Your message dated Tue, 25 Oct 2011 09:17:18 +0000
with message-id <e1rid8i-0006jf...@franck.debian.org>
and subject line Bug#646524: Removed package(s) from unstable
has caused the Debian Bug report #582146,
regarding /usr/lib/jvm/java-6-sun-1.6.0.20/jre/lib/i386/libnpjp2.so: browser
plugin reporting of system fonts is a privacy leak
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
582146: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=582146
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: sun-java6-bin
Version: 6.20-dlj-1
Severity: grave
File: /usr/lib/jvm/java-6-sun-1.6.0.20/jre/lib/i386/libnpjp2.so
Tags: security
Justification: user security hole
Reporting of system fonts by browser plugins may lead to total loss of
anonymity, especially when an uncommon combination of fonts has been
installed, as demonstrated by the EFF: http://panopticlick.eff.org/
See also: http://browserspy.dk/fonts-java.php
I've set severity "grave" because information leaks are considered security
issues if I'm not mistaken, and also because it's not only a theoretical
vulnerability, as demonstrations for exploits do exist.
Cheers!
Thiemo Nagel
-- System Information:
Debian Release: squeeze/sid
APT prefers testing
APT policy: (990, 'testing'), (500, 'proposed-updates'), (500,
'oldstable-proposed-updates'), (500, 'oldstable'), (500, 'stable'), (300,
'unstable'), (150, 'experimental')
Architecture: i386 (i686)
Kernel: Linux 2.6.32-5-686 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages sun-java6-bin depends on:
ii debconf [debconf-2.0] 1.5.32 Debian configuration management sy
ii libc6 2.10.2-6 Embedded GNU C Library: Shared lib
ii sun-java6-jre 6.20-dlj-1 Sun Java(TM) Runtime Environment (
ii unixodbc 2.2.11-21 ODBC tools libraries
Versions of packages sun-java6-bin recommends:
ii libasound2 1.0.22-2 shared library for ALSA applicatio
ii libnss-mdns 0.10-3.1 NSS module for Multicast DNS name
ii libx11-6 2:1.3.3-3 X11 client-side library
ii libxext6 2:1.1.1-3 X11 miscellaneous extension librar
ii libxi6 2:1.3-4 X11 Input extension library
ii libxtst6 2:1.1.0-2 X11 Testing -- Resource extension
Versions of packages sun-java6-bin suggests:
ii binfmt-support 1.2.18 Support for extra binary formats
-- debconf information:
* shared/accepted-sun-dlj-v1-1: true
shared/error-sun-dlj-v1-1:
* shared/present-sun-dlj-v1-1:
--- End Message ---
--- Begin Message ---
Version: 6.26-3+rm
Dear submitter,
as the package sun-java6 has just been removed from the Debian archive
unstable we hereby close the associated bug reports. We are sorry
that we couldn't deal with your issue properly.
For details on the removal, please see http://bugs.debian.org/646524
The version of this package that was in Debian prior to this removal
can still be found using http://snapshot.debian.org/.
This message was generated automatically; if you believe that there is
a problem with it please contact the archive administrators by mailing
ftpmas...@debian.org.
Debian distribution maintenance software
pp.
Alexander Reichle-Schmehl (the ftpmaster behind the curtain)
--- End Message ---
__
This is the maintainer address of Debian's Java team
<http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-maintainers>.
Please use
debian-j...@lists.debian.org for discussions and questions.
