Bug#411192: marked as done (CVE-2007-0981: serious cookie-stealing vulnerability)

Sun, 18 Feb 2007 19:55:35 -0800 

Your message dated Mon, 19 Feb 2007 03:47:18 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#411192: fixed in iceweasel 2.0.0.1+dfsg-3
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message --- 
Package: iceweasel
Version: 2.0.0.1+dfsg-2
Severity: grave
Tags: security, fixed-upstream, patch

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0981 says:

"Mozilla based browsers allows remote attackers to bypass the same 
origin policy, steal cookies, and conduct other attacks by writing a URI 
with a null byte to the hostname (location.hostname) DOM property, due 
to interactions with DNS resolver code."

Upstream bug:   https://bugzilla.mozilla.org/show_bug.cgi?id=370445
Upstream patch: https://bugzilla.mozilla.org/attachment.cgi?id=255252

-- 
Kees Cook                                            @outflux.net

--- End Message ---
--- Begin Message --- 
Source: iceweasel
Source-Version: 2.0.0.1+dfsg-3

We believe that the bug you reported is fixed in the latest version of
iceweasel, which is due to be installed in the Debian FTP archive:

firefox-dom-inspector_2.0.0.1+dfsg-3_all.deb
  to pool/main/i/iceweasel/firefox-dom-inspector_2.0.0.1+dfsg-3_all.deb
firefox-gnome-support_2.0.0.1+dfsg-3_all.deb
  to pool/main/i/iceweasel/firefox-gnome-support_2.0.0.1+dfsg-3_all.deb
firefox_2.0.0.1+dfsg-3_all.deb
  to pool/main/i/iceweasel/firefox_2.0.0.1+dfsg-3_all.deb
iceweasel-dbg_2.0.0.1+dfsg-3_i386.deb
  to pool/main/i/iceweasel/iceweasel-dbg_2.0.0.1+dfsg-3_i386.deb
iceweasel-dom-inspector_2.0.0.1+dfsg-3_all.deb
  to pool/main/i/iceweasel/iceweasel-dom-inspector_2.0.0.1+dfsg-3_all.deb
iceweasel-gnome-support_2.0.0.1+dfsg-3_i386.deb
  to pool/main/i/iceweasel/iceweasel-gnome-support_2.0.0.1+dfsg-3_i386.deb
iceweasel_2.0.0.1+dfsg-3.diff.gz
  to pool/main/i/iceweasel/iceweasel_2.0.0.1+dfsg-3.diff.gz
iceweasel_2.0.0.1+dfsg-3.dsc
  to pool/main/i/iceweasel/iceweasel_2.0.0.1+dfsg-3.dsc
iceweasel_2.0.0.1+dfsg-3_i386.deb
  to pool/main/i/iceweasel/iceweasel_2.0.0.1+dfsg-3_i386.deb
mozilla-firefox-dom-inspector_2.0.0.1+dfsg-3_all.deb
  to pool/main/i/iceweasel/mozilla-firefox-dom-inspector_2.0.0.1+dfsg-3_all.deb
mozilla-firefox-gnome-support_2.0.0.1+dfsg-3_all.deb
  to pool/main/i/iceweasel/mozilla-firefox-gnome-support_2.0.0.1+dfsg-3_all.deb
mozilla-firefox_2.0.0.1+dfsg-3_all.deb
  to pool/main/i/iceweasel/mozilla-firefox_2.0.0.1+dfsg-3_all.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Eric Dorland <[EMAIL PROTECTED]> (supplier of updated iceweasel package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Sun, 18 Feb 2007 20:56:27 -0500
Source: iceweasel
Binary: firefox-dom-inspector mozilla-firefox iceweasel-gnome-support iceweasel 
mozilla-firefox-dom-inspector iceweasel-dbg firefox-gnome-support 
iceweasel-dom-inspector mozilla-firefox-gnome-support firefox
Architecture: source all i386
Version: 2.0.0.1+dfsg-3
Distribution: unstable
Urgency: high
Maintainer: Eric Dorland <[EMAIL PROTECTED]>
Changed-By: Eric Dorland <[EMAIL PROTECTED]>
Description: 
 firefox    - Transition package for iceweasel rename
 firefox-dom-inspector - Transition package for iceweasel rename
 firefox-gnome-support - Transition package for iceweasel rename
 iceweasel  - lightweight web browser based on Mozilla
 iceweasel-dbg - debugging symbols for iceweasel
 iceweasel-dom-inspector - tool for inspecting the DOM of pages in Iceweasel
 iceweasel-gnome-support - Support for Gnome in Iceweasel
 mozilla-firefox - Transition package for iceweasel rename
 mozilla-firefox-dom-inspector - Transition package for iceweasel rename
 mozilla-firefox-gnome-support - Transition package for iceweasel rename
Closes: 406612 407366 407533 407662 407726 408883 409634 409950 411192
Changes: 
 iceweasel (2.0.0.1+dfsg-3) unstable; urgency=high
 .
   * debian/README.Debian: Fix typo, thanks Joey "I See All!"
     Hess. (Closes: #407366)
   * debian/presubj: Fix embarrassing typos and wording. Thanks Ross
     Boylan. (Closes: #407726)
   * debian/iceweasel.1: Mention "aoss" as a dsp wrapper, and fix esd and
     arts references. Thanks Alain Kalker. (Closes: #407662)
   * intl/unicharutil/util/nsUnicharUtils.h: Patch from David
     Mosberger-Tang to fix unaligned access on ia64.
   * browser/app/nsBrowserApp.cpp: Fix another Firefox reference. Thanks
     Ben Stewart (Closes: #408883)
   * browser/app/firefox-branding.js: Set startup.homepage_override_url and
     startup.homepage_welcome_url to "" to really disable the upgrade page
     overrides. (Closes: #407533)
   * debian/control: Call iceweasel-gnome-support a component rather than an
     extension. Thanks Axel Beckert. (Closes: #409950)
   * gfx/src/gtk/nsFontMetricsPango.cpp: Patch from bz#335810 to preserve
     horizontal position in text input fields. (Closes: #409634, 406612)
   * netwerk/base/src/nsSimpleURI.cpp, netwerk/base/src/nsStandardURL.cpp,
     netwerk/base/src/nsURLHelper.cpp: Fix for security bug CVE-2007-0981
     from bz#370445. (Closes: #411192)
Files: 
 d37e179415beb32b7b86966029d20b90 1188 web optional iceweasel_2.0.0.1+dfsg-3.dsc
 05923f8569763c8d22efc9c7c8db0664 271352 web optional 
iceweasel_2.0.0.1+dfsg-3.diff.gz
 87d08daa28365cf9d058a1d2deaf6026 232428 web optional 
iceweasel-dom-inspector_2.0.0.1+dfsg-3_all.deb
 bea29cafd799aa333ed72e5760771ab7 51742 web optional 
mozilla-firefox_2.0.0.1+dfsg-3_all.deb
 87c72f42512216099373c9dd2858d5d8 50950 web optional 
mozilla-firefox-dom-inspector_2.0.0.1+dfsg-3_all.deb
 a5536a32dab9a539a5e3b9c13f178e9c 50948 gnome optional 
mozilla-firefox-gnome-support_2.0.0.1+dfsg-3_all.deb
 6052537ce9ae5b8202256810c8bc1bdb 51220 web optional 
firefox_2.0.0.1+dfsg-3_all.deb
 eb9a32fe898488c942113fa15f8ce991 51100 web optional 
firefox-dom-inspector_2.0.0.1+dfsg-3_all.deb
 cae0fd75f600d596d276246aaf33629f 51066 gnome optional 
firefox-gnome-support_2.0.0.1+dfsg-3_all.deb
 18b2ede2804f894efdf23546fba2295a 8977562 web optional 
iceweasel_2.0.0.1+dfsg-3_i386.deb
 a8c8077c4c59fa850b0ec5d3c36ee7f7 78658 gnome optional 
iceweasel-gnome-support_2.0.0.1+dfsg-3_i386.deb
 af11832a6bfca3b52b1d2f9d9e8c37e5 49256324 devel extra 
iceweasel-dbg_2.0.0.1+dfsg-3_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFF2RbbYemOzxbZcMYRApEoAJ43ScinC2bTcb1Y2ihSN1IUYa8RjgCfVcp2
oEixPwdzxTWSUJ3AhLIaZ7o=
=g7S1
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to