Bug#305833: marked as done (kommander: untrusted code execution)

Debian Bug Tracking System Mon, 25 Apr 2005 05:54:46 -0700

Your message dated Mon, 25 Apr 2005 08:32:11 -0400
with message-id <[EMAIL PROTECTED]>
and subject line Bug#305833: fixed in kdewebdev 1:3.3.2-5
has caused the attached Bug report to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--------------------------------------
Received: (at submit) by bugs.debian.org; 22 Apr 2005 11:39:45 +0000
>From [EMAIL PROTECTED] Fri Apr 22 04:39:45 2005
Return-path: <[EMAIL PROTECTED]>
Received: from ms-2.rz.rwth-aachen.de (ms-dienst.rz.rwth-aachen.de) 
[134.130.3.131] 
        by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
        id 1DOwVc-0006SD-00; Fri, 22 Apr 2005 04:39:44 -0700
Received: from r220-1 (r220-1.rz.RWTH-Aachen.DE [134.130.3.31])
 by ms-dienst.rz.rwth-aachen.de
 (iPlanet Messaging Server 5.2 Patch 2 (built Jul 14 2004))
 with ESMTP id <[EMAIL PROTECTED]> for
 [EMAIL PROTECTED]; Fri, 22 Apr 2005 13:39:42 +0200 (MEST)
Received: from relay.rwth-aachen.de ([134.130.3.1])
        by r220-1 (MailMonitor for SMTP v1.2.2 ) ; Fri,
 22 Apr 2005 13:39:42 +0200 (MEST)
Received: from mx.mmweg.rwth-aachen.de
 (mx.mmweg.RWTH-Aachen.DE [134.130.118.4])      by relay.rwth-aachen.de
 (8.13.3/8.13.3/1) with SMTP id j3MBdfpD019303  for <[EMAIL PROTECTED]>;
 Fri, 22 Apr 2005 13:39:41 +0200 (MEST)
Received: (qmail 21656 invoked by alias); Fri, 22 Apr 2005 11:39:41 +0000
Received: (qmail 21641 invoked from network); Fri, 22 Apr 2005 11:39:41 +0000
Received: from coyote.mmweg (HELO localhost.localdomain) (134.130.118.117)
 by hub.mmweg with SMTP; Fri, 22 Apr 2005 11:39:41 +0000
Received: from sl by localhost.localdomain with local (Exim 3.36 #1 (Debian))
        id 1DOwVY-0002N3-00; Fri, 22 Apr 2005 13:39:40 +0200
Date: Fri, 22 Apr 2005 13:39:40 +0200
From: Sebastian Ley <[EMAIL PROTECTED]>
Subject: kommander: untrusted code execution
Sender: Sebastian Ley <[EMAIL PROTECTED]>
To: Debian Bug Tracking System <[EMAIL PROTECTED]>
Message-id: <[EMAIL PROTECTED]>
MIME-version: 1.0
X-Mailer: reportbug 3.9
Content-type: text/plain; charset=us-ascii
Content-transfer-encoding: 7BIT
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 
        (1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE 
        autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level: 

Package: kommander
Version: 4:3.4.0-0pre3
Severity: grave
Tags: security, sarge, sid
Justification: user security hole

A security hole has been found in kommander, allowing execution of
possible untrusted locations. Further details can be found in the KDE
security advisory. Affected are KDE versions 3.2 up to 3.4.

http://www.kde.org/info/security/advisory-20050420-1.txt
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0754

-- System Information:
Debian Release: 3.1
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)
Kernel: Linux 2.6.10-1-k7
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)

Versions of packages kommander depends on:
ii  gettext                    0.14.4-1      GNU Internationalization utilities
ii  kdelibs4                   4:3.4.0-0pre4 core libraries for all KDE applica
ii  libc6                      2.3.2.ds1-21  GNU C Library: Shared libraries an
ii  libgcc1                    1:3.4.3-12    GCC support library
ii  libqt3c102-mt              3:3.3.4-3     Qt GUI Library (Threaded runtime v
ii  libstdc++5                 1:3.3.5-12    The GNU Standard C++ Library v3
ii  zlib1g                     1:1.2.2-4     compression library - runtime

-- no debconf information


---------------------------------------
Received: (at 305833-close) by bugs.debian.org; 25 Apr 2005 12:41:29 +0000
>From [EMAIL PROTECTED] Mon Apr 25 05:41:29 2005
Return-path: <[EMAIL PROTECTED]>
Received: from newraff.debian.org [208.185.25.31] (mail)
        by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
        id 1DQ2u1-0007c9-00; Mon, 25 Apr 2005 05:41:29 -0700
Received: from katie by newraff.debian.org with local (Exim 3.35 1 (Debian))
        id 1DQ2l1-0003Yj-00; Mon, 25 Apr 2005 08:32:11 -0400
From: Ben Burton <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
X-Katie: $Revision: 1.55 $
Subject: Bug#305833: fixed in kdewebdev 1:3.3.2-5
Message-Id: <[EMAIL PROTECTED]>
Sender: Archive Administrator <[EMAIL PROTECTED]>
Date: Mon, 25 Apr 2005 08:32:11 -0400
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 
        (1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER 
        autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level: 

Source: kdewebdev
Source-Version: 1:3.3.2-5

We believe that the bug you reported is fixed in the latest version of
kdewebdev, which is due to be installed in the Debian FTP archive:

kdewebdev-doc-html_3.3.2-5_all.deb
  to pool/main/k/kdewebdev/kdewebdev-doc-html_3.3.2-5_all.deb
kdewebdev_3.3.2-5.diff.gz
  to pool/main/k/kdewebdev/kdewebdev_3.3.2-5.diff.gz
kdewebdev_3.3.2-5.dsc
  to pool/main/k/kdewebdev/kdewebdev_3.3.2-5.dsc
kdewebdev_3.3.2-5_all.deb
  to pool/main/k/kdewebdev/kdewebdev_3.3.2-5_all.deb
kfilereplace_3.3.2-5_i386.deb
  to pool/main/k/kdewebdev/kfilereplace_3.3.2-5_i386.deb
kimagemapeditor_3.3.2-5_i386.deb
  to pool/main/k/kdewebdev/kimagemapeditor_3.3.2-5_i386.deb
klinkstatus_3.3.2-5_i386.deb
  to pool/main/k/kdewebdev/klinkstatus_3.3.2-5_i386.deb
kommander-dev_3.3.2-5_i386.deb
  to pool/main/k/kdewebdev/kommander-dev_3.3.2-5_i386.deb
kommander_3.3.2-5_i386.deb
  to pool/main/k/kdewebdev/kommander_3.3.2-5_i386.deb
kxsldbg_3.3.2-5_i386.deb
  to pool/main/k/kdewebdev/kxsldbg_3.3.2-5_i386.deb
quanta-data_3.3.2-5_all.deb
  to pool/main/k/kdewebdev/quanta-data_3.3.2-5_all.deb
quanta_3.3.2-5_i386.deb
  to pool/main/k/kdewebdev/quanta_3.3.2-5_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Ben Burton <[EMAIL PROTECTED]> (supplier of updated kdewebdev package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Mon, 25 Apr 2005 20:50:21 +1000
Source: kdewebdev
Binary: kimagemapeditor quanta-data kommander kdewebdev kdewebdev-doc-html 
kommander-dev quanta klinkstatus kxsldbg kfilereplace
Architecture: source i386 all
Version: 1:3.3.2-5
Distribution: unstable
Urgency: high
Maintainer: Ben Burton <[EMAIL PROTECTED]>
Changed-By: Ben Burton <[EMAIL PROTECTED]>
Description: 
 kdewebdev  - web development apps from the official KDE release
 kdewebdev-doc-html - KDE web development documentation in HTML format
 kfilereplace - batch search-and-replace component for KDE
 kimagemapeditor - HTML image map editor for KDE
 klinkstatus - web link validity checker for KDE
 kommander  - visual dialog builder and executor tool
 kommander-dev - development files for Kommander
 kxsldbg    - graphical XSLT debugger for KDE
 quanta     - web development environment for KDE
 quanta-data - data files for Quanta Plus web development environment
Closes: 305833
Changes: 
 kdewebdev (1:3.3.2-5) unstable; urgency=high
 .
   * Security upload.
   * Fixed untrusted code execution in kommander (closes: #305833).
     See the following URL for further information:
     - http://www.kde.org/info/security/advisory-20050420-1.txt
     References: CAN-2005-0754
Files: 
 87644dc3da1f517edeb69b972ff47196 847 web optional kdewebdev_3.3.2-5.dsc
 46f81fc4d058736b00fa41f73ba0a03a 24912 web optional kdewebdev_3.3.2-5.diff.gz
 965b832fa99236b40d0f1317431b8931 14094 kde optional kdewebdev_3.3.2-5_all.deb
 04fe997a8c530beb3a3c5638d0f46285 89826 doc optional 
kdewebdev-doc-html_3.3.2-5_all.deb
 efe788edded78fd829bd8cfd7ec5d744 924524 web optional 
quanta-data_3.3.2-5_all.deb
 8d644c874289db5da534c99d5043d716 1818054 web optional quanta_3.3.2-5_i386.deb
 419cbe73fc0421aef290d10222fedbf5 184048 kde optional 
kfilereplace_3.3.2-5_i386.deb
 5b3a8423bbe2c3f6fcc5eaeb0afff2d2 325230 web optional 
kimagemapeditor_3.3.2-5_i386.deb
 827ba29d84a8ccca4fbec604503daf71 258146 web optional 
klinkstatus_3.3.2-5_i386.deb
 608f0513f375733e1ecc93611077aead 1482068 kde optional 
kommander_3.3.2-5_i386.deb
 94d8834d26262dd39c6dbc9ab3c145ee 29490 libdevel optional 
kommander-dev_3.3.2-5_i386.deb
 249652b24a36c77a6dd4ffa1f20c0ca8 573146 text optional kxsldbg_3.3.2-5_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)

iD8DBQFCbNmcMQNuxza4YcERAhQYAKCg5p9BnjGVSC/6fQlpaZfsZIHOigCfYwE/
ji4z8c1aov1yKZJpXCnEabU=
=fu6M
-----END PGP SIGNATURE-----


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#305833: marked as done (kommander: untrusted code execution)

Reply via email to