Package: tdiary Version: 2.2.1-1 Severity: important -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Hi, XSS vulnerability was found in tdiary 2.2.2 or earlier (=<2.2.2). It is caused - with Internet Explorer 7 - using trackback plugin - access certain URL to update blog New upstream release 2.2.3 was released, so update debian package to that (in sid/squeeze). And we need a patch for lenny as well. For more detail, see http://www.tdiary.org/20100225.html (in Japanese) - -- Regards, Hideki Yamane -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iEYEARECAAYFAkuOVY4ACgkQIu0hy8THJkuPdQCgj1k6sP/Cyelw7DZ9qCztI/WZ 1rYAn0GsBCsjBQLTCEgjUzZGcp3w46/1 =fgJb -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org