Thank you Devin, the problem was solved yesterday by other member helps.
2009. 01. 29, csütörtök keltezéssel 07.14-kor Devin Carraway ezt írta: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > - ------------------------------------------------------------------------ > Debian Security Advisory DSA-1715 [email protected] > http://www.debian.org/security/ Steffen Joeris > January 29, 2009 http://www.debian.org/security/faq > - ------------------------------------------------------------------------ > > Package : moin > Vulnerability : insufficient input sanitising > Problem type : remote > Debian-specific: no > CVE ID : CVE-2009-0260 CVE-2009-0312 > Debian Bug : 513158 > > > It was discovered that the AttachFile action in moin, a python clone of > WikiWiki, is prone to cross-site scripting attacks (CVE-2009-0260). > Another cross-site scripting vulnerability was discovered in the > antispam feature (CVE-2009-0312). > > > For the stable distribution (etch) these problems have been fixed in > version 1.5.3-1.2etch2. > > For the testing (lenny) distribution these problems have been fixed in > version 1.7.1-3+lenny1. > > For the unstable (sid) distribution these problems have been fixed in > version 1.8.1-1.1. > > We recommend that you upgrade your moin packages. > > Upgrade instructions > - -------------------- > > wget url > will fetch the file for you > dpkg -i file.deb > will install the referenced file. > > If you are using the apt-get package manager, use the line for > sources.list as given below: > > apt-get update > will update the internal database > apt-get upgrade > will install corrected packages > > You may use an automated update by adding the resources from the > footer to the proper configuration. > > > Debian GNU/Linux 4.0 alias etch > - ------------------------------- > > Debian (stable) > - --------------- > > Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, > mipsel, powerpc, s390 and sparc. > > Source archives: > > > http://security.debian.org/pool/updates/main/m/moin/moin_1.5.3-1.2etch2.diff.gz > Size/MD5 checksum: 40914 139bcec334ed7fbf1ca2bef3c89a8377 > http://security.debian.org/pool/updates/main/m/moin/moin_1.5.3.orig.tar.gz > Size/MD5 checksum: 4187091 e95ec46ee8de9527a39793108de22f7d > http://security.debian.org/pool/updates/main/m/moin/moin_1.5.3-1.2etch2.dsc > Size/MD5 checksum: 671 7b24d6f694511840a0a9da0c9f33f5ad > > Architecture independent packages: > > > http://security.debian.org/pool/updates/main/m/moin/python-moinmoin_1.5.3-1.2etch2_all.deb > Size/MD5 checksum: 914904 ab6158ae7010c3701859ceb26bd61bd2 > > http://security.debian.org/pool/updates/main/m/moin/moinmoin-common_1.5.3-1.2etch2_all.deb > Size/MD5 checksum: 1595112 a46561072eb0ee26ee1a71275c0e64b3 > > > These files will probably be moved into the stable distribution on > its next update. > > - > --------------------------------------------------------------------------------- > For apt-get: deb http://security.debian.org/ stable/updates main > For dpkg-ftp: ftp://security.debian.org/debian-security > dists/stable/updates/main > Mailing list: [email protected] > Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg> > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.9 (GNU/Linux) > > iD8DBQFJgT3oU5XKDemr/NIRApQ9AJ4tYeY7WMIAUYHjmeryHoEo6HkecgCgmIU9 > b7VcvgOvyalRLrZrejSKFQI= > =miAO > -----END PGP SIGNATURE----- > > -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
