-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.7 Date: Tue, 15 Dec 2009 00:07:05 +0000 Source: firefox-sage Binary: firefox-sage Architecture: source all Version: 1.3.6-4etch1 Distribution: oldstable-security Urgency: high Maintainer: Alan Woodland <awoodland@debian.org> Changed-By: Alan Woodland <awoodland@debian.org> Description: firefox-sage - lightweight RSS and Atom feed reader for Firefox Closes: 559267 Changes: firefox-sage (1.3.6-4etch1) oldstable-security; urgency=high . * Fix security bug: - Backport patch that was used for Lenny/Squeeze. - Setting urgency=high, this vulnerability allowed remote exploitation, without any user interaction. - CVE-2009-4102 Cross Domain Scripting vulnerability. Don't trust HTML in titles, descriptions. Don't allow 'strange' (i.e. javascript:, data:) URLs in Links. - Patch included a fix for a regression from CVE-2006-4712 which doesn't apply to Etch. - Closes: #559267 Files: d4175001caa8fc685f47452de46aaa03 607 web optional firefox-sage_1.3.6-4etch1.dsc 49c68a517b6611c7352feb6072be9567 135325 web optional firefox-sage_1.3.6.orig.tar.gz a59b6403405d4c6214b569fdb068049f 13123 web optional firefox-sage_1.3.6-4etch1.diff.gz 57339ba6521e7611e4e27fce4f87df31 150172 web optional firefox-sage_1.3.6-4etch1_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFLJt2Y1FNW1LDdr0IRAi3pAJ4lERHEilWb3WOPQkzpHPn3imK+igCgkioP iMS3C+9lThU3fwlP+wC5e2A= =V49N -----END PGP SIGNATURE----- Accepted: firefox-sage_1.3.6-4etch1.diff.gz to main/f/firefox-sage/firefox-sage_1.3.6-4etch1.diff.gz firefox-sage_1.3.6-4etch1.dsc to main/f/firefox-sage/firefox-sage_1.3.6-4etch1.dsc firefox-sage_1.3.6-4etch1_all.deb to main/f/firefox-sage/firefox-sage_1.3.6-4etch1_all.deb
