On Mon, 2005-12-19 at 13:41 +0100, Thijs Kinkhorst wrote: > For stable: > I've extracted the right patch from the unstable version (which has been > present without any bugreports since the end of October), and that is > attached. I've also prepared updated packages here: > http://www.a-eskwadraat.nl/~kink/flyspray/
Here's some more information for a possible advisory: Package : flyspray Vulnerability : missing input sanitising Problem-Type : remote Debian-specific: no CVE ID : CVE-2005-3334 Debian Bug : 335997 Lostmon has discovered cross site scripting vulnerabilities in multiple parameters of flyspray, a lightweight bug tracking system, which allows attackers to insert arbitary script code into the index.php page. The old stable distribution (woody) does not contain flyspray. For the stable distribution (sarge) this problem has been fixed in version 0.9.7-2.1. For the testing (etch) and unstable distribution (sid) this problem has been fixed in version 0.9.8-5. bye, Thijs
signature.asc
Description: This is a digitally signed message part
