Your message dated Wed, 4 Aug 2004 02:05:42 -0500
with message-id <[EMAIL PROTECTED]>
and subject line [CAN-2004-0721] frame injection vulnerability
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 27 Jul 2004 21:48:12 +0000
>From [EMAIL PROTECTED] Tue Jul 27 14:48:12 2004
Return-path: <[EMAIL PROTECTED]>
Received: from mail.o2w.nl [213.227.141.209] (postfix)
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1BpZnw-0003EQ-00; Tue, 27 Jul 2004 14:48:12 -0700
Received: from zensunni.xinara.org (unknown [217.22.72.48])
(using TLSv1 with cipher RC4-SHA (128/128 bits))
(Client did not present a certificate)
by mail.o2w.nl (Postfix) with ESMTP id 6E096358B5
for <[EMAIL PROTECTED]>; Tue, 27 Jul 2004 23:48:07 +0200 (CEST)
Received: from ray by zensunni.xinara.org with local (Exim 4.34)
id 1BpZno-00082Y-RC; Tue, 27 Jul 2004 23:48:04 +0200
Date: Tue, 27 Jul 2004 23:48:04 +0200
From: "J.H.M. Dassen (Ray)" <[EMAIL PROTECTED]>
To: Debian Bug Tracking System <[EMAIL PROTECTED]>
Subject: [CAN-2004-0721] frame injection vulnerability
Message-ID: <[EMAIL PROTECTED]>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
X-Reportbug-Version: 2.63
Organization: Ray at home
X-System: Debian GNU/Linux 3.1, kernel 2.4.27-rc3
User-Agent: Mutt/1.5.6+20040722i
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2004_03_25
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE
autolearn=no version=2.60-bugs.debian.org_2004_03_25
X-Spam-Level:
Package: konqueror
Version: 4:3.2.2-1
Severity: grave
Tags: security upstream sid
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0721 :
+-----------------------------------------------------------------------------+
| Name | CAN-2004-0721 (under review) |
|-------------+---------------------------------------------------------------|
| | Konqueror 3.1.3, 3.2.2, and possibly other versions does not |
| | properly prevent a frame in one domain from injecting content |
| Description | into a frame that belongs to another domain,m which |
| | facilitates web site spoofing and other attacks, aka the |
| | frame injection vulnerability. |
|-------------+---------------------------------------------------------------|
| | * MISC:http://secunia.com/advisories/11978 |
| References | * MISC:http://secunia.com/ |
| | multiple_browsers_frame_injection_vulnerability_test/ |
|-------------+---------------------------------------------------------------|
| Phase | Assigned (20040722) |
|-------------+---------------------------------------------------------------|
-- System Information:
Debian Release: 3.1
APT prefers unstable
APT policy: (800, 'unstable'), (750, 'experimental'), (500, 'testing')
Architecture: i386 (i686)
Kernel: Linux 2.4.27-rc3
Locale: LANG=C, LC_CTYPE=en_US.ISO8859-1
--
Obsig: developing a new sig
---------------------------------------
Received: (at 261740-done) by bugs.debian.org; 4 Aug 2004 07:05:46 +0000
>From [EMAIL PROTECTED] Wed Aug 04 00:05:46 2004
Return-path: <[EMAIL PROTECTED]>
Received: from pico.surpasshosting.com [66.194.152.191]
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1BsFqM-0005fL-00; Wed, 04 Aug 2004 00:05:46 -0700
Received: from cdm-208-180-235-136.cnro.cox-internet.com ([208.180.235.136]
helo=calc-amd64)
by pico.surpasshosting.com with esmtp (TLSv1:RC4-SHA:128)
(Exim 4.34)
id 1BsFqL-0001VS-MB
for [EMAIL PROTECTED]; Wed, 04 Aug 2004 03:05:45 -0400
Received: from ccheney by calc-amd64 with local (Exim 4.34)
id 1BsFqI-0005H9-KW
for [EMAIL PROTECTED]; Wed, 04 Aug 2004 02:05:42 -0500
Date: Wed, 4 Aug 2004 02:05:42 -0500
From: Chris Cheney <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: [CAN-2004-0721] frame injection vulnerability
Message-ID: <[EMAIL PROTECTED]>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature"; boundary="3VRmKSg17yJg2MZg"
Content-Disposition: inline
User-Agent: Mutt/1.5.6+20040722i
Sender: Christopher L Cheney <[EMAIL PROTECTED]>
X-AntiAbuse: This header was added to track abuse, please include it with any
abuse report
X-AntiAbuse: Primary Hostname - pico.surpasshosting.com
X-AntiAbuse: Original Domain - bugs.debian.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - cheney.cx
X-Source:
X-Source-Args:
X-Source-Dir:
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2004_03_25
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-0.2 required=4.0 tests=BAYES_40 autolearn=no
version=2.60-bugs.debian.org_2004_03_25
X-Spam-Level:
--3VRmKSg17yJg2MZg
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
This bug was fixed by uploading kdebase 3.2.3-1 to sid yesterday.
Thanks,
Chris Cheney
--3VRmKSg17yJg2MZg
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)
iD8DBQFBEIrG0QZas444SvIRAgRlAJ9wc3cQ9guC4pYQTEWZgo0EG3AP/wCcDJQT
17DnQuJLt54ABVpk2LqDHPk=
=FeW+
-----END PGP SIGNATURE-----
--3VRmKSg17yJg2MZg--
