Your message dated Wed, 21 Apr 2010 17:16:10 +0200
with message-id <4bcf16ba....@phys.ethz.ch>
and subject line dillo has been removed
has caused the Debian Bug report #560874,
regarding dillo: remote info disclosure
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
560874: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=560874
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
package: dillo
version: 0.8.6-3
severity: serious
tags: security
hi,
it has been disclosed that it is possible for any website to query the
user's site viewing history via css. please see [0]. i have not
personally checked whether this package is vulnerable, but it seems to
be a general css design issue, so all css-supporting browsers are
likely affected. please check, and feel free to close the bug if the
package is not affected. thanks.
mike
--- End Message ---
--- Begin Message ---
thus the bug is not relevant anymore.
(it's not likely it's coming back since, the old dillo used to use gtk 1.x which
was getting replaced with gtk 2, and nowadays dillo wants fltk a version that's
not in debian)
--- End Message ---
