On Sun, 15 Nov 2009 10:51:56 +0200 Yavor Doganov wrote: > found 556271 0.4.2-1etch1 > found 556271 0.5.4-2.2 > found 556271 0.5.6-2 > thanks > > Michael Gilbert wrote: > > Package: kazehakase > > Version: 0.5.8-1 > > Severity: serious > > Tags: security > > > [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1084 > > http://security-tracker.debian.org/tracker/CVE-2007-1084 > > Do I understand correctly that the proper fix for this vulnerability > is to disallow adding data:/javascript: URIs with Bookmarks -> Add to > bookmarks menu, preferrably informing the user with a dialog? > > Also, does this warrant uploads to stable and oldstable?
the issue itself is not too severe from a security perspective, so a DSA will not be issued; however, you can (and probably should) fix this via stable-proposed-updates. mike -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
