Module Name:	pkgsrc
Committed By:	snj
Date:		Tue Mar 22 19:13:56 UTC 2005

Modified Files:
	pkgsrc/www/firefox-gtk2-bin [pkgsrc-2005Q1]: Makefile distinfo

Log Message:
Pullup ticket 379 - requested by Matthias Scheler
security fix for firefox-gtk2-bin

Revisions pulled up:
- pkgsrc/www/firefox-gtk2-bin/Makefile	1.7
- pkgsrc/www/firefox-gtk2-bin/distinfo	1.8

    Module Name:	pkgsrc
    Committed By:	tron
    Date:		Tue Mar 22 10:17:50 UTC 2005

    Modified Files:
            pkgsrc/www/firefox-gtk2-bin: Makefile distinfo

    Log Message:
    Update "firefox-gtk2-bin" package to version 1.0.1. Besides various bug
    fixes the following security issuses were fixed:

    MFSA 2005-29 Internationalized Domain Name (IDN) homograph spoofing
    MFSA 2005-28 Unsafe /tmp/plugtmp directory exploitable to erase user's files
    MFSA 2005-27 Plugins can be used to load privileged content
    MFSA 2005-26 Cross-site scripting by dropping javascript: link on tab
    MFSA 2005-25 Image drag and drop executable spoofing
    MFSA 2005-24 HTTP auth prompt tab spoofing
    MFSA 2005-23 Download dialog source spoofing
    MFSA 2005-22 Download dialog spoofing using Content-Disposition header
    MFSA 2005-21 Overwrite arbitrary files downloading .lnk twice
    MFSA 2005-20 XSLT can include stylesheets from arbitrary hosts
    MFSA 2005-19 Autocomplete data leak
    MFSA 2005-18 Memory overwrite in string library
    MFSA 2005-17 Install source spoofing with user:pass@host
    MFSA 2005-16 Spoofing download and security dialogs with overlapping windows
    MFSA 2005-15 Heap overflow possible in UTF8 to Unicode conversion
    MFSA 2005-14 SSL "secure site" indicator spoofing
    MFSA 2005-13 Window Injection Spoofing


To generate a diff of this commit:
cvs rdiff -r1.6 -r1.6.2.1 pkgsrc/www/firefox-gtk2-bin/Makefile
cvs rdiff -r1.7 -r1.7.2.1 pkgsrc/www/firefox-gtk2-bin/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.