-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
Debian Security Advisory DSA-2132-1                  security@debian.org
http://www.debian.org/security/                       Moritz Muehlenhoff
December 11, 2010                     http://www.debian.org/security/faq
- ------------------------------------------------------------------------

Package        : xulrunner
Vulnerability  : several
Problem type   : remote
Debian-specific: no
CVE Id(s)      : CVE-2010-3776 CVE-2010-3778 CVE-2010-3769 CVE-2010-3771 CVE-2010-3772 CVE-2010-3775 CVE-2010-3767 CVE-2010-3773 CVE-2010-3770

Several remote vulnerabilities have been discovered in Xulrunner, a
runtime environment for XUL applications. The Common Vulnerabilities
and Exposures project identifies the following problems:

For the stable distribution (lenny), these problems have been fixed in
version 1.9.0.19-7.

For the upcoming stable version (squeeze) and the unstable
distribution (sid), these problems have been fixed in version 3.5.15-1.

For the experimental distribution, these problems have been fixed in 
version 3.6.13-1.

We recommend that you upgrade your xulrunner packages.

Upgrade instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 5.0 alias lenny
- --------------------------------

Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.

Source archives:

      Size/MD5 checksum:     2395 644970f97799b0cedf925a2c8303f2e8
      Size/MD5 checksum:   192334 56a4a1a9b083b7cd92b29cd11a015e79
      Size/MD5 checksum: 44174623 83667df1e46399960593fdd8832e958e

Architecture independent packages:

      Size/MD5 checksum:  1468538 408e0dba665407318563c9ace335f887

alpha architecture (DEC Alpha)

      Size/MD5 checksum:   223280 178397115d1162385892d626fe792b24
      Size/MD5 checksum:  9511894 7db4e68bf006563fc76e5d7ef7cc1f35
      Size/MD5 checksum: 51220414 46e2eb53a8450dc6b09ab2c04e46c393
      Size/MD5 checksum:   434238 8b7075f8a39aa75c39b119e0d3d135dc
      Size/MD5 checksum:   165054 5022695ffeb82bc7e38e229a578e586e
      Size/MD5 checksum:    72976 f7b15c4573ea75fe83fd6398f8a6b1d7
      Size/MD5 checksum:   939744 19dd61fd1ad9d23add66faab4720c3c8
      Size/MD5 checksum:  3658850 51980c9c9cf575d4af59a5e2033f6b1d
      Size/MD5 checksum:   113776 700edb5b7b4778ce0b43eeff702bf4ce

amd64 architecture (AMD x86_64 (AMD64))

      Size/MD5 checksum: 50471444 5c27a6ce1376234377e1327cece90e58
      Size/MD5 checksum:  7736416 73c4297d3f7693eb75e1f52275968dd3
      Size/MD5 checksum:    70642 62fa42480817a42b7c3186644e395adf
      Size/MD5 checksum:  3300092 de7c05ebe980974b7f677d691675346e
      Size/MD5 checksum:   153778 3095de264efc138f55a08932e5f633b2
      Size/MD5 checksum:   375798 6076292260d0a0a21f426e205c2c8045
      Size/MD5 checksum:   102292 3e2e5af63df8a9db1c898ef092edef7d
      Size/MD5 checksum:   891538 b5851f59bc3c61fe0ff6a85b870477da
      Size/MD5 checksum:   223652 45370096b9ad11d37126f9d4da5f2dfe

arm architecture (ARM)

      Size/MD5 checksum:    84364 2b6ca89bc12cd2df1a1958638f2b6a19
      Size/MD5 checksum:   352324 d1f0a3422bbbbfdb05a68c703b333b7b
      Size/MD5 checksum:   818192 9631161a7acb39824b0d40270f2f828d
      Size/MD5 checksum:   224266 8f229b45f02deaf66d3c1ccacc125909
      Size/MD5 checksum:  3588414 b6de490be37c35b6a7201002a5dcd660
      Size/MD5 checksum:  6818158 ee9b933d0563218819922119bc39dec1
      Size/MD5 checksum: 49413206 1229357e1cb60d5db4261aa39e890fd6
      Size/MD5 checksum:    68732 8494bbd0306c67349fcda88b503d450d
      Size/MD5 checksum:   141954 483ea1908eca504f242bed3291765ef4

armel architecture (ARM EABI)

      Size/MD5 checksum:    85036 d3335128ed334f3213ccd984c58f5f69
      Size/MD5 checksum:   354000 d166273acc1e23dd740c39141e3fb4f8
      Size/MD5 checksum:   222498 c08938473e4ef23df0d40c297b20e2bb
      Size/MD5 checksum:    71090 69ce3831870708d27267013ae8c80340
      Size/MD5 checksum:  3574582 7955f9e31c6b183cfc68d239d1704fb0
      Size/MD5 checksum: 50257234 7600317a37eb2a9c37ccf80da8bf4e14
      Size/MD5 checksum:  6965756 075c79fa64ec01ebe4f1160a03292c48
      Size/MD5 checksum:   142408 9f293b106d5016f8c11528e28d25a5ff
      Size/MD5 checksum:   823738 95d47a4f7a80ceb3ad22b7bc9bc81955

hppa architecture (HP PA RISC)

      Size/MD5 checksum:   900154 c6770f86eed7c45d9c33c925dfdc94d8
      Size/MD5 checksum:  9529646 009b61d895b622466d5da74c3a932139
      Size/MD5 checksum:   158980 3974546696e1141d708f70d31a25aaae
      Size/MD5 checksum:  3636260 aa6c114be84f87b7f7e4c7fe8c9bac87
      Size/MD5 checksum:   413824 fc7626c9d32c4b04f72db0ed20ed248f
      Size/MD5 checksum:    72504 7553c6e4706eb91e04195a53ed0e72e7
      Size/MD5 checksum:   107220 f4131ea49f0b186e669348a147256e88
      Size/MD5 checksum:   223844 bdbac51475d12a6d7b815f36e4b5a7f6
      Size/MD5 checksum: 51362540 f304719b21b97c096eb3daa8c40fa250

i386 architecture (Intel ia32)

      Size/MD5 checksum:   352304 7bf93a593725507866080e137954d6ce
      Size/MD5 checksum:  3577326 00cc9e0a3ae8a399d02724a3a30f05fe
      Size/MD5 checksum:   143220 f5a60e3795974cbcd96a8617a70a005e
      Size/MD5 checksum:  6616834 a69896146e791431fdd263d992d0a3fb
      Size/MD5 checksum: 49624400 772fd8eadf485efaec614d2aebde2759
      Size/MD5 checksum:   852782 2e36eb0fbe5599aa30f85300c9ec7989
      Size/MD5 checksum:    79838 516419904db720a7b8ce729db0771a2c
      Size/MD5 checksum:   224708 df850c028a186cfead37b22d2bcdfcf8
      Size/MD5 checksum:    69212 a34d57b0412813c2c435292b1a9d09d6

ia64 architecture (Intel ia64)

      Size/MD5 checksum:    77072 a5f3093605c728fcae801ec4a6a34fe8
      Size/MD5 checksum:   811894 939a9193369d070f387ced4c3fa29618
      Size/MD5 checksum:   223648 00ac511ec1f3922a1b20da88458c95a3
      Size/MD5 checksum:   122012 a9c9fc88c16c919f4f0fd934797dfc57
      Size/MD5 checksum: 11324750 4270a6d5f04f4bde1861d2c11e6a1d4b
      Size/MD5 checksum:  3403204 92244edd7fa45fc2f8eefa7148ed94ba
      Size/MD5 checksum:   180730 247a57cac4033af253b2f0ac66ce10d8
      Size/MD5 checksum:   543054 7088c92cd15a9f21a3735f9a14641da3
      Size/MD5 checksum: 49815268 5d41fce562553f411e23ad8da9af991c

mips architecture (MIPS (Big Endian))

      Size/MD5 checksum:    97596 aae76aafb1643a3e6892f35ff928acea
      Size/MD5 checksum:   223870 a7922622373346e883ab5e0c8f012781
      Size/MD5 checksum:   381098 b5f4975be234777fa92e8f0047b93091
      Size/MD5 checksum:  7680280 32b008f0bdfbc9082e02ef3d6e16e86a
      Size/MD5 checksum:    70542 f1440f582f5e83367e0a2e757c1429c2
      Size/MD5 checksum:   145450 6dcca30b995c0ad7cef8dcf8bb6a3ba5
      Size/MD5 checksum: 51981382 74d3bc5b26d0c6da3cef8506e56000b5
      Size/MD5 checksum:  3612158 f7565161666d9155be2dafd6a5066d7b
      Size/MD5 checksum:   917662 90b6acdf9fb6b104b4387b8489e3f14d

mipsel architecture (MIPS (Little Endian))

      Size/MD5 checksum:    97274 8932be2e001cab62cf2536b2ccc49160
      Size/MD5 checksum:   901536 a992d95b5fa5d61f51d0bf80f9708b01
      Size/MD5 checksum:   223648 a9200d880d63ac9f11e4e5142da504c3
      Size/MD5 checksum:    70434 c116043e0d1b3ca1aed17fab4e8b7074
      Size/MD5 checksum:  7391960 29f18c6167a22dddbf66dd734e763d7b
      Size/MD5 checksum:   379632 235a73f45e044901c03c9a0ba5bfd3ff
      Size/MD5 checksum:   145568 e15bbc03233b75b85120113551314247
      Size/MD5 checksum: 50093512 f8b364eb399f9e3fa0dd700403fe7e27
      Size/MD5 checksum:  3313754 568d31e6a1c83803f91ab8e7f8b21469

powerpc architecture (PowerPC)

      Size/MD5 checksum:    95296 1f03682ec71fcc352a5f8c48647a451d
      Size/MD5 checksum:    73584 06a80a5c288d5342a48655795849e0e6
      Size/MD5 checksum:   888614 068e2fd4f17719fd9c3774f85737f3da
      Size/MD5 checksum:   152724 cfbb558bb75ed6615972c784acbb677d
      Size/MD5 checksum: 51526180 998b07a9dd6944ac545a4b8f8244c309
      Size/MD5 checksum:   223660 3fe5463aa6eff01330ee13ced216d9d0
      Size/MD5 checksum:   363274 0f80c4936242ccb79f2974be9b689bba
      Size/MD5 checksum:  3288188 3858b9e6e97cf9b549acdb425d94b538
      Size/MD5 checksum:  7292448 b3a02b207d499a2909177e7dc629b8d6

s390 architecture (IBM S/390)

      Size/MD5 checksum:   223456 c0552ce6b2d73639db458f2739f4583b
      Size/MD5 checksum:   909980 04e9a175fae9182dae6ed3f7a71fe44e
      Size/MD5 checksum:    73756 357e968a6a23757c80d6eea737f76cbc
      Size/MD5 checksum:  8433674 a64377c8a4741bd8761d61999c427c7a
      Size/MD5 checksum:   105980 089cac8b869c1a02db977eb919f919a3
      Size/MD5 checksum: 51298252 af8eabc6439a5e4086ecdcd0412d3322
      Size/MD5 checksum:   407998 0028994a489adeea5e48192b8a6ae91f
      Size/MD5 checksum:   155662 08437d3d7bad0a64625ffb7552e6fe44
      Size/MD5 checksum:  3612610 62f361699599d1200db324a9144d2877

sparc architecture (Sun SPARC/UltraSPARC)

      Size/MD5 checksum:   223486 37a29eaab1a2c534f5dc62f44b0a4236
      Size/MD5 checksum:   144326 20c0f34db6494765a13656eac739619c
      Size/MD5 checksum:  3587652 e3d2bc88b9050c27c8bf0399a6f52dbe
      Size/MD5 checksum:   822702 625feb71bd53859a40d0b4f75dce9292
      Size/MD5 checksum:   350920 668c1ccfd704b50e327857bc27086810
      Size/MD5 checksum: 49490890 71a88412f9ba2817e5d6a405162a378d
      Size/MD5 checksum:    70432 458f8b7f98a0d4cac45161c65d40a8b0
      Size/MD5 checksum:  7185870 c8ad3b10261488a4026c54128154d726
      Size/MD5 checksum:    84790 b9d86d92952c65d8a8249f39a3c6af41


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp:  dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show ' and http://packages.debian.org/