[Bug 191196] Re: [gnatsweb] [CVE-2007-2808] cross-site scripting vulnerability

Launchpad Bug Tracker Tue, 04 Mar 2008 12:25:30 -0800

This bug was fixed in the package gnatsweb - 4.00-1ubuntu0.7.04

---------------
gnatsweb (4.00-1ubuntu0.7.04) feisty-security; urgency=low


  * SECURITY UPDATE:
   + gnatsweb.pl (LP: #191196)
    - Fixed missing escaping of the database parameter which leads
      to a cross-site scripting vulnerability (XSS) via this
      parameter (CVE-2007-2808).
   + debian/control
    - Switch Maintainer to Ubuntu MOTU Developers
  * References:
   + http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2808
   + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=427156

 -- Emanuele Gentili <[EMAIL PROTECTED]>   Fri, 29 Feb 2008
03:40:07 +0100

** Changed in: gnatsweb (Ubuntu Feisty)
       Status: Fix Committed => Fix Released

-- 
[gnatsweb] [CVE-2007-2808] cross-site scripting vulnerability
https://bugs.launchpad.net/bugs/191196
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.

-- 
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 191196] Re: [gnatsweb] [CVE-2007-2808] cross-site scripting vulnerability

Reply via email to