Bug#286516: marked as done (kdebase: CAN-2004-1158: Konqueror Window Injection Vulnerability)

To: Debian Qt/KDE Maintainers <debian-qt-kde@lists.debian.org>
Subject: Bug#286516: marked as done (kdebase: CAN-2004-1158: Konqueror Window Injection Vulnerability)
From: owner@bugs.debian.org (Debian Bug Tracking System)
Date: Wed, 05 Jan 2005 12:48:41 -0800
Message-id: <[🔎] handler.286516.D286516.110495751216556.ackdone@bugs.debian.org>
In-reply-to: <E1CmHpp-0008QC-00@newraff.debian.org>
References: <E1CmHpp-0008QC-00@newraff.debian.org> <20041220171428.GA5354@chistera.yi.org>
Your message dated Wed, 05 Jan 2005 15:32:49 -0500
with message-id <E1CmHpp-0008QC-00@newraff.debian.org>
and subject line Bug#286516: fixed in kdebase 4:3.3.1-4
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--------------------------------------
Received: (at submit) by bugs.debian.org; 20 Dec 2004 17:14:30 +0000
>From asp16@alu.ua.es Mon Dec 20 09:14:30 2004
Return-path: <asp16@alu.ua.es>
Received: from 84-120-66-96.onocable.ono.com (chistera.yi.org) [84.120.66.96] 
	by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
	id 1CgR77-0006Xp-00; Mon, 20 Dec 2004 09:14:30 -0800
Received: from userid 1000 by chistera.yi.org with local (Exim 4.34) 
	  id 1CgR76-0001fD-HK
	  for submit@bugs.debian.org; Mon, 20 Dec 2004 18:14:28 +0100
Date: Mon, 20 Dec 2004 18:14:28 +0100
From: Adeodato =?iso-8859-1?Q?Sim=F3?= <asp16@alu.ua.es>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: kdebase: CAN-2004-1158: Konqueror Window Injection Vulnerability
Message-ID: <20041220171428.GA5354@chistera.yi.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
X-No-CC: Please respect my Mail-Followup-To header
User-Agent: Mutt/1.5.6+20040907i
Delivered-To: submit@bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2004_03_25 
	(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-6.8 required=4.0 tests=BAYES_00,FROM_ENDS_IN_NUMS,
	HAS_PACKAGE autolearn=no version=2.60-bugs.debian.org_2004_03_25
X-Spam-Level: 

Package: kdebase
Severity: grave
Tags: security

  the fix for CAN-2004-1158 (see the KDE Security Advisory [1]) is
  compound of two patches: one for kdelibs and another for kdebase.

  unlike kdelibs, which has the patch included as of kdelibs=4:3.3.1-3,
  this issue has not been fixed for kdebase and an upload is pending.

    [1] http://www.kde.org/info/security/advisory-20041213-1.txt

  I'm submitting this bug as a separate report from #286510 to properly
  track what's fixed in sid and what not.

-- 
Adeodato Simó
    EM: asp16 [ykwim] alu.ua.es | PK: DA6AE621
 
If you think nobody cares if you're alive, try missing a couple of car
payments.
                -- Earl Wilson


---------------------------------------
Received: (at 286516-close) by bugs.debian.org; 5 Jan 2005 20:38:32 +0000
>From katie@ftp-master.debian.org Wed Jan 05 12:38:32 2005
Return-path: <katie@ftp-master.debian.org>
Received: from newraff.debian.org [208.185.25.31] (mail)
	by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
	id 1CmHvM-0004Ik-00; Wed, 05 Jan 2005 12:38:32 -0800
Received: from katie by newraff.debian.org with local (Exim 3.35 1 (Debian))
	id 1CmHpp-0008QC-00; Wed, 05 Jan 2005 15:32:49 -0500
From: Debian Qt/KDE Maintainers <debian-qt-kde@lists.debian.org>
To: 286516-close@bugs.debian.org
X-Katie: $Revision: 1.54 $
Subject: Bug#286516: fixed in kdebase 4:3.3.1-4
Message-Id: <E1CmHpp-0008QC-00@newraff.debian.org>
Sender: Archive Administrator <katie@ftp-master.debian.org>
Date: Wed, 05 Jan 2005 15:32:49 -0500
Delivered-To: 286516-close@bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 
	(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER 
	autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level: 

Source: kdebase
Source-Version: 4:3.3.1-4

We believe that the bug you reported is fixed in the latest version of
kdebase, which is due to be installed in the Debian FTP archive:

kappfinder_3.3.1-4_i386.deb
  to pool/main/k/kdebase/kappfinder_3.3.1-4_i386.deb
kate_3.3.1-4_i386.deb
  to pool/main/k/kdebase/kate_3.3.1-4_i386.deb
kcontrol_3.3.1-4_i386.deb
  to pool/main/k/kdebase/kcontrol_3.3.1-4_i386.deb
kdebase-bin_3.3.1-4_i386.deb
  to pool/main/k/kdebase/kdebase-bin_3.3.1-4_i386.deb
kdebase-data_3.3.1-4_all.deb
  to pool/main/k/kdebase/kdebase-data_3.3.1-4_all.deb
kdebase-dev_3.3.1-4_i386.deb
  to pool/main/k/kdebase/kdebase-dev_3.3.1-4_i386.deb
kdebase-doc_3.3.1-4_all.deb
  to pool/main/k/kdebase/kdebase-doc_3.3.1-4_all.deb
kdebase-kio-plugins_3.3.1-4_i386.deb
  to pool/main/k/kdebase/kdebase-kio-plugins_3.3.1-4_i386.deb
kdebase_3.3.1-4.diff.gz
  to pool/main/k/kdebase/kdebase_3.3.1-4.diff.gz
kdebase_3.3.1-4.dsc
  to pool/main/k/kdebase/kdebase_3.3.1-4.dsc
kdebase_3.3.1-4_all.deb
  to pool/main/k/kdebase/kdebase_3.3.1-4_all.deb
kdepasswd_3.3.1-4_i386.deb
  to pool/main/k/kdebase/kdepasswd_3.3.1-4_i386.deb
kdeprint_3.3.1-4_i386.deb
  to pool/main/k/kdebase/kdeprint_3.3.1-4_i386.deb
kdesktop_3.3.1-4_i386.deb
  to pool/main/k/kdebase/kdesktop_3.3.1-4_i386.deb
kdm_3.3.1-4_i386.deb
  to pool/main/k/kdebase/kdm_3.3.1-4_i386.deb
kfind_3.3.1-4_i386.deb
  to pool/main/k/kdebase/kfind_3.3.1-4_i386.deb
khelpcenter_3.3.1-4_i386.deb
  to pool/main/k/kdebase/khelpcenter_3.3.1-4_i386.deb
kicker_3.3.1-4_i386.deb
  to pool/main/k/kdebase/kicker_3.3.1-4_i386.deb
klipper_3.3.1-4_i386.deb
  to pool/main/k/kdebase/klipper_3.3.1-4_i386.deb
kmenuedit_3.3.1-4_i386.deb
  to pool/main/k/kdebase/kmenuedit_3.3.1-4_i386.deb
konqueror-nsplugins_3.3.1-4_i386.deb
  to pool/main/k/kdebase/konqueror-nsplugins_3.3.1-4_i386.deb
konqueror_3.3.1-4_i386.deb
  to pool/main/k/kdebase/konqueror_3.3.1-4_i386.deb
konsole_3.3.1-4_i386.deb
  to pool/main/k/kdebase/konsole_3.3.1-4_i386.deb
kpager_3.3.1-4_i386.deb
  to pool/main/k/kdebase/kpager_3.3.1-4_i386.deb
kpersonalizer_3.3.1-4_i386.deb
  to pool/main/k/kdebase/kpersonalizer_3.3.1-4_i386.deb
ksmserver_3.3.1-4_i386.deb
  to pool/main/k/kdebase/ksmserver_3.3.1-4_i386.deb
ksplash_3.3.1-4_i386.deb
  to pool/main/k/kdebase/ksplash_3.3.1-4_i386.deb
ksysguard_3.3.1-4_i386.deb
  to pool/main/k/kdebase/ksysguard_3.3.1-4_i386.deb
ksysguardd_3.3.1-4_i386.deb
  to pool/main/k/kdebase/ksysguardd_3.3.1-4_i386.deb
ktip_3.3.1-4_i386.deb
  to pool/main/k/kdebase/ktip_3.3.1-4_i386.deb
kwin_3.3.1-4_i386.deb
  to pool/main/k/kdebase/kwin_3.3.1-4_i386.deb
libkonq4-dev_3.3.1-4_i386.deb
  to pool/main/k/kdebase/libkonq4-dev_3.3.1-4_i386.deb
libkonq4_3.3.1-4_i386.deb
  to pool/main/k/kdebase/libkonq4_3.3.1-4_i386.deb
xfonts-konsole_3.3.1-4_all.deb
  to pool/main/k/kdebase/xfonts-konsole_3.3.1-4_all.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 286516@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Debian Qt/KDE Maintainers <debian-qt-kde@lists.debian.org> (supplier of updated kdebase package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Wed,  5 Jan 2005 17:11:03 +0100
Source: kdebase
Binary: kdesktop kcontrol kpersonalizer kdm klipper kappfinder kdebase-doc kdebase kmenuedit kicker libkonq4 konqueror-nsplugins kdebase-bin kdebase-dev ksplash kdeprint libkonq4-dev kwin kdepasswd ksmserver kfind kdebase-kio-plugins kpager khelpcenter kate ksysguard xfonts-konsole konqueror ktip ksysguardd kdebase-data konsole
Architecture: source i386 all
Version: 4:3.3.1-4
Distribution: unstable
Urgency: high
Maintainer: Debian Qt/KDE Maintainers <debian-qt-kde@lists.debian.org>
Changed-By: Debian Qt/KDE Maintainers <debian-qt-kde@lists.debian.org>
Description: 
 kappfinder - KDE Application Finder
 kate       - KDE Advanced Text Editor
 kcontrol   - KDE Control Center
 kdebase    - KDE Base metapackage
 kdebase-bin - KDE Base (binaries)
 kdebase-data - KDE Base (shared data)
 kdebase-dev - KDE Base (development files)
 kdebase-doc - KDE Base Library Documentation
 kdebase-kio-plugins - KDE I/O Slaves
 kdepasswd  - KDE password changer
 kdeprint   - KDE Print
 kdesktop   - KDE Desktop
 kdm        - KDE Display Manager
 kfind      - KDE File Find Utility
 khelpcenter - KDE Help Center
 kicker     - KDE Desktop Panel
 klipper    - KDE Clipboard
 kmenuedit  - KDE Menu Editor
 konqueror  - KDE's advanced File Manager, Web Browser and Document Viewer
 konqueror-nsplugins - Netscape plugin support for Konqueror
 konsole    - KDE X terminal emulator
 kpager     - KDE Desktop Pager
 kpersonalizer - KDE Personalizer
 ksmserver  - KDE Session Manager
 ksplash    - KDE Splash Screen
 ksysguard  - KDE System Guard
 ksysguardd - KDE System Guard Daemon
 ktip       - Kandalf's Useful Tips
 kwin       - KDE Window Manager
 libkonq4   - Core libraries for KDE's file manager
 libkonq4-dev - Core libraries for KDE's file manager (development files)
 xfonts-konsole - Fonts used by the KDE Konsole
Closes: 283971 286516 287424
Changes: 
 kdebase (4:3.3.1-4) unstable; urgency=high
 .
   +++ Changes by Adeodato SimÃ³:
 .
   * High urgency upload to fix security vulnerability in sarge.
 .
   * Include patch to fix CAN-2004-1158, "Konqueror Window Injection
     Vulnerability". (Closes: #286516)
 .
   * Include small patch from Christoffer Sawicki to ignore /sys and /.dev and
     not report them as hard disks in Konqueror. (Closes: #287424)
 .
   * Included Dutch po-debconf translation by Luk Claes. (Closes: #283971)
Files: 
 04240ad7b0faae267e196225c1b5878e 1477 kde optional kdebase_3.3.1-4.dsc
 48d8dc6d6189008f4e022ec944370573 559441 kde optional kdebase_3.3.1-4.diff.gz
 9cba0d2854b2b94dcbb03540ff337036 233670 kde optional kappfinder_3.3.1-4_i386.deb
 31ea603ef30dc4a843b5106769075b2b 578736 editors optional kate_3.3.1-4_i386.deb
 d9353014dbc6acda94b7fecf49013e51 7650946 kde optional kcontrol_3.3.1-4_i386.deb
 cfa862361e8beecee55fe7492504446f 951590 kde optional kdebase-bin_3.3.1-4_i386.deb
 3e87a3528f69fcdb73003ad30056babc 56072 devel optional kdebase-dev_3.3.1-4_i386.deb
 cfd43db4fc58ac7d0c5746433375c92d 695450 kde optional kdebase-kio-plugins_3.3.1-4_i386.deb
 7335f27a02fa6964dc38168c34eb15fb 220270 utils optional kdepasswd_3.3.1-4_i386.deb
 8c69e33a956213aa2b260b9c47c86329 1062276 utils optional kdeprint_3.3.1-4_i386.deb
 32b71067165e9fea5a05ac206729eb34 678784 kde optional kdesktop_3.3.1-4_i386.deb
 f88b479553939cd7b648da309b7b3c74 412860 kde optional kdm_3.3.1-4_i386.deb
 082e52065f410fbc6e34d6028b3ccb83 176792 utils optional kfind_3.3.1-4_i386.deb
 d81813792a0e59f8627bff54163eb8ae 709772 kde optional khelpcenter_3.3.1-4_i386.deb
 a2c2f5a824999bc06aedbeaec36f2306 2173328 kde optional kicker_3.3.1-4_i386.deb
 807d211c355dbb36b18039f252c6fcb8 201452 kde optional klipper_3.3.1-4_i386.deb
 d8c303d84770db8808b6df974899ee15 198870 kde optional kmenuedit_3.3.1-4_i386.deb
 f83a68126095e6a0a9a6a73c01238ae0 2229580 web optional konqueror_3.3.1-4_i386.deb
 91dea53512d892ee4bd18fc8b77710bb 122110 utils optional konqueror-nsplugins_3.3.1-4_i386.deb
 2fafb6b8e16a8635254909419d3eb95c 566638 kde optional konsole_3.3.1-4_i386.deb
 6a1816181242159c78d374bf68402a0d 92662 kde optional kpager_3.3.1-4_i386.deb
 ae63779165212be1052c080166184694 467596 kde optional kpersonalizer_3.3.1-4_i386.deb
 c73a4d988e61380c6f57345ba8d54d90 120364 kde optional ksmserver_3.3.1-4_i386.deb
 380c605039b23558583b5c9413bc8389 800918 kde optional ksplash_3.3.1-4_i386.deb
 a3ea254baa92ef4b77b473d963781ca2 478606 utils optional ksysguard_3.3.1-4_i386.deb
 34f2fdd49827d95c5d15d636d2077234 47930 utils optional ksysguardd_3.3.1-4_i386.deb
 eea355ee26da5a5b94b02a0deadc75ae 78354 kde optional ktip_3.3.1-4_i386.deb
 98550c2265f4aee41d93de9aa5d0b59f 851786 kde optional kwin_3.3.1-4_i386.deb
 5322d403b02ed1fa11128873f3cf87d6 248088 libs optional libkonq4_3.3.1-4_i386.deb
 f107ae6f21036d0da2fc3ed65b6a7095 43812 libdevel optional libkonq4-dev_3.3.1-4_i386.deb
 4829dfdaa75ef7a00ce8da4d9cac8c8a 19100 kde optional kdebase_3.3.1-4_all.deb
 76d75d0fc86748e4b141b2a50569e183 3693770 kde optional kdebase-data_3.3.1-4_all.deb
 7c1a076d05774182662f92267dbca9e5 993318 doc optional kdebase-doc_3.3.1-4_all.deb
 3ad196028cef8128feb87331fabc5847 34850 x11 optional xfonts-konsole_3.3.1-4_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)
Comment: Signed by Isaac Clerencia <isaac@warp.es>

iD8DBQFB3DytQET2GFTmct4RAtKRAJ4uwT++E421fLeLDAy2XSP5Ro/oBQCaA6fC
yRK15xg+UL8pODILNFIFIpY=
=LGE0
-----END PGP SIGNATURE-----
Reply to:
Prev by Date: Processing of kdebase_3.3.1-4_i386.changes
Next by Date: Bug#283971: marked as done ([INTL:nl] new dutch po-debconf translation)
Previous by thread: Processing of kdebase_3.3.1-4_i386.changes
Next by thread: Bug#283971: marked as done ([INTL:nl] new dutch po-debconf translation)
Index(es):
- Date
- Thread