Your message dated Fri, 5 Mar 2010 22:00:19 +0100
with message-id <20100305210019.ga14...@glandium.org>
and subject line Properly closing
has caused the Debian Bug report #520052,
regarding webkit: CVE-2008-4723 cross-site scripting vulnerability
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
520052: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=520052
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
package: libwebkit-1.0-1
severity: grave
tags: security
it has been found that webkit is vulnerable to a cross-site scripting
vulnerability, see CVE-2008-4723 [1].
note that certain extensions are protected and others are not. for
example, the attack does not work for files with the jpg or txt
extension. however, the attack seems to work for general extensions
such as odp, xls, etc (probably because webkit does not have a proper
download that would appropriately handle general extensions yet).
if you fix these vulnerabilities, please make sure to include the CVE
id in your changelog. please contact the security team to coordinate
a fix for stable and/or if you have any questions.
regards,
mike
[1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4723
--- End Message ---
--- Begin Message ---
Version: 1.1.7-1
--- End Message ---
