Bug#286516: marked as done (kdebase: CAN-2004-1158: Konqueror Window Injection Vulnerability)
Your message dated Wed, 05 Jan 2005 15:32:49 -0500
with message-id <E1CmHpp-0008QC-00@newraff.debian.org>
and subject line Bug#286516: fixed in kdebase 4:3.3.1-4
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 20 Dec 2004 17:14:30 +0000
>From asp16@alu.ua.es Mon Dec 20 09:14:30 2004
Return-path: <asp16@alu.ua.es>
Received: from 84-120-66-96.onocable.ono.com (chistera.yi.org) [84.120.66.96]
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1CgR77-0006Xp-00; Mon, 20 Dec 2004 09:14:30 -0800
Received: from userid 1000 by chistera.yi.org with local (Exim 4.34)
id 1CgR76-0001fD-HK
for submit@bugs.debian.org; Mon, 20 Dec 2004 18:14:28 +0100
Date: Mon, 20 Dec 2004 18:14:28 +0100
From: Adeodato =?iso-8859-1?Q?Sim=F3?= <asp16@alu.ua.es>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: kdebase: CAN-2004-1158: Konqueror Window Injection Vulnerability
Message-ID: <20041220171428.GA5354@chistera.yi.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
X-No-CC: Please respect my Mail-Followup-To header
User-Agent: Mutt/1.5.6+20040907i
Delivered-To: submit@bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2004_03_25
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-6.8 required=4.0 tests=BAYES_00,FROM_ENDS_IN_NUMS,
HAS_PACKAGE autolearn=no version=2.60-bugs.debian.org_2004_03_25
X-Spam-Level:
Package: kdebase
Severity: grave
Tags: security
the fix for CAN-2004-1158 (see the KDE Security Advisory [1]) is
compound of two patches: one for kdelibs and another for kdebase.
unlike kdelibs, which has the patch included as of kdelibs=4:3.3.1-3,
this issue has not been fixed for kdebase and an upload is pending.
[1] http://www.kde.org/info/security/advisory-20041213-1.txt
I'm submitting this bug as a separate report from #286510 to properly
track what's fixed in sid and what not.
--
Adeodato Simó
EM: asp16 [ykwim] alu.ua.es | PK: DA6AE621
If you think nobody cares if you're alive, try missing a couple of car
payments.
-- Earl Wilson
---------------------------------------
Received: (at 286516-close) by bugs.debian.org; 5 Jan 2005 20:38:32 +0000
>From katie@ftp-master.debian.org Wed Jan 05 12:38:32 2005
Return-path: <katie@ftp-master.debian.org>
Received: from newraff.debian.org [208.185.25.31] (mail)
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1CmHvM-0004Ik-00; Wed, 05 Jan 2005 12:38:32 -0800
Received: from katie by newraff.debian.org with local (Exim 3.35 1 (Debian))
id 1CmHpp-0008QC-00; Wed, 05 Jan 2005 15:32:49 -0500
From: Debian Qt/KDE Maintainers <debian-qt-kde@lists.debian.org>
To: 286516-close@bugs.debian.org
X-Katie: $Revision: 1.54 $
Subject: Bug#286516: fixed in kdebase 4:3.3.1-4
Message-Id: <E1CmHpp-0008QC-00@newraff.debian.org>
Sender: Archive Administrator <katie@ftp-master.debian.org>
Date: Wed, 05 Jan 2005 15:32:49 -0500
Delivered-To: 286516-close@bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER
autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level:
Source: kdebase
Source-Version: 4:3.3.1-4
We believe that the bug you reported is fixed in the latest version of
kdebase, which is due to be installed in the Debian FTP archive:
kappfinder_3.3.1-4_i386.deb
to pool/main/k/kdebase/kappfinder_3.3.1-4_i386.deb
kate_3.3.1-4_i386.deb
to pool/main/k/kdebase/kate_3.3.1-4_i386.deb
kcontrol_3.3.1-4_i386.deb
to pool/main/k/kdebase/kcontrol_3.3.1-4_i386.deb
kdebase-bin_3.3.1-4_i386.deb
to pool/main/k/kdebase/kdebase-bin_3.3.1-4_i386.deb
kdebase-data_3.3.1-4_all.deb
to pool/main/k/kdebase/kdebase-data_3.3.1-4_all.deb
kdebase-dev_3.3.1-4_i386.deb
to pool/main/k/kdebase/kdebase-dev_3.3.1-4_i386.deb
kdebase-doc_3.3.1-4_all.deb
to pool/main/k/kdebase/kdebase-doc_3.3.1-4_all.deb
kdebase-kio-plugins_3.3.1-4_i386.deb
to pool/main/k/kdebase/kdebase-kio-plugins_3.3.1-4_i386.deb
kdebase_3.3.1-4.diff.gz
to pool/main/k/kdebase/kdebase_3.3.1-4.diff.gz
kdebase_3.3.1-4.dsc
to pool/main/k/kdebase/kdebase_3.3.1-4.dsc
kdebase_3.3.1-4_all.deb
to pool/main/k/kdebase/kdebase_3.3.1-4_all.deb
kdepasswd_3.3.1-4_i386.deb
to pool/main/k/kdebase/kdepasswd_3.3.1-4_i386.deb
kdeprint_3.3.1-4_i386.deb
to pool/main/k/kdebase/kdeprint_3.3.1-4_i386.deb
kdesktop_3.3.1-4_i386.deb
to pool/main/k/kdebase/kdesktop_3.3.1-4_i386.deb
kdm_3.3.1-4_i386.deb
to pool/main/k/kdebase/kdm_3.3.1-4_i386.deb
kfind_3.3.1-4_i386.deb
to pool/main/k/kdebase/kfind_3.3.1-4_i386.deb
khelpcenter_3.3.1-4_i386.deb
to pool/main/k/kdebase/khelpcenter_3.3.1-4_i386.deb
kicker_3.3.1-4_i386.deb
to pool/main/k/kdebase/kicker_3.3.1-4_i386.deb
klipper_3.3.1-4_i386.deb
to pool/main/k/kdebase/klipper_3.3.1-4_i386.deb
kmenuedit_3.3.1-4_i386.deb
to pool/main/k/kdebase/kmenuedit_3.3.1-4_i386.deb
konqueror-nsplugins_3.3.1-4_i386.deb
to pool/main/k/kdebase/konqueror-nsplugins_3.3.1-4_i386.deb
konqueror_3.3.1-4_i386.deb
to pool/main/k/kdebase/konqueror_3.3.1-4_i386.deb
konsole_3.3.1-4_i386.deb
to pool/main/k/kdebase/konsole_3.3.1-4_i386.deb
kpager_3.3.1-4_i386.deb
to pool/main/k/kdebase/kpager_3.3.1-4_i386.deb
kpersonalizer_3.3.1-4_i386.deb
to pool/main/k/kdebase/kpersonalizer_3.3.1-4_i386.deb
ksmserver_3.3.1-4_i386.deb
to pool/main/k/kdebase/ksmserver_3.3.1-4_i386.deb
ksplash_3.3.1-4_i386.deb
to pool/main/k/kdebase/ksplash_3.3.1-4_i386.deb
ksysguard_3.3.1-4_i386.deb
to pool/main/k/kdebase/ksysguard_3.3.1-4_i386.deb
ksysguardd_3.3.1-4_i386.deb
to pool/main/k/kdebase/ksysguardd_3.3.1-4_i386.deb
ktip_3.3.1-4_i386.deb
to pool/main/k/kdebase/ktip_3.3.1-4_i386.deb
kwin_3.3.1-4_i386.deb
to pool/main/k/kdebase/kwin_3.3.1-4_i386.deb
libkonq4-dev_3.3.1-4_i386.deb
to pool/main/k/kdebase/libkonq4-dev_3.3.1-4_i386.deb
libkonq4_3.3.1-4_i386.deb
to pool/main/k/kdebase/libkonq4_3.3.1-4_i386.deb
xfonts-konsole_3.3.1-4_all.deb
to pool/main/k/kdebase/xfonts-konsole_3.3.1-4_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 286516@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Debian Qt/KDE Maintainers <debian-qt-kde@lists.debian.org> (supplier of updated kdebase package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Wed, 5 Jan 2005 17:11:03 +0100
Source: kdebase
Binary: kdesktop kcontrol kpersonalizer kdm klipper kappfinder kdebase-doc kdebase kmenuedit kicker libkonq4 konqueror-nsplugins kdebase-bin kdebase-dev ksplash kdeprint libkonq4-dev kwin kdepasswd ksmserver kfind kdebase-kio-plugins kpager khelpcenter kate ksysguard xfonts-konsole konqueror ktip ksysguardd kdebase-data konsole
Architecture: source i386 all
Version: 4:3.3.1-4
Distribution: unstable
Urgency: high
Maintainer: Debian Qt/KDE Maintainers <debian-qt-kde@lists.debian.org>
Changed-By: Debian Qt/KDE Maintainers <debian-qt-kde@lists.debian.org>
Description:
kappfinder - KDE Application Finder
kate - KDE Advanced Text Editor
kcontrol - KDE Control Center
kdebase - KDE Base metapackage
kdebase-bin - KDE Base (binaries)
kdebase-data - KDE Base (shared data)
kdebase-dev - KDE Base (development files)
kdebase-doc - KDE Base Library Documentation
kdebase-kio-plugins - KDE I/O Slaves
kdepasswd - KDE password changer
kdeprint - KDE Print
kdesktop - KDE Desktop
kdm - KDE Display Manager
kfind - KDE File Find Utility
khelpcenter - KDE Help Center
kicker - KDE Desktop Panel
klipper - KDE Clipboard
kmenuedit - KDE Menu Editor
konqueror - KDE's advanced File Manager, Web Browser and Document Viewer
konqueror-nsplugins - Netscape plugin support for Konqueror
konsole - KDE X terminal emulator
kpager - KDE Desktop Pager
kpersonalizer - KDE Personalizer
ksmserver - KDE Session Manager
ksplash - KDE Splash Screen
ksysguard - KDE System Guard
ksysguardd - KDE System Guard Daemon
ktip - Kandalf's Useful Tips
kwin - KDE Window Manager
libkonq4 - Core libraries for KDE's file manager
libkonq4-dev - Core libraries for KDE's file manager (development files)
xfonts-konsole - Fonts used by the KDE Konsole
Closes: 283971 286516 287424
Changes:
kdebase (4:3.3.1-4) unstable; urgency=high
.
+++ Changes by Adeodato Simó:
.
* High urgency upload to fix security vulnerability in sarge.
.
* Include patch to fix CAN-2004-1158, "Konqueror Window Injection
Vulnerability". (Closes: #286516)
.
* Include small patch from Christoffer Sawicki to ignore /sys and /.dev and
not report them as hard disks in Konqueror. (Closes: #287424)
.
* Included Dutch po-debconf translation by Luk Claes. (Closes: #283971)
Files:
04240ad7b0faae267e196225c1b5878e 1477 kde optional kdebase_3.3.1-4.dsc
48d8dc6d6189008f4e022ec944370573 559441 kde optional kdebase_3.3.1-4.diff.gz
9cba0d2854b2b94dcbb03540ff337036 233670 kde optional kappfinder_3.3.1-4_i386.deb
31ea603ef30dc4a843b5106769075b2b 578736 editors optional kate_3.3.1-4_i386.deb
d9353014dbc6acda94b7fecf49013e51 7650946 kde optional kcontrol_3.3.1-4_i386.deb
cfa862361e8beecee55fe7492504446f 951590 kde optional kdebase-bin_3.3.1-4_i386.deb
3e87a3528f69fcdb73003ad30056babc 56072 devel optional kdebase-dev_3.3.1-4_i386.deb
cfd43db4fc58ac7d0c5746433375c92d 695450 kde optional kdebase-kio-plugins_3.3.1-4_i386.deb
7335f27a02fa6964dc38168c34eb15fb 220270 utils optional kdepasswd_3.3.1-4_i386.deb
8c69e33a956213aa2b260b9c47c86329 1062276 utils optional kdeprint_3.3.1-4_i386.deb
32b71067165e9fea5a05ac206729eb34 678784 kde optional kdesktop_3.3.1-4_i386.deb
f88b479553939cd7b648da309b7b3c74 412860 kde optional kdm_3.3.1-4_i386.deb
082e52065f410fbc6e34d6028b3ccb83 176792 utils optional kfind_3.3.1-4_i386.deb
d81813792a0e59f8627bff54163eb8ae 709772 kde optional khelpcenter_3.3.1-4_i386.deb
a2c2f5a824999bc06aedbeaec36f2306 2173328 kde optional kicker_3.3.1-4_i386.deb
807d211c355dbb36b18039f252c6fcb8 201452 kde optional klipper_3.3.1-4_i386.deb
d8c303d84770db8808b6df974899ee15 198870 kde optional kmenuedit_3.3.1-4_i386.deb
f83a68126095e6a0a9a6a73c01238ae0 2229580 web optional konqueror_3.3.1-4_i386.deb
91dea53512d892ee4bd18fc8b77710bb 122110 utils optional konqueror-nsplugins_3.3.1-4_i386.deb
2fafb6b8e16a8635254909419d3eb95c 566638 kde optional konsole_3.3.1-4_i386.deb
6a1816181242159c78d374bf68402a0d 92662 kde optional kpager_3.3.1-4_i386.deb
ae63779165212be1052c080166184694 467596 kde optional kpersonalizer_3.3.1-4_i386.deb
c73a4d988e61380c6f57345ba8d54d90 120364 kde optional ksmserver_3.3.1-4_i386.deb
380c605039b23558583b5c9413bc8389 800918 kde optional ksplash_3.3.1-4_i386.deb
a3ea254baa92ef4b77b473d963781ca2 478606 utils optional ksysguard_3.3.1-4_i386.deb
34f2fdd49827d95c5d15d636d2077234 47930 utils optional ksysguardd_3.3.1-4_i386.deb
eea355ee26da5a5b94b02a0deadc75ae 78354 kde optional ktip_3.3.1-4_i386.deb
98550c2265f4aee41d93de9aa5d0b59f 851786 kde optional kwin_3.3.1-4_i386.deb
5322d403b02ed1fa11128873f3cf87d6 248088 libs optional libkonq4_3.3.1-4_i386.deb
f107ae6f21036d0da2fc3ed65b6a7095 43812 libdevel optional libkonq4-dev_3.3.1-4_i386.deb
4829dfdaa75ef7a00ce8da4d9cac8c8a 19100 kde optional kdebase_3.3.1-4_all.deb
76d75d0fc86748e4b141b2a50569e183 3693770 kde optional kdebase-data_3.3.1-4_all.deb
7c1a076d05774182662f92267dbca9e5 993318 doc optional kdebase-doc_3.3.1-4_all.deb
3ad196028cef8128feb87331fabc5847 34850 x11 optional xfonts-konsole_3.3.1-4_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)
Comment: Signed by Isaac Clerencia <isaac@warp.es>
iD8DBQFB3DytQET2GFTmct4RAtKRAJ4uwT++E421fLeLDAy2XSP5Ro/oBQCaA6fC
yRK15xg+UL8pODILNFIFIpY=
=LGE0
-----END PGP SIGNATURE-----
Reply to: