Bug#261740: marked as done ([CAN-2004-0721] frame injection vulnerability)
Your message dated Wed, 4 Aug 2004 02:05:42 -0500
with message-id <20040804070542.GG20744@cheney.cx>
and subject line [CAN-2004-0721] frame injection vulnerability
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 27 Jul 2004 21:48:12 +0000
>From ray@xinara.org Tue Jul 27 14:48:12 2004
Return-path: <ray@xinara.org>
Received: from mail.o2w.nl [213.227.141.209] (postfix)
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1BpZnw-0003EQ-00; Tue, 27 Jul 2004 14:48:12 -0700
Received: from zensunni.xinara.org (unknown [217.22.72.48])
(using TLSv1 with cipher RC4-SHA (128/128 bits))
(Client did not present a certificate)
by mail.o2w.nl (Postfix) with ESMTP id 6E096358B5
for <submit@bugs.debian.org>; Tue, 27 Jul 2004 23:48:07 +0200 (CEST)
Received: from ray by zensunni.xinara.org with local (Exim 4.34)
id 1BpZno-00082Y-RC; Tue, 27 Jul 2004 23:48:04 +0200
Date: Tue, 27 Jul 2004 23:48:04 +0200
From: "J.H.M. Dassen (Ray)" <fsmla@xinara.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: [CAN-2004-0721] frame injection vulnerability
Message-ID: <20040727214804.GA30895@xinara.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
X-Reportbug-Version: 2.63
Organization: Ray at home
X-System: Debian GNU/Linux 3.1, kernel 2.4.27-rc3
User-Agent: Mutt/1.5.6+20040722i
Delivered-To: submit@bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2004_03_25
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE
autolearn=no version=2.60-bugs.debian.org_2004_03_25
X-Spam-Level:
Package: konqueror
Version: 4:3.2.2-1
Severity: grave
Tags: security upstream sid
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0721 :
+-----------------------------------------------------------------------------+
| Name | CAN-2004-0721 (under review) |
|-------------+---------------------------------------------------------------|
| | Konqueror 3.1.3, 3.2.2, and possibly other versions does not |
| | properly prevent a frame in one domain from injecting content |
| Description | into a frame that belongs to another domain,m which |
| | facilitates web site spoofing and other attacks, aka the |
| | frame injection vulnerability. |
|-------------+---------------------------------------------------------------|
| | * MISC:http://secunia.com/advisories/11978 |
| References | * MISC:http://secunia.com/ |
| | multiple_browsers_frame_injection_vulnerability_test/ |
|-------------+---------------------------------------------------------------|
| Phase | Assigned (20040722) |
|-------------+---------------------------------------------------------------|
-- System Information:
Debian Release: 3.1
APT prefers unstable
APT policy: (800, 'unstable'), (750, 'experimental'), (500, 'testing')
Architecture: i386 (i686)
Kernel: Linux 2.4.27-rc3
Locale: LANG=C, LC_CTYPE=en_US.ISO8859-1
--
Obsig: developing a new sig
---------------------------------------
Received: (at 261740-done) by bugs.debian.org; 4 Aug 2004 07:05:46 +0000
>From ccheney@cheney.cx Wed Aug 04 00:05:46 2004
Return-path: <ccheney@cheney.cx>
Received: from pico.surpasshosting.com [66.194.152.191]
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1BsFqM-0005fL-00; Wed, 04 Aug 2004 00:05:46 -0700
Received: from cdm-208-180-235-136.cnro.cox-internet.com ([208.180.235.136] helo=calc-amd64)
by pico.surpasshosting.com with esmtp (TLSv1:RC4-SHA:128)
(Exim 4.34)
id 1BsFqL-0001VS-MB
for 261740-done@bugs.debian.org; Wed, 04 Aug 2004 03:05:45 -0400
Received: from ccheney by calc-amd64 with local (Exim 4.34)
id 1BsFqI-0005H9-KW
for 261740-done@bugs.debian.org; Wed, 04 Aug 2004 02:05:42 -0500
Date: Wed, 4 Aug 2004 02:05:42 -0500
From: Chris Cheney <ccheney@cheney.cx>
To: 261740-done@bugs.debian.org
Subject: [CAN-2004-0721] frame injection vulnerability
Message-ID: <20040804070542.GG20744@cheney.cx>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature"; boundary="3VRmKSg17yJg2MZg"
Content-Disposition: inline
User-Agent: Mutt/1.5.6+20040722i
Sender: Christopher L Cheney <ccheney@cheney.cx>
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - pico.surpasshosting.com
X-AntiAbuse: Original Domain - bugs.debian.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - cheney.cx
X-Source:
X-Source-Args:
X-Source-Dir:
Delivered-To: 261740-done@bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2004_03_25
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-0.2 required=4.0 tests=BAYES_40 autolearn=no
version=2.60-bugs.debian.org_2004_03_25
X-Spam-Level:
--3VRmKSg17yJg2MZg
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
This bug was fixed by uploading kdebase 3.2.3-1 to sid yesterday.
Thanks,
Chris Cheney
--3VRmKSg17yJg2MZg
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)
iD8DBQFBEIrG0QZas444SvIRAgRlAJ9wc3cQ9guC4pYQTEWZgo0EG3AP/wCcDJQT
17DnQuJLt54ABVpk2LqDHPk=
=FeW+
-----END PGP SIGNATURE-----
--3VRmKSg17yJg2MZg--
Reply to: