[Frugalware-git] homepage-ng: FSA349-apache

2008-01-21 Thread voroskoi 
Git-Url: 
http://git.frugalware.org/gitweb/gitweb.cgi?p=homepage-ng.git;a=commitdiff;h=6b010317b9fd57686e386e301a7b78d48018a5e1

commit 6b010317b9fd57686e386e301a7b78d48018a5e1
Author: voroskoi [EMAIL PROTECTED]
Date:   Mon Jan 21 19:00:52 2008 +0100

FSA349-apache

diff --git a/frugalware/xml/security.xml b/frugalware/xml/security.xml
index 4c38d08..9b7b960 100644
--- a/frugalware/xml/security.xml
+++ b/frugalware/xml/security.xml
@@ -27,6 +27,19 @@

fsas
fsa
+   id349/id
+   date2008-01-21/date
+   authorvoroskoi/author
+   packageapache/package
+   vulnerable2.2.6-1/vulnerable
+   unaffected2.2.6-2sayshell1/unaffected
+   bts/bts
+   
cvehttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5000/cve
+   descA vulnerability have been reported in Apache mod_imagemap 
module, which can be exploited by malicious people to conduct cross-site 
scripting attacks.
+   Certain unspecified input passed to mod_imagemap is 
not properly sanitised before being returned to the user. This can be exploited 
to execute arbitrary HTML and script code in a user's browser session in 
context of an affected site.
+   Successful exploitation requires that mod_imagemap is 
enabled and a mapfile is publicly accessible./desc
+   /fsa
+   fsa
id348/id
date2008-01-21/date
authorvoroskoi/author
___
Frugalware-git mailing list
Frugalware-git@frugalware.org
http://frugalware.org/mailman/listinfo/frugalware-git

[Frugalware-git] homepage-ng: FSA349-apache

2008-01-21 Thread voroskoi 
Git-Url: 
http://git.frugalware.org/gitweb/gitweb.cgi?p=homepage-ng.git;a=commitdiff;h=19fc92aa15049ca164cf94e5cfe5dd0972b8abd4

commit 19fc92aa15049ca164cf94e5cfe5dd0972b8abd4
Author: voroskoi [EMAIL PROTECTED]
Date:   Mon Jan 21 20:35:17 2008 +0100

FSA349-apache
forgot the BTS task id

diff --git a/frugalware/xml/security.xml b/frugalware/xml/security.xml
index 350de4c..405c743 100644
--- a/frugalware/xml/security.xml
+++ b/frugalware/xml/security.xml
@@ -45,7 +45,7 @@
packageapache/package
vulnerable2.2.6-1/vulnerable
unaffected2.2.6-2sayshell1/unaffected
-   bts/bts
+   btshttp://bugs.frugalware.org/task/2671/bts
cvehttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5000/cve
descA vulnerability have been reported in Apache mod_imagemap module, which 
can be exploited by malicious people to conduct cross-site scripting attacks.
Certain unspecified input passed to mod_imagemap is not properly sanitised 
before being returned to the user. This can be exploited to execute arbitrary 
HTML and script code in a user's browser session in context of an affected site.
___
Frugalware-git mailing list
Frugalware-git@frugalware.org
http://frugalware.org/mailman/listinfo/frugalware-git