Debian Bug report logs - #647298
CVE-2011-3366: Rekonq Input Validation Failure

Package: rekonq; Maintainer for rekonq is Debian KDE Extras Team <pkg-kde-extras@lists.alioth.debian.org>; Source for rekonq is src:rekonq.

Reported by: Moritz Muehlenhoff <muehlenhoff@univention.de>

Date: Tue, 1 Nov 2011 17:33:02 UTC

Severity: grave

Tags: security

Done: Felix Geyer <debfx-pkg@fobos.de>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, team@security.debian.org, Debian KDE Extras Team <pkg-kde-extras@lists.alioth.debian.org>:
Bug#647298; Package rekonq. (Tue, 01 Nov 2011 17:33:04 GMT) Full text and rfc822 format available.

Acknowledgement sent to Moritz Muehlenhoff <muehlenhoff@univention.de>:
New Bug report received and forwarded. Copy sent to team@security.debian.org, Debian KDE Extras Team <pkg-kde-extras@lists.alioth.debian.org>. (Tue, 01 Nov 2011 17:33:05 GMT) Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Moritz Muehlenhoff <muehlenhoff@univention.de>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: CVE-2011-3366: Rekonq Input Validation Failure
Date: Tue, 01 Nov 2011 18:31:14 +0100
Package: rekonq
Severity: grave
Tags: security

Please see http://www.kde.org/info/security/advisory-20111003-1.txt

This doesn't warrant a DSA, but could be fixed in a stable point update.

Cheers,
        Moritz




Reply sent to Felix Geyer <debfx-pkg@fobos.de>:
You have taken responsibility. (Tue, 01 Nov 2011 18:21:03 GMT) Full text and rfc822 format available.

Notification sent to Moritz Muehlenhoff <muehlenhoff@univention.de>:
Bug acknowledged by developer. (Tue, 01 Nov 2011 18:21:04 GMT) Full text and rfc822 format available.

Message #10 received at 647298-done@bugs.debian.org (full text, mbox):

From: Felix Geyer <debfx-pkg@fobos.de>
To: 647298-done@bugs.debian.org
Subject: Re: Bug#647298: CVE-2011-3366: Rekonq Input Validation Failure
Date: Tue, 01 Nov 2011 18:39:34 +0100
rekonq <= 0.7 uses the SSL certificate dialog from kde4libs and
version 0.8 has been fixed.

So no stable rekonq version is affected by this CVE.
See: https://adjamblog.wordpress.com/2011/10/15/rekonq-0-8-stable/





Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Wed, 30 Nov 2011 07:41:13 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Thu Apr 17 22:27:11 2014; Machine Name: buxtehude.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.