Package: php-geshi Version: 1.0.8.4-1 Severity: serious Tags: security upstream
GeSHi 1.0.8.11 closes non-persistent XSS vulnerability in a contrib script provided in the GeSHi distribution. The vulnerability can be triggered by an attacker using a specially crafted URL when calling a vulnerable version of the script. Please upgrade the php-geshi package to the latest upstream version which fixes this issue. Regards, upstream. -- System Information: Debian Release: wheezy/sid APT prefers testing APT policy: (500, 'testing'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 3.0.0-1-amd64 (SMP w/8 CPU cores) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages php-geshi depends on: ii php5 5.4.4-4 ii php5-cli 5.4.4-4 php-geshi recommends no packages. php-geshi suggests no packages. -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org