Your message dated Tue, 22 Dec 2009 22:48:53 +0000
with message-id <e1nndxb-0005dq...@ries.debian.org>
and subject line Bug#556271: fixed in kazehakase 0.4.2-1etch2
has caused the Debian Bug report #556271,
regarding kazehakase: CVE-2007-1084 bookmarklets cross-site info disclosure
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
556271: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=556271
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: kazehakase
Version: 0.5.8-1
Severity: serious
Tags: security
Hi,
The following CVE (Common Vulnerabilities & Exposures) id was
published.
CVE-2007-1084[0]:
| Mozilla Firefox 2.0.0.1 and earlier does not prompt users before
| saving bookmarklets, which allows remote attackers to bypass the
| same-domain policy by tricking a user into saving a bookmarklet with a
| data: scheme, which is executed in the context of the last visited web
| page.
If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1084
http://security-tracker.debian.org/tracker/CVE-2007-1084
--- End Message ---
--- Begin Message ---
Source: kazehakase
Source-Version: 0.4.2-1etch2
We believe that the bug you reported is fixed in the latest version of
kazehakase, which is due to be installed in the Debian FTP archive:
kazehakase_0.4.2-1etch2.diff.gz
to main/k/kazehakase/kazehakase_0.4.2-1etch2.diff.gz
kazehakase_0.4.2-1etch2.dsc
to main/k/kazehakase/kazehakase_0.4.2-1etch2.dsc
kazehakase_0.4.2-1etch2_i386.deb
to main/k/kazehakase/kazehakase_0.4.2-1etch2_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 556...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Yavor Doganov <ya...@gnu.org> (supplier of updated kazehakase package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Wed, 09 Dec 2009 16:58:44 +0200
Source: kazehakase
Binary: kazehakase
Architecture: source i386
Version: 0.4.2-1etch2
Distribution: oldstable-security
Urgency: low
Maintainer: Hidetaka Iwai <ty...@debian.or.jp>
Changed-By: Yavor Doganov <ya...@gnu.org>
Description:
kazehakase - gecko based web browser using GTK
Closes: 556271
Changes:
kazehakase (0.4.2-1etch2) oldstable-security; urgency=low
.
* debian/patches/CVE-2007-1084.dpatch: New; disallow adding bookmarks
with data:/javascript: URIs (CVE-2007-1084, Closes: #556271).
* debian/patches/00list: Update.
Files:
106d2343ab8ef8edb8fa3fdad918df7a 820 web optional kazehakase_0.4.2-1etch2.dsc
8012e4f4d0679fbc8b6ff66e3ae928dd 29928 web optional
kazehakase_0.4.2-1etch2.diff.gz
783a3f34cbd0a1a90116ee498e8223c7 755890 web optional
kazehakase_0.4.2-1etch2_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAksrMZcACgkQOmXwGc/ULybdJwCggvSWojwuFCa1Rel531WftK2b
ScsAniWjmi1lCWGyrWE+K1RLAF8HtAcG
=uR/d
-----END PGP SIGNATURE-----
--- End Message ---
