Your message dated Fri, 21 Jan 2005 18:01:34 -0800 with message-id <[EMAIL PROTECTED]> and subject line CAN-2005-0012: Arbitrary code execution in dillo has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database) -------------------------------------- Received: (at submit) by bugs.debian.org; 15 Jan 2005 08:07:29 +0000 >From [EMAIL PROTECTED] Sat Jan 15 00:07:28 2005 Return-path: <[EMAIL PROTECTED]> Received: from luonnotar.infodrom.org [195.124.48.78] by spohr.debian.org with esmtp (Exim 3.35 1 (Debian)) id 1Cpiy0-0005zC-00; Sat, 15 Jan 2005 00:07:28 -0800 Received: by luonnotar.infodrom.org (Postfix, from userid 10) id A4076366B71; Sat, 15 Jan 2005 09:07:31 +0100 (CET) Received: at Infodrom Oldenburg (/\##/\ Smail-3.2.0.102 1998-Aug-2 #2) from infodrom.org by finlandia.Infodrom.North.DE via smail from stdin id <[EMAIL PROTECTED]> for [EMAIL PROTECTED]; Sat, 15 Jan 2005 09:03:10 +0100 (CET) Date: Sat, 15 Jan 2005 09:03:10 +0100 From: Martin Schulze <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Subject: CAN-2005-0012: Arbitrary code execution in dillo Message-ID: <[EMAIL PROTECTED]> Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline User-Agent: Mutt/1.5.6+20040907i Delivered-To: [EMAIL PROTECTED] X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 (1.212-2003-09-23-exp) on spohr.debian.org X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE autolearn=no version=2.60-bugs.debian.org_2005_01_02 X-Spam-Level: Package: dillo Version: 0.8.1-1 Severity: grave Tags: pending security sarge The problem below seems to be fixed in the version in sid (0.8.3-1) but not yet in the version in sarge), hence this bug report. This bug report is meant to track this issue. Please close it when the fixed pacakge enters sarge. ====================================================== Candidate: CAN-2005-0012 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0012 Final-Decision: Interim-Decision: Modified: Proposed: Assigned: 20050104 Category: SF Reference: GENTOO:GLSA-200501-11 Reference: URL:http://www.gentoo.org/security/en/glsa/glsa-200501-11.xml Reference: BID:12203 Reference: URL:http://www.securityfocus.com/bid/12203 Reference: SECUNIA:13760 Reference: URL:http://secunia.com/advisories/13760/ Reference: XF:dillo-capi-format-string(18807) Reference: URL:http://xforce.iss.net/xforce/xfdb/18807 Format string vulnerability in the a_Interface_msg function in Dillo before 0.8.3-r4 allows remote attackers to execute arbitrary code via format string specifiers in a web page. Regards, Joey -- There are lies, statistics and benchmarks. Please always Cc to me when replying to me on the lists. --------------------------------------- Received: (at 290605-done) by bugs.debian.org; 22 Jan 2005 02:01:35 +0000 >From [EMAIL PROTECTED] Fri Jan 21 18:01:35 2005 Return-path: <[EMAIL PROTECTED]> Received: from dsl093-039-086.pdx1.dsl.speakeasy.net (localhost.localdomain) [66.93.39.86] by spohr.debian.org with esmtp (Exim 3.35 1 (Debian)) id 1CsAal-000156-00; Fri, 21 Jan 2005 18:01:35 -0800 Received: by localhost.localdomain (Postfix, from userid 1000) id 91830171D23; Fri, 21 Jan 2005 18:01:34 -0800 (PST) Date: Fri, 21 Jan 2005 18:01:34 -0800 From: Steve Langasek <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Subject: Re: CAN-2005-0012: Arbitrary code execution in dillo Message-ID: <[EMAIL PROTECTED]> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="76DTJ5CE0DCVQemd" Content-Disposition: inline User-Agent: Mutt/1.5.6+20040907i Delivered-To: [EMAIL PROTECTED] X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 (1.212-2003-09-23-exp) on spohr.debian.org X-Spam-Status: No, hits=-3.0 required=4.0 tests=BAYES_00 autolearn=no version=2.60-bugs.debian.org_2005_01_02 X-Spam-Level: --76DTJ5CE0DCVQemd Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable The fixed version of dillo has reached sarge, so I think this bug can be closed. --=20 Steve Langasek postmodern programmer --76DTJ5CE0DCVQemd Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Digital signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFB8bP7KN6ufymYLloRAo8yAKC6mBCo9Q1kH/Egsr7YX5Jx3RFbWACgokdQ X8VQzLdj3J8ePBqtYEFNcaU= =XDQ8 -----END PGP SIGNATURE----- --76DTJ5CE0DCVQemd-- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]