Package: sun-java6-plugin Version: 6-02-1 Severity: serious Tags: security Justification: remote DOS on user's browser
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The applet at http://evil.hackademix.net/fullscreen/applet.html causes Epiphany and Iceweasel to crash. $ gdb epiphany-browser Using host libthread_db library "/lib/i686/cmov/libthread_db.so.1". (gdb) run -p http://evil.hackademix.net/fullscreen/applet.html Starting program: /usr/bin/epiphany-browser -p http://evil.hackademix.net/fullscreen/applet.html [Thread debugging using libthread_db enabled] [New Thread 0xb5ecb6c0 (LWP 11303)] [New Thread 0xb5517b90 (LWP 11311)] Traceback (most recent call last): File "/usr/lib/epiphany-gecko/2.20/extensions/cc-license-viewer.py", line 435, in attach_window ui_init(window) File "/usr/lib/epiphany-gecko/2.20/extensions/cc-license-viewer.py", line 371, in ui_init eventbox.set_tooltip_text (_("View Creative Commons license")) AttributeError: 'gtk.EventBox' object has no attribute 'set_tooltip_text' ** (epiphany-browser:11303): WARNING **: Python code for 'attach_window' failed to execute [New Thread 0xb4802b90 (LWP 11313)] [New Thread 0xb4001b90 (LWP 11314)] [New Thread 0xb37dbb90 (LWP 11315)] [New Thread 0xb2fdab90 (LWP 11316)] [New Thread 0xb27d9b90 (LWP 11317)] [New Thread 0xb1fd8b90 (LWP 11318)] ** Message: GetValue variable 1 (1) ** Message: GetValue variable 2 (2) ** Message: GetValue variable 1 (1) ** Message: GetValue variable 2 (2) ** Message: GetValue variable 1 (1) ** Message: GetValue variable 2 (2) ** Message: GetValue variable 1 (1) ** Message: GetValue variable 2 (2) ** Message: GetValue variable 1 (1) ** Message: GetValue variable 2 (2) [New Thread 0xb15dbb90 (LWP 11339)] [New Thread 0xb0ddab90 (LWP 11340)] /usr/lib/bug-buddy/<unknown>: No such file or directory. INTERNAL ERROR on Browser End: Pipe closed during read? State may be corrupt System error?:: Success Program exited with code 0377. (gdb) - -- System Information: Debian Release: lenny/sid APT prefers testing APT policy: (530, 'testing'), (520, 'unstable'), (510, 'experimental') Architecture: i386 (i686) Kernel: Linux 2.6.22-fixdso (SMP w/1 CPU core) Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages sun-java6-plugin depends on: ii epiphany-browser 2.20.0-2 Intuitive web browser - dummy pack ii iceweasel 2.0.0.3-1 lightweight web browser based on M ii libasound2 1.0.14a-2 ALSA library ii libgcc1 1:4.2.1-4 GCC support library ii libx11-6 2:1.0.3-7 X11 client-side library ii libxext6 1:1.0.3-2 X11 miscellaneous extension librar ii libxi6 2:1.1.3-1 X11 Input extension library ii libxp6 1:1.0.0.xsf1-1 X Printing Extension (Xprint) clie ii libxtst6 2:1.0.3-1 X11 Testing -- Resource extension ii sun-java6-bin 6-02-1 Sun Java(TM) Runtime Environment ( sun-java6-plugin recommends no packages. - -- no debconf information -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFHAMrPshl/216gEHgRAtEaAJ9xK02irIwy42e2/FAcXz+/7r/eiwCfYlSa E3Olls27QJSGF1uMmsKSodY= =3MVA -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
