Accepted firefox-sage 1.3.6-4etch1 (source all)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Tue, 15 Dec 2009 00:07:05 +0000
Source: firefox-sage
Binary: firefox-sage
Architecture: source all
Version: 1.3.6-4etch1
Distribution: oldstable-security
Urgency: high
Maintainer: Alan Woodland <awoodland@debian.org>
Changed-By: Alan Woodland <awoodland@debian.org>
Description:
firefox-sage - lightweight RSS and Atom feed reader for Firefox
Closes: 559267
Changes:
firefox-sage (1.3.6-4etch1) oldstable-security; urgency=high
.
* Fix security bug:
- Backport patch that was used for Lenny/Squeeze.
- Setting urgency=high, this vulnerability allowed remote
exploitation, without any user interaction.
- CVE-2009-4102 Cross Domain Scripting vulnerability.
Don't trust HTML in titles, descriptions. Don't allow
'strange' (i.e. javascript:, data:) URLs in Links.
- Patch included a fix for a regression from CVE-2006-4712
which doesn't apply to Etch.
- Closes: #559267
Files:
d4175001caa8fc685f47452de46aaa03 607 web optional firefox-sage_1.3.6-4etch1.dsc
49c68a517b6611c7352feb6072be9567 135325 web optional firefox-sage_1.3.6.orig.tar.gz
a59b6403405d4c6214b569fdb068049f 13123 web optional firefox-sage_1.3.6-4etch1.diff.gz
57339ba6521e7611e4e27fce4f87df31 150172 web optional firefox-sage_1.3.6-4etch1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFLJt2Y1FNW1LDdr0IRAi3pAJ4lERHEilWb3WOPQkzpHPn3imK+igCgkioP
iMS3C+9lThU3fwlP+wC5e2A=
=V49N
-----END PGP SIGNATURE-----
Accepted:
firefox-sage_1.3.6-4etch1.diff.gz
to main/f/firefox-sage/firefox-sage_1.3.6-4etch1.diff.gz
firefox-sage_1.3.6-4etch1.dsc
to main/f/firefox-sage/firefox-sage_1.3.6-4etch1.dsc
firefox-sage_1.3.6-4etch1_all.deb
to main/f/firefox-sage/firefox-sage_1.3.6-4etch1_all.deb
Reply to: