[Pkg-kde-extras] Bug#593300: marked as done (rekonq: CVE-2010-2536 xss vulnerabilities)

[Debian Bug Tracking System]

Your message dated Wed, 18 Aug 2010 12:47:09 +0000
with message-id <e1oli2v-0007zi...@franck.debian.org>
and subject line Bug#593300: fixed in rekonq 0.5.0-2
has caused the Debian Bug report #593300,
regarding rekonq: CVE-2010-2536 xss vulnerabilities
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
593300: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=593300
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: rekonq
Version: 0.5.0-1
Severity: serious
Tags: security

Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for rekonq.

CVE-2010-2536[0]:
| Multiple cross-site scripting (XSS) vulnerabilities in rekonq 0.5 and
| earlier allow remote attackers to inject arbitrary web script or HTML
| via (1) a URL associated with a nonexistent domain name, related to
| webpage.cpp, aka a "universal XSS" issue; (2) unspecified vectors
| related to webview.cpp; and the about: views for (3) favorites, (4)
| bookmarks, (5) closed tabs, and (6) history.

If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.

For further information see:

[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2536
    http://security-tracker.debian.org/tracker/CVE-2010-2536

--- End Message ---

--- Begin Message ---

Source: rekonq
Source-Version: 0.5.0-2

We believe that the bug you reported is fixed in the latest version of
rekonq, which is due to be installed in the Debian FTP archive:

rekonq-dbg_0.5.0-2_amd64.deb
  to main/r/rekonq/rekonq-dbg_0.5.0-2_amd64.deb
rekonq_0.5.0-2.debian.tar.gz
  to main/r/rekonq/rekonq_0.5.0-2.debian.tar.gz
rekonq_0.5.0-2.dsc
  to main/r/rekonq/rekonq_0.5.0-2.dsc
rekonq_0.5.0-2_amd64.deb
  to main/r/rekonq/rekonq_0.5.0-2_amd64.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 593...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Felix Geyer <debfx-...@fobos.de> (supplier of updated rekonq package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Tue, 17 Aug 2010 11:16:04 +0200
Source: rekonq
Binary: rekonq rekonq-dbg
Architecture: source amd64
Version: 0.5.0-2
Distribution: unstable
Urgency: medium
Maintainer: Debian KDE Extras Team <pkg-kde-extras@lists.alioth.debian.org>
Changed-By: Felix Geyer <debfx-...@fobos.de>
Description: 
 rekonq     - KDE web browser based on Webkit
 rekonq-dbg - debugging symbols for rekonq
Closes: 593300
Changes: 
 rekonq (0.5.0-2) unstable; urgency=medium
 .
   * Fix CVE-2010-2536: multiple XSS vulnerabilities (Closes: #593300)
     - Add CVE-2010-2536_fix_xss_vulnerabilities.diff
Checksums-Sha1: 
 60efed3becefd161a689c559bb63881e4d97fae1 1312 rekonq_0.5.0-2.dsc
 20be7707b040fc0b639b399da0b86716cb1a1f21 7122 rekonq_0.5.0-2.debian.tar.gz
 bfc7c5e00d57e0d36e155161d1091e8b72fa347c 1367214 rekonq_0.5.0-2_amd64.deb
 6b58c1a8618c65131fdb8d72ad1c55f1113e1db6 3427686 rekonq-dbg_0.5.0-2_amd64.deb
Checksums-Sha256: 
 efa312adcd888c6a445660d05916524e5e84a4f29a6a24b94cb4dee0c2e6d4a8 1312 
rekonq_0.5.0-2.dsc
 1f72ab3c751cdb6dcbeb37f103dca69a37e0aba28f1cff0f525c1203551bb5b4 7122 
rekonq_0.5.0-2.debian.tar.gz
 6f6868d8f4057b2a985578232cafcf2d10c12ab5b5d30220845606d3cad6cdb4 1367214 
rekonq_0.5.0-2_amd64.deb
 c3d18ea0019416347abc9dd72ee23b5098621661bf37748dc1a53c1900ab2580 3427686 
rekonq-dbg_0.5.0-2_amd64.deb
Files: 
 bc16ee60f9076a00abde08ccd962ef30 1312 web optional rekonq_0.5.0-2.dsc
 b6210483458994f4e8a9348c40fe4ed7 7122 web optional rekonq_0.5.0-2.debian.tar.gz
 f2ad105590a00983e6226cf888e45006 1367214 web optional rekonq_0.5.0-2_amd64.deb
 2a1b8645b5f266966d3ae658e9835744 3427686 debug extra 
rekonq-dbg_0.5.0-2_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAkxr0f8ACgkQHO9JRnPq4hTYewCgpnc1pxcGWvYY/inI+PraCGxd
Rr4An0SpG5nzNiQlpvBiT6VuwP//lucf
=Ppoq
-----END PGP SIGNATURE-----

--- End Message ---

_______________________________________________
pkg-kde-extras mailing list
pkg-kde-extras@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/pkg-kde-extras