Your message dated Thu, 16 Feb 2012 15:32:30 +0000 with message-id <e1ry3ju-00005m...@franck.debian.org> and subject line Bug#659376: fixed in netsurf 2.8-2 has caused the Debian Bug report #659376, regarding netsurf: world-readable cookie jar to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 659376: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=659376 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: netsurf Version: 1.2-1 Severity: grave Tags: security Justification: user security hole $ ls -ld ~/.netsurf/{,Cookies} drwxr-xr-x 2 user users 4096 Feb 9 23:32 /home/user/.netsurf/ -rw-r--r-- 1 user users 812 Feb 9 23:32 /home/user/.netsurf/Cookies This allows local users to steal cookies. -- Jakub Wilk
--- End Message ---
--- Begin Message ---Source: netsurf Source-Version: 2.8-2 We believe that the bug you reported is fixed in the latest version of netsurf, which is due to be installed in the Debian FTP archive: netsurf-gtk_2.8-2_amd64.deb to main/n/netsurf/netsurf-gtk_2.8-2_amd64.deb netsurf_2.8-2.debian.tar.gz to main/n/netsurf/netsurf_2.8-2.debian.tar.gz netsurf_2.8-2.dsc to main/n/netsurf/netsurf_2.8-2.dsc netsurf_2.8-2_all.deb to main/n/netsurf/netsurf_2.8-2_all.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 659...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Vincent Sanders <vi...@debian.org> (supplier of updated netsurf package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Thu, 16 Feb 2012 10:59:13 +0000 Source: netsurf Binary: netsurf netsurf-gtk Architecture: source all amd64 Version: 2.8-2 Distribution: unstable Urgency: high Maintainer: Vincent Sanders <vi...@debian.org> Changed-By: Vincent Sanders <vi...@debian.org> Description: netsurf - Small web browser with CSS support - Transition package netsurf-gtk - Small web browser with CSS support Closes: 659376 Changes: netsurf (2.8-2) unstable; urgency=high . * Fix user settings directory permissions (Closes: #659376) Fixes: CVE-2012-0844 Checksums-Sha1: 33cae973a1d63647069caf485417b244ddf4dc59 1288 netsurf_2.8-2.dsc 74b70fff764d75966bf08f1a3de022ff8e6be953 9906 netsurf_2.8-2.debian.tar.gz c2ce7c65d789ca371aad6b5c0ee3b903360e7b78 5788 netsurf_2.8-2_all.deb 6a3ec086f44dac04c7a7910d980fb973020e6ce7 993580 netsurf-gtk_2.8-2_amd64.deb Checksums-Sha256: 6a252686dde7a1e00fd460737f3f2faff38d891fa660deb75422bb472ece0d10 1288 netsurf_2.8-2.dsc 25eaf9de06a1272dc441e7ee4e2109a905bb42648c8e979cf9cf33b836b3f959 9906 netsurf_2.8-2.debian.tar.gz dab94469ae5da2b498c81b6723dd3814a5326c7c22a7af7e878d94ca32795d5d 5788 netsurf_2.8-2_all.deb 9d7a9df53ea832324d08aaabc842cf8a34400fc7e12df9012d04344aeddafc10 993580 netsurf-gtk_2.8-2_amd64.deb Files: 03857fc420ccdfd00e5eaf0439e62364 1288 web extra netsurf_2.8-2.dsc 1884750169e052476c5b1e2dcf8f62e5 9906 web extra netsurf_2.8-2.debian.tar.gz d03762bea3bf7bdb0de250e6c45b0e7f 5788 web extra netsurf_2.8-2_all.deb 0602ab0b52b4dbae2d1f2a97af52d29c 993580 web extra netsurf-gtk_2.8-2_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iD4DBQFPPR3tiUwwPOvjHvURAi+5AKC+OtXDBivJiNp7bF18vi3Zfev0PACYkRNw 30BX/CntIukYYF66xosjGg== =j/GJ -----END PGP SIGNATURE-----
--- End Message ---
