Thijs Kinkhorst wrote:
>
> > CVE-2006-3320: "Cross-site scripting (XSS) vulnerability in command.php
> > in SiteBar 3.3.8 and earlier allows remote attackers to inject arbitrary
> > web script or HTML via the command parameter."
>
> I've already fixed this by NMU in unstable. I've also prepared an
> updated package for stable - question is if the security team wants to
> release an advisory for this and if this package is ok. See attachment.
>
> Let me know, if it's ok I'll upload it to stable-security.
Please adjust the distribution to stable-security and the urgency to high,
then proceed.
Regards,
Joey
--
Let's call it an accidental feature. -- Larry Wall
Please always Cc to me when replying to me on the lists.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
