-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-6128-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff February 09, 2026 https://www.debian.org/security/faq - -------------------------------------------------------------------------
Package : shaarli CVE ID : CVE-2026-24476 Moritz Woermann discovered that missing input sanitising in Shaarli, a personal bookmarking service, could result in cross-site scripting. For the oldstable distribution (bookworm), this problem has been fixed in version 0.12.1+dfsg-8+deb12u2. For the stable distribution (trixie), this problem has been fixed in version 0.14.0+dfsg-2+deb13u1. We recommend that you upgrade your shaarli packages. For the detailed security status of shaarli please refer to its security tracker page at: https://security-tracker.debian.org/tracker/shaarli Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: [email protected] -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmmKNxwACgkQEMKTtsN8 TjZGihAAsdG5NcFOHk8wd4ZRvRu40/xKWfncMYXt8YD2jbrE+6L/VwNnAjWKRK8q pZWxvDQJPQfwtVmuFZFbU5+ORJZF566EfHAnVMSs5GPGQ5kM6YiVuIy0cPVDIabb +I/V4lrjTLjBO/tdPAvIlnKYyOHIqhGEVgbMkOgt2Fr4KfuERTH5YabTbWmV2Ojc mvMDBOWAqJDvhI8kczbwIEUCKDMW1F9Z9QQeMFyUT9L5GEKssvU/EMMnvBdIkiJn EQlpd/h7tPmo48YuDEjQr+5/Ue2aLgLGBOg1yhOlGQWRQz61uvpgwJDWGpDTanQB MyX7FrS5Pwc1X8rUrmMkYTAz/hh3ah8Xyc/+wAACPRXFvkBD/rO3GWMPSIf02ZUC v9HAIS6BLeo1wfX02D5ogTjFHil+kAgm5o8lsn3l++6E2FX89rKJLMLLQx7lfrQK fjfxp0Sv7hFYLlcLwgltuRQqDBCtdwxSSrCMiLzZAgOyvVMMWAqzsQKEqQuk0LQc +F1P9l+KuwsE/M0XDMq0aBpL/fT5f/y1bwWbrC+Jpn7wVMGobNCDssiFTJut86r8 zzywVanJhZhFJHtwX1fU/8e4VjmIvCrLvudSnOmngGSfpsMN+kxLKVxTS4e6xo+S HllPlDnwfRpFnB9MO4GwArEVO84Ao8LmkhRuGhVUH69k17579Kk= =r0bQ -----END PGP SIGNATURE-----
