Bug#433072: marked as done (URL bar spoofing vulnerability)

To: Debian Qt/KDE Maintainers <debian-qt-kde@lists.debian.org>
Subject: Bug#433072: marked as done (URL bar spoofing vulnerability)
From: owner@bugs.debian.org (Debian Bug Tracking System)
Date: Thu, 30 Aug 2007 10:51:06 +0000
Message-id: <[🔎] handler.433072.D433072.118847100916913.ackdone@bugs.debian.org>
References: <E1IQhYO-0003sS-CE@ries.debian.org> <87k5t32wdj.fsf@mid.deneb.enyo.de>

Your message dated Thu, 30 Aug 2007 10:47:12 +0000
with message-id <E1IQhYO-0003sS-CE@ries.debian.org>
and subject line Bug#433072: fixed in kdebase 4:3.5.7-3
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--- Begin Message ---

To: submit@bugs.debian.org

Subject: URL bar spoofing vulnerability

From: Florian Weimer <fw@deneb.enyo.de>

Date: Sat, 14 Jul 2007 11:00:08 +0200

Message-id: <87k5t32wdj.fsf@mid.deneb.enyo.de>
Package: konqueror
Version: 4:3.5.7-2
Tags: security

A URL bar spoofing vulnerability in Konqueror has been disclosed:

<http://marc.info/?l=full-disclosure&m=118439954426735&w=2>

No CVE name yet.
--- End Message ---

--- Begin Message ---

To: 433072-close@bugs.debian.org
Subject: Bug#433072: fixed in kdebase 4:3.5.7-3
From: Debian Qt/KDE Maintainers <debian-qt-kde@lists.debian.org>
Date: Thu, 30 Aug 2007 10:47:12 +0000
Message-id: <E1IQhYO-0003sS-CE@ries.debian.org>

Source: kdebase
Source-Version: 4:3.5.7-3

We believe that the bug you reported is fixed in the latest version of
kdebase, which is due to be installed in the Debian FTP archive:

kappfinder_3.5.7-3_amd64.deb
  to pool/main/k/kdebase/kappfinder_3.5.7-3_amd64.deb
kate_3.5.7-3_amd64.deb
  to pool/main/k/kdebase/kate_3.5.7-3_amd64.deb
kcontrol_3.5.7-3_amd64.deb
  to pool/main/k/kdebase/kcontrol_3.5.7-3_amd64.deb
kdebase-bin_3.5.7-3_amd64.deb
  to pool/main/k/kdebase/kdebase-bin_3.5.7-3_amd64.deb
kdebase-data_3.5.7-3_all.deb
  to pool/main/k/kdebase/kdebase-data_3.5.7-3_all.deb
kdebase-dbg_3.5.7-3_amd64.deb
  to pool/main/k/kdebase/kdebase-dbg_3.5.7-3_amd64.deb
kdebase-dev_3.5.7-3_amd64.deb
  to pool/main/k/kdebase/kdebase-dev_3.5.7-3_amd64.deb
kdebase-doc-html_3.5.7-3_all.deb
  to pool/main/k/kdebase/kdebase-doc-html_3.5.7-3_all.deb
kdebase-doc_3.5.7-3_all.deb
  to pool/main/k/kdebase/kdebase-doc_3.5.7-3_all.deb
kdebase-kio-plugins_3.5.7-3_amd64.deb
  to pool/main/k/kdebase/kdebase-kio-plugins_3.5.7-3_amd64.deb
kdebase_3.5.7-3.diff.gz
  to pool/main/k/kdebase/kdebase_3.5.7-3.diff.gz
kdebase_3.5.7-3.dsc
  to pool/main/k/kdebase/kdebase_3.5.7-3.dsc
kdebase_3.5.7-3_all.deb
  to pool/main/k/kdebase/kdebase_3.5.7-3_all.deb
kdepasswd_3.5.7-3_amd64.deb
  to pool/main/k/kdebase/kdepasswd_3.5.7-3_amd64.deb
kdeprint_3.5.7-3_amd64.deb
  to pool/main/k/kdebase/kdeprint_3.5.7-3_amd64.deb
kdesktop_3.5.7-3_amd64.deb
  to pool/main/k/kdebase/kdesktop_3.5.7-3_amd64.deb
kdm_3.5.7-3_amd64.deb
  to pool/main/k/kdebase/kdm_3.5.7-3_amd64.deb
kfind_3.5.7-3_amd64.deb
  to pool/main/k/kdebase/kfind_3.5.7-3_amd64.deb
khelpcenter_3.5.7-3_amd64.deb
  to pool/main/k/kdebase/khelpcenter_3.5.7-3_amd64.deb
kicker_3.5.7-3_amd64.deb
  to pool/main/k/kdebase/kicker_3.5.7-3_amd64.deb
klipper_3.5.7-3_amd64.deb
  to pool/main/k/kdebase/klipper_3.5.7-3_amd64.deb
kmenuedit_3.5.7-3_amd64.deb
  to pool/main/k/kdebase/kmenuedit_3.5.7-3_amd64.deb
konqueror-nsplugins_3.5.7-3_amd64.deb
  to pool/main/k/kdebase/konqueror-nsplugins_3.5.7-3_amd64.deb
konqueror_3.5.7-3_amd64.deb
  to pool/main/k/kdebase/konqueror_3.5.7-3_amd64.deb
konsole_3.5.7-3_amd64.deb
  to pool/main/k/kdebase/konsole_3.5.7-3_amd64.deb
kpager_3.5.7-3_amd64.deb
  to pool/main/k/kdebase/kpager_3.5.7-3_amd64.deb
kpersonalizer_3.5.7-3_amd64.deb
  to pool/main/k/kdebase/kpersonalizer_3.5.7-3_amd64.deb
ksmserver_3.5.7-3_amd64.deb
  to pool/main/k/kdebase/ksmserver_3.5.7-3_amd64.deb
ksplash_3.5.7-3_amd64.deb
  to pool/main/k/kdebase/ksplash_3.5.7-3_amd64.deb
ksysguard_3.5.7-3_amd64.deb
  to pool/main/k/kdebase/ksysguard_3.5.7-3_amd64.deb
ksysguardd_3.5.7-3_amd64.deb
  to pool/main/k/kdebase/ksysguardd_3.5.7-3_amd64.deb
ktip_3.5.7-3_amd64.deb
  to pool/main/k/kdebase/ktip_3.5.7-3_amd64.deb
kwin_3.5.7-3_amd64.deb
  to pool/main/k/kdebase/kwin_3.5.7-3_amd64.deb
libkonq4-dev_3.5.7-3_amd64.deb
  to pool/main/k/kdebase/libkonq4-dev_3.5.7-3_amd64.deb
libkonq4_3.5.7-3_amd64.deb
  to pool/main/k/kdebase/libkonq4_3.5.7-3_amd64.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 433072@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Debian Qt/KDE Maintainers <debian-qt-kde@lists.debian.org> (supplier of updated kdebase package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Fri, 27 Jul 2007 16:29:18 +0200
Source: kdebase
Binary: kdesktop kcontrol kpersonalizer kdm kdebase-doc-html kdebase-dbg klipper kappfinder kdebase-doc kdebase kmenuedit kicker libkonq4 konqueror-nsplugins kdebase-bin kdebase-dev ksplash kdeprint libkonq4-dev kwin kdepasswd ksmserver kfind kdebase-kio-plugins kpager khelpcenter kate ksysguard konqueror ktip ksysguardd kdebase-data konsole
Architecture: source amd64 all
Version: 4:3.5.7-3
Distribution: unstable
Urgency: low
Maintainer: Debian Qt/KDE Maintainers <debian-qt-kde@lists.debian.org>
Changed-By: Debian Qt/KDE Maintainers <debian-qt-kde@lists.debian.org>
Description: 
 kappfinder - non-KDE application finder for KDE
 kate       - advanced text editor for KDE
 kcontrol   - control center for KDE
 kdebase    - base components from the official KDE release
 kdebase-bin - core binaries for the KDE base module
 kdebase-data - shared data files for the KDE base module
 kdebase-dbg - debugging symbols for kdebase
 kdebase-dev - development files for the KDE base module
 kdebase-doc - developer documentation for the KDE base module
 kdebase-doc-html - KDE base documentation in HTML format
 kdebase-kio-plugins - core I/O slaves for KDE
 kdepasswd  - password changer for KDE
 kdeprint   - print system for KDE
 kdesktop   - miscellaneous binaries and files for the KDE desktop
 kdm        - X display manager for KDE
 kfind      - file-find utility for KDE
 khelpcenter - help center for KDE
 kicker     - desktop panel for KDE
 klipper    - clipboard utility for KDE
 kmenuedit  - menu editor for KDE
 konqueror  - KDE's advanced file manager, web browser and document viewer
 konqueror-nsplugins - Netscape plugin support for Konqueror
 konsole    - X terminal emulator for KDE
 kpager     - desktop pager for KDE
 kpersonalizer - installation personalizer for KDE
 ksmserver  - session manager for KDE
 ksplash    - the KDE splash screen
 ksysguard  - system guard for KDE
 ksysguardd - system guard daemon for KDE
 ktip       - useful tips for KDE
 kwin       - the KDE window manager
 libkonq4   - core libraries for Konqueror
 libkonq4-dev - development files for Konqueror's core libraries
Closes: 433072 436573
Changes: 
 kdebase (4:3.5.7-3) unstable; urgency=low
 .
   +++ Changes by Ana Beatriz Guerrero Lopez:
 .
   * Update section in Debian menu files.
   * Add patch 50_several-CVE-konqueror.diff to make Konqueror address
     bar more robust against addressbar spoofing. (Closes: #433072)
     Related CVEs: CVE-2007-4224, CVE-2007-4225, CVE-2007-3820.
 .
   +++ Changes by Fathi Boudra:
 .
   * Add xserver-xorg Recommends to kdm. (Closes: #436573)
Files: 
 6ee2ccc1e60614c44b954a744d94070a 1910 kde optional kdebase_3.5.7-3.dsc
 a21a20b16988451bb15d9c371bd7f5c0 1087540 kde optional kdebase_3.5.7-3.diff.gz
 b7e5e7482c99096d592fae0d3a2d3ddb 42226 kde optional kdebase_3.5.7-3_all.deb
 f7c377534dbb495953963fda3e67d377 9798106 kde optional kdebase-data_3.5.7-3_all.deb
 d7b08ccfa07b899f55fc02451276c4bb 2119974 doc optional kdebase-doc_3.5.7-3_all.deb
 119624b33db90bba1bd72d522141a4c9 392842 doc optional kdebase-doc-html_3.5.7-3_all.deb
 7edd02ac13d56d5251abb026c0d189cc 304622 kde optional kappfinder_3.5.7-3_amd64.deb
 683160be0e2a3b38464d6132aec13639 825466 editors optional kate_3.5.7-3_amd64.deb
 6d75a514ff02b1fc4424b180cb70215a 3189982 kde optional kcontrol_3.5.7-3_amd64.deb
 38bbd5df6cebb58894fbc77ee078e983 1381416 kde optional kdebase-bin_3.5.7-3_amd64.deb
 2a6b123107fd8e9edb8965a483318e34 83488 devel optional kdebase-dev_3.5.7-3_amd64.deb
 6843c40e9900552d69a57110262261be 1239076 kde optional kdebase-kio-plugins_3.5.7-3_amd64.deb
 d33a87a874db5872061c71258a6b5382 251130 utils optional kdepasswd_3.5.7-3_amd64.deb
 9da3fa1923748ab26b07de5cbb0ae451 1491142 utils optional kdeprint_3.5.7-3_amd64.deb
 700bb3b879af59974f063eece582809b 811594 kde optional kdesktop_3.5.7-3_amd64.deb
 fcaac569aab3d7f9c847d0589f65376c 678000 kde optional kdm_3.5.7-3_amd64.deb
 76cdf4aa3594694032e040482839bb07 218978 utils optional kfind_3.5.7-3_amd64.deb
 0c7fe087ac70a6450439c06ebe1532ef 2331964 kde optional khelpcenter_3.5.7-3_amd64.deb
 1acbe0aa1bdb161830363d930ff4f2d9 2214024 kde optional kicker_3.5.7-3_amd64.deb
 a64417b9950f997f47d588a72e36b04f 300592 kde optional klipper_3.5.7-3_amd64.deb
 2de2ec4ad5ca6eb82b9bb0c866902a4c 395736 kde optional kmenuedit_3.5.7-3_amd64.deb
 6defe4ce95c070d2fbe80daaf5dd3ad2 2132876 web optional konqueror_3.5.7-3_amd64.deb
 a96f6e3cc9f29077c5a966d812b34b59 161586 utils optional konqueror-nsplugins_3.5.7-3_amd64.deb
 d41a0aae5fabbcd7b1500a880ba4407a 776576 kde optional konsole_3.5.7-3_amd64.deb
 5b4ef248c17a077d15b0f656cf653b8f 124844 kde optional kpager_3.5.7-3_amd64.deb
 f65a4cad0224ca297ec5d591a8db3c5a 499524 kde optional kpersonalizer_3.5.7-3_amd64.deb
 ef2218ad60d87191957f857f6267f5cd 174236 kde optional ksmserver_3.5.7-3_amd64.deb
 fe28dab8b1708e66000f334359dcb613 729438 kde optional ksplash_3.5.7-3_amd64.deb
 36985b581309ddfa66d2fe645b1c18bc 548158 utils optional ksysguard_3.5.7-3_amd64.deb
 70838e4316d429f254ddb5387180ae43 77556 utils optional ksysguardd_3.5.7-3_amd64.deb
 666f79644234bbc51187a277e8c6358f 109424 kde optional ktip_3.5.7-3_amd64.deb
 cee46a139c87368093101187e6198775 1102100 kde optional kwin_3.5.7-3_amd64.deb
 babfd16f1ad7a2f0405579eb61f602aa 294042 libs optional libkonq4_3.5.7-3_amd64.deb
 0af90a823a66315eae2fe7e1fd3cefad 68222 libdevel optional libkonq4-dev_3.5.7-3_amd64.deb
 44f205e5da0dbdc41b668735ce89e7f6 33669598 libdevel extra kdebase-dbg_3.5.7-3_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Signed by Ana Guerrero

iD8DBQFG1pOqn3j4POjENGERArpyAJwKziUXJg6BaWyp82zQB1gZS9owVgCeLovn
MyOEzTPS+4gP6N5jB2lGMcU=
=rlwM
-----END PGP SIGNATURE-----

--- End Message ---

Reply to:

Prev by Date: Bug#436573: marked as done (kdm do not start)
Next by Date: Bug#439515: marked as done (kdelibs4-dev: Missing Replaces on kdelibs4c2a)
Previous by thread: kdelibs_3.5.7.dfsg.1-7_amd64.changes ACCEPTED
Next by thread: Bug#427391: workaround
Index(es):
- Date
- Thread