Accepted:
OK: gnatsweb_4.00.orig.tar.gz
OK: gnatsweb_4.00-1ubuntu0.6.10.diff.gz
OK: gnatsweb_4.00-1ubuntu0.6.10.dsc
-> Component: universe Section: devel
OK: gnatsweb_4.00-1ubuntu0.6.10_all.deb
Format: 1.7
Date: Fri, 29 Feb 2008 03:17:07 +0100
Source: gnatsweb
Binary: gnatsweb
Architecture: all source
Version: 4.00-1ubuntu0.6.10
Distribution: edgy-security
Urgency: low
Maintainer: Chad Walstrom <[EMAIL PROTECTED]>
Changed-By: Emanuele Gentili <[EMAIL PROTECTED]>
Description:
gnatsweb - Web interface to GNU GNATS
Changes:
gnatsweb (4.00-1ubuntu0.6.10) edgy-security; urgency=low
.
* SECURITY UPDATE:
+ gnatsweb.pl (LP: #191196)
- Fixed missing escaping of the database parameter which leads
to a cross-site scripting vulnerability (XSS) via this
parameter (CVE-2007-2808).
* References:
+ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2808
+ http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=427156
Files:
89082e558803ad57713e30f81c5618f2 56194 devel extra
gnatsweb_4.00-1ubuntu0.6.10_all.deb
703a715b3cc337368892ab2067b452a7 580 devel extra
gnatsweb_4.00-1ubuntu0.6.10.dsc
c22505d386f08f6574ee08d93bf86799 2495 devel extra
gnatsweb_4.00-1ubuntu0.6.10.diff.gz
--
edgy-changes mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/edgy-changes
