Your message dated Mon, 19 May 2014 13:03:55 +0000
with message-id <[email protected]>
and subject line Bug#746626: fixed in sks 1.1.5-1
has caused the Debian Bug report #746626,
regarding sks: CVE-2014-3207: non-persistent XSS
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
746626: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=746626
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: sks
Severity: important
Tags: security upstream fixed-upstream
Hi
A non-persistent XSS vulnerability was found in sks. A CVE is not
(yet) assigned. See [0], [1] and [2] for details:
[0] http://www.openwall.com/lists/oss-security/2014/05/01/16
[1] https://bitbucket.org/skskeyserver/sks-keyserver/issue/26/unfiltered-xss
[2] https://bugzilla.mozilla.org/show_bug.cgi?id=952077
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: sks
Source-Version: 1.1.5-1
We believe that the bug you reported is fixed in the latest version of
sks, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Christoph Martin <[email protected]> (supplier of updated sks
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 16 May 2014 15:54:30 +0200
Source: sks
Binary: sks
Architecture: source amd64
Version: 1.1.5-1
Distribution: unstable
Urgency: low
Maintainer: Christoph Martin <[email protected]>
Changed-By: Christoph Martin <[email protected]>
Description:
sks - Synchronizing OpenPGP Key Server
Closes: 600194 716838 741912 742916 746626
Changes:
sks (1.1.5-1) unstable; urgency=low
.
[ Christoph Martin ]
* new upstream
- fixes CVE-2014-3207: non-persistent XSS (closes: 746626)
- correctly handle option max_matches (closes: 742916)
- correct documentation of dump command (closes: 600194)
* add pgp signature option to watch file
* remove /var/lib/sks and /var/backup/sks on purge (closes: 716838)
* note active Berkely DB on new install (closes: 741912)
Checksums-Sha1:
56b1ad71c487372ea96d5668128428225b465a86 2002 sks_1.1.5-1.dsc
a353426e99de3fb02bf93b953f574335a9f2a590 362941 sks_1.1.5.orig.tar.gz
5ce9df160f7cbb3e55edb8b7391a609fed0f0007 18952 sks_1.1.5-1.debian.tar.xz
30f501f867421ae87a26b2ca827ecf6b2bb783e5 630930 sks_1.1.5-1_amd64.deb
Checksums-Sha256:
e652b611a6c7044cf55a624f3540e2c73733b39416c89118b55a43b50f8398f6 2002
sks_1.1.5-1.dsc
92a7f113f0ba7a28d51d7ced60a984d042d8524c651dc3fcafe9d11cc32981a0 362941
sks_1.1.5.orig.tar.gz
645ecdc9895e643305076d51d7f5df514ea18591c6dfaa7253dfd556ba339fb7 18952
sks_1.1.5-1.debian.tar.xz
7e0010459c0022c7cd1b955eefac2e0e9fbfd6565ea9ac243de335416c833e05 630930
sks_1.1.5-1_amd64.deb
Files:
050ded5df33f02e6297040bfb8d1a21e 630930 net optional sks_1.1.5-1_amd64.deb
3c0c4fb60e722332715efc3ed0968a53 2002 net optional sks_1.1.5-1.dsc
60bb0ce429e5d223fd4662c286f46e7b 362941 net optional sks_1.1.5.orig.tar.gz
b4389589109b565b4c213eb9de35ec73 18952 net optional sks_1.1.5-1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQIcBAEBCgAGBQJTefv1AAoJEPqBswqWsQmcnm8P/3b2tM/XcW38lYNilQobLJ59
vY3AC+makFQn3OtzQ5o8O1nXtJAViWaskn8CnYK+OErKG7KxPa0yJWml7gGJWFRs
QEEbVvrLI3nANIicnVTJSvP0Y3+NdNellmBZUb5nuq9rVmRZS/plbJLjnKTRChya
mmY8XmqOk1ELNKHw8dtGdQUNLyZre/qZbuPLUjcFI55t/IR0Sx3k3CdBjpSL42xO
tM8BRKAti5tptudk3YLB57RuqAvX5sdroayjpfi09Lj0lEspubJQyx6a5tXHMzEN
Ptm4h6rYGJ5CY2LB5K/1qQzB1Ji4J9PO/fYFyccUbgx6BXCQa2LYZfiZoGNx4Kt3
Qz7GNr9aqAwLLrzXGVBjH61kdquPoBRRH/Gp6Dm+bLw/eS0hjXuvUZzwyEBS55IJ
dQI8OFE715g7yu6OB6ruyW6a3foEfeUKVT5+CwdKq/skrF/1wS/ZKuXZ1Cz3vFTq
MXqCNJgSCS55Eo18meWlIqfKT6ERrRoS/aEIb626SbyOuKhQxlujpMQ8XZMcg+Zs
Wyj+g6UfS7/RXXkW8gv+ijbrZixNEsVyBakErmUcQIHoRBow339HXl0Y63UeIKuM
x+HDn0SNxxvi6UTqIvrVlvcjUX+8E9DFuyvUv9tGWFdtUXLDcx8DpG0ZyccRSOLA
d80HKpciOUQjsyA+IZ1L
=sldO
-----END PGP SIGNATURE-----
--- End Message ---
