Your message dated Thu, 23 Sep 2004 22:12:17 -0500
with message-id <[EMAIL PROTECTED]>
and subject line closing bugs
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 25 Aug 2004 14:57:21 +0000
>From [EMAIL PROTECTED] Wed Aug 25 07:57:21 2004
Return-path: <[EMAIL PROTECTED]>
Received: from luonnotar.infodrom.org [195.124.48.78]
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1BzzDF-0002Ab-00; Wed, 25 Aug 2004 07:57:21 -0700
Received: by luonnotar.infodrom.org (Postfix, from userid 10)
id C89FD366B81; Wed, 25 Aug 2004 16:57:18 +0200 (CEST)
Received: at Infodrom Oldenburg (/\##/\ Smail-3.2.0.102 1998-Aug-2 #2)
from infodrom.org by finlandia.Infodrom.North.DE
via smail from stdin
id <[EMAIL PROTECTED]>
for [EMAIL PROTECTED]; Wed, 25 Aug 2004 16:54:03 +0200 (CEST)
Date: Wed, 25 Aug 2004 16:54:03 +0200
From: Martin Schulze <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: [CAN-2004-0746] Konqueror Cross-Domain Cookie Injection
Message-ID: <[EMAIL PROTECTED]>
Mime-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
User-Agent: Mutt/1.5.6+20040803i
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2004_03_25
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-5.5 required=4.0 tests=BAYES_30,HAS_PACKAGE
autolearn=no version=2.60-bugs.debian.org_2004_03_25
X-Spam-Level:
Package: konqueror
Version: 3.2.3-1
Severity: grave
Tags: security upstream sarge
Web sites operating under the affected domains can set HTTP
cookies in such a way that the Konqueror web browser will send them
to all other web sites operating under the same domain.
A malicious website can use this as part of a session fixation
attack. See e.g. http://www.acros.si/papers/session_fixation.pdf
Affected are all country specific secondary top level domains that
use more than 2 characters in the secondary part of the domain name
and that use a secondary part other than com, net, mil, org, gov,
edu or int. Examples of affected domains are .ltd.uk, .plc.uk and
.firm.in
KDE versions up to KDE 3.2.3 inclusive. KDE 3.3 is not affected.
There is 3.2.3-1 in sid for some architectures, but they will probably
replaced soon by 3.3.0-1 which is said to be not vulnerable.
Regards,
Joey
--
There are lies, statistics and benchmarks.
Please always Cc to me when replying to me on the lists.
---------------------------------------
Received: (at 268016-done) by bugs.debian.org; 24 Sep 2004 03:12:29 +0000
>From [EMAIL PROTECTED] Thu Sep 23 20:12:21 2004
Return-path: <[EMAIL PROTECTED]>
Received: from spameater02-04.dimenocmail.com [66.195.127.26]
by spohr.debian.org with smtp (Exim 3.35 1 (Debian))
id 1CAgVR-00026F-00; Thu, 23 Sep 2004 20:12:21 -0700
Received: (qmail 63689 invoked by uid 1011); 24 Sep 2004 07:14:22 -0000
Received: from [EMAIL PROTECTED] by spameater02-04.dimenocmail.com by uid 1008
with qmail-scanner-1.22-st-qms
(spamassassin: 2.64. Clear:RC:1(66.194.152.191):SA:0(-4.9/3.0):.
Processed in 0.162676 secs); 24 Sep 2004 07:14:22 -0000
X-Antivirus-MYDOMAIN-Mail-From: [EMAIL PROTECTED] via
spameater02-04.dimenocmail.com
X-Antivirus-MYDOMAIN: 1.22-st-qms (Clear:RC:1(66.194.152.191):SA:0(-4.9/3.0):.
Processed in 0.162676 secs Process 63682)
Received: from pico.surpasshosting.com (66.194.152.191)
by spameater02-04.dimenocmail.com with SMTP; 24 Sep 2004 07:14:22 -0000
Received: from cdm-208-180-235-136.cnro.cox-internet.com ([208.180.235.136]
helo=localhost.localdomain)
by pico.surpasshosting.com with esmtp (TLSv1:RC4-SHA:128)
(Exim 4.34)
id 1CAgVP-00046t-FU; Thu, 23 Sep 2004 23:12:19 -0400
Received: from ccheney by localhost.localdomain with local (Exim 4.34)
id 1CAgVN-0007mA-8H; Thu, 23 Sep 2004 22:12:17 -0500
Date: Thu, 23 Sep 2004 22:12:17 -0500
From: Chris Cheney <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED], [EMAIL PROTECTED]
Subject: closing bugs
Message-ID: <[EMAIL PROTECTED]>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature"; boundary="Hch1Uz/zGPcHFdv8"
Content-Disposition: inline
User-Agent: Mutt/1.5.6+20040818i
Sender: Christopher L Cheney <[EMAIL PROTECTED]>
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2004_03_25
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-2.0 required=4.0 tests=BAYES_01 autolearn=no
version=2.60-bugs.debian.org_2004_03_25
X-Spam-Level:
X-CrossAssassin-Score: 2
--Hch1Uz/zGPcHFdv8
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
My new upload has included the fixes from the NMU so I am officially
closing the bugs now.
Thanks,
Chris Cheney
--Hch1Uz/zGPcHFdv8
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)
iD8DBQFBU5CR0QZas444SvIRAsDvAJ4ieHNeYdNWCGAx0l+WyPtkvn7qggCdEBsv
2xqUJpi/eCZNsk67ulqMAOM=
=+kW+
-----END PGP SIGNATURE-----
--Hch1Uz/zGPcHFdv8--
