Bug#290605: marked as done (CAN-2005-0012: Arbitrary code execution in dillo)

Fri, 21 Jan 2005 18:23:18 -0800 

Your message dated Fri, 21 Jan 2005 18:01:34 -0800
with message-id <[EMAIL PROTECTED]>
and subject line CAN-2005-0012: Arbitrary code execution in dillo
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--------------------------------------
Received: (at submit) by bugs.debian.org; 15 Jan 2005 08:07:29 +0000
>From [EMAIL PROTECTED] Sat Jan 15 00:07:28 2005
Return-path: <[EMAIL PROTECTED]>
Received: from luonnotar.infodrom.org [195.124.48.78] 
        by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
        id 1Cpiy0-0005zC-00; Sat, 15 Jan 2005 00:07:28 -0800
Received: by luonnotar.infodrom.org (Postfix, from userid 10)
        id A4076366B71; Sat, 15 Jan 2005 09:07:31 +0100 (CET)
Received: at Infodrom Oldenburg (/\##/\ Smail-3.2.0.102 1998-Aug-2 #2)
        from infodrom.org by finlandia.Infodrom.North.DE
        via smail from stdin
        id <[EMAIL PROTECTED]>
        for [EMAIL PROTECTED]; Sat, 15 Jan 2005 09:03:10 +0100 (CET) 
Date: Sat, 15 Jan 2005 09:03:10 +0100
From: Martin Schulze <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: CAN-2005-0012: Arbitrary code execution in dillo
Message-ID: <[EMAIL PROTECTED]>
Mime-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
User-Agent: Mutt/1.5.6+20040907i
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 
        (1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE 
        autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level: 

Package: dillo
Version: 0.8.1-1
Severity: grave
Tags: pending security sarge

The problem below seems to be fixed in the version in sid (0.8.3-1) but
not yet in the version in sarge), hence this bug report.  This bug report
is meant to track this issue.  Please close it when the fixed pacakge
enters sarge.


======================================================
Candidate: CAN-2005-0012
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0012
Final-Decision:
Interim-Decision:
Modified:
Proposed:
Assigned: 20050104
Category: SF
Reference: GENTOO:GLSA-200501-11
Reference: URL:http://www.gentoo.org/security/en/glsa/glsa-200501-11.xml
Reference: BID:12203
Reference: URL:http://www.securityfocus.com/bid/12203
Reference: SECUNIA:13760
Reference: URL:http://secunia.com/advisories/13760/
Reference: XF:dillo-capi-format-string(18807)
Reference: URL:http://xforce.iss.net/xforce/xfdb/18807

Format string vulnerability in the a_Interface_msg function in Dillo
before 0.8.3-r4 allows remote attackers to execute arbitrary code via
format string specifiers in a web page.


Regards,

        Joey

-- 
There are lies, statistics and benchmarks.

Please always Cc to me when replying to me on the lists.

---------------------------------------
Received: (at 290605-done) by bugs.debian.org; 22 Jan 2005 02:01:35 +0000
>From [EMAIL PROTECTED] Fri Jan 21 18:01:35 2005
Return-path: <[EMAIL PROTECTED]>
Received: from dsl093-039-086.pdx1.dsl.speakeasy.net (localhost.localdomain) 
[66.93.39.86] 
        by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
        id 1CsAal-000156-00; Fri, 21 Jan 2005 18:01:35 -0800
Received: by localhost.localdomain (Postfix, from userid 1000)
        id 91830171D23; Fri, 21 Jan 2005 18:01:34 -0800 (PST)
Date: Fri, 21 Jan 2005 18:01:34 -0800
From: Steve Langasek <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: Re: CAN-2005-0012: Arbitrary code execution in dillo
Message-ID: <[EMAIL PROTECTED]>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
        protocol="application/pgp-signature"; boundary="76DTJ5CE0DCVQemd"
Content-Disposition: inline
User-Agent: Mutt/1.5.6+20040907i
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 
        (1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-3.0 required=4.0 tests=BAYES_00 autolearn=no 
        version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level: 


--76DTJ5CE0DCVQemd
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

The fixed version of dillo has reached sarge, so I think this bug can be
closed.

--=20
Steve Langasek
postmodern programmer

--76DTJ5CE0DCVQemd
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFB8bP7KN6ufymYLloRAo8yAKC6mBCo9Q1kH/Egsr7YX5Jx3RFbWACgokdQ
X8VQzLdj3J8ePBqtYEFNcaU=
=XDQ8
-----END PGP SIGNATURE-----

--76DTJ5CE0DCVQemd--


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Reply via email to