Your message dated Tue, 22 Dec 2009 22:49:05 +0000
with message-id <e1nndxn-0005ek...@ries.debian.org>
and subject line Bug#556271: fixed in kazehakase 0.5.4-2.2+lenny1
has caused the Debian Bug report #556271,
regarding kazehakase: CVE-2007-1084 bookmarklets cross-site info disclosure
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
556271: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=556271
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: kazehakase
Version: 0.5.8-1
Severity: serious
Tags: security
Hi,
The following CVE (Common Vulnerabilities & Exposures) id was
published.
CVE-2007-1084[0]:
| Mozilla Firefox 2.0.0.1 and earlier does not prompt users before
| saving bookmarklets, which allows remote attackers to bypass the
| same-domain policy by tricking a user into saving a bookmarklet with a
| data: scheme, which is executed in the context of the last visited web
| page.
If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1084
http://security-tracker.debian.org/tracker/CVE-2007-1084
--- End Message ---
--- Begin Message ---
Source: kazehakase
Source-Version: 0.5.4-2.2+lenny1
We believe that the bug you reported is fixed in the latest version of
kazehakase, which is due to be installed in the Debian FTP archive:
kazehakase-gecko_0.5.4-2.2+lenny1_i386.deb
to main/k/kazehakase/kazehakase-gecko_0.5.4-2.2+lenny1_i386.deb
kazehakase_0.5.4-2.2+lenny1.diff.gz
to main/k/kazehakase/kazehakase_0.5.4-2.2+lenny1.diff.gz
kazehakase_0.5.4-2.2+lenny1.dsc
to main/k/kazehakase/kazehakase_0.5.4-2.2+lenny1.dsc
kazehakase_0.5.4-2.2+lenny1_i386.deb
to main/k/kazehakase/kazehakase_0.5.4-2.2+lenny1_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 556...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Yavor Doganov <ya...@gnu.org> (supplier of updated kazehakase package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Wed, 09 Dec 2009 16:07:11 +0200
Source: kazehakase
Binary: kazehakase kazehakase-gecko
Architecture: source i386
Version: 0.5.4-2.2+lenny1
Distribution: stable-security
Urgency: medium
Maintainer: Hidetaka Iwai <ty...@debian.or.jp>
Changed-By: Yavor Doganov <ya...@gnu.org>
Description:
kazehakase - GTK+-base web browser that allows pluggable rendering engines
kazehakase-gecko - Gecko rendering engine for kazehakase
Closes: 556271
Changes:
kazehakase (0.5.4-2.2+lenny1) stable-security; urgency=medium
.
* debian/patches/CVE-2007-1084.dpatch: New; disallow adding bookmarks
with data:/javascript: URIs (CVE-2007-1084, Closes: #556271).
* debian/patches/00list: Update.
Checksums-Sha1:
a23adb999e34cb1e73a257cfa28001f885ae562d 1293 kazehakase_0.5.4-2.2+lenny1.dsc
adf023acca8ff5d3b4f98205c6d11c8f76f839e9 49138
kazehakase_0.5.4-2.2+lenny1.diff.gz
0f20fd7956b7327ef4a7676e0e998e5ba46d33de 672480
kazehakase_0.5.4-2.2+lenny1_i386.deb
6fb518c8c918f9a1718d4b67ec23f523f2efe17c 201226
kazehakase-gecko_0.5.4-2.2+lenny1_i386.deb
Checksums-Sha256:
6b24b04c596009ca12def1253fdab66afa127e7d5f9ee91724bfb250018a80b4 1293
kazehakase_0.5.4-2.2+lenny1.dsc
34c8e1ec9741ca17434addd41d313ba64549ca39df879de29ad2efd041cca038 49138
kazehakase_0.5.4-2.2+lenny1.diff.gz
a87ba3723b738bd00173efd980436b968d0bedad162da57f8c3a1eb5edcf86a8 672480
kazehakase_0.5.4-2.2+lenny1_i386.deb
5790e0756e33d5fb8407c3909ada6052fa375ab3d0371b4fd19949c4156bd8b9 201226
kazehakase-gecko_0.5.4-2.2+lenny1_i386.deb
Files:
276d4600cafa7cfce5d9c1a981c847fa 1293 web optional
kazehakase_0.5.4-2.2+lenny1.dsc
0c6580a95a71bed74404fdd78e6eccf9 49138 web optional
kazehakase_0.5.4-2.2+lenny1.diff.gz
743d6416be9e1fd984536a904ba901a2 672480 web optional
kazehakase_0.5.4-2.2+lenny1_i386.deb
9b80ba81f6e9c6d7781e49cb49309d19 201226 web optional
kazehakase-gecko_0.5.4-2.2+lenny1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAksrMaoACgkQOmXwGc/ULyZZZgCfSWz5me1JlnwH5mw5ukCI6s4d
pTsAn18q8JgvPfJAvoCv13ha09XqJJq0
=Ow46
-----END PGP SIGNATURE-----
--- End Message ---
