Andre just went to vacation, but to the best of my knowledge he worked with the reporter and has released a new version to address this issue.
Rainer On Wed, Sep 3, 2014 at 1:11 PM, Daniel Pocock <[email protected]> wrote: > > > Hi Rainer, Andre, > > Could you please comment on this security report? > > Is the current Debian package affected? > > Regards, > > Daniel > > > On 03/09/14 13:04, Salvatore Bonaccorso wrote: > > Source: loganalyzer > > Version: 3.6.5+dfsg-7 > > Severity: important > > Tags: security upstream fixed-upstream > > > > Hi, > > > > the following vulnerability was published for loganalyzer. But I was > > not yet able to verify the vulnerability, but it is said to be fixed > > in 3.6.6 upstream. > > > > CVE-2014-6070[0]: > > Syslog LogAnalyzer persistent XSS injection > > > > If you fix the vulnerability please also make sure to include the > > CVE (Common Vulnerabilities & Exposures) id in your changelog entry. > > > > For further information see: > > > > [0] https://security-tracker.debian.org/tracker/CVE-2014-6070 > > [1] http://seclists.org/fulldisclosure/2014/Sep/17 > > [2] http://loganalyzer.adiscon.com/downloads/ > > > > Regards, > > Salvatore > > > > _______________________________________________ > > Pkg-monitoring-maintainers mailing list > > [email protected] > > > http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-monitoring-maintainers > >
