lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1O4IZA-0002Pd-De@titan.mandriva.com>
Date: Tue, 20 Apr 2010 20:53:00 +0200
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2010:070-1 ] firefox


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                       MDVSA-2010:070-1
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : firefox
 Date    : April 20, 2010
 Affected: 2009.0
 _______________________________________________________________________

 Problem Description:

 Security issues were identified and fixed in firefox:
 
 Security researcher regenrecht reported (via TippingPoint's Zero Day
 Initiative) a potential reuse of a deleted image frame in Firefox 3.6's
 handling of multipart/x-mixed-replace images. Although no exploit was
 shown, re-use of freed memory has led to exploitable vulnerabilities
 in the past (CVE-2010-0164).
 
 Mozilla developers identified and fixed several stability bugs in the
 browser engine used in Firefox and other Mozilla-based products. Some
 of these crashes showed evidence of memory corruption under certain
 circumstances and we presume that with enough effort at least some
 of these could be exploited to run arbitrary code (CVE-2010-0165,
 CVE-2010-0167).
 
 Mozilla developer Josh Soref of Nokia reported that documents
 failed to call certain security checks when attempting to preload
 images. Although the image content is not available to the page, it
 is possible to specify protocols that are normally not allowed in a
 web page such as file:. This includes internal schemes implemented
 by add-ons that might perform privileged actions resulting in
 something like a Cross-Site Request Forgery (CSRF) attack against
 the add-on. Potential severity would depend on the add-ons installed
 (CVE-2010-0168).
 
 Mozilla developer Blake Kaplan reported that the window.location object
 was made a normal overridable JavaScript object in the Firefox 3.6
 browser engine (Gecko 1.9.2) because new mechanisms were developed
 to enforce the same-origin policy between windows and frames. This
 object is unfortunately also used by some plugins to determine the page
 origin used for access restrictions. A malicious page could override
 this object to fool a plugin into granting access to data on another
 site or the local file system. The behavior of older Firefox versions
 has been restored (CVE-2010-0170).
 
 Mozilla developer Justin Dolske reported that the new asynchronous
 Authorization Prompt (HTTP username and password) was not always
 attached to the correct window. Although we have not demonstrated
 this, it may be possible for a malicious page to convince a user
 to open a new tab or popup to a trusted service and then have the
 HTTP authorization prompt from the malicious page appear to be the
 login prompt for the trusted page. This potential attack is greatly
 mitigated by the fact that very few web sites use HTTP authorization,
 preferring instead to use web forms and cookies (CVE-2010-0172).
 
 Unspecified vulnerability in Mozilla Firefox 3.5.x through 3.5.8 allows
 remote attackers to cause a denial of service (memory corruption and
 application crash) and possibly have unknown other impact via vectors
 that might involve compressed data, a different vulnerability than
 CVE-2010-1028 (CVE-2010-1122).
 
 Mozilla developers identified and fixed several stability bugs in the
 browser engine used in Firefox and other Mozilla-based products. Some
 of these crashes showed evidence of memory corruption under certain
 circumstances, and we presume that with enough effort at least some
 of these could be exploited to run arbitrary code (CVE-2010-0173,
 CVE-2010-0174)
 
 Security researcher regenrecht reported via TippingPoint's Zero Day
 Initiative that a select event handler for XUL tree items could be
 called after the tree item was deleted. This results in the execution
 of previously freed memory which an attacker could use to crash a
 victim's browser and run arbitrary code on the victim's computer
 (CVE-2010-0175).
 
 Security researcher regenrecht reported via TippingPoint's Zero Day
 Initiative an error in the way <option> elements are inserted into
 a XUL tree <optgroup>. In certain cases, the number of references
 to an <option> element is under-counted so that when the element is
 deleted, a live pointer to its old location is kept around and may
 later be used. An attacker could potentially use these conditions to
 run arbitrary code on a victim's computer (CVE-2010-0176).
 
 Security researcher regenrecht reported via TippingPoint's
 Zero Day Initiative an error in the implementation of the
 window.navigator.plugins object. When a page reloads, the plugins array
 would reallocate all of its members without checking for existing
 references to each member. This could result in the deletion of
 objects for which valid pointers still exist. An attacker could use
 this vulnerability to crash a victim's browser and run arbitrary code
 on the victim's machine (CVE-2010-0177).
 
 Security researcher Paul Stone reported that a browser applet could
 be used to turn a simple mouse click into a drag-and-drop action,
 potentially resulting in the unintended loading of resources in a
 user's browser. This behavior could be used twice in succession to
 first load a privileged chrome: URL in a victim's browser, then load
 a malicious javascript: URL on top of the same document resulting in
 arbitrary script execution with chrome privileges (CVE-2010-0178).
 
 Mozilla security researcher moz_bug_r_a4 reported that the
 XMLHttpRequestSpy module in the Firebug add-on was exposing
 an underlying chrome privilege escalation vulnerability. When
 the XMLHttpRequestSpy object was created, it would attach various
 properties of itself to objects defined in web content, which were not
 being properly wrapped to prevent their exposure to chrome privileged
 objects. This could result in an attacker running arbitrary JavaScript
 on a victim's machine, though it required the victim to have Firebug
 installed, so the overall severity of the issue was determined to be
 High (CVE-2010-0179).
 
 phpBB developer Henry Sudhof reported that when an image tag points to
 a resource that redirects to a mailto: URL, the external mail handler
 application is launched. This issue poses no security threat to users
 but could create an annoyance when browsing a site that allows users
 to post arbitrary images (CVE-2010-0181).
 
 Mozilla community member Wladimir Palant reported that XML documents
 were failing to call certain security checks when loading new
 content. This could result in certain resources being loaded that
 would otherwise violate security policies set by the browser or
 installed add-ons (CVE-2010-0182).
 
 Note that to benefit from the fix for CVE-2009-3555 added
 in nss-3.12.6, Firefox 3.6 users will need to set their
 security.ssl.require_safe_negotiation preference to true. In Mandriva
 the default setting is false due to problems with some common sites.
 
 Since firefox-3.0.19 is the last 3.0.x release Mandriva
 opted to provide the latest 3.6.3 version for Mandriva Linux
 2008.0/2009.0/2009.1/MES5/2010.0.
 
 Packages for 2008.0 and 2009.0 are provided due to the Extended
 Maintenance Program for those products.
 
 Additionally, some packages which require so, have been rebuilt and
 are being provided as updates.

 Update:

 Packages for 2009.0 are provided due to the Extended Maintenance
 Program.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0164
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0165
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0167
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0168
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0170
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0172
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1122
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0173
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0174
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0175
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0176
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0177
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0178
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0179
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0181
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0182
 http://www.mozilla.org/security/known-vulnerabilities/firefox36.html#firefox3.6.3
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2009.0:
 c010232ec13300d13a09321fd53ab206  2009.0/i586/beagle-0.3.8-13.19mdv2009.0.i586.rpm
 266c876250ff5406a82d0215596c4d13  2009.0/i586/beagle-crawl-system-0.3.8-13.19mdv2009.0.i586.rpm
 c6d7e2452846fecfc6b3a071c5b22ce7  2009.0/i586/beagle-doc-0.3.8-13.19mdv2009.0.i586.rpm
 152b2987738620c04d985efc70f93deb  2009.0/i586/beagle-epiphany-0.3.8-13.19mdv2009.0.i586.rpm
 4d90e5e91d6fb74d1226d72aaa3d5c82  2009.0/i586/beagle-evolution-0.3.8-13.19mdv2009.0.i586.rpm
 c0364126890604b6767052aae75c6e33  2009.0/i586/beagle-gui-0.3.8-13.19mdv2009.0.i586.rpm
 570b286a25c85fa69457cbfb9b92c3a4  2009.0/i586/beagle-gui-qt-0.3.8-13.19mdv2009.0.i586.rpm
 0cf57200876cd2d2396746139763e25f  2009.0/i586/beagle-libs-0.3.8-13.19mdv2009.0.i586.rpm
 3171b8cbd0d1686c02a25dc6dfe73449  2009.0/i586/devhelp-0.21-3.13mdv2009.0.i586.rpm
 2762fd987c8b7c858032db59e9650038  2009.0/i586/devhelp-plugins-0.21-3.13mdv2009.0.i586.rpm
 1dc367c339853a8394fb0a8dd7defd3d  2009.0/i586/epiphany-2.24.3-0.1mdv2009.0.i586.rpm
 a79b5b45d9a2115822b161b8b4fa8b0e  2009.0/i586/epiphany-devel-2.24.3-0.1mdv2009.0.i586.rpm
 9ba9059fddf3e3dc91a7fd1edcc3c93e  2009.0/i586/firefox-3.6.3-0.2mdv2009.0.i586.rpm
 a9784b1c11867fcb022bcb61f091a39e  2009.0/i586/firefox-af-3.6.3-0.1mdv2009.0.i586.rpm
 6719a68cd54602337185026bfa075fb0  2009.0/i586/firefox-ar-3.6.3-0.1mdv2009.0.i586.rpm
 e7c8e52c44198f50b5e4d9b7ba332eca  2009.0/i586/firefox-be-3.6.3-0.1mdv2009.0.i586.rpm
 a0acbf770a2252fe68d225216fcde862  2009.0/i586/firefox-bg-3.6.3-0.1mdv2009.0.i586.rpm
 03579a6cd3378c1f5a589e92c4590cfb  2009.0/i586/firefox-bn-3.6.3-0.1mdv2009.0.i586.rpm
 3bb4310f4e7eaf367130e6b9ed21e481  2009.0/i586/firefox-ca-3.6.3-0.1mdv2009.0.i586.rpm
 c1d8fbe3d2760a9ecccc72249255991e  2009.0/i586/firefox-cs-3.6.3-0.1mdv2009.0.i586.rpm
 966cde689e1858e00a6088c25cb737aa  2009.0/i586/firefox-cy-3.6.3-0.1mdv2009.0.i586.rpm
 a8bb0f98e29f08d08d09c73525d7f0fe  2009.0/i586/firefox-da-3.6.3-0.1mdv2009.0.i586.rpm
 e8bd212e342aaf67410a317bdef90f96  2009.0/i586/firefox-de-3.6.3-0.1mdv2009.0.i586.rpm
 9ba8957caff7d084c9b768393dd9ad8f  2009.0/i586/firefox-devel-3.6.3-0.2mdv2009.0.i586.rpm
 8b203803d02699cfd97a27ddfe4a5cc2  2009.0/i586/firefox-el-3.6.3-0.1mdv2009.0.i586.rpm
 3977a8351e3561623eb40a530e0c330e  2009.0/i586/firefox-en_GB-3.6.3-0.1mdv2009.0.i586.rpm
 62ea90acb1dd64bd17b4ea468a20edcd  2009.0/i586/firefox-eo-3.6.3-0.1mdv2009.0.i586.rpm
 c064df467bb014f83feca1de548fdadc  2009.0/i586/firefox-es_AR-3.6.3-0.1mdv2009.0.i586.rpm
 ab5c67b3a161aa885b65eae4d1ffdc86  2009.0/i586/firefox-es_ES-3.6.3-0.1mdv2009.0.i586.rpm
 c64c95501b1e995e14e0c405385eee54  2009.0/i586/firefox-et-3.6.3-0.1mdv2009.0.i586.rpm
 47021232cbf2a6a11645de96d8319d03  2009.0/i586/firefox-eu-3.6.3-0.1mdv2009.0.i586.rpm
 c404b6038d61ffd47f5468fff769c6b6  2009.0/i586/firefox-ext-beagle-0.3.8-13.19mdv2009.0.i586.rpm
 a419c35964176a21dbd2d5e8b895cfa8  2009.0/i586/firefox-ext-blogrovr-1.1.804-0.1mdv2009.0.i586.rpm
 176a42a89e23a62dddfea862719c76c8  2009.0/i586/firefox-ext-mozvoikko-1.0-0.1mdv2009.0.i586.rpm
 080765d3d288e772bbb3ea15125c8f38  2009.0/i586/firefox-ext-scribefire-3.5.1-0.1mdv2009.0.i586.rpm
 c7bbb49b1b42dd4947a721338971146a  2009.0/i586/firefox-ext-xmarks-3.5.10-0.1mdv2009.0.i586.rpm
 445acb52bc111620104bf8cf5a55be94  2009.0/i586/firefox-fi-3.6.3-0.1mdv2009.0.i586.rpm
 e84c0560240d616fc243893b49628884  2009.0/i586/firefox-fr-3.6.3-0.1mdv2009.0.i586.rpm
 c2efcf63fcb58df1cb6b60a902117490  2009.0/i586/firefox-fy-3.6.3-0.1mdv2009.0.i586.rpm
 ece53c927f1ef6c83b9eb42cc840aac6  2009.0/i586/firefox-ga_IE-3.6.3-0.1mdv2009.0.i586.rpm
 ef915a175c190717992af7ff7f270683  2009.0/i586/firefox-gl-3.6.3-0.1mdv2009.0.i586.rpm
 7436d05728b9dbaabd49cbfb821339b3  2009.0/i586/firefox-gu_IN-3.6.3-0.1mdv2009.0.i586.rpm
 c0be81db6c415fa67b7e5375767e0a1c  2009.0/i586/firefox-he-3.6.3-0.1mdv2009.0.i586.rpm
 4f6eb984905f583e3f4f7e350a5ad560  2009.0/i586/firefox-hi-3.6.3-0.1mdv2009.0.i586.rpm
 cd57cd4f55a2e7303c1995d26addf862  2009.0/i586/firefox-hu-3.6.3-0.1mdv2009.0.i586.rpm
 89f13bdc12a9c3212a873f0df61a253f  2009.0/i586/firefox-id-3.6.3-0.1mdv2009.0.i586.rpm
 3e0053f19d1d17bea8a740f70ff9801e  2009.0/i586/firefox-is-3.6.3-0.1mdv2009.0.i586.rpm
 74f43311f53fc13e4dda057995f8ad67  2009.0/i586/firefox-it-3.6.3-0.1mdv2009.0.i586.rpm
 b3b17965b3e9a4559722a68a3e9af618  2009.0/i586/firefox-ja-3.6.3-0.1mdv2009.0.i586.rpm
 6e45f809bdb6ea515669b8155bbcdf15  2009.0/i586/firefox-kn-3.6.3-0.1mdv2009.0.i586.rpm
 e05d70fad3858edcbf917508f421443e  2009.0/i586/firefox-ko-3.6.3-0.1mdv2009.0.i586.rpm
 6a4733f07a757012738a920d31fb9e6a  2009.0/i586/firefox-lt-3.6.3-0.1mdv2009.0.i586.rpm
 9d5d79c9ea3dcb87396ba5d6654dc20b  2009.0/i586/firefox-lv-3.6.3-0.1mdv2009.0.i586.rpm
 074a46d8f2cb3fc370fda83ab1d9f279  2009.0/i586/firefox-mk-3.6.3-0.1mdv2009.0.i586.rpm
 40377c79638b0ecf7d7647209a22ca8c  2009.0/i586/firefox-mr-3.6.3-0.1mdv2009.0.i586.rpm
 80ad0cdbeb4e8645cec5978e2c8ea52a  2009.0/i586/firefox-nb_NO-3.6.3-0.1mdv2009.0.i586.rpm
 d08440a3c934bce4a41ebd17e1e08798  2009.0/i586/firefox-nl-3.6.3-0.1mdv2009.0.i586.rpm
 bf64bafaf9838e2506dc3d267665006a  2009.0/i586/firefox-nn_NO-3.6.3-0.1mdv2009.0.i586.rpm
 814433a4668a173843d9bbb3c4d207a0  2009.0/i586/firefox-pa_IN-3.6.3-0.1mdv2009.0.i586.rpm
 ce53ddfa3b7ec301c074b533ac6a57d1  2009.0/i586/firefox-pl-3.6.3-0.1mdv2009.0.i586.rpm
 87a3ffe46281fdae60d2f86016105895  2009.0/i586/firefox-pt_BR-3.6.3-0.1mdv2009.0.i586.rpm
 368eea6749c8064a42c525341e170ffa  2009.0/i586/firefox-pt_PT-3.6.3-0.1mdv2009.0.i586.rpm
 ee1e0c5fd5ab246c32e46c5f581486cf  2009.0/i586/firefox-ro-3.6.3-0.1mdv2009.0.i586.rpm
 cfd8897583871005116db79831cc6270  2009.0/i586/firefox-ru-3.6.3-0.1mdv2009.0.i586.rpm
 46d633f669aa0654a2cacbfabf0b4258  2009.0/i586/firefox-si-3.6.3-0.1mdv2009.0.i586.rpm
 27f71e05393a0f87e488315b1639ace4  2009.0/i586/firefox-sk-3.6.3-0.1mdv2009.0.i586.rpm
 d0d8adf3a4fe7abb2ca0ec508fccc1fb  2009.0/i586/firefox-sl-3.6.3-0.1mdv2009.0.i586.rpm
 35a1dc6e50a902f548dc2a8e51156c88  2009.0/i586/firefox-sq-3.6.3-0.1mdv2009.0.i586.rpm
 b82061ef747654762ea1a3e9fa2c604d  2009.0/i586/firefox-sv_SE-3.6.3-0.1mdv2009.0.i586.rpm
 d338d6fd68fe6b949f5dc7d5be57d729  2009.0/i586/firefox-te-3.6.3-0.1mdv2009.0.i586.rpm
 8e6f2a4f31ae192ccf9fabee3b3ab9e0  2009.0/i586/firefox-th-3.6.3-0.1mdv2009.0.i586.rpm
 b443fb3b6d4b8c275412c5a5d2f60347  2009.0/i586/firefox-theme-kfirefox-0.16-0.1mdv2009.0.i586.rpm
 324030a99e7b8d9df3d52f296c75b7a1  2009.0/i586/firefox-tr-3.6.3-0.1mdv2009.0.i586.rpm
 5db53d4a190bcc3b959e00a1a5012c93  2009.0/i586/firefox-uk-3.6.3-0.1mdv2009.0.i586.rpm
 f65b52812827e96ebb2a7c47cd349712  2009.0/i586/firefox-zh_CN-3.6.3-0.1mdv2009.0.i586.rpm
 f7f66d69e2f941d581306082681bf98d  2009.0/i586/firefox-zh_TW-3.6.3-0.1mdv2009.0.i586.rpm
 458df4a0f9d8ae560671983222f23d4d  2009.0/i586/gnome-python-extras-2.19.1-20.13mdv2009.0.i586.rpm
 59eb47cafbc3cc338082685c10b14b78  2009.0/i586/gnome-python-gda-2.19.1-20.13mdv2009.0.i586.rpm
 3579aa43a44ba292a33377af8dcc0392  2009.0/i586/gnome-python-gda-devel-2.19.1-20.13mdv2009.0.i586.rpm
 090322c61ce38ee4b93a7c3cd8a881f6  2009.0/i586/gnome-python-gdl-2.19.1-20.13mdv2009.0.i586.rpm
 57fab596462f37dc9375982ada297bf1  2009.0/i586/gnome-python-gtkhtml2-2.19.1-20.13mdv2009.0.i586.rpm
 a0dfb244f3bb0192001f4cc6014c8d94  2009.0/i586/gnome-python-gtkmozembed-2.19.1-20.13mdv2009.0.i586.rpm
 211f52f9c377a5bbb9508e5ec9d6bdb7  2009.0/i586/gnome-python-gtkspell-2.19.1-20.13mdv2009.0.i586.rpm
 502c81f17f95f03850e31f58c0860637  2009.0/i586/lemon-3.6.23.1-0.1mdv2009.0.i586.rpm
 b6badf6dc890e49d79af18f041644fbd  2009.0/i586/libdevhelp-1_0-0.21-3.13mdv2009.0.i586.rpm
 dd8f5a416ec4020b90cf6a5f264b4ca0  2009.0/i586/libdevhelp-1-devel-0.21-3.13mdv2009.0.i586.rpm
 81b38c87d799fd04838a4ec0f317e4c9  2009.0/i586/libsqlite3_0-3.6.23.1-0.1mdv2009.0.i586.rpm
 4ee9df528f54ea410410ea7890886523  2009.0/i586/libsqlite3-devel-3.6.23.1-0.1mdv2009.0.i586.rpm
 7c7470631b02f710b9813eefd9e8b959  2009.0/i586/libsqlite3-static-devel-3.6.23.1-0.1mdv2009.0.i586.rpm
 c0a9909050a21de8be5eee71f5dc0e4d  2009.0/i586/libxulrunner1.9.2.3-1.9.2.3-0.2mdv2009.0.i586.rpm
 5c7e2efba88646c6ee2f51523a767e96  2009.0/i586/libxulrunner-devel-1.9.2.3-0.2mdv2009.0.i586.rpm
 207532513315297ab2cf0713e5418699  2009.0/i586/mozilla-thunderbird-beagle-0.3.8-13.19mdv2009.0.i586.rpm
 24075185dd34f652d67ce35a949d2ec7  2009.0/i586/sqlite3-tools-3.6.23.1-0.1mdv2009.0.i586.rpm
 aa658e51a250c9e6c07c235c63cc28f3  2009.0/i586/tcl-sqlite3-3.6.23.1-0.1mdv2009.0.i586.rpm
 a9b44e66baccec725e9e88b466bf437d  2009.0/i586/xulrunner-1.9.2.3-0.2mdv2009.0.i586.rpm
 80034d32b295a0aa28144bbf298a95c6  2009.0/i586/yelp-2.24.0-3.13mdv2009.0.i586.rpm 
 be1deab60f8a725f6b8bfbdb8a238599  2009.0/SRPMS/beagle-0.3.8-13.19mdv2009.0.src.rpm
 958d586e0f51b3eb27c2f8f52e7829db  2009.0/SRPMS/devhelp-0.21-3.13mdv2009.0.src.rpm
 4792b42cbf525647004d34d274d6682d  2009.0/SRPMS/epiphany-2.24.3-0.1mdv2009.0.src.rpm
 7e6b40730ae28d3084d6177fb3403037  2009.0/SRPMS/firefox-3.6.3-0.2mdv2009.0.src.rpm
 4c7598ff3fa6a31f94e709d181ca2f09  2009.0/SRPMS/firefox-ext-blogrovr-1.1.804-0.1mdv2009.0.src.rpm
 025b7f312ccccfd2067f120a810a919a  2009.0/SRPMS/firefox-ext-mozvoikko-1.0-0.1mdv2009.0.src.rpm
 8918fef155fcc90af164c9150baeaaa5  2009.0/SRPMS/firefox-ext-scribefire-3.5.1-0.1mdv2009.0.src.rpm
 227410c21b1116934dd9ea09294625ca  2009.0/SRPMS/firefox-ext-xmarks-3.5.10-0.1mdv2009.0.src.rpm
 07425c1f47917b38e1d0234885e1965f  2009.0/SRPMS/firefox-l10n-3.6.3-0.1mdv2009.0.src.rpm
 3d37604eec701b6cf4af3d1838e909f3  2009.0/SRPMS/firefox-theme-kfirefox-0.16-0.1mdv2009.0.src.rpm
 c7182e1d6cf288efab29adfda90e96f3  2009.0/SRPMS/gnome-python-extras-2.19.1-20.13mdv2009.0.src.rpm
 e6ea77abf2cedcbbfeb7800a35c2caf3  2009.0/SRPMS/sqlite3-3.6.23.1-0.1mdv2009.0.src.rpm
 86f62d2fb87e6ac0839ad62d76528e66  2009.0/SRPMS/xulrunner-1.9.2.3-0.2mdv2009.0.src.rpm
 1b06f8c1ef094dc481bad8e0f43223e6  2009.0/SRPMS/yelp-2.24.0-3.13mdv2009.0.src.rpm

 Mandriva Linux 2009.0/X86_64:
 4030cd99306a14ef5af556b69e810730  2009.0/x86_64/beagle-0.3.8-13.19mdv2009.0.x86_64.rpm
 ff8b44286445fe6c26fbbd233898843f  2009.0/x86_64/beagle-crawl-system-0.3.8-13.19mdv2009.0.x86_64.rpm
 803653b787f41199cb7e0e46be67dbea  2009.0/x86_64/beagle-doc-0.3.8-13.19mdv2009.0.x86_64.rpm
 7195749c6fad30582e2138ec83cd6257  2009.0/x86_64/beagle-epiphany-0.3.8-13.19mdv2009.0.x86_64.rpm
 1af4bd833fa9ca010e41131f838cbbfa  2009.0/x86_64/beagle-evolution-0.3.8-13.19mdv2009.0.x86_64.rpm
 eeb48bc921e2e3091203a18e31e0113d  2009.0/x86_64/beagle-gui-0.3.8-13.19mdv2009.0.x86_64.rpm
 c87ca77b25493fbf5e032b082ae52034  2009.0/x86_64/beagle-gui-qt-0.3.8-13.19mdv2009.0.x86_64.rpm
 861e1e257a359f1c59e5e26368f5139c  2009.0/x86_64/beagle-libs-0.3.8-13.19mdv2009.0.x86_64.rpm
 69d73c982942378a21ee3e98889a0ed5  2009.0/x86_64/devhelp-0.21-3.13mdv2009.0.x86_64.rpm
 a7d732cc0da6c950ef585a85046ed743  2009.0/x86_64/devhelp-plugins-0.21-3.13mdv2009.0.x86_64.rpm
 2d191ac392466c3477c7875e34a9f2da  2009.0/x86_64/epiphany-2.24.3-0.1mdv2009.0.x86_64.rpm
 a6c7a8ca3bcf34e9f3833e6a8b91e3b1  2009.0/x86_64/epiphany-devel-2.24.3-0.1mdv2009.0.x86_64.rpm
 d0e7e3245fa77b5ef8960a79ce21bb06  2009.0/x86_64/firefox-3.6.3-0.2mdv2009.0.x86_64.rpm
 63e520ba7588c1a239f52650a409abe3  2009.0/x86_64/firefox-af-3.6.3-0.1mdv2009.0.x86_64.rpm
 0a0514ae5279278dd543d8e9d5a74ea6  2009.0/x86_64/firefox-ar-3.6.3-0.1mdv2009.0.x86_64.rpm
 b046e1f2e21cfcc0dafcf2d1f2147e8d  2009.0/x86_64/firefox-be-3.6.3-0.1mdv2009.0.x86_64.rpm
 5b3934364b8700447e9d9535e250bd8f  2009.0/x86_64/firefox-bg-3.6.3-0.1mdv2009.0.x86_64.rpm
 6ddd1531777cf7ce67ea9716ba8cfddb  2009.0/x86_64/firefox-bn-3.6.3-0.1mdv2009.0.x86_64.rpm
 40fd81dd4a0149b65ae2966d22ea79cb  2009.0/x86_64/firefox-ca-3.6.3-0.1mdv2009.0.x86_64.rpm
 6dc1fa26932922f2e2fe3b7eafa96278  2009.0/x86_64/firefox-cs-3.6.3-0.1mdv2009.0.x86_64.rpm
 1c8d2e4d63dc840f5ff7336cf9a95f94  2009.0/x86_64/firefox-cy-3.6.3-0.1mdv2009.0.x86_64.rpm
 855f2c7dba3d39b2d18341e0e2b60142  2009.0/x86_64/firefox-da-3.6.3-0.1mdv2009.0.x86_64.rpm
 03a5d24dc0ac395cdb5863ad0d8a08a1  2009.0/x86_64/firefox-de-3.6.3-0.1mdv2009.0.x86_64.rpm
 e15eca0c2cf300641408dcae79dad35d  2009.0/x86_64/firefox-devel-3.6.3-0.2mdv2009.0.x86_64.rpm
 b873681e2b2bcf740ad1922d73c4fc3b  2009.0/x86_64/firefox-el-3.6.3-0.1mdv2009.0.x86_64.rpm
 255836fc16b38a3e9cff98fdec593d72  2009.0/x86_64/firefox-en_GB-3.6.3-0.1mdv2009.0.x86_64.rpm
 9d7f41999589a4ad2b9f3f302c2dadb1  2009.0/x86_64/firefox-eo-3.6.3-0.1mdv2009.0.x86_64.rpm
 34eb9899867ff82b381c0365e810734e  2009.0/x86_64/firefox-es_AR-3.6.3-0.1mdv2009.0.x86_64.rpm
 c04c9699007e522ecec8307222c30a02  2009.0/x86_64/firefox-es_ES-3.6.3-0.1mdv2009.0.x86_64.rpm
 062b0004b51f26ccce27a27653bb2bee  2009.0/x86_64/firefox-et-3.6.3-0.1mdv2009.0.x86_64.rpm
 fd7f4352375a80467def99dfba699e99  2009.0/x86_64/firefox-eu-3.6.3-0.1mdv2009.0.x86_64.rpm
 705f3472e2d3169ec363196510479912  2009.0/x86_64/firefox-ext-beagle-0.3.8-13.19mdv2009.0.x86_64.rpm
 1173a4b4fd3f38dd889af0d9ed59f6d1  2009.0/x86_64/firefox-ext-blogrovr-1.1.804-0.1mdv2009.0.x86_64.rpm
 41d89e33528a880294418ca6261ac2e7  2009.0/x86_64/firefox-ext-mozvoikko-1.0-0.1mdv2009.0.x86_64.rpm
 e6b4bbf44220b013c55cda04d1032b23  2009.0/x86_64/firefox-ext-scribefire-3.5.1-0.1mdv2009.0.x86_64.rpm
 38eff8b6559ebf17b31f4a55954efbf9  2009.0/x86_64/firefox-ext-xmarks-3.5.10-0.1mdv2009.0.x86_64.rpm
 b85b8ac568e02dec7e8b05b0de0ec9e9  2009.0/x86_64/firefox-fi-3.6.3-0.1mdv2009.0.x86_64.rpm
 5198ebe263a2800e0855b5ab1b5daeb9  2009.0/x86_64/firefox-fr-3.6.3-0.1mdv2009.0.x86_64.rpm
 05a37422c185c8b78a927b7046c2cad4  2009.0/x86_64/firefox-fy-3.6.3-0.1mdv2009.0.x86_64.rpm
 fb204ed00d4395e66642c2591e25d886  2009.0/x86_64/firefox-ga_IE-3.6.3-0.1mdv2009.0.x86_64.rpm
 7cde20e5c00181fce1c7ed0804c943fc  2009.0/x86_64/firefox-gl-3.6.3-0.1mdv2009.0.x86_64.rpm
 16d879121afa8fbb5e62fb79380a5c18  2009.0/x86_64/firefox-gu_IN-3.6.3-0.1mdv2009.0.x86_64.rpm
 931dadf42aeeeab516958a1ed007c6ef  2009.0/x86_64/firefox-he-3.6.3-0.1mdv2009.0.x86_64.rpm
 e9b6aa923e51c47616a8017637d5de35  2009.0/x86_64/firefox-hi-3.6.3-0.1mdv2009.0.x86_64.rpm
 6308d8595b6ecaeb1e21158ef6c68e88  2009.0/x86_64/firefox-hu-3.6.3-0.1mdv2009.0.x86_64.rpm
 1f3c56761fc6d167118da0e418b1963c  2009.0/x86_64/firefox-id-3.6.3-0.1mdv2009.0.x86_64.rpm
 b3f7f06b2dc1edca418d0d261f8baf82  2009.0/x86_64/firefox-is-3.6.3-0.1mdv2009.0.x86_64.rpm
 003945e3312360dc940af96f42d92fc7  2009.0/x86_64/firefox-it-3.6.3-0.1mdv2009.0.x86_64.rpm
 92c7a0e85cd1b95dd1d7d5955feac97f  2009.0/x86_64/firefox-ja-3.6.3-0.1mdv2009.0.x86_64.rpm
 197c6e8f4f1bdc3837695bdc041698be  2009.0/x86_64/firefox-kn-3.6.3-0.1mdv2009.0.x86_64.rpm
 119ed791ce67b84b07748ca2f0732b9c  2009.0/x86_64/firefox-ko-3.6.3-0.1mdv2009.0.x86_64.rpm
 b3ff00bb4864619033660a743012c463  2009.0/x86_64/firefox-lt-3.6.3-0.1mdv2009.0.x86_64.rpm
 29930fc9606f24675855adbc8b4b2b6a  2009.0/x86_64/firefox-lv-3.6.3-0.1mdv2009.0.x86_64.rpm
 082522a456ea74880c61bef4c2dcc4db  2009.0/x86_64/firefox-mk-3.6.3-0.1mdv2009.0.x86_64.rpm
 185f51ee26d47112b7d3a722623b1ad7  2009.0/x86_64/firefox-mr-3.6.3-0.1mdv2009.0.x86_64.rpm
 b9740341cfd4122dd60e6d5c9b127e61  2009.0/x86_64/firefox-nb_NO-3.6.3-0.1mdv2009.0.x86_64.rpm
 9624abaf7c0b8c2725c88628cbcb1c96  2009.0/x86_64/firefox-nl-3.6.3-0.1mdv2009.0.x86_64.rpm
 f1439430df34b78d5a0acb9b27577dda  2009.0/x86_64/firefox-nn_NO-3.6.3-0.1mdv2009.0.x86_64.rpm
 232d7f3748d59ff80a584096ec1f4187  2009.0/x86_64/firefox-pa_IN-3.6.3-0.1mdv2009.0.x86_64.rpm
 db9619c8da4b591aed632bbc253024a5  2009.0/x86_64/firefox-pl-3.6.3-0.1mdv2009.0.x86_64.rpm
 7a49d10b6dffc66c0339a2b289bffcf1  2009.0/x86_64/firefox-pt_BR-3.6.3-0.1mdv2009.0.x86_64.rpm
 b3095daf59caab458dcb66d44cf2715d  2009.0/x86_64/firefox-pt_PT-3.6.3-0.1mdv2009.0.x86_64.rpm
 ec2eb386bba46dfc82afc3b9a23c59dc  2009.0/x86_64/firefox-ro-3.6.3-0.1mdv2009.0.x86_64.rpm
 264e54e90afde4d91291f8e9513a35d0  2009.0/x86_64/firefox-ru-3.6.3-0.1mdv2009.0.x86_64.rpm
 d28cbbb51cd8af115d6aa19fdcbc667e  2009.0/x86_64/firefox-si-3.6.3-0.1mdv2009.0.x86_64.rpm
 e4a453357b85ffbc06a68272258d713b  2009.0/x86_64/firefox-sk-3.6.3-0.1mdv2009.0.x86_64.rpm
 0a5ee1c5390c9ad8219264124c740932  2009.0/x86_64/firefox-sl-3.6.3-0.1mdv2009.0.x86_64.rpm
 98dedcba8df7ba5fffe380fe9e42a91c  2009.0/x86_64/firefox-sq-3.6.3-0.1mdv2009.0.x86_64.rpm
 77c4d8206b02b1e3c3a9105db657dba1  2009.0/x86_64/firefox-sv_SE-3.6.3-0.1mdv2009.0.x86_64.rpm
 6d495b355a354f1cc41aa7c09853ff02  2009.0/x86_64/firefox-te-3.6.3-0.1mdv2009.0.x86_64.rpm
 619b1af0add310a0bc8f26af85ac5e4f  2009.0/x86_64/firefox-th-3.6.3-0.1mdv2009.0.x86_64.rpm
 641a6560edb4d3535bdcf5f2a3274ded  2009.0/x86_64/firefox-theme-kfirefox-0.16-0.1mdv2009.0.x86_64.rpm
 93dd62dde6f7acf1d8a005b4f0a125d4  2009.0/x86_64/firefox-tr-3.6.3-0.1mdv2009.0.x86_64.rpm
 063148775c8f70727edd8acc17ebba66  2009.0/x86_64/firefox-uk-3.6.3-0.1mdv2009.0.x86_64.rpm
 53209116b8df0c78b102d33d2bfe2e53  2009.0/x86_64/firefox-zh_CN-3.6.3-0.1mdv2009.0.x86_64.rpm
 e84fc88f0ff0f41466714d2b190dbcd7  2009.0/x86_64/firefox-zh_TW-3.6.3-0.1mdv2009.0.x86_64.rpm
 e94543ceb17503f17b461a176103a7e2  2009.0/x86_64/gnome-python-extras-2.19.1-20.13mdv2009.0.x86_64.rpm
 b63735f07ddc070cf2de9292321cf09e  2009.0/x86_64/gnome-python-gda-2.19.1-20.13mdv2009.0.x86_64.rpm
 e71637f9f5d358d618c7332cf05255d6  2009.0/x86_64/gnome-python-gda-devel-2.19.1-20.13mdv2009.0.x86_64.rpm
 bfed42f6df08ef6ccdad497afecddf2d  2009.0/x86_64/gnome-python-gdl-2.19.1-20.13mdv2009.0.x86_64.rpm
 9dc71957bcf1a93143eee7e3dc39e2d3  2009.0/x86_64/gnome-python-gtkhtml2-2.19.1-20.13mdv2009.0.x86_64.rpm
 fa197ed3a2e7f518d407dc766b792090  2009.0/x86_64/gnome-python-gtkmozembed-2.19.1-20.13mdv2009.0.x86_64.rpm
 5a4ee3b2f453dff90584d13c9017ca19  2009.0/x86_64/gnome-python-gtkspell-2.19.1-20.13mdv2009.0.x86_64.rpm
 8f36eb149978ab777d024e3957326c2e  2009.0/x86_64/lemon-3.6.23.1-0.1mdv2009.0.x86_64.rpm
 73956a58b0e05d086d715d04763163cd  2009.0/x86_64/lib64devhelp-1_0-0.21-3.13mdv2009.0.x86_64.rpm
 132e693099e379bd9640dd509a1a03a9  2009.0/x86_64/lib64devhelp-1-devel-0.21-3.13mdv2009.0.x86_64.rpm
 4ae6a7a7cf956414b89b13c83281044e  2009.0/x86_64/lib64sqlite3_0-3.6.23.1-0.1mdv2009.0.x86_64.rpm
 ee27f0c9e50f1014863bb55d13de33f6  2009.0/x86_64/lib64sqlite3-devel-3.6.23.1-0.1mdv2009.0.x86_64.rpm
 40de413fac8f9cc4852025ddd3c7c1d4  2009.0/x86_64/lib64sqlite3-static-devel-3.6.23.1-0.1mdv2009.0.x86_64.rpm
 b461aaa3bedd440fe64016cc7884c008  2009.0/x86_64/lib64xulrunner1.9.2.3-1.9.2.3-0.2mdv2009.0.x86_64.rpm
 d0a615dffd6f8994c65afb35e903b7cb  2009.0/x86_64/lib64xulrunner-devel-1.9.2.3-0.2mdv2009.0.x86_64.rpm
 725550e9353b2363ac9c2762af7b312d  2009.0/x86_64/mozilla-thunderbird-beagle-0.3.8-13.19mdv2009.0.x86_64.rpm
 bd2b864a41009c5be5f2089b24a23ec2  2009.0/x86_64/sqlite3-tools-3.6.23.1-0.1mdv2009.0.x86_64.rpm
 fcbdb22765c0c97bbc2c564ee830136f  2009.0/x86_64/tcl-sqlite3-3.6.23.1-0.1mdv2009.0.x86_64.rpm
 908aaacd5ab6f41316d7ddf994a8d816  2009.0/x86_64/xulrunner-1.9.2.3-0.2mdv2009.0.x86_64.rpm
 80ca2d23beb4614c6bb2a93d3ce030f7  2009.0/x86_64/yelp-2.24.0-3.13mdv2009.0.x86_64.rpm 
 be1deab60f8a725f6b8bfbdb8a238599  2009.0/SRPMS/beagle-0.3.8-13.19mdv2009.0.src.rpm
 958d586e0f51b3eb27c2f8f52e7829db  2009.0/SRPMS/devhelp-0.21-3.13mdv2009.0.src.rpm
 4792b42cbf525647004d34d274d6682d  2009.0/SRPMS/epiphany-2.24.3-0.1mdv2009.0.src.rpm
 7e6b40730ae28d3084d6177fb3403037  2009.0/SRPMS/firefox-3.6.3-0.2mdv2009.0.src.rpm
 4c7598ff3fa6a31f94e709d181ca2f09  2009.0/SRPMS/firefox-ext-blogrovr-1.1.804-0.1mdv2009.0.src.rpm
 025b7f312ccccfd2067f120a810a919a  2009.0/SRPMS/firefox-ext-mozvoikko-1.0-0.1mdv2009.0.src.rpm
 8918fef155fcc90af164c9150baeaaa5  2009.0/SRPMS/firefox-ext-scribefire-3.5.1-0.1mdv2009.0.src.rpm
 227410c21b1116934dd9ea09294625ca  2009.0/SRPMS/firefox-ext-xmarks-3.5.10-0.1mdv2009.0.src.rpm
 07425c1f47917b38e1d0234885e1965f  2009.0/SRPMS/firefox-l10n-3.6.3-0.1mdv2009.0.src.rpm
 3d37604eec701b6cf4af3d1838e909f3  2009.0/SRPMS/firefox-theme-kfirefox-0.16-0.1mdv2009.0.src.rpm
 c7182e1d6cf288efab29adfda90e96f3  2009.0/SRPMS/gnome-python-extras-2.19.1-20.13mdv2009.0.src.rpm
 e6ea77abf2cedcbbfeb7800a35c2caf3  2009.0/SRPMS/sqlite3-3.6.23.1-0.1mdv2009.0.src.rpm
 86f62d2fb87e6ac0839ad62d76528e66  2009.0/SRPMS/xulrunner-1.9.2.3-0.2mdv2009.0.src.rpm
 1b06f8c1ef094dc481bad8e0f43223e6  2009.0/SRPMS/yelp-2.24.0-3.13mdv2009.0.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFLzcvxmqjQ0CJFipgRAtNGAKDEqh4LRf1/oRYyO5JD1KnyY8XLIgCeMdT4
Jz48CUUPft0pgWj9ornc5zI=
=8WEi
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ