[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#416318: marked as done (kdelibs4c2a: Vulnerable to CVE-2007-1564 - exploitable passive ftp connections)

Your message dated Wed, 18 Apr 2007 14:47:11 +0000
with message-id <E1HeBR9-0000uI-0K@ries.debian.org>
and subject line Bug#416318: fixed in kdelibs 4:3.5.6.r1.dfsg.1-3
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--- Begin Message ---
Package: kdelibs4c2a
Version: 4:3.5.5a.dfsg.1-5
Severity: grave
Tags: security patch
Justification: user security hole

The FTP protocol implementation in Konqueror 3.5.5 allows remote servers
to force the client to connect to other servers, perform a proxied port
scan, or obtain sensitive information by specifying an alternate server
address in a FTP PASV command.


This issue have ben addressed in the -7 upload.


--- End Message ---
--- Begin Message ---
Source: kdelibs
Source-Version: 4:3.5.6.r1.dfsg.1-3

We believe that the bug you reported is fixed in the latest version of
kdelibs, which is due to be installed in the Debian FTP archive:

  to pool/main/k/kdelibs/kdelibs-data_3.5.6.r1.dfsg.1-3_all.deb
  to pool/main/k/kdelibs/kdelibs-dbg_3.5.6.r1.dfsg.1-3_i386.deb
  to pool/main/k/kdelibs/kdelibs4-dev_3.5.6.r1.dfsg.1-3_i386.deb
  to pool/main/k/kdelibs/kdelibs4-doc_3.5.6.r1.dfsg.1-3_all.deb
  to pool/main/k/kdelibs/kdelibs4c2a_3.5.6.r1.dfsg.1-3_i386.deb
  to pool/main/k/kdelibs/kdelibs_3.5.6.r1.dfsg.1-3.diff.gz
  to pool/main/k/kdelibs/kdelibs_3.5.6.r1.dfsg.1-3.dsc
  to pool/main/k/kdelibs/kdelibs_3.5.6.r1.dfsg.1-3_all.deb

A summary of the changes between this version and the previous one is

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 416318@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
Debian Qt/KDE Maintainers <debian-qt-kde@lists.debian.org> (supplier of updated kdelibs package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)

Hash: SHA1

Format: 1.7
Date: Wed, 18 Apr 2007 14:45:54 +0100
Source: kdelibs
Binary: kdelibs4c2a kdelibs kdelibs4-doc kdelibs-dbg kdelibs-data kdelibs4-dev
Architecture: source i386 all
Version: 4:3.5.6.r1.dfsg.1-3
Distribution: unstable
Urgency: low
Maintainer: Debian Qt/KDE Maintainers <debian-qt-kde@lists.debian.org>
Changed-By: Debian Qt/KDE Maintainers <debian-qt-kde@lists.debian.org>
 kdelibs    - core libraries from the official KDE release
 kdelibs-data - core shared data for all KDE applications
 kdelibs-dbg - debugging symbols for kdelibs
 kdelibs4-dev - development files for the KDE core libraries
 kdelibs4-doc - developer documentation for the KDE core libraries
 kdelibs4c2a - core libraries and binaries for all KDE applications
Closes: 407272 416318 417394
 kdelibs (4:3.5.6.r1.dfsg.1-3) unstable; urgency=low
   +++ Changes by Sune Vuorela:
   * Take the patches from branches/etch to fix two security issues
     46_CVE-2007-1564-kdelibs-3.5.6.diff and 47_kdelibs-kjs-utf8-parsing.diff
     Fixes CVE-2007-1564 and CVE-2007-0242. (Closes: #417394, #416318)
   +++ Changes by Ana Beatriz Guerrero Lopez:
   * Add 44_sync_kwallet_changes to make kwallet write changes to disk
     immediately, avoiding losing passwords if kwallet doesn't shutdown
     cleanly. Patch by Josh Metzler. (Closes: #407272)
 528b00cf9f048abd76a9c7375a1d19c7 1670 libs optional kdelibs_3.5.6.r1.dfsg.1-3.dsc
 7f4bae32561677ffeab5bfbc03be6113 460781 libs optional kdelibs_3.5.6.r1.dfsg.1-3.diff.gz
 8499b0bf74b83fb78eff75f496bc1dc4 34338 libs optional kdelibs_3.5.6.r1.dfsg.1-3_all.deb
 1a08ed2d3ea7aa7fe964e98176a5c115 8614672 libs optional kdelibs-data_3.5.6.r1.dfsg.1-3_all.deb
 c6bedb5fe4cdd9645dfd94008f46c482 35080018 doc optional kdelibs4-doc_3.5.6.r1.dfsg.1-3_all.deb
 00b0658f9bcf27795458392cf71fee48 9799872 libs optional kdelibs4c2a_3.5.6.r1.dfsg.1-3_i386.deb
 a2ff4b2952831119f4a3daef31397493 1377828 libdevel optional kdelibs4-dev_3.5.6.r1.dfsg.1-3_i386.deb
 8ba69b6c5b2f73fad2f07288cba93e35 26403282 libdevel extra kdelibs-dbg_3.5.6.r1.dfsg.1-3_i386.deb

Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Signed by Ana Guerrero


--- End Message ---

Reply to: