[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#278002: marked as done (konqueror: shows dialog box from other tab (possible security implications))

Your message dated Tue, 28 Nov 2006 21:50:35 +0100
with message-id <200611282150.43943.debian@pusling.com>
and subject line konqueror: shows dialog box from other tab (possible security
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message --- 
Package: konqueror
Version: 4:3.3.0a-1
Severity: minor
Tags: security

Just confirming that the issue explained here:
http://secunia.com/secunia_research/2004-10/advisory/

exists in Debian package.  Please remove the security tag
if you think this is not really relevant security-wise.

You can check it for yourself at
http://secunia.com/multiple_browsers_dialog_box_spoofing_test/

Be quick with opening the other window in the tab, or the dialog might
appear before the new tab opens.  If this happens, reload the test page
and then open the link in new tab, in less than 8 seconds.

The advisory said that upstream fixed this in 3.3.1.

Regards,
Zoran

-- System Information:
Debian Release: testing/unstable
  APT prefers testing
  APT policy: (800, 'testing'), (600, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)
Kernel: Linux 2.4.26-1-k7
Locale: LANG=C, LC_CTYPE=hr_HR

Versions of packages konqueror depends on:
ii  kcontrol                 4:3.1.3-1       KDE Control Center
ii  kdebase-kio-plugins      4:3.2.2-1       KDE I/O Slaves
ii  kdelibs4                 4:3.3.0-2       KDE core libraries
ii  kdesktop                 4:3.3.0a-1      KDE Desktop
ii  kfind                    4:3.3.0a-1      KDE File Find Utility
ii  libart-2.0-2             2.3.16-1        Library of functions for 2D graphi
ii  libc6                    2.3.2.ds1-16    GNU C Library: Shared libraries an
ii  libfam0c102              2.7.0-5         client library to control the FAM 
ii  libgcc1                  1:3.4.1-4sarge1 GCC support library
ii  libice6                  4.3.0.dfsg.1-4  Inter-Client Exchange library
ii  libidn11                 0.5.2-3         GNU libidn library, implementation
ii  libjpeg62                6b-9            The Independent JPEG Group's JPEG 
ii  libkonq4                 4:3.3.0a-1      Core libraries for KDE's file mana
ii  libpcre3                 4.5-1.1         Perl 5 Compatible Regular Expressi
ii  libpng12-0               1.2.5.0-7       PNG library - runtime
ii  libqt3c102-mt            3:3.3.3-4.1     Qt GUI Library (Threaded runtime v
ii  libsm6                   4.3.0.dfsg.1-4  X Window System Session Management
ii  libstdc++5               1:3.3.4-1       The GNU Standard C++ Library v3
ii  libx11-6                 4.3.0.dfsg.1-4  X Window System protocol client li
ii  libxext6                 4.3.0.dfsg.1-4  X Window System miscellaneous exte
ii  libxrender1              0.8.3-5         X Rendering Extension client libra
ii  xlibs                    4.3.0-2         X Window System client libraries m
ii  zlib1g                   1:1.2.1-3       compression library - runtime

-- debconf information excluded

--- End Message ---
--- Begin Message --- 
Version: 4:3.3.1-1

This is definately closed long ago.

/Sune
-- 
I cannot log from the PCI sendmail, how does it work?

From the preferences inside Netscape 2.9 you never need to save the SIMM of a 
server for receiving from a serial shell to a e-mail.

Attachment: pgpyqNZTcbQnL.pgp
Description: PGP signature


--- End Message ---
Reply to: