Hi, Steve Kemp wrote: > ------------------------------------------------------------------------ > Debian Security Advisory DSA-2158-1 secur...@debian.org > http://www.debian.org/security/ Steve Kemp > February 9, 2011 http://www.debian.org/security/faq > ------------------------------------------------------------------------ > > Package : cgiirc > Vulnerability : cross-site scripting > Problem type : local > Debian-specific: no > CVE ID : CVE-2011-0050 > > Michael Brooks (Sitewatch) discovered a reflective XSS flaw in > cgiirc, a web based IRC client, which could lead to the execution > of arbitrary javascript. > > For the old-stable distribution (lenny), this problem has been fixed in > version 0.5.9-3lenny1.
This package does not yet show up in Lenny. According to http://packages.debian.org/search?keywords=cgiirc 0.5.9-3lenny1 has been uploaded to squeeze's security repo only. Can you please upload it to Lenny, too? Regards, Axel -- ,''`. | Axel Beckert <a...@debian.org>, http://people.debian.org/~abe/ : :' : | Debian Developer, ftp.ch.debian.org Admin `. `' | 1024D: F067 EA27 26B9 C3FC 1486 202E C09E 1D89 9593 0EDE `- | 4096R: 2517 B724 C5F6 CA99 5329 6E61 2FF9 CD59 6126 16B5 -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20110211093746.gj12...@sym.noone.org
