This bug was fixed in the package loggerhead - 1.17+bzr400-1ubuntu0.1
---------------
loggerhead (1.17+bzr400-1ubuntu0.1) lucid-security; urgency=low
* SECURITY UPDATE: Cross-site scripting vulnerabilities by crafted branch
contents. (LP: #740142)
- debian/patches/bug-740142.diff: improve escaping of filenames.
- CVE-2011-0728
-- William Grant <[email protected]> Thu, 24 Mar 2011 13:39:43
+1100
** Changed in: loggerhead (Ubuntu Karmic)
Status: New => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/740142
Title:
persistent xss vector in (unescaped) filenames in revision views
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
