Your message dated Tue, 16 Mar 2010 19:28:34 +0100
with message-id <[email protected]>
and subject line Re: Bug#574067: CVE-2010-0044 cookie weakness
has caused the Debian Bug report #574066,
regarding CVE-2010-0044 cookie weakness
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
574066: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=574066
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: libipc-pubsub-perl
Version: 0.05-1
Severity: normal
Tags: security
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for safari. I'm not sure if their version of pubsub relates
to this package, but it should be checked. If it does not, please
close the bug. Thanks.
CVE-2010-0044[0]:
| PubSub in Apple Safari before 4.0.5 does not properly implement use of
| the Accept Cookies preference to block cookies, which makes it easier
| for remote web servers to track users by setting a cookie in a (1) RSS
| or (2) Atom feed.
If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0044
http://security-tracker.debian.org/tracker/CVE-2010-0044
--- End Message ---
--- Begin Message ---
On Tue, 16 Mar 2010 13:00:29 -0400, Michael Gilbert wrote:
> > > the following CVE (Common Vulnerabilities & Exposures) id was
> > > published for safari. I'm not sure if their version of pubsub relates
> > > to this package, but it should be checked. If it does not, please
> > > close the bug. Thanks.
> > I don't see anything related to web cookies in
> > POE::Component::PubSub.
> it looks like Apple's "PubSub" is oriented around rss feeds, and
> looking at apple's manpage [0],
Thanks for digging this up!
> it doesn't look related to these
> packages. my best guess is that their PubSub is either an independent
> implementation, a modified version, or a wrapper geared toward rss
> feeds.
I tried to look a bit more for Safari and PusSub, and nothing I found
sounded like our Perl modules.
> in any case, the problem is likely in their own code, and not
> these core libraries. i would say its safe to close.
/me agrees and closes the bugs.
Cheers,
gregor
--
.''`. http://info.comodo.priv.at/ -- GPG Key IDs: 0x8649AA06, 0x00F3CFE4
: :' : Debian GNU/Linux user, admin, & developer - http://www.debian.org/
`. `' Member of VIBE!AT & SPI, fellow of Free Software Foundation Europe
`- NP: Queen: One Vision
signature.asc
Description: Digital signature
--- End Message ---
