Package: yaws Severity: serious Tags: security Hi,
The following security issue has been reported against yaws: Multiple cross-site scripting (XSS) vulnerabilities in the wiki application in Yaws 1.88 allow remote attackers to inject arbitrary web script or HTML via (1) the tag parameter to editTag.yaws, (2) the index parameter to showOldPage.yaws, (3) the node parameter to allRefsToMe.yaws, or (4) the text parameter to editPage.yaws. This is tracked at: http://security-tracker.debian.org/tracker/CVE-2011-5025 Can you please ensure that unstable is fixed for this issue and assert whether squeeze and/or lenny need to be fixed aswell? Cheers, Thijs
signature.asc
Description: This is a digitally signed message part.
