From owner-freebsd-gnome@FreeBSD.ORG Wed Nov 28 18:31:31 2007 Return-Path: Delivered-To: freebsd-gnome@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id BD81A16A417; Wed, 28 Nov 2007 18:31:31 +0000 (UTC) (envelope-from marcus@marcuscom.com) Received: from creme-brulee.marcuscom.com (penna-pt.tunnel.tserv1.fmt.ipv6.he.net [IPv6:2001:470:1f00:ffff::1279]) by mx1.freebsd.org (Postfix) with ESMTP id 75A8E13C458; Wed, 28 Nov 2007 18:31:31 +0000 (UTC) (envelope-from marcus@marcuscom.com) Received: from [10.2.1.132] (vpn-client-132.marcuscom.com [10.2.1.132]) by creme-brulee.marcuscom.com (8.14.1/8.14.1) with ESMTP id lASIWCsh000325; Wed, 28 Nov 2007 13:32:13 -0500 (EST) (envelope-from marcus@marcuscom.com) Message-ID: <474DB41B.7010901@marcuscom.com> Date: Wed, 28 Nov 2007 13:31:55 -0500 From: Joe Marcus Clarke Organization: MarcusCom, Inc. User-Agent: Thunderbird 2.0.0.9 (Macintosh/20071031) MIME-Version: 1.0 To: Jeremy Messenger References: <474C993B.4060706@delphij.net> <1196233491.75142.15.camel@shumai.marcuscom.com> In-Reply-To: X-Enigmail-Version: 0.95.5 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=-4.4 required=5.0 tests=ALL_TRUSTED,BAYES_00 autolearn=ham version=3.2.3 X-Spam-Checker-Version: SpamAssassin 3.2.3 (2007-08-08) on creme-brulee.marcuscom.com Cc: d@delphij.net, freebsd-gnome@freebsd.org, portmgr@freebsd.org Subject: Re: [PATCH] Update firefox to 2.0.0.10 X-BeenThere: freebsd-gnome@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: GNOME for FreeBSD -- porting and maintaining List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 28 Nov 2007 18:31:31 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Jeremy Messenger wrote: > On Wed, 28 Nov 2007 01:04:51 -0600, Joe Marcus Clarke > wrote: > >> >> On Tue, 2007-11-27 at 14:24 -0800, Xin LI wrote: >>> -----BEGIN PGP SIGNED MESSAGE----- >>> Hash: SHA1 >>> >>> Hi, >>> >>> Here is a patch that updates firefox to 2.0.0.10 to address >>> CVE-2007-5959. >> >> Approved. > > Can you hold on this one? It looks like 2.0.0.10 break more things than > it fixes. I saw this page: > > http://www.neowin.net/news/main/07/11/28/firefox-20010-gaffe-prompts-quick-fix > > https://bugzilla.mozilla.org/show_bug.cgi?id=405584 > > One of us will have to dig to find patch or we can create security patch > instead update it to 2.0.0.10. Looks like this should fix it. Can someone run a quick test? I'll try and get to it myself. https://bugzilla.mozilla.org/attachment.cgi?id=284556 Joe > > Cheers, > Mezz > >> Joe > > - -- PGP Key : http://www.marcuscom.com/pgp.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHTbP1b2iPiv4Uz4cRAqO2AJ9CQJ1tz9a8PF6iibMKUhYGM+4xVwCgnjii +uyvTotHAcRtjbSGaWaB9m0= =IUv5 -----END PGP SIGNATURE-----