Your message dated Fri, 30 May 2008 15:52:35 +0100
with message-id <[EMAIL PROTECTED]>
and subject line bandersnatch has been removed from Debian, closing #435709
has caused the Debian Bug report #435709,
regarding multiple security vulnerabilities in bandersnatch
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [EMAIL PROTECTED]
immediately.)
--
435709: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=435709
Debian Bug Tracking System
Contact [EMAIL PROTECTED] with problems
--- Begin Message ---
Package: bandersnatch
Version: 0.4-1.1
Severity: important
Tags: security
A vulnerability has been found in bandersnatch. From CVE-2007-3910:
"Cross-site scripting (XSS) vulnerability in Bandersnatch 0.4 allows
remote attackers to inject arbitrary JavaScript via a Jabber resource
name and possibly other data items, which are stored in conversation
logs."
Please mention the CVE id in the changelog.
--- End Message ---
--- Begin Message ---
Version: 0.4-1.2+rm
The bandersnatch package has been removed from Debian testing, unstable and
experimental, so I am now closing the bugs that were still opened
against it.
For more information about this package's removal, read
http://bugs.debian.org/442046 . That bug might give the reasons why
this package was removed, and suggestions of possible replacements.
Don't hesitate to reply to this mail if you have any question.
Thank you for your contribution to Debian.
--
Marco Rodrigues
http://Marco.Tondela.org
--- End Message ---
