Package: mahara Version: 1.1.2-1 Severity: important Tags: security patch -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Hi, mahara is using the vulnerable version of html2text, which could lead to code execution attacks, the same of CVE-2008-5619 in roundcube. The patch for this issue can be found at [1] I'm not sure if it is exploitable, and version in stable isn't affected, so I set the severity only to important. [1]http://trac.roundcube.net/changeset/2148 Cheers, Giuseppe. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAknrjxMACgkQNxpp46476apvegCdHU0uUdAg/i9p8twr1+IMrMRZ 6cEAnAxHOcQBOWRq+OT97HQjIDB5gYTb =pQn2 -----END PGP SIGNATURE----- _______________________________________________ Secure-testing-team mailing list [email protected] http://lists.alioth.debian.org/mailman/listinfo/secure-testing-team
