Package: libjfreechart-java Severity: important Tags: security Hi
The following CVE[0] has been issued against libjfreechart-java. CVE-2007-6306: Multiple cross-site scripting (XSS) vulnerabilities in the image map feature in JFreeChart 1.0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) chart name or (2) chart tool tip text; or the (3) href, (4) shape, or (5) coords attribute of a chart area. A potential patch can be found here[1][2], not quite sure, if there is more. Please mention the CVE id in the changelog, when you fix this issue. Thanks for your efforts. Cheers Steffen [0]: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6306 [1]: http://jfreechart.svn.sourceforge.net/viewvc/jfreechart/trunk/source/org/jfree/chart/entity/ChartEntity.java?r1=662&r2=661&pathrev=662 [2]: http://jfreechart.svn.sourceforge.net/viewvc/jfreechart/trunk/source/org/jfree/chart/imagemap/ImageMapUtilities.java?r1=662&r2=661&pathrev=662 _______________________________________________ pkg-java-maintainers mailing list pkg-java-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/pkg-java-maintainers
