Subject: CVS commit: [pkgsrc-2005Q1] pkgsrc/www
To: None <>
From: Soren Jacobsen <>
List: pkgsrc-changes
Date: 03/27/2005 05:32:19
Module Name:	pkgsrc
Committed By:	snj
Date:		Sun Mar 27 05:32:19 UTC 2005

Modified Files:
	pkgsrc/www/mozilla [pkgsrc-2005Q1]: Makefile PLIST
	pkgsrc/www/mozilla-gtk2 [pkgsrc-2005Q1]: Makefile PLIST

Log Message:
Pullup ticket 392 - requested by Shin'ichiro TAYA
security fix for mozilla and mozilla-gtk2

Revisions pulled up:
- pkgsrc/www/mozilla/Makefile		1.142
- pkgsrc/www/mozilla/PLIST		1.16
- pkgsrc/www/mozilla/	1.8, 1.9
- pkgsrc/www/mozilla/distinfo		1.73
- pkgsrc/www/mozilla-gtk2/Makefile	1.17
- pkgsrc/www/mozilla-gtk2/PLIST		1.6
- pkgsrc/www/mozilla-gtk2/	1.6, 1.7

   Module Name:    pkgsrc
   Committed By:   taya
   Date:           Thu Mar 24 14:08:29 UTC 2005

   Modified Files:
           pkgsrc/www/mozilla: Makefile PLIST distinfo
           pkgsrc/www/mozilla-gtk2: Makefile PLIST

   Log Message:
   Update mozilla & mozilla-gtk2 to 1.7.6

   This is a security fix release.
   Fixed bugs are follows.

   MFSA 2005-32  Drag and drop loading of privileged XUL
   MFSA 2005-30 GIF heap overflow parsing Netscape extension 2
   MFSA 2005-29 Internationalized Domain Name (IDN) homograph spoofing
   MFSA 2005-28 Unsafe /tmp/plugtmp directory exploitable to erase user's files
   MFSA 2005-27 Plugins can be used to load privileged content
   MFSA 2005-26 Cross-site scripting by dropping javascript: link on tab
   MFSA 2005-25 Image drag and drop executable spoofing
   MFSA 2005-24 HTTP auth prompt tab spoofing
   MFSA 2005-23 Download dialog source spoofing
   MFSA 2005-21 Overwrite arbitrary files downloading .lnk twice
   MFSA 2005-20 XSLT can include stylesheets from arbitrary hosts
   MFSA 2005-18 Memory overwrite in string library
   MFSA 2005-17 Install source spoofing with user:pass@host
   MFSA 2005-16 Spoofing download and security dialogs with overlapping windows
   MFSA 2005-15 Heap overflow possible in UTF8 to Unicode conversion
   MFSA 2005-14 SSL "secure site" indicator spoofing
   MFSA 2005-13 Window Injection Spoofing

   see changelog for detail.
   Module Name:		pkgsrc
   Committed By:	taya
   Date:		Sat Mar 26 13:49:31 UTC 2005

   Modified Files:

   Log Message:
   ABI did not change, add BUILDLINK_RECOMMENDED instead of updating

To generate a diff of this commit:
cvs rdiff -r1.141 -r1.141.2.1 pkgsrc/www/mozilla/Makefile
cvs rdiff -r1.15 -r1.15.2.1 pkgsrc/www/mozilla/PLIST
cvs rdiff -r1.7 -r1.7.2.1 pkgsrc/www/mozilla/
cvs rdiff -r1.72 -r1.72.2.1 pkgsrc/www/mozilla/distinfo
cvs rdiff -r1.16 -r1.16.2.1 pkgsrc/www/mozilla-gtk2/Makefile
cvs rdiff -r1.5 -r1.5.2.1 pkgsrc/www/mozilla-gtk2/PLIST \

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.