Accepted firefox-sage 1.4.2-0.1+lenny1 (source all)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Thu, 10 Dec 2009 15:18:10 +0000
Source: firefox-sage
Binary: firefox-sage
Architecture: source all
Version: 1.4.2-0.1+lenny1
Distribution: stable-security
Urgency: high
Maintainer: Alan Woodland <awoodland@debian.org>
Changed-By: Alan Woodland <awoodland@debian.org>
Description:
firefox-sage - lightweight RSS and Atom feed reader for Firefox
Closes: 559267
Changes:
firefox-sage (1.4.2-0.1+lenny1) stable-security; urgency=high
.
* Fix two security bugs:
- Setting urgency=high, this vulnerability allowed remote
exploitation, without any user interaction.
- CVE-2009-4102 Cross Domain Scripting vulnerability.
Don't trust HTML in titles, descriptions. Don't allow
'strange' (i.e. javascript:, data:) URLs in Links.
- CVE-2006-4712 (Regression), some of the old test cases
no longer passed due to problem with htmlToText.
- Closes: #559267
* Targeted review of a number of other potential weak points.
Checksums-Sha1:
3bb07f092d2c948265148befed1c2ea6ac16eef0 1039 firefox-sage_1.4.2-0.1+lenny1.dsc
3eeb56203399a55ae809821ee9e3a6bce5d730d3 169202 firefox-sage_1.4.2.orig.tar.gz
2e8f531dc562e902482b5ef0923cdc8dc43418f3 15552 firefox-sage_1.4.2-0.1+lenny1.diff.gz
81801c82383f884c6f4e189de04baaeb9133fdd1 171308 firefox-sage_1.4.2-0.1+lenny1_all.deb
Checksums-Sha256:
550824c3556b229fa94ef191555a8e0fd9de4508e0b56882c918f37b083bbb2d 1039 firefox-sage_1.4.2-0.1+lenny1.dsc
b1fe75c5251c4e9204118a5d5fc3de7f934b792e10006c1464cb21bdc74dbeeb 169202 firefox-sage_1.4.2.orig.tar.gz
9c4ff2883ab3c29dd0f400643d686096e802460fcff18afde7f31f4a2609f467 15552 firefox-sage_1.4.2-0.1+lenny1.diff.gz
cc930c0954faa81352bee92b94de225a05f870c1903792e3e3254d0a006a7ab2 171308 firefox-sage_1.4.2-0.1+lenny1_all.deb
Files:
f47c953cd90197453e1ce165f13cb701 1039 web optional firefox-sage_1.4.2-0.1+lenny1.dsc
71f4d7379bc6e39640fc20016493f129 169202 web optional firefox-sage_1.4.2.orig.tar.gz
c62acce299739cfe09c5ed671f0d310f 15552 web optional firefox-sage_1.4.2-0.1+lenny1.diff.gz
63a27b648f10e021b18acf9c8d8d24f0 171308 web optional firefox-sage_1.4.2-0.1+lenny1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAksmC8MACgkQ1FNW1LDdr0KvSACgncH8BWbJvUNKQ17ONgstzlDT
8RYAnRiXsSmKFXKBlSTF2hEx8qGcrgNG
=ODyo
-----END PGP SIGNATURE-----
Accepted:
firefox-sage_1.4.2-0.1+lenny1.diff.gz
to main/f/firefox-sage/firefox-sage_1.4.2-0.1+lenny1.diff.gz
firefox-sage_1.4.2-0.1+lenny1.dsc
to main/f/firefox-sage/firefox-sage_1.4.2-0.1+lenny1.dsc
firefox-sage_1.4.2-0.1+lenny1_all.deb
to main/f/firefox-sage/firefox-sage_1.4.2-0.1+lenny1_all.deb
Reply to: