Debian Bug report logs -
#379050
CVE-2006-3731: crash after upload with ENCTYPE="multipart/form-data" and reload
Reported by: Stefan Fritsch <sf@sfritsch.de>
Date: Thu, 20 Jul 2006 20:03:05 UTC
Severity: normal
Tags: security
Found in version 1.5.dfsg+1.5.0.4-3
Fixed in versions 1.5.dfsg+1.5.0.6-1, 1.5.dfsg+1.5.0.5-1
Done: Mike Hommey <mh@glandium.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded to debian-bugs-dist@lists.debian.org, Debian Security Team <team@security.debian.org>, Mike Hommey <glandium@debian.org>:
Bug#379050; Package mozilla-livehttpheaders.
(full text, mbox, link).
Acknowledgement sent to Stefan Fritsch <sf@sfritsch.de>:
New Bug report received and forwarded. Copy sent to Debian Security Team <team@security.debian.org>, Mike Hommey <glandium@debian.org>.
(full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: mozilla-livehttpheaders
Severity: normal
Tags: security
See
http://www.securityfocus.com/archive/1/archive/1/440119/100/100/threaded
and
http://www.securityfocus.com/archive/1/archive/1/440506/100/0/threaded
firefox with livehttpheaders crashes when hitting reload after
sucessful upload with ENCTYPE="multipart/form-data".
test page: http://www.sfritsch.de/~stf/CVE-2006-3731.html
Information forwarded to debian-bugs-dist@lists.debian.org, Mike Hommey <glandium@debian.org>:
Bug#379050; Package mozilla-livehttpheaders.
(full text, mbox, link).
Acknowledgement sent to Mike Hommey <mh@glandium.org>:
Extra info received and forwarded to list. Copy sent to Mike Hommey <glandium@debian.org>.
(full text, mbox, link).
Message #10 received at 379050@bugs.debian.org (full text, mbox, reply):
reassign 379050 firefox
tag 379050 unreproducible
thanks
On Thu, Jul 20, 2006 at 09:49:21PM +0200, Stefan Fritsch <sf@sfritsch.de> wrote:
> Package: mozilla-livehttpheaders
> Severity: normal
> Tags: security
>
> See
> http://www.securityfocus.com/archive/1/archive/1/440119/100/100/threaded
> and
> http://www.securityfocus.com/archive/1/archive/1/440506/100/0/threaded
>
> firefox with livehttpheaders crashes when hitting reload after
> sucessful upload with ENCTYPE="multipart/form-data".
>
> test page: http://www.sfritsch.de/~stf/CVE-2006-3731.html
I fail to crash firefox. None of the versions of firefox in testing,
unstable or experimental crash.
And if it were to crash, that would still be a bug in firefox. Thus I'm
reassigning. If someone can reproduce the problem, please say so.
Thanks
Mike
Information forwarded to debian-bugs-dist@lists.debian.org, Mike Hommey <glandium@debian.org>:
Bug#379050; Package mozilla-livehttpheaders.
(full text, mbox, link).
Acknowledgement sent to Stefan Fritsch <sf@sfritsch.de>:
Extra info received and forwarded to list. Copy sent to Mike Hommey <glandium@debian.org>.
(full text, mbox, link).
Message #15 received at 379050@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
package firefox
found 379050 1.5.dfsg+1.5.0.4-3
tags 379050 - unreproducible
close 379050 1.5.dfsg+1.5.0.6-1
thanks
> On Thu, Jul 20, 2006 at 09:49:21PM +0200, Stefan Fritsch
<sf@sfritsch.de> wrote:
> > firefox with livehttpheaders crashes when hitting reload after
> > sucessful upload with ENCTYPE="multipart/form-data".
> >
> > test page: http://www.sfritsch.de/~stf/CVE-2006-3731.html
>
> I fail to crash firefox. None of the versions of firefox in
> testing, unstable or experimental crash.
>
> And if it were to crash, that would still be a bug in firefox. Thus
> I'm reassigning. If someone can reproduce the problem, please say
> so.
I could crash firefox when I filed the bug, but not anymore. Must have
been fixed in 1.5.0.5 or 1.5.0.6.
Cheers,
Stefan
[Message part 2 (application/pgp-signature, inline)]
Tags added: unreproducible
Request was from Mike Hommey <mh@glandium.org>
to control@bugs.debian.org.
(full text, mbox, link).
Bug marked as found in version 1.5.dfsg+1.5.0.4-3.
Request was from Stefan Fritsch <sf@sfritsch.de>
to control@bugs.debian.org.
(full text, mbox, link).
Tags removed: unreproducible
Request was from Stefan Fritsch <sf@sfritsch.de>
to control@bugs.debian.org.
(full text, mbox, link).
Bug marked as fixed in version 1.5.dfsg+1.5.0.6-1, send any further explanations to Stefan Fritsch <sf@sfritsch.de>
Request was from Stefan Fritsch <sf@sfritsch.de>
to control@bugs.debian.org.
(full text, mbox, link).
Information forwarded to debian-bugs-dist@lists.debian.org, Eric Dorland <eric@debian.org>:
Bug#379050; Package firefox.
(full text, mbox, link).
Acknowledgement sent to Mike Hommey <mh@glandium.org>:
Extra info received and forwarded to list. Copy sent to Eric Dorland <eric@debian.org>.
(full text, mbox, link).
Message #30 received at 379050@bugs.debian.org (full text, mbox, reply):
close 379050 1.5.dfsg+1.5.0.5-1
thanks
On Mon, Aug 21, 2006 at 09:40:38PM +0200, Stefan Fritsch <sf@sfritsch.de> wrote:
> package firefox
> found 379050 1.5.dfsg+1.5.0.4-3
> tags 379050 - unreproducible
> close 379050 1.5.dfsg+1.5.0.6-1
> thanks
>
> > On Thu, Jul 20, 2006 at 09:49:21PM +0200, Stefan Fritsch
> <sf@sfritsch.de> wrote:
> > > firefox with livehttpheaders crashes when hitting reload after
> > > sucessful upload with ENCTYPE="multipart/form-data".
> > >
> > > test page: http://www.sfritsch.de/~stf/CVE-2006-3731.html
> >
> > I fail to crash firefox. None of the versions of firefox in
> > testing, unstable or experimental crash.
> >
> > And if it were to crash, that would still be a bug in firefox. Thus
> > I'm reassigning. If someone can reproduce the problem, please say
> > so.
>
> I could crash firefox when I filed the bug, but not anymore. Must have
> been fixed in 1.5.0.5 or 1.5.0.6.
Most likely 1.5.0.5 seeing the changes between the two... but i can't
even reproduce it on 1.5.0.4 from testing...
Thanks for the feedback.
Mike
Information forwarded to debian-bugs-dist@lists.debian.org, Eric Dorland <eric@debian.org>:
Bug#379050; Package firefox.
(full text, mbox, link).
Acknowledgement sent to Stefan Fritsch <sf@sfritsch.de>:
Extra info received and forwarded to list. Copy sent to Eric Dorland <eric@debian.org>.
(full text, mbox, link).
Message #35 received at 379050@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
> > I could crash firefox when I filed the bug, but not anymore. Must
> > have been fixed in 1.5.0.5 or 1.5.0.6.
>
> Most likely 1.5.0.5 seeing the changes between the two... but i
> can't even reproduce it on 1.5.0.4 from testing...
Strange.
Aptitude's log says that I had 1.5.dfsg+1.5.0.4-2 installed at the
time I checked. Testing has 1.5.dfsg+1.5.0.4-1. Maybe it was
introduced with 1.5.dfsg+1.5.0.4-2 ?
Cheers,
Stefan
[Message part 2 (application/pgp-signature, inline)]
Bug marked as fixed in version 1.5.dfsg+1.5.0.5-1, send any further explanations to Stefan Fritsch <sf@sfritsch.de>
Request was from Mike Hommey <mh@glandium.org>
to control@bugs.debian.org.
(full text, mbox, link).
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Mon, 25 Jun 2007 19:33:17 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 14:45:02 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon