Your message dated Sat, 20 Oct 2007 07:18:07 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#438873: fixed in iceweasel 2.0.0.8-1
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
Package: iceweasel
Version: 2.0.0.6-0etch1
Severity: important
Tags: security
Hi,
CVE-2007-3511[0]:
The focus handling for the onkeydown event in Mozilla
Firefox 1.5.0.12 and 2.0.0.4 allows remote attackers to
change field focus and copy keystrokes via JavaScript, as
demonstrated by changing focus from a textarea to a file
upload field.
There is an example for this vulnerability on:
http://yathong.googlepages.com/FirefoxFocusBug.html
If you fix this bug please include the CVE id in the
changelogs.
Kind regards
Nico
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3511
--
Nico Golde - http://ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
pgpqvts4taOxU.pgp
Description: PGP signature
--- End Message ---
--- Begin Message ---
Source: iceweasel
Source-Version: 2.0.0.8-1
We believe that the bug you reported is fixed in the latest version of
iceweasel, which is due to be installed in the Debian FTP archive:
iceweasel-dbg_2.0.0.8-1_amd64.deb
to pool/main/i/iceweasel/iceweasel-dbg_2.0.0.8-1_amd64.deb
iceweasel-dom-inspector_2.0.0.8-1_all.deb
to pool/main/i/iceweasel/iceweasel-dom-inspector_2.0.0.8-1_all.deb
iceweasel-gnome-support_2.0.0.8-1_amd64.deb
to pool/main/i/iceweasel/iceweasel-gnome-support_2.0.0.8-1_amd64.deb
iceweasel_2.0.0.8-1.diff.gz
to pool/main/i/iceweasel/iceweasel_2.0.0.8-1.diff.gz
iceweasel_2.0.0.8-1.dsc
to pool/main/i/iceweasel/iceweasel_2.0.0.8-1.dsc
iceweasel_2.0.0.8-1_amd64.deb
to pool/main/i/iceweasel/iceweasel_2.0.0.8-1_amd64.deb
iceweasel_2.0.0.8.orig.tar.gz
to pool/main/i/iceweasel/iceweasel_2.0.0.8.orig.tar.gz
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Eric Dorland <[EMAIL PROTECTED]> (supplier of updated iceweasel package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Sat, 20 Oct 2007 02:04:01 -0400
Source: iceweasel
Binary: iceweasel-dbg iceweasel-gnome-support iceweasel-dom-inspector iceweasel
Architecture: source amd64 all
Version: 2.0.0.8-1
Distribution: unstable
Urgency: low
Maintainer: Eric Dorland <[EMAIL PROTECTED]>
Changed-By: Eric Dorland <[EMAIL PROTECTED]>
Description:
iceweasel - lightweight web browser based on Mozilla
iceweasel-dbg - debugging symbols for iceweasel
iceweasel-dom-inspector - tool for inspecting the DOM of pages in Iceweasel
iceweasel-gnome-support - Support for Gnome in Iceweasel
Closes: 438873 445514
Changes:
iceweasel (2.0.0.8-1) unstable; urgency=low
.
* New upstream release.
- Fixes the following security issues: CVE-2007-4841, CVE-2007-5338,
CVE-2007-5337, CVE-2007-5334, CVE-2007-3511, CVE-2006-2894,
CVE-2007-2292, CVE-2007-1095, CVE-2007-5339, CVE-2007-5340.
(Closes: #445514, #438873)
Files:
355d7f2d6a42c36ad141fb4e5e0d0f55 1197 web optional iceweasel_2.0.0.8-1.dsc
9755058931121a7cbefc605313ca4319 43489176 web optional
iceweasel_2.0.0.8.orig.tar.gz
e17c1bd1a3bd6dc3e262d73b498c964f 186083 web optional
iceweasel_2.0.0.8-1.diff.gz
28b9af4658dc9e5d73e71b79cd489ae0 239772 web optional
iceweasel-dom-inspector_2.0.0.8-1_all.deb
7cb455b7970b8f7e0baff207e384465a 9237710 web optional
iceweasel_2.0.0.8-1_amd64.deb
f3f6eab6b2934314afa11278b40aff0e 87476 gnome optional
iceweasel-gnome-support_2.0.0.8-1_amd64.deb
3a12d565faa07afd28594877d5ac5351 48409634 devel extra
iceweasel-dbg_2.0.0.8-1_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFHGaMCYemOzxbZcMYRAouCAKDEM2dmwht8JjhJ4J2NGOzcXRzrMgCgugPG
YXb3IugjWRdCrI/kD8/58Jo=
=p7HA
-----END PGP SIGNATURE-----
--- End Message ---
