Bug#433072: marked as done (URL bar spoofing vulnerability)
Your message dated Thu, 30 Aug 2007 10:47:12 +0000
with message-id <E1IQhYO-0003sS-CE@ries.debian.org>
and subject line Bug#433072: fixed in kdebase 4:3.5.7-3
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
- To: submit@bugs.debian.org
- Subject: URL bar spoofing vulnerability
- From: Florian Weimer <fw@deneb.enyo.de>
- Date: Sat, 14 Jul 2007 11:00:08 +0200
- Message-id: <87k5t32wdj.fsf@mid.deneb.enyo.de>
Package: konqueror
Version: 4:3.5.7-2
Tags: security
A URL bar spoofing vulnerability in Konqueror has been disclosed:
<http://marc.info/?l=full-disclosure&m=118439954426735&w=2>
No CVE name yet.
--- End Message ---
--- Begin Message ---
Source: kdebase
Source-Version: 4:3.5.7-3
We believe that the bug you reported is fixed in the latest version of
kdebase, which is due to be installed in the Debian FTP archive:
kappfinder_3.5.7-3_amd64.deb
to pool/main/k/kdebase/kappfinder_3.5.7-3_amd64.deb
kate_3.5.7-3_amd64.deb
to pool/main/k/kdebase/kate_3.5.7-3_amd64.deb
kcontrol_3.5.7-3_amd64.deb
to pool/main/k/kdebase/kcontrol_3.5.7-3_amd64.deb
kdebase-bin_3.5.7-3_amd64.deb
to pool/main/k/kdebase/kdebase-bin_3.5.7-3_amd64.deb
kdebase-data_3.5.7-3_all.deb
to pool/main/k/kdebase/kdebase-data_3.5.7-3_all.deb
kdebase-dbg_3.5.7-3_amd64.deb
to pool/main/k/kdebase/kdebase-dbg_3.5.7-3_amd64.deb
kdebase-dev_3.5.7-3_amd64.deb
to pool/main/k/kdebase/kdebase-dev_3.5.7-3_amd64.deb
kdebase-doc-html_3.5.7-3_all.deb
to pool/main/k/kdebase/kdebase-doc-html_3.5.7-3_all.deb
kdebase-doc_3.5.7-3_all.deb
to pool/main/k/kdebase/kdebase-doc_3.5.7-3_all.deb
kdebase-kio-plugins_3.5.7-3_amd64.deb
to pool/main/k/kdebase/kdebase-kio-plugins_3.5.7-3_amd64.deb
kdebase_3.5.7-3.diff.gz
to pool/main/k/kdebase/kdebase_3.5.7-3.diff.gz
kdebase_3.5.7-3.dsc
to pool/main/k/kdebase/kdebase_3.5.7-3.dsc
kdebase_3.5.7-3_all.deb
to pool/main/k/kdebase/kdebase_3.5.7-3_all.deb
kdepasswd_3.5.7-3_amd64.deb
to pool/main/k/kdebase/kdepasswd_3.5.7-3_amd64.deb
kdeprint_3.5.7-3_amd64.deb
to pool/main/k/kdebase/kdeprint_3.5.7-3_amd64.deb
kdesktop_3.5.7-3_amd64.deb
to pool/main/k/kdebase/kdesktop_3.5.7-3_amd64.deb
kdm_3.5.7-3_amd64.deb
to pool/main/k/kdebase/kdm_3.5.7-3_amd64.deb
kfind_3.5.7-3_amd64.deb
to pool/main/k/kdebase/kfind_3.5.7-3_amd64.deb
khelpcenter_3.5.7-3_amd64.deb
to pool/main/k/kdebase/khelpcenter_3.5.7-3_amd64.deb
kicker_3.5.7-3_amd64.deb
to pool/main/k/kdebase/kicker_3.5.7-3_amd64.deb
klipper_3.5.7-3_amd64.deb
to pool/main/k/kdebase/klipper_3.5.7-3_amd64.deb
kmenuedit_3.5.7-3_amd64.deb
to pool/main/k/kdebase/kmenuedit_3.5.7-3_amd64.deb
konqueror-nsplugins_3.5.7-3_amd64.deb
to pool/main/k/kdebase/konqueror-nsplugins_3.5.7-3_amd64.deb
konqueror_3.5.7-3_amd64.deb
to pool/main/k/kdebase/konqueror_3.5.7-3_amd64.deb
konsole_3.5.7-3_amd64.deb
to pool/main/k/kdebase/konsole_3.5.7-3_amd64.deb
kpager_3.5.7-3_amd64.deb
to pool/main/k/kdebase/kpager_3.5.7-3_amd64.deb
kpersonalizer_3.5.7-3_amd64.deb
to pool/main/k/kdebase/kpersonalizer_3.5.7-3_amd64.deb
ksmserver_3.5.7-3_amd64.deb
to pool/main/k/kdebase/ksmserver_3.5.7-3_amd64.deb
ksplash_3.5.7-3_amd64.deb
to pool/main/k/kdebase/ksplash_3.5.7-3_amd64.deb
ksysguard_3.5.7-3_amd64.deb
to pool/main/k/kdebase/ksysguard_3.5.7-3_amd64.deb
ksysguardd_3.5.7-3_amd64.deb
to pool/main/k/kdebase/ksysguardd_3.5.7-3_amd64.deb
ktip_3.5.7-3_amd64.deb
to pool/main/k/kdebase/ktip_3.5.7-3_amd64.deb
kwin_3.5.7-3_amd64.deb
to pool/main/k/kdebase/kwin_3.5.7-3_amd64.deb
libkonq4-dev_3.5.7-3_amd64.deb
to pool/main/k/kdebase/libkonq4-dev_3.5.7-3_amd64.deb
libkonq4_3.5.7-3_amd64.deb
to pool/main/k/kdebase/libkonq4_3.5.7-3_amd64.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 433072@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Debian Qt/KDE Maintainers <debian-qt-kde@lists.debian.org> (supplier of updated kdebase package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Fri, 27 Jul 2007 16:29:18 +0200
Source: kdebase
Binary: kdesktop kcontrol kpersonalizer kdm kdebase-doc-html kdebase-dbg klipper kappfinder kdebase-doc kdebase kmenuedit kicker libkonq4 konqueror-nsplugins kdebase-bin kdebase-dev ksplash kdeprint libkonq4-dev kwin kdepasswd ksmserver kfind kdebase-kio-plugins kpager khelpcenter kate ksysguard konqueror ktip ksysguardd kdebase-data konsole
Architecture: source amd64 all
Version: 4:3.5.7-3
Distribution: unstable
Urgency: low
Maintainer: Debian Qt/KDE Maintainers <debian-qt-kde@lists.debian.org>
Changed-By: Debian Qt/KDE Maintainers <debian-qt-kde@lists.debian.org>
Description:
kappfinder - non-KDE application finder for KDE
kate - advanced text editor for KDE
kcontrol - control center for KDE
kdebase - base components from the official KDE release
kdebase-bin - core binaries for the KDE base module
kdebase-data - shared data files for the KDE base module
kdebase-dbg - debugging symbols for kdebase
kdebase-dev - development files for the KDE base module
kdebase-doc - developer documentation for the KDE base module
kdebase-doc-html - KDE base documentation in HTML format
kdebase-kio-plugins - core I/O slaves for KDE
kdepasswd - password changer for KDE
kdeprint - print system for KDE
kdesktop - miscellaneous binaries and files for the KDE desktop
kdm - X display manager for KDE
kfind - file-find utility for KDE
khelpcenter - help center for KDE
kicker - desktop panel for KDE
klipper - clipboard utility for KDE
kmenuedit - menu editor for KDE
konqueror - KDE's advanced file manager, web browser and document viewer
konqueror-nsplugins - Netscape plugin support for Konqueror
konsole - X terminal emulator for KDE
kpager - desktop pager for KDE
kpersonalizer - installation personalizer for KDE
ksmserver - session manager for KDE
ksplash - the KDE splash screen
ksysguard - system guard for KDE
ksysguardd - system guard daemon for KDE
ktip - useful tips for KDE
kwin - the KDE window manager
libkonq4 - core libraries for Konqueror
libkonq4-dev - development files for Konqueror's core libraries
Closes: 433072 436573
Changes:
kdebase (4:3.5.7-3) unstable; urgency=low
.
+++ Changes by Ana Beatriz Guerrero Lopez:
.
* Update section in Debian menu files.
* Add patch 50_several-CVE-konqueror.diff to make Konqueror address
bar more robust against addressbar spoofing. (Closes: #433072)
Related CVEs: CVE-2007-4224, CVE-2007-4225, CVE-2007-3820.
.
+++ Changes by Fathi Boudra:
.
* Add xserver-xorg Recommends to kdm. (Closes: #436573)
Files:
6ee2ccc1e60614c44b954a744d94070a 1910 kde optional kdebase_3.5.7-3.dsc
a21a20b16988451bb15d9c371bd7f5c0 1087540 kde optional kdebase_3.5.7-3.diff.gz
b7e5e7482c99096d592fae0d3a2d3ddb 42226 kde optional kdebase_3.5.7-3_all.deb
f7c377534dbb495953963fda3e67d377 9798106 kde optional kdebase-data_3.5.7-3_all.deb
d7b08ccfa07b899f55fc02451276c4bb 2119974 doc optional kdebase-doc_3.5.7-3_all.deb
119624b33db90bba1bd72d522141a4c9 392842 doc optional kdebase-doc-html_3.5.7-3_all.deb
7edd02ac13d56d5251abb026c0d189cc 304622 kde optional kappfinder_3.5.7-3_amd64.deb
683160be0e2a3b38464d6132aec13639 825466 editors optional kate_3.5.7-3_amd64.deb
6d75a514ff02b1fc4424b180cb70215a 3189982 kde optional kcontrol_3.5.7-3_amd64.deb
38bbd5df6cebb58894fbc77ee078e983 1381416 kde optional kdebase-bin_3.5.7-3_amd64.deb
2a6b123107fd8e9edb8965a483318e34 83488 devel optional kdebase-dev_3.5.7-3_amd64.deb
6843c40e9900552d69a57110262261be 1239076 kde optional kdebase-kio-plugins_3.5.7-3_amd64.deb
d33a87a874db5872061c71258a6b5382 251130 utils optional kdepasswd_3.5.7-3_amd64.deb
9da3fa1923748ab26b07de5cbb0ae451 1491142 utils optional kdeprint_3.5.7-3_amd64.deb
700bb3b879af59974f063eece582809b 811594 kde optional kdesktop_3.5.7-3_amd64.deb
fcaac569aab3d7f9c847d0589f65376c 678000 kde optional kdm_3.5.7-3_amd64.deb
76cdf4aa3594694032e040482839bb07 218978 utils optional kfind_3.5.7-3_amd64.deb
0c7fe087ac70a6450439c06ebe1532ef 2331964 kde optional khelpcenter_3.5.7-3_amd64.deb
1acbe0aa1bdb161830363d930ff4f2d9 2214024 kde optional kicker_3.5.7-3_amd64.deb
a64417b9950f997f47d588a72e36b04f 300592 kde optional klipper_3.5.7-3_amd64.deb
2de2ec4ad5ca6eb82b9bb0c866902a4c 395736 kde optional kmenuedit_3.5.7-3_amd64.deb
6defe4ce95c070d2fbe80daaf5dd3ad2 2132876 web optional konqueror_3.5.7-3_amd64.deb
a96f6e3cc9f29077c5a966d812b34b59 161586 utils optional konqueror-nsplugins_3.5.7-3_amd64.deb
d41a0aae5fabbcd7b1500a880ba4407a 776576 kde optional konsole_3.5.7-3_amd64.deb
5b4ef248c17a077d15b0f656cf653b8f 124844 kde optional kpager_3.5.7-3_amd64.deb
f65a4cad0224ca297ec5d591a8db3c5a 499524 kde optional kpersonalizer_3.5.7-3_amd64.deb
ef2218ad60d87191957f857f6267f5cd 174236 kde optional ksmserver_3.5.7-3_amd64.deb
fe28dab8b1708e66000f334359dcb613 729438 kde optional ksplash_3.5.7-3_amd64.deb
36985b581309ddfa66d2fe645b1c18bc 548158 utils optional ksysguard_3.5.7-3_amd64.deb
70838e4316d429f254ddb5387180ae43 77556 utils optional ksysguardd_3.5.7-3_amd64.deb
666f79644234bbc51187a277e8c6358f 109424 kde optional ktip_3.5.7-3_amd64.deb
cee46a139c87368093101187e6198775 1102100 kde optional kwin_3.5.7-3_amd64.deb
babfd16f1ad7a2f0405579eb61f602aa 294042 libs optional libkonq4_3.5.7-3_amd64.deb
0af90a823a66315eae2fe7e1fd3cefad 68222 libdevel optional libkonq4-dev_3.5.7-3_amd64.deb
44f205e5da0dbdc41b668735ce89e7f6 33669598 libdevel extra kdebase-dbg_3.5.7-3_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Signed by Ana Guerrero
iD8DBQFG1pOqn3j4POjENGERArpyAJwKziUXJg6BaWyp82zQB1gZS9owVgCeLovn
MyOEzTPS+4gP6N5jB2lGMcU=
=rlwM
-----END PGP SIGNATURE-----
--- End Message ---
Reply to: