Bug#569661: marked as done (CVE-2010-0463: privacy compromise via DNS prefetching in web mail)

Sun, 18 Jul 2010 13:03:22 -0700 

Your message dated Sun, 18 Jul 2010 20:00:27 +0000
with message-id <[email protected]>
and subject line Bug#569661: fixed in imp4 4.2-4lenny2
has caused the Debian Bug report #569661,
regarding CVE-2010-0463: privacy compromise via DNS prefetching in web mail
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
569661: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=569661
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message --- 
Package: imp4
Severity: serious
Tags: security

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for imp4.

CVE-2010-0463[0]:
| Horde IMP 4.3.6 and earlier does not request that the web browser
| avoid DNS prefetching of domain names contained in e-mail messages,
| which makes it easier for remote attackers to determine the network
| location of the webmail user by logging DNS requests.

If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.

For further information see:

[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0463
    http://security-tracker.debian.org/tracker/CVE-2010-0463


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAkt2bKgACgkQNxpp46476aoQvACfR6rJHFEp7Id3/4pbGNGfP0Ou
lwQAoJI330KbB6ZXFf8ukHKUg/5LfL7K
=aOFp
-----END PGP SIGNATURE-----

--- End Message ---
--- Begin Message --- 
Source: imp4
Source-Version: 4.2-4lenny2

We believe that the bug you reported is fixed in the latest version of
imp4, which is due to be installed in the Debian FTP archive:

imp4_4.2-4lenny2.diff.gz
  to main/i/imp4/imp4_4.2-4lenny2.diff.gz
imp4_4.2-4lenny2.dsc
  to main/i/imp4/imp4_4.2-4lenny2.dsc
imp4_4.2-4lenny2_all.deb
  to main/i/imp4/imp4_4.2-4lenny2_all.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Gregory Colpart <[email protected]> (supplier of updated imp4 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160

Format: 1.8
Date: Sat, 10 Jul 2010 15:19:42 +0200
Source: imp4
Binary: imp4
Architecture: source all
Version: 4.2-4lenny2
Distribution: stable
Urgency: low
Maintainer: Horde Maintainers <[email protected]>
Changed-By: Gregory Colpart <[email protected]>
Description: 
 imp4       - webmail component for horde framework
Closes: 569661
Changes: 
 imp4 (4.2-4lenny2) stable; urgency=low
 .
   * Backport patches from Horde CVS (http://bugs.horde.org/ticket/8836) to turn
     off DNS prefetching when displaying untrusted content. See CVE-2010-0463
     for more information. (Closes: #569661)
Checksums-Sha1: 
 49eb1fde99ada44a20a69ea079365713bcac0ba5 1120 imp4_4.2-4lenny2.dsc
 2e04701e884519dd315b30d2f56d375ef8926f7b 16329 imp4_4.2-4lenny2.diff.gz
 5e2da9ccafffb467c43c2f447b9bf6706e11ff7b 4944292 imp4_4.2-4lenny2_all.deb
Checksums-Sha256: 
 0debeccf749b06a9454296b4e043dbd0541e286dce5a7e55fe5c5cd78ebe262c 1120 
imp4_4.2-4lenny2.dsc
 d28f568e31dab0b4b1c37300e58f57259b36bb30fa3d71a9a54c434fbc9d96af 16329 
imp4_4.2-4lenny2.diff.gz
 42c0ed6ae95c767fcb46114e807f6448832f21ea58550b5d14dc4a137600a18a 4944292 
imp4_4.2-4lenny2_all.deb
Files: 
 ac7c82dfbcb08323cecb2f5764918c5f 1120 web optional imp4_4.2-4lenny2.dsc
 7bc97743a557fea51c355135e7375c40 16329 web optional imp4_4.2-4lenny2.diff.gz
 cb34523e4aa7c02f542b2e317811793b 4944292 web optional imp4_4.2-4lenny2_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEAREDAAYFAkxC9+wACgkQMhdcDcECeg6ydwCfamPW73DHfeindQE4jDYYTwIJ
LzcAmwfEMli1QbTPOcI4gYj9fxBpSBKq
=fqRS
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to