Package: mambo Version: 4.5.1a-1 Tags: critical
>From Mamboforge: Release Name: Mambo 4.5.2.2 Notes: The path is cummulative for Mambo 4.5.2.0 or 4.5.2.1 Changes: # Fixed vulnerability with bind method in mosDBTable class # Fixed session id spoofing via administrator/index3.php # Fixed bug in mosAbstractTasker redirect method # Prevented attacks via injection of POST variables through GET # Fix injection bugs in various class \'check\' methods + Added input filter class (replacement for built-in strip tags) - Removed vulnerable file in DOMIT library Release Name: Mambo 4.5.1.2 Notes: # Fixed vulnerability with bind method in mosDBTable class # Prevented attacks via injection of POST variables through GET # Fix injection bugs in various class \'check\' methods + Added input filter class (replacement for built-in strip tags) - Removed vulnerable file in DOMIT library My suggestion is to update the source package to 4.5.2.2 being as mambo is still in experimental -- Micheas Herman (415)424-5881
