UNSUBSCRIBE On 17 May 2012 06:17, Raphael Geissert <[email protected]> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > - ------------------------------------------------------------------------- > Debian Security Advisory DSA-2474-1 [email protected] > http://www.debian.org/security/ Raphael Geissert > May 16, 2012 http://www.debian.org/security/faq > - ------------------------------------------------------------------------- > > Package : ikiwiki > Vulnerability : cross-site scripting > Problem type : remote > Debian-specific: no > CVE ID : CVE-2012-0220 > > Raúl Benencia discovered that ikiwiki, a wiki compiler, does not > properly escape the author (and its URL) of certain metadata, such as > comments. This might be used to conduct cross-site scripting attacks. > > For the stable distribution (squeeze), this problem has been fixed in > version 3.20100815.9. > > For the testing distribution (wheezy), this problem will be fixed soon. > > For the unstable distribution (sid), this problem has been fixed in > version 3.20120516. > > We recommend that you upgrade your ikiwiki packages. > > Further information about Debian Security Advisories, how to apply > these updates to your system and frequently asked questions can be > found at: http://www.debian.org/security/ > > Mailing list: [email protected] > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.11 (GNU/Linux) > > iEYEARECAAYFAk+0iecACgkQYy49rUbZzlppyQCeMC2K6TGlP5MVOcZeENaY1QAG > gu0An1jlFHnhZrq3a+sMsfL12csrSLAA > =badx > -----END PGP SIGNATURE----- > > > -- > To UNSUBSCRIBE, email to [email protected] > with a subject of "unsubscribe". Trouble? Contact [email protected] > Archive: http://lists.debian.org/[email protected] >
-- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/CAMgd9NMH43NWSwGeJ75fmcqe8s+yu+iR=si8sht17s84w+o...@mail.gmail.com
