: MozillaFirefox to 10.0.1 ______________________________________________________________________________ Announcement ID: openSUSE-SU-2012:0258-1 Rating: critical References: #746616 Cross-References: CVE-2012-0452 Affected Products: openSUSE 11.4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. It includes two new package versions. Description: MozillaFirefox was updated to 10.0.1 to fix critical bugs and security issue. Following security issue was fixed: CVE-2012-0452: Mozilla developers Andrew McCreight and Olli Pettay found that ReadPrototypeBindings will leave a XBL binding in a hash table even when the function fails. If this occurs, when the cycle collector reads this hash table and attempts to do a virtual method on this binding a crash will occur. This crash may be potentially exploitable. Firefox 9 and earlier are not affected by this vulnerability. https://www.mozilla.org/security/announce/2012/mfsa2012-10.h tml Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 11.4: zypper in -t patch MozillaFirefox-5799 seamonkey-5804 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 11.4 (i586 x86_64) [New Version: 10.0.1 and 2.7.1]: MozillaFirefox-10.0.1-0.2.1 MozillaFirefox-branding-upstream-10.0.1-0.2.1 MozillaFirefox-buildsymbols-10.0.1-0.2.1 MozillaFirefox-devel-10.0.1-0.2.1 MozillaFirefox-translations-common-10.0.1-0.2.1 MozillaFirefox-translations-other-10.0.1-0.2.1 seamonkey-2.7.1-0.2.1 seamonkey-dom-inspector-2.7.1-0.2.1 seamonkey-irc-2.7.1-0.2.1 seamonkey-translations-common-2.7.1-0.2.1 seamonkey-translations-other-2.7.1-0.2.1 seamonkey-venkman-2.7.1-0.2.1 References: http://support.novell.com/security/cve/CVE-2012-0452.html https://bugzilla.novell.com/746616 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security-announce+help@opensuse.org -- -- - Martin Seidler - http://forums.opensuse.org/members/pistazienfresser.html - openSUSE profile: https://users.opensuse.org/show/pistazienfresser -- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-security+owner@opensuse.org
On Wed, Feb 15, 2012 at 03:19:50PM +0100, pistazienfresser wrote:
Hello,
why is openSUSE 12.1 not listed under "Affected Products" in the security-announce but in the OBS/in bugzilla ?
openSUSE 12.1 does not currently publish security notices as a new workflow is used and still being implemented on it. Sadly this takes longer than expected so all the goods known from earlier releases like 11.4 are not there yet. I will push harder to get the notices running again. And yes, it is affected by this problem. Ciao, Marcus
Regards Martin
https://bugzilla.novell.com/show_bug.cgi?id=746616#c4
[Quote] Bernhard Wiedemann 2012-02-13 00:00:13 UTC
This is an autogenerated message for OBS integration: This bug (746616) was mentioned in https://build.opensuse.org/request/show/104181 11.4 / MozillaFirefox https://build.opensuse.org/request/show/104182 12.1 / MozillaFirefox https://build.opensuse.org/request/show/104183 Factory / MozillaFirefox https://build.opensuse.org/request/show/104184 12.1 / MozillaThunderbird https://build.opensuse.org/request/show/104185 Factory / MozillaThunderbird https://build.opensuse.org/request/show/104186 11.4 / seamonkey https://build.opensuse.org/request/show/104187 12.1 / seamonkey https://build.opensuse.org/request/show/104188 Evergreen:11.2 / seamonkey https://build.opensuse.org/request/show/104189 Factory / seamonkey https://build.opensuse.org/request/show/104191 12.1 / xulrunner https://build.opensuse.org/request/show/104192 Factory / xulrunner [/Quote]
---------- Forwarded message ---------- From: <opensuse-security@opensuse.org> Date: 2012/2/14 Subject: [security-announce] openSUSE-SU-2012:0258-1: critical: MozillaFirefox to 10.0.1 To: opensuse-security-announce@opensuse.org
openSUSE Security Update: MozillaFirefox to 10.0.1 ______________________________________________________________________________
Announcement ID: openSUSE-SU-2012:0258-1 Rating: critical References: #746616 Cross-References: CVE-2012-0452 Affected Products: openSUSE 11.4 ______________________________________________________________________________
An update that fixes one vulnerability is now available. It includes two new package versions.
Description:
MozillaFirefox was updated to 10.0.1 to fix critical bugs and security issue.
Following security issue was fixed: CVE-2012-0452: Mozilla developers Andrew McCreight and Olli Pettay found that ReadPrototypeBindings will leave a XBL binding in a hash table even when the function fails. If this occurs, when the cycle collector reads this hash table and attempts to do a virtual method on this binding a crash will occur. This crash may be potentially exploitable.
Firefox 9 and earlier are not affected by this vulnerability.
https://www.mozilla.org/security/announce/2012/mfsa2012-10.h tml
Patch Instructions:
To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product:
- openSUSE 11.4:
zypper in -t patch MozillaFirefox-5799 seamonkey-5804
To bring your system up-to-date, use "zypper patch".
Package List:
- openSUSE 11.4 (i586 x86_64) [New Version: 10.0.1 and 2.7.1]:
MozillaFirefox-10.0.1-0.2.1 MozillaFirefox-branding-upstream-10.0.1-0.2.1 MozillaFirefox-buildsymbols-10.0.1-0.2.1 MozillaFirefox-devel-10.0.1-0.2.1 MozillaFirefox-translations-common-10.0.1-0.2.1 MozillaFirefox-translations-other-10.0.1-0.2.1 seamonkey-2.7.1-0.2.1 seamonkey-dom-inspector-2.7.1-0.2.1 seamonkey-irc-2.7.1-0.2.1 seamonkey-translations-common-2.7.1-0.2.1 seamonkey-translations-other-2.7.1-0.2.1 seamonkey-venkman-2.7.1-0.2.1
References:
http://support.novell.com/security/cve/CVE-2012-0452.html https://bugzilla.novell.com/746616
-- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security-announce+help@opensuse.org
-- --
- Martin Seidler - http://forums.opensuse.org/members/pistazienfresser.html - openSUSE profile: https://users.opensuse.org/show/pistazienfresser -- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-security+owner@opensuse.org
-- Working, but not speaking, for the following german company: SUSE LINUX Products GmbH, HRB 16746 (AG Nuernberg) Geschaeftsfuehrer: Jeff Hawn, Jennifer Guild, Felix Imendoerffer -- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-security+owner@opensuse.org
participants (2)
-
Marcus Meissner -
pistazienfresser