Package: movabletype-opensource Version: 4.3.5+dfsg-3 Severity: grave Tags: security Justification: user security hole
As reported in <http://www.movabletype.org/2011/05/movable_type_51_and_505_436_security_update.html> Quote: "A remote attacker could execute arbitrary code in a logged-in users' web browser. A remote attacker could read or modify the contents in the system under certain circumstances." _______________________________________________ Secure-testing-team mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-team
