Accepted:
OK: gnatsweb_4.00.orig.tar.gz
OK: gnatsweb_4.00-1ubuntu0.6.06.diff.gz
OK: gnatsweb_4.00-1ubuntu0.6.06.dsc
-> Component: universe Section: devel
OK: gnatsweb_4.00-1ubuntu0.6.06_all.deb
Format: 1.7
Date: Fri, 29 Feb 2008 03:17:07 +0100
Source: gnatsweb
Binary: gnatsweb
Architecture: all source
Version: 4.00-1ubuntu0.6.06
Distribution: dapper-security
Urgency: low
Maintainer: Chad Walstrom <[EMAIL PROTECTED]>
Changed-By: Emanuele Gentili <[EMAIL PROTECTED]>
Description:
gnatsweb - Web interface to GNU GNATS
Changes:
gnatsweb (4.00-1ubuntu0.6.06) dapper-security; urgency=low
.
* SECURITY UPDATE:
+ gnatsweb.pl (LP: #191196)
- Fixed missing escaping of the database parameter which leads
to a cross-site scripting vulnerability (XSS) via this
parameter (CVE-2007-2808).
* References:
+ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2808
+ http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=427156
Files:
acd7b07a1addd4b607d7668f1898317e 56146 devel extra
gnatsweb_4.00-1ubuntu0.6.06_all.deb
fa7193cd6af4dc428018f14d174fc533 580 devel extra
gnatsweb_4.00-1ubuntu0.6.06.dsc
0b8e5539d70fffe74bdc60f55867f40b 2497 devel extra
gnatsweb_4.00-1ubuntu0.6.06.diff.gz
--
dapper-changes mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/dapper-changes
