-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Package : sympa Version : 6.1.23~dfsg-2+deb8u3 CVE ID : CVE-2018-1000671 Debian Bug : 908165
An Open Redirect vulnerability has been discovered in sympa. The "referer" parameter of the wwsympa.fcgi login action can result in Open redirection and potential Cross Site Scripting via data URIs. This attack appear to be exploitable via Victim browser opening a crafted URL supplied by the attacker. For Debian 8 "Jessie", this problem has been fixed in version 6.1.23~dfsg-2+deb8u3. We recommend that you upgrade your sympa packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE7xPqJqaY/zX9fJAuhj1N8u2cKO8FAlukYX4ACgkQhj1N8u2c KO9Fww/9GyLPBD6NjV1hZo2/JPjQucWf5lfghYrpm0756YCBlRhhomqWY6UEyUtD VroiQOD8p/hA4458/liyXQFGxdMqwy78clFolcqYrNtL901WZRf+75kRjFM/lf9D L2og+tHFqHWRpKsdDjiowgKWCF2rgVShixllofavoUOkCILSl/6e/cU+ovq8OAjh SCr4hJERtGU4bGtBGXKko3GG/VK++nYxm4bdN87JYTcaDKLcrbMsF5lZtAwIP4yw GJ+wF3mzqFJxnlP2Mo1Z2SWryp3UArYV5OsEe0I95K6oe6iIqNy6BcYjEVQbLpNl fxvocdf05/+177gH14hlxJPwSxpDk67xJOO2fFXvlYi7sBj98EyskskvtEtSBAHB 30X/crzJqH9cSEToKk9BVHWH0OU2djijKb+KSU+aq8XHDlYEbNFHccSvfeDGcw2V 8tWTqITEguSsxJsW3TW+PMTBPmsO45WeSYY1zP6/iKtX6MIdC0r5zwtOiyrhRelR TpHNXsXXyDmuQryEg7rbBcDDlLGTaZpDsUggDP5ytQa6qy+FAEc33MYTplh34lw4 jzDnH9ZzyYwyq9CJ80uc5OSqtnM50ZEhGNHHwa3rJi+QKvKRH9XTGWdoChGxRlKa jphPkSMDCf06ZfNC5PGJDWbGrVZvDxWlC3Nguok/c/ocp5FMNTY= =1/Uk -----END PGP SIGNATURE-----
