From owner-freebsd-gnome  Wed May  1 12:32:49 2002
Delivered-To: freebsd-gnome@freebsd.org
Received: from blues.jpj.net (blues.jpj.net [204.97.17.6])
	by hub.freebsd.org (Postfix) with ESMTP
	id D5FD237B400; Wed,  1 May 2002 12:32:42 -0700 (PDT)
Received: from localhost (trevor@localhost)
	by blues.jpj.net (8.11.6/8.11.6) with ESMTP id g41JWb003540;
	Wed, 1 May 2002 15:32:38 -0400 (EDT)
Date: Wed, 1 May 2002 15:32:37 -0400 (EDT)
From: Trevor Johnson <trevor@jpj.net>
To: Martin Blapp <mb@imp.ch>
Cc: freebsd-security@freebsd.org, <gnome@freebsd.org>,
	<trevor@freebsd.org>, <security-officer@freebsd.org>
Subject: Re: Mozilla and NS6 security problem
In-Reply-To: <20020501112902.X451-100000@levais.imp.ch>
Message-ID: <20020501152156.X2876-100000@blues.jpj.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-gnome@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-gnome.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-gnome>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-gnome>
X-Loop: FreeBSD.ORG

Martin Blapp wrote:

>
> Hi, seee:
>
> http://www.heise.de/newsticker/data/ju-30.04.02-000/
> http://sec.greymagic.com/adv/gm001-ns/
>
> Our ports are vulnerable too. It seems that there is
> no fix yet available.

Thank you, Martin.  I tested the linux-mozilla port yesterday and found it
had the bug.  I've just marked it forbidden (sorry about the delay).  The
Netscape 6 ports were already marked forbidden because of my suspicion
that they had the zlib double free() bug (I've seen a rumor that it was
corrected in Netscape 6.22).
-- 
Trevor Johnson


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-gnome" in the body of the message