Debian Bug report logs - #64650
navigator-smotif-472: security hole

version graph

Package: navigator-smotif-472; Maintainer for navigator-smotif-472 is (unknown);

Reported by: Joey Hess <joey@kitenet.net>

Date: Thu, 25 May 2000 06:06:58 UTC

Severity: important

Found in version 4.72-16

Done: Adam Heath <doogie@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Adam Heath <doogie@debian.org>:
Bug#64650; Package navigator-smotif-472. Full text and rfc822 format available.

Acknowledgement sent to Joey Hess <joey@kitenet.net>:
New Bug report received and forwarded. Copy sent to Adam Heath <doogie@debian.org>. Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Joey Hess <joey@kitenet.net>
To: submit@bugs.debian.org
Subject: navigator-smotif-472: security hole
Date: Wed, 24 May 2000 23:03:35 -0700 (PDT)
Package: navigator-smotif-472
Version: 4.72-16
Severity: important

   Problems in the manner that Netscape handled invalid SSL certificates have
   been fixed in Netscape 4.73. 

This is pretty minor as holes go (until some user gets their credit card
info stolen), but it should stll be fixed in frozen. I
think it'd be a good idea to remove the older netscape packages that all
have this problem, and replace them with the fixed version.

  Netscape 4.73 packages are available. These new packages fix
  bugs in SSL certificate validation; these bugs could allow
  for the compromising of encrypted SSL sessions.

-- Red Hat advisory.

-- System Information
Debian Release: 2.2
Kernel Version: Linux kite 2.2.14 #1 Mon Jan 10 21:43:42 PST 2000 i686 unknown

Versions of the packages navigator-smotif-472 depends on:
ii  libc6          2.1.3-10       GNU C Library: Shared libraries and Timezone
ii  libstdc++2.8   2.90.29-2      The GNU stdc++ library (old egcs version)
ii  navigator-base 4.72-16        Navigator base support for version 4.72
ii  netscape-base- 4.72-29        Popular World-Wide-Web browser software (bas
ii  xlib6g         3.3.6-6        shared libraries required by X clients
ii  xpm4g          3.4k-5         the X PixMap library
	^^^ (Provides virtual package libxpm4)



Reply sent to Adam Heath <doogie@debian.org>:
You have taken responsibility. Full text and rfc822 format available.

Notification sent to Joey Hess <joey@kitenet.net>:
Bug acknowledged by developer. Full text and rfc822 format available.

Message #10 received at 64650-close@bugs.debian.org (full text, mbox):

From: Adam Heath <doogie@debian.org>
To: 64650-close@bugs.debian.org
Subject: Bug#64650: fixed in netscape4.73 4.73-17
Date: Tue, 30 May 2000 14:04:00 -0400
We believe that the bug you reported is fixed in the latest version of
netscape4.73, which has been installed in the Debian FTP archive:
navigator-base-473_4.73-17_i386.deb
  to dists/potato/non-free/binary-i386/web/navigator-base-473_4.73-17.deb
navigator-base-473_4.73-17_i386.deb
  to dists/woody/non-free/binary-i386/web/navigator-base-473_4.73-17.deb
navigator-nethelp-473_4.73-17_all.deb
  to dists/potato/non-free/binary-all/web/navigator-nethelp-473_4.73-17.deb
navigator-nethelp-473_4.73-17_all.deb
  to dists/woody/non-free/binary-all/web/navigator-nethelp-473_4.73-17.deb
communicator-base-473_4.73-17_i386.deb
  to dists/potato/non-free/binary-i386/web/communicator-base-473_4.73-17.deb
communicator-base-473_4.73-17_i386.deb
  to dists/woody/non-free/binary-i386/web/communicator-base-473_4.73-17.deb
netscape4.73_4.73-17.dsc
  to dists/potato/non-free/source/web/netscape4.73_4.73-17.dsc
netscape4.73_4.73-17.dsc
  to dists/woody/non-free/source/web/netscape4.73_4.73-17.dsc
netscape-base-473_4.73-17_i386.deb
  to dists/potato/non-free/binary-i386/web/netscape-base-473_4.73-17.deb
netscape-base-473_4.73-17_i386.deb
  to dists/woody/non-free/binary-i386/web/netscape-base-473_4.73-17.deb
communicator-nethelp-473_4.73-17_all.deb
  to dists/potato/non-free/binary-all/web/communicator-nethelp-473_4.73-17.deb
communicator-nethelp-473_4.73-17_all.deb
  to dists/woody/non-free/binary-all/web/communicator-nethelp-473_4.73-17.deb
netscape4.73_4.73.orig.tar.gz
  to dists/potato/non-free/source/web/netscape4.73_4.73.orig.tar.gz
netscape4.73_4.73.orig.tar.gz
  to dists/woody/non-free/source/web/netscape4.73_4.73.orig.tar.gz
communicator-spellchk-473_4.73-17_all.deb
  to dists/potato/non-free/binary-all/web/communicator-spellchk-473_4.73-17.deb
communicator-spellchk-473_4.73-17_all.deb
  to dists/woody/non-free/binary-all/web/communicator-spellchk-473_4.73-17.deb
navigator-smotif-473-libc5_4.73-17_i386.deb
  to dists/potato/non-free/binary-i386/web/navigator-smotif-473-libc5_4.73-17.deb
navigator-smotif-473-libc5_4.73-17_i386.deb
  to dists/woody/non-free/binary-i386/web/navigator-smotif-473-libc5_4.73-17.deb
netscape4.73_4.73-17.diff.gz
  to dists/potato/non-free/source/web/netscape4.73_4.73-17.diff.gz
netscape4.73_4.73-17.diff.gz
  to dists/woody/non-free/source/web/netscape4.73_4.73-17.diff.gz
navigator-smotif-473_4.73-17_i386.deb
  to dists/potato/non-free/binary-i386/web/navigator-smotif-473_4.73-17.deb
navigator-smotif-473_4.73-17_i386.deb
  to dists/woody/non-free/binary-i386/web/navigator-smotif-473_4.73-17.deb
communicator-smotif-473-libc5_4.73-17_i386.deb
  to dists/potato/non-free/binary-i386/web/communicator-smotif-473-libc5_4.73-17.deb
communicator-smotif-473-libc5_4.73-17_i386.deb
  to dists/woody/non-free/binary-i386/web/communicator-smotif-473-libc5_4.73-17.deb
netscape-smotif-473-libc5_4.73-17_i386.deb
  to dists/potato/non-free/binary-i386/web/netscape-smotif-473-libc5_4.73-17.deb
netscape-smotif-473-libc5_4.73-17_i386.deb
  to dists/woody/non-free/binary-i386/web/netscape-smotif-473-libc5_4.73-17.deb
communicator-smotif-473_4.73-17_i386.deb
  to dists/potato/non-free/binary-i386/web/communicator-smotif-473_4.73-17.deb
communicator-smotif-473_4.73-17_i386.deb
  to dists/woody/non-free/binary-i386/web/communicator-smotif-473_4.73-17.deb
netscape-java-473_4.73-17_all.deb
  to dists/potato/non-free/binary-all/web/netscape-java-473_4.73-17.deb
netscape-java-473_4.73-17_all.deb
  to dists/woody/non-free/binary-all/web/netscape-java-473_4.73-17.deb
netscape-smotif-473_4.73-17_i386.deb
  to dists/potato/non-free/binary-i386/web/netscape-smotif-473_4.73-17.deb
netscape-smotif-473_4.73-17_i386.deb
  to dists/woody/non-free/binary-i386/web/netscape-smotif-473_4.73-17.deb

Note that this package is not part of the released stable Debian
distribution.  It may have dependencies on other unreleased software,
or other instabilities.  Please take care if you wish to install it.
The update will eventually make its way into the next released Debian
distribution.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 64650@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Adam Heath <doogie@debian.org> (supplier of updated netscape4.73 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----

Format: 1.6
Date: Mon, 29 May 2000 01:21:20 -0500
Source: netscape4.73
Binary: netscape-java-473 netscape-smotif-473 navigator-smotif-473 netscape-base-473 navigator-base-473 communicator-spellchk-473 communicator-smotif-473-libc5 communicator-nethelp-473 netscape-smotif-473-libc5 navigator-smotif-473-libc5 navigator-nethelp-473 communicator-smotif-473 communicator-base-473
Architecture: source i386 all
Version: 4.73-17
Distribution: frozen unstable
Urgency: low
Maintainer: Adam Heath <doogie@debian.org>
Description: 
 communicator-base-473 - Communicator base support for version 4.73
 communicator-nethelp-473 - Communicator online help for version 4.73
 communicator-smotif-473 - Netscape Communicator 4.73 (static Motif)
 communicator-smotif-473-libc5 - Netscape Communicator 4.73 (static Motif) (libc5 version)
 communicator-spellchk-473 - Popular World-Wide-Web browser software (spelling dictionary)
 navigator-base-473 - Navigator base support for version 4.73
 navigator-nethelp-473 - Navigator online help for version 4.73
 navigator-smotif-473 - Netscape Navigator 4.73 (static Motif)
 navigator-smotif-473-libc5 - Netscape Navigator 4.73 (static Motif) (libc5 version)
 netscape-base-473 - 4.73 base support for netscape
 netscape-java-473 - Netscape Java support for version 4.73
 netscape-smotif-473 - This installs a standard set of netscape programs
 netscape-smotif-473-libc5 - This installs a standard set of netscape programs (libc5 version)
Closes: 52207 60503 61721 61881 62062 63317 64257 64650
Changes: 
 netscape4.73 (4.73-17) frozen unstable; urgency=low
 .
   * New upstream release.  This fixes a security hole with the handling
     of SSL certificates.  Closes: #64257, #64650(rc).
   * Since this version includes high encryption, fortify no longer needs
     to be called in the postinst.  Closes: #60503, #63317.
   * The virtual package netscape-smotif-472-libc5 now depends on
     communicator-smotif-472-libc5.  Closes: #61881.
   * Set FAKEROOTKEY="" before calling dh_shlipdebs.  Closes: #61721.
   * Add symlinks in /usr/lib/netscape/<ver>/<bin> to /etc/mailcap and
     /etc/mime-types.  Closes: #52207, #62062.
Files: 
 989881aa920c0017601289fc5e34bc42 935 non-free/web optional netscape4.73_4.73-17.dsc
 1f30a90e9c98f2942520ab2dc7ea6d04 39086810 non-free/web optional netscape4.73_4.73.orig.tar.gz
 d7d2ef19bb274e2d2aa556245dffc787 20146 non-free/web optional netscape4.73_4.73-17.diff.gz
 48f05df722c1249173a58731e1084009 5159092 non-free/web optional communicator-smotif-473-libc5_4.73-17_i386.deb
 e8e88d9935bb68ec7e8d45841814c136 3099802 non-free/web optional navigator-smotif-473-libc5_4.73-17_i386.deb
 c7616f2a603f628b0be6ebf1ee655ea4 1226 non-free/web optional netscape-smotif-473-libc5_4.73-17_i386.deb
 ad4f71e12cf576d4836ae575fa4d453f 5760420 non-free/web optional communicator-smotif-473_4.73-17_i386.deb
 87643725fa4b7d7dde8dbe3b0ee020aa 7150 non-free/web optional communicator-base-473_4.73-17_i386.deb
 6d6760617d87926546c2bf59ed67f92f 3227638 non-free/web optional navigator-smotif-473_4.73-17_i386.deb
 53e4e0d2439ae46d8ce85e3085cdda4f 7154 non-free/web optional navigator-base-473_4.73-17_i386.deb
 f30154912d572d010d7bea95a496a4bd 1202 non-free/web optional netscape-smotif-473_4.73-17_i386.deb
 3e55a9a00a61c8ff874ebcd3b8e9dd16 13008 non-free/web optional netscape-base-473_4.73-17_i386.deb
 d2a35cdf393555364d628038fe8bdb66 181392 non-free/web optional communicator-nethelp-473_4.73-17_all.deb
 9c6d052fdc52e03fcba4dc10636f62c6 67440 non-free/web optional navigator-nethelp-473_4.73-17_all.deb
 0bd3fc43de21ce897492da101162dbd2 280800 non-free/web optional communicator-spellchk-473_4.73-17_all.deb
 1ed302610702524546a1753e1ab222e2 5754160 non-free/web optional netscape-java-473_4.73-17_all.deb

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: noconv

iQCVAwUBOTOWx2tDcajeZWsFAQEXiQQAk86AOXn74bkQfRcxv2wlKJqP4AeT+AzL
pomT47iLN0VZVebltaE0+2kE3ZUXnd5FF4muWXIwoH5oOw7RIK1+c2fHwfOdPEua
KV8T5KoAqpQrWCorc9c2HWQsimztqGwb3rq7Biz27+ciAIee/RRUVm20IXRjw3OP
Unfqo4sAunk=
=Kh0K
-----END PGP SIGNATURE-----




Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Sat Apr 19 07:29:16 2014; Machine Name: beach.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.