Your message dated Sun, 08 Jun 2008 23:51:42 +0900 (JST)
with message-id <[EMAIL PROTECTED]>
and subject line Re: [CVE-2007-3125] format string issue in X.509 certificate
processing
has caused the Debian Bug report #429218,
regarding [CVE-2007-3125] format string issue in X.509 certificate processing
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [EMAIL PROTECTED]
immediately.)
--
429218: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=429218
Debian Bug Tracking System
Contact [EMAIL PROTECTED] with problems
--- Begin Message ---
Package: w3m
Severity: grave
Tags: security
| Format string vulnerability in the inputAnswer function in file.c in
| w3m before 0.5.2 allows remote attackers to cause a denial of
| service (application crash) and possibly execute arbitrary code via
| format string specifiers in the CN field in an SSL certificate
| associated with an https URL.
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3125>
Please mention the name CVE-2007-3125 in the changelog when fixing
this bug. Thanks!
--- End Message ---
--- Begin Message ---
Version: 0.5.2-1
On June 18, 2007 at 12:36PM +0100,
skx (at debian.org) wrote:
> Fixed already in Stable (etch):
>
> w3m (0.5.1-5.1) unstable; urgency=high
>
> * NMU by the Security Team:
> * Fix format string vulnerability in display of SSL certificates.
> (No CVE ID yet) (Closes: #404564)
>
> -- Moritz Muehlenhoff <[EMAIL PROTECTED]> Tue, 26 Dec 2006 18:49:26 +0100
Acknowledged this NMU in w3m 0.5.2-1, already fixed in etch, lenny
and sid, and sarge is no longer supported. Closing.
Thanks,
--
Tatsuya Kinoshita
pgp0mf6vMl1CX.pgp
Description: PGP signature
--- End Message ---
