Your message dated Mon, 12 Feb 2007 02:17:02 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#399170: fixed in firefox-sage 1.3.10-1
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
package: firefox-sage
severity: grave
tags: security
A vulnerability has been found in sage. From
http://secunia.com/advisories/22809/ :
David Kierznowski has discovered a vulnerability in the Sage extension
for Firefox, which can be exploited by malicious people to conduct
script insertion attacks.
The vulnerability is caused due to an input validation error in the
processing of "img" tags in feeds. This can e.g. be exploited to
insert and execute arbitrary HTML and script code in a local context
by tricking a user into adding a malicious feed and then viewing the
contents of it.
pgprzP2p1tQKD.pgp
Description: PGP signature
--- End Message ---
--- Begin Message ---
Source: firefox-sage
Source-Version: 1.3.10-1
We believe that the bug you reported is fixed in the latest version of
firefox-sage, which is due to be installed in the Debian FTP archive:
firefox-sage_1.3.10-1.diff.gz
to pool/main/f/firefox-sage/firefox-sage_1.3.10-1.diff.gz
firefox-sage_1.3.10-1.dsc
to pool/main/f/firefox-sage/firefox-sage_1.3.10-1.dsc
firefox-sage_1.3.10-1_all.deb
to pool/main/f/firefox-sage/firefox-sage_1.3.10-1_all.deb
firefox-sage_1.3.10.orig.tar.gz
to pool/main/f/firefox-sage/firefox-sage_1.3.10.orig.tar.gz
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Alan Woodland <[EMAIL PROTECTED]> (supplier of updated firefox-sage package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Sun, 11 Feb 2007 19:23:55 +0000
Source: firefox-sage
Binary: firefox-sage
Architecture: source all
Version: 1.3.10-1
Distribution: experimental
Urgency: low
Maintainer: Alan Woodland <[EMAIL PROTECTED]>
Changed-By: Alan Woodland <[EMAIL PROTECTED]>
Description:
firefox-sage - lightweight RSS and Atom feed reader for Firefox
Closes: 389523 399170 409031
Changes:
firefox-sage (1.3.10-1) experimental; urgency=low
.
* New upstream release (Closes: #409031)
* Re-enabling HTML mode, given new upstream code. (Closes: #389523)
* New upstream release should end security issues (Closes: #399170)
* No longer need to apply Iceweasel/Firefox patch.
* New patch to make HTML mode not be default.
* Uploading to experimental - would like to wait until after Etch
for more feedback after re-enabling HTML mode.
Files:
b9d948d3bf683958d5b8aaffe2ed9239 600 web optional firefox-sage_1.3.10-1.dsc
fded9044568b468a56712b01778b8f92 138821 web optional
firefox-sage_1.3.10.orig.tar.gz
f7d4988b7ddaacd99b3a5e225886d76f 12734 web optional
firefox-sage_1.3.10-1.diff.gz
6de08bd67d63297c9174caea9b6e8093 150452 web optional
firefox-sage_1.3.10-1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFFz81y1FNW1LDdr0IRAnemAJ9jUUG/xGxSCdbyAFhbFGDWSOwrgwCcCnVy
pz6IpvsgGlX2g2dMjwimH8w=
=aITp
-----END PGP SIGNATURE-----
--- End Message ---
