On Thu, 17 Jul 2008 19:38:03 +0200 crux@crux.nu wrote:
commit d26eeec41f7ff4edb3ae4eeacc63e1ec23dd1a12 Author: Tilman Sauerbeck <tilman@crux.nu> Date: Thu Jul 17 19:37:09 2008 +0200
[notify] firefox: updated to 3.0.1.
http://www.mozilla.org/security/known-vulnerabilities/firefox30.html#firefox...
diff --git a/firefox/.md5sum b/firefox/.md5sum index b510355..1fd4574 100644 --- a/firefox/.md5sum +++ b/firefox/.md5sum @@ -1,3 +1,3 @@ -4210ae0801df2eb498408533010d97c1 firefox-3.0-source.tar.bz2 +406d67174f8f74ab154a1b17d0881b27 firefox-3.0.1-source.tar.bz2 c276fd7680746e8477ad34d26f04e024 mozconfig 62530844efda8b387e518162b7922f2f xulrunner.patch diff --git a/firefox/Pkgfile b/firefox/Pkgfile index f49ffb1..25d6045 100644 --- a/firefox/Pkgfile +++ b/firefox/Pkgfile @@ -4,7 +4,7 @@ # Depends on: xulrunner
name=firefox -version=3.0 +version=3.0.1 release=1 source=(http://releases.mozilla.org/pub/mozilla.org/$name/releases/$version/source/$... mozconfig xulrunner.patch) _______________________________________________ CRUX mailing list CRUX@lists.crux.nu http://lists.crux.nu/mailman/listinfo/crux
You bumped the wrong component. The point of separating firefox and xulrunner was so that engine bugs (I.E. this one) could be fixed by bumping xulrunner, not firefox. In essence, CRUX is still vulnerable to the "fixed" vulnerability because we're still using the 3.0 engine/internals, with the 3.0.1 interface. -- ~predatorfreak GnuPG Public key: http://pred.dcaf-security.org/dcafsec-pub-gpgkey.asc