From owner-freebsd-security Thu May 2 7:22:46 2002 Delivered-To: freebsd-security@freebsd.org Received: from bodb.mc.mpls.visi.com (bodb.mc.mpls.visi.com [208.42.156.104]) by hub.freebsd.org (Postfix) with ESMTP id 72E2137B400 for ; Thu, 2 May 2002 07:22:40 -0700 (PDT) Received: from sheol.localdomain (hawkeyd-fw.dsl.visi.com [208.42.101.193]) by bodb.mc.mpls.visi.com (Postfix) with ESMTP id 3E9CA514D; Thu, 2 May 2002 09:22:39 -0500 (CDT) Received: (from hawkeyd@localhost) by sheol.localdomain (8.11.6/8.11.6) id g42EMcY17201; Thu, 2 May 2002 09:22:38 -0500 (CDT) (envelope-from hawkeyd) Date: Thu, 2 May 2002 09:22:38 -0500 (CDT) Message-Id: <200205021422.g42EMcY17201@sheol.localdomain> Mime-Version: 1.0 X-Newsreader: knews 1.0b.1 Reply-To: hawkeyd@visi.com Organization: if (!FIFO) if (!LIFO) break; References: <20020501112902.X451-100000_levais.imp.ch@ns.sol.net> <20020501152156.X2876-100000_blues.jpj.net@ns.sol.net> In-Reply-To: <20020501152156.X2876-100000_blues.jpj.net@ns.sol.net> From: hawkeyd@visi.com (D J Hawkey Jr) Subject: Re: Mozilla and NS6 security problem X-Original-Newsgroups: sol.lists.freebsd.security To: trevor@jpj.net, freebsd-security@freebsd.org Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org In article <20020501152156.X2876-100000_blues.jpj.net@ns.sol.net>, trevor@jpj.net writes: > Martin Blapp wrote: > >> http://www.heise.de/newsticker/data/ju-30.04.02-000/ >> http://sec.greymagic.com/adv/gm001-ns/ >> >> Our ports are vulnerable too. It seems that there is >> no fix yet available. > > Thank you, Martin. I tested the linux-mozilla port yesterday and found it > had the bug. I've just marked it forbidden (sorry about the delay). The > Netscape 6 ports were already marked forbidden because of my suspicion > that they had the zlib double free() bug (I've seen a rumor that it was > corrected in Netscape 6.22). What of the "native" FreeBSD Mozilla port/package, whether it be 0.9.9 or 1.0-RC? Dave -- Windows: "Where do you want to go today?" Linux: "Where do you want to go tomorrow?" FreeBSD: "Are you guys coming, or what?" To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message