Hi,
Steve Kemp wrote:
Debian Security Advisory DSA-2158-1 secur...@debian.org
http://www.debian.org/security/ Steve Kemp
February 9, 2011 http://www.debian.org/security/faq
Package: cgiirc
Vulnerability : cross-site scripting
Problem type : local
Debian-specific: no
CVE ID : CVE-2011-0050
Michael Brooks (Sitewatch) discovered a reflective XSS flaw in
cgiirc, a web based IRC client, which could lead to the execution
of arbitrary javascript.
For the old-stable distribution (lenny), this problem has been fixed in
version 0.5.9-3lenny1.
This package does not yet show up in Lenny. According to
http://packages.debian.org/search?keywords=cgiirc 0.5.9-3lenny1 has
been uploaded to squeeze's security repo only.
Can you please upload it to Lenny, too?
Regards, Axel
--
,''`. | Axel Beckert a...@debian.org, http://people.debian.org/~abe/
: :' : | Debian Developer, ftp.ch.debian.org Admin
`. `' | 1024D: F067 EA27 26B9 C3FC 1486 202E C09E 1D89 9593 0EDE
`-| 4096R: 2517 B724 C5F6 CA99 5329 6E61 2FF9 CD59 6126 16B5
--
To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20110211093746.gj12...@sym.noone.org