Your message dated Thu, 25 Mar 2010 17:17:21 +0000
with message-id <[email protected]>
and subject line Bug#556270: fixed in galeon 2.0.7-2
has caused the Debian Bug report #556270,
regarding epiphany-browser: CVE-2007-1084 bookmarklets cross-site info
disclosure
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
556270: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=556270
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: galeon
Version: 2.0.7-1.1
Severity: serious
Tags: security
Hi,
The following CVE (Common Vulnerabilities & Exposures) id was
published.
CVE-2007-1084[0]:
| Mozilla Firefox 2.0.0.1 and earlier does not prompt users before
| saving bookmarklets, which allows remote attackers to bypass the
| same-domain policy by tricking a user into saving a bookmarklet with a
| data: scheme, which is executed in the context of the last visited web
| page.
If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1084
http://security-tracker.debian.org/tracker/CVE-2007-1084
--- End Message ---
--- Begin Message ---
Source: galeon
Source-Version: 2.0.7-2
We believe that the bug you reported is fixed in the latest version of
galeon, which is due to be installed in the Debian FTP archive:
galeon-common_2.0.7-2_all.deb
to main/g/galeon/galeon-common_2.0.7-2_all.deb
galeon_2.0.7-2.debian.tar.gz
to main/g/galeon/galeon_2.0.7-2.debian.tar.gz
galeon_2.0.7-2.dsc
to main/g/galeon/galeon_2.0.7-2.dsc
galeon_2.0.7-2_amd64.deb
to main/g/galeon/galeon_2.0.7-2_amd64.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Fabio Bonelli <[email protected]> (supplier of updated galeon package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Sun, 21 Mar 2010 13:55:53 +0200
Source: galeon
Binary: galeon galeon-common
Architecture: source all amd64
Version: 2.0.7-2
Distribution: unstable
Urgency: low
Maintainer: Fabio Bonelli <[email protected]>
Changed-By: Fabio Bonelli <[email protected]>
Description:
galeon - GNOME web browser for advanced users
galeon-common - data for the galeon web browser
Closes: 405387 490645 531010 536593 548673 556077 556270 574581
Changes:
galeon (2.0.7-2) unstable; urgency=low
.
[ Paul Wise ]
* Drop myself from Uploaders, I'm mainly sponsoring.
.
[ Fabio Bonelli ]
* Standards-Version 3.8.4: switch to dpkg-source 3.0 (quilt) format.
* Add galeon-common.doc-base.
* Add cross_site_bookmarklets.diff: deal with CVE-2007-1084 bookmarklets
cross-site info disclosure displaying a warning (Closes: #556270)
* Move Galeon manpage to galeon package and do update-alternatives on
postinst there. (Closes: #531010)
* Move menu, icon and desktop file to galeon package in order to avoid
confusion when only galeon-common is installed on a system.
* Add 20_warn-external.patch: don't warn on certain external handlers in
order to restore proper mailto: functionality. (Closes: #405387)
* Works with xulrunner-1.9.1, added 80_GRE_version.patch that supersedes
30_gre-range.patch. Thanks to Mike Hommey <[email protected]>.
(Closes: #548673, #536593)
* Add 86_gnome_network_properties.patch: gnome-network-preferences was
renamed in GNOME 2.26, thanks to Fabrice Lorrain for reporting the bug
(Closes: #556077)
* Add 87_startpage_about_blank.patch: Don't use the not working myportal:
as a startpage for now. (Closes: #490645)
* Add session_fixes.diff: Use ~/.galeon/session_crashed.xml even if
started with --load-session. Patch by Michel Dänzer <[email protected]>.
(Closes: #574581)
Checksums-Sha1:
50d8b895e78e21385ac407569fbd552152976b0a 1491 galeon_2.0.7-2.dsc
ce37c0281163707f8e8e749b03e4cbf760f1c39e 80290 galeon_2.0.7-2.debian.tar.gz
8fe0a6d67d6d1e548807aee09ea87ac4456b8030 3044390 galeon-common_2.0.7-2_all.deb
939b63c4203ba2afa602f8b60256d9678beb18c5 779324 galeon_2.0.7-2_amd64.deb
Checksums-Sha256:
4b3a8bb02cddc769501a3ff680e11aae36b49da81bb77d8e6e9a503d0edd933b 1491
galeon_2.0.7-2.dsc
175f71a67a0d1242f43cb324101362138d4e6784deb8d5f8929e1c3b32202fb9 80290
galeon_2.0.7-2.debian.tar.gz
4db6cc17f286ce3076d9556c58fd56ded732766801fa87f41f73f689cd5fbe35 3044390
galeon-common_2.0.7-2_all.deb
1aae75f3849b34a24083d55f05aecfbbdfae76393b502413095546e200127071 779324
galeon_2.0.7-2_amd64.deb
Files:
5d0bd891b947c4835fc3d3695ef21385 1491 gnome optional galeon_2.0.7-2.dsc
4ffffcc3e5851759dbfe34edab71d4c8 80290 gnome optional
galeon_2.0.7-2.debian.tar.gz
a52b2c8559211e05ae77919abe507530 3044390 gnome optional
galeon-common_2.0.7-2_all.deb
3cb042042cc23fec10599f52132755e4 779324 gnome optional galeon_2.0.7-2_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAkurUGUACgkQ5Sc9mGvjxCPRUACfUD+ANvgeffB/t2zAHObhk+ch
bzcAoIBx1Fl2U4DyR/+1cy3W3H0Eyyr1
=r+aj
-----END PGP SIGNATURE-----
--- End Message ---
