Package: movabletype-opensource Version: 4.3.4+dfsg-2 Severity: grave Tags: security Justification: user security hole
>From ><http://www.movabletype.org/documentation/appendices/release-notes/movable-type-504-435-release-notes.html>: "Movable Type 5.04 and Movable Type 4.35 are mandatory security updates for all users. These updates resolve multiple vulnerabilities discovered in the previous versions of Movable Type 5.x and Movable Type 4.x. Impact A remote attacker could execute arbitrary code in a logged-in users' web browser (XSS). A remote attacker could read or modify the contents in the system under certain circumstances (SQL injection)." I will look at uploading 4.35 to unstable, and assessing the impact on stable, this evening. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org