[pkg-horde] Bug#307180: marked as done (mnemo: XSS vulnerability
(CAN-2005-1320))
Debian Bug Tracking System
owner at bugs.debian.org
Sat Dec 24 20:04:29 UTC 2005
Your message dated Sat, 24 Dec 2005 11:47:11 -0800
with message-id <E1EqFMF-0002WG-TG at spohr.debian.org>
and subject line Bug#307180: fixed in nag 1.1.3-1
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 1 May 2005 12:08:25 +0000
>From jmm at inutil.org Sun May 01 05:08:24 2005
Return-path: <jmm at inutil.org>
Received: from inutil.org (vserver151.vserver151.serverflex.de) [193.22.164.111]
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1DSDFI-0008LR-00; Sun, 01 May 2005 05:08:24 -0700
Received: from p54894682.dip.t-dialin.net ([84.137.70.130] helo=localhost.localdomain)
by vserver151.vserver151.serverflex.de with esmtpsa (TLS-1.0:RSA_AES_256_CBC_SHA:32)
(Exim 4.50)
id 1DSDFF-0002QP-5j
for submit at bugs.debian.org; Sun, 01 May 2005 14:08:21 +0200
Received: from jmm by localhost.localdomain with local (Exim 4.50)
id 1DSDF4-0003Rd-Om; Sun, 01 May 2005 14:08:10 +0200
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: Moritz Muehlenhoff <jmm at inutil.org>
To: Debian Bug Tracking System <submit at bugs.debian.org>
Subject: mnemo: XSS vulnerability (CAN-2005-1320)
X-Mailer: reportbug 3.9
Date: Sun, 01 May 2005 14:08:10 +0200
Message-Id: <E1DSDF4-0003Rd-Om at localhost.localdomain>
X-SA-Exim-Connect-IP: 84.137.70.130
X-SA-Exim-Mail-From: jmm at inutil.org
X-SA-Exim-Scanned: No (on vserver151.vserver151.serverflex.de); SAEximRunCond expanded to false
Delivered-To: submit at bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE
autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level:
Package: mnemo
Severity: important
Tags: security
A cross-site-scripting vulnerability has been found in mnemo that
permits injection of web script when setting the parent frame's
title. Release 1.1.4 addresses this problem.
Cheers,
Moritz
-- System Information:
Debian Release: 3.1
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.6.11
Locale: LANG=C, LC_CTYPE=de_DE.ISO-8859-15 at euro (charmap=ISO-8859-15)
-- System Information:
Debian Release: 3.1
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.6.11
Locale: LANG=C, LC_CTYPE=de_DE.ISO-8859-15 at euro (charmap=ISO-8859-15)
---------------------------------------
Received: (at 307180-close) by bugs.debian.org; 24 Dec 2005 19:51:13 +0000
>From katie at ftp-master.debian.org Sat Dec 24 11:51:13 2005
Return-path: <katie at ftp-master.debian.org>
Received: from katie by spohr.debian.org with local (Exim 4.50)
id 1EqFMF-0002WG-TG; Sat, 24 Dec 2005 11:47:11 -0800
From: Lionel Elie Mamane <lmamane at debian.org>
To: 307180-close at bugs.debian.org
X-Katie: $Revision: 1.65 $
Subject: Bug#307180: fixed in nag 1.1.3-1
Message-Id: <E1EqFMF-0002WG-TG at spohr.debian.org>
Sender: Archive Administrator <katie at ftp-master.debian.org>
Date: Sat, 24 Dec 2005 11:47:11 -0800
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level:
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER
autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-CrossAssassin-Score: 3
Source: nag
Source-Version: 1.1.3-1
We believe that the bug you reported is fixed in the latest version of
nag, which is due to be installed in the Debian FTP archive:
nag_1.1.3-1.diff.gz
to pool/main/n/nag/nag_1.1.3-1.diff.gz
nag_1.1.3-1.dsc
to pool/main/n/nag/nag_1.1.3-1.dsc
nag_1.1.3-1_all.deb
to pool/main/n/nag/nag_1.1.3-1_all.deb
nag_1.1.3.orig.tar.gz
to pool/main/n/nag/nag_1.1.3.orig.tar.gz
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 307180 at bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Lionel Elie Mamane <lmamane at debian.org> (supplier of updated nag package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster at debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Sat, 24 Dec 2005 20:33:16 +0100
Source: nag
Binary: nag
Architecture: source all
Version: 1.1.3-1
Distribution: unstable
Urgency: low
Maintainer: Horde Maintainers <pkg-horde-hackers at lists.alioth.debian.org>
Changed-By: Lionel Elie Mamane <lmamane at debian.org>
Description:
nag - Multiuser Task List Manager
Closes: 262066 305349 307180 323267
Changes:
nag (1.1.3-1) unstable; urgency=low
.
* New upstream release (closes: #262066)
* New maintainer: Debian Horde Team
* Acknowledge NMUs (closes: #323267, #305349, #307180)
* Bump up Standards-Version to 3.6.2
Files:
5c1f3379b7c147ec82e2fc93e41d8339 715 web optional nag_1.1.3-1.dsc
91b7861be00b0b6e9d575ec04fbeaef5 348423 web optional nag_1.1.3.orig.tar.gz
27644d9f64351001642d03943ecd6635 4825 web optional nag_1.1.3-1.diff.gz
db87646fcabdbfb0c06d57b22f7d0837 282484 web optional nag_1.1.3-1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
iEYEARECAAYFAkOtpOAACgkQscRzFz57S3PtDgCfRzanB3ivH+EAAB5lGYew1gBS
kcQAn1xRn+Z6/EV5jsNeu0SOeLVEfkFc
=K7+O
-----END PGP SIGNATURE-----
More information about the pkg-horde-hackers
mailing list