Your message dated Sat, 4 Apr 2009 09:35:14 +0100
with message-id <200904040835.n348ze4s004...@kmos.homeip.net>
and subject line amaya has been removed from Debian, closing #522240
has caused the Debian Bug report #522240,
regarding CVE-2009-1209: Various security issues
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
522240: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=522240
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: amaya
Severity: grave
Tags: security
CVE-2009-1209:
Stack-based buffer overflow in W3C Amaya Web Browser 11.1 allows remote
attackers
to execute arbitrary code via a script tag with a long defer attribute.
http://www.milw0rm.com/exploits/8314
http://www.milw0rm.com/exploits/8321
I suppose removing amaya from unstable would be the most elegant fix here.
Cheers,
Moritz
-- System Information:
Debian Release: squeeze/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.6.29-1-686 (SMP w/1 CPU core)
Locale: LANG=C, lc_ctype=de_de.iso-8859...@euro (charmap=ISO-8859-15)
Shell: /bin/sh linked to /bin/bash
Versions of packages amaya depends on:
pn amaya-data <none> (no description available)
ii libc6 2.9-6 GNU C Library: Shared libraries
ii libexpat1 2.0.1-4 XML parsing C library - runtime li
ii libfreetype6 2.3.9-4 FreeType 2 font engine, shared lib
ii libgcc1 1:4.3.3-5 GCC support library
ii libgl1-mesa-glx [libgl 7.0.3-7 A free implementation of the OpenG
ii libglu1-mesa [libglu1] 7.0.3-7 The OpenGL utility library (GLU)
ii libjpeg62 6b-14 The Independent JPEG Group's JPEG
ii libpng12-0 1.2.35-1 PNG library - runtime
ii libraptor1 1.4.18-2 Raptor RDF parser and serializer l
ii libstdc++6 4.3.3-5 The GNU Standard C++ Library v3
pn libwww-ssl0 <none> (no description available)
pn libwxbase2.6-0 <none> (no description available)
pn libwxgtk2.6-0 <none> (no description available)
ii zlib1g 1:1.2.3.3.dfsg-13 compression library - runtime
Versions of packages amaya recommends:
pn amaya-doc <none> (no description available)
amaya suggests no packages.
--- End Message ---
--- Begin Message ---
Version: 10.1~pre4+dfsg.0-2+rm
The amaya package has been removed from Debian so we are closing
the bugs that were still opened against it.
For more information about this package's removal, read
http://bugs.debian.org/522418 . That bug might give the reasons why
this package was removed, and suggestions of possible replacements.
Don't hesitate to reply to this mail if you have any question.
Thank you for your contribution to Debian.
Kind regards,
--
Marco Rodrigues
--- End Message ---
