Your message dated Tue, 08 Dec 2009 19:03:28 +0000
with message-id <[email protected]>
and subject line Bug#556271: fixed in kazehakase 0.5.8-2
has caused the Debian Bug report #556271,
regarding kazehakase: CVE-2007-1084 bookmarklets cross-site info disclosure
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
556271: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=556271
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: kazehakase
Version: 0.5.8-1
Severity: serious
Tags: security
Hi,
The following CVE (Common Vulnerabilities & Exposures) id was
published.
CVE-2007-1084[0]:
| Mozilla Firefox 2.0.0.1 and earlier does not prompt users before
| saving bookmarklets, which allows remote attackers to bypass the
| same-domain policy by tricking a user into saving a bookmarklet with a
| data: scheme, which is executed in the context of the last visited web
| page.
If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1084
http://security-tracker.debian.org/tracker/CVE-2007-1084
--- End Message ---
--- Begin Message ---
Source: kazehakase
Source-Version: 0.5.8-2
We believe that the bug you reported is fixed in the latest version of
kazehakase, which is due to be installed in the Debian FTP archive:
kazehakase-dbg_0.5.8-2_i386.deb
to main/k/kazehakase/kazehakase-dbg_0.5.8-2_i386.deb
kazehakase-gecko_0.5.8-2_i386.deb
to main/k/kazehakase/kazehakase-gecko_0.5.8-2_i386.deb
kazehakase-webkit_0.5.8-2_i386.deb
to main/k/kazehakase/kazehakase-webkit_0.5.8-2_i386.deb
kazehakase_0.5.8-2.diff.gz
to main/k/kazehakase/kazehakase_0.5.8-2.diff.gz
kazehakase_0.5.8-2.dsc
to main/k/kazehakase/kazehakase_0.5.8-2.dsc
kazehakase_0.5.8-2_i386.deb
to main/k/kazehakase/kazehakase_0.5.8-2_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Yavor Doganov <[email protected]> (supplier of updated kazehakase package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Mon, 07 Dec 2009 21:31:11 +0200
Source: kazehakase
Binary: kazehakase kazehakase-gecko kazehakase-webkit kazehakase-dbg
Architecture: source i386
Version: 0.5.8-2
Distribution: unstable
Urgency: medium
Maintainer: Yavor Doganov <[email protected]>
Changed-By: Yavor Doganov <[email protected]>
Description:
kazehakase - GTK+-based web browser that allows pluggable rendering engines
kazehakase-dbg - GTK+-based web browser (debugging symbols)
kazehakase-gecko - Gecko rendering engine for kazehakase
kazehakase-webkit - WebKit rendering engine for kazehakase
Closes: 551268 554935 556271
Changes:
kazehakase (0.5.8-2) unstable; urgency=medium
.
* debian/patches/CVE-2007-1084.dpatch: New; disallow adding bookmarks
with data:/javascript: URIs (CVE-2007-1084, Closes: #556271).
* debian/patches/webkit-uri.dpatch: New; prepend "http://"; to URIs
if missing, thanks Andres Salomon (Closes: #551268).
* debian/patches/47_ldflags-rpath.dpatch: Link kz-embed-process with
$(GTK_LIBS) to avoid FTBFS with GNU gold, thanks Peter Fritzsche
(Closes: #554935).
* debian/patches/50_autoreconf.dpatch: Regenerate.
* debian/patches/00list: Update.
Checksums-Sha1:
c945cc8ec923f8dbc0211a1a6a7e044523268be9 1455 kazehakase_0.5.8-2.dsc
27d17f2d1e9e863b6fb511fdd85d9d21200add46 57313 kazehakase_0.5.8-2.diff.gz
2f9e11f0a13a4add1a50ed07c6ddece70e2c4960 708166 kazehakase_0.5.8-2_i386.deb
50e470390de138d8eeec9aede5831b2ed00b56d7 228556
kazehakase-gecko_0.5.8-2_i386.deb
8bb1a4362f4a6edfef3b2614cf84d1298a06a62c 105212
kazehakase-webkit_0.5.8-2_i386.deb
7d85fa20525b480aa58bc70a81ce1a64483d634b 1698630
kazehakase-dbg_0.5.8-2_i386.deb
Checksums-Sha256:
0cbf6db3290d00c9c4ed1d6ea796c54ecb317230f75cb58e8004713015123771 1455
kazehakase_0.5.8-2.dsc
1ca046e8a8dd2e662b46c77521589def79efc66262dddf02b531d159d3f55eec 57313
kazehakase_0.5.8-2.diff.gz
5355c57e94a76cd7b28ed3017dc5eb6a87b298478a330b73ac91215ea0bc7e87 708166
kazehakase_0.5.8-2_i386.deb
9c0f85836c17e4a9d2aef64f5ca5c451c934d562b966f4d72129653fc09e3ff7 228556
kazehakase-gecko_0.5.8-2_i386.deb
23eb4d52f15fbead6cbd772b389c11ecd2b7806ba8be0822ce7863e45faa7535 105212
kazehakase-webkit_0.5.8-2_i386.deb
0d32180109dc497a32bbfdd7b594033faadb639a0948be2fb7c6a49302678ee5 1698630
kazehakase-dbg_0.5.8-2_i386.deb
Files:
034f8cf953161a6fb99866d4763c5a87 1455 web optional kazehakase_0.5.8-2.dsc
e88d16ef9875ba0dab205afdcc9c25d3 57313 web optional kazehakase_0.5.8-2.diff.gz
ee622450850a1c82a75eac75041aa439 708166 web optional
kazehakase_0.5.8-2_i386.deb
5f71516428b455f9b8323b02f14eada9 228556 web optional
kazehakase-gecko_0.5.8-2_i386.deb
a855196a9883b708fbb568c8ad781ff2 105212 web optional
kazehakase-webkit_0.5.8-2_i386.deb
0d63ce36271cc5dacb6ad7555ce489c2 1698630 debug extra
kazehakase-dbg_0.5.8-2_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkseoMwACgkQOmXwGc/ULyYuxACeO22qWUUuSFTIuJyM/YLGA1lm
QhMAnR6q9e78ZJrS4kuNd60AMJXZHL57
=krwF
-----END PGP SIGNATURE-----
--- End Message ---
