Package: php-xajax
Severity: grave
Justification: user security hole
Tags: security
Hi
The patch for CVE-2007-2739 seems to be incomplete as already discussed
via private mail. Just using htmlspecialchars(), instead of the replace
calls should do the trick.
I've requested a new CVE id for this
Hi,
* Steffen Joeris steffen.joe...@skolelinux.de [2008-12-17 17:53]:
The patch for CVE-2007-2739 seems to be incomplete as already discussed
via private mail. Just using htmlspecialchars(), instead of the replace
calls should do the trick.
I've requested a new CVE id for this and will paste
severity 509024 normal
thanks
On Wed, 17 Dec 2008 06:03:45 pm Nico Golde wrote:
Hi,
* Steffen Joeris steffen.joe...@skolelinux.de [2008-12-17 17:53]:
The patch for CVE-2007-2739 seems to be incomplete as already discussed
via private mail. Just using htmlspecialchars(), instead of the
Processing commands for cont...@bugs.debian.org:
severity 509024 normal
Bug#509024: php-xajax: XSS issue (incomplete patch for CVE-2007-2739)
Severity set to `normal' from `grave'
thanks
Stopping processing here.
Please contact me if you need assistance.
Debian bug tracking system
4 matches
Mail list logo
