Your message dated Fri, 23 May 2008 01:35:15 +0200
with message-id <[EMAIL PROTECTED]>
and subject line Removal has been requested
has caused the Debian Bug report #477037,
regarding swfdec0.5: CVE-2008-1834 local privilege escalation
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [EMAIL PROTECTED]
immediately.)
--
477037: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=477037
Debian Bug Tracking System
Contact [EMAIL PROTECTED] with problems
--- Begin Message ---
Source: swfdec0.5
Severity: grave
Tags: security patch
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for swfdec0.5.
CVE-2008-1834[0]:
| swfdec_load_object.c in Swfdec before 0.6.4 does not properly restrict
| local file access from untrusted sandboxes, which allows remote
| attackers to read arbitrary files via a crafted Flash file.
Patch:
http://gitweb.freedesktop.org/?p=swfdec/swfdec.git;a=commitdiff;h=326ee4ff631ecc11605f1251e1923a94561a3823
If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1834
http://security-tracker.debian.net/tracker/CVE-2008-1834
--
Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
pgpLd0ZebDlRJ.pgp
Description: PGP signature
--- End Message ---
--- Begin Message ---
All the packages depending on swfdec0.5 have been recompiled against 0.6 and
are now on testing.
swfdec0.5 has never been shipped and is no longer used by any program, it
has now been removed from the archives and thus I'm closing this bug.
Regards...
--
Manty/BestiaTester -> http://manty.net
--- End Message ---