*** This bug is a security vulnerability *** Public security bug reported:
Binary package hint: sarg CVE-2008-1167: Stack-based buffer overflow in the useragent function in useragent.c in Squid Analysis Report Generator (Sarg) 2.2.3.1 allows remote attackers to execute arbitrary code via a long Squid proxy server User-Agent header. NOTE: some of these details are obtained from third party information. CVE-2008-1168: Cross-site scripting (XSS) vulnerability in Squid Analysis Report Generator (Sarg) 2.2.3.1 allows remote attackers to inject arbitrary web script or HTML via the User-Agent header, which is not properly handled when displaying the Squid proxy log. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Both issues are fixed upstream in 2.2.5. ** Affects: sarg (Ubuntu) Importance: Undecided Status: New ** Visibility changed to: Public -- [CVE-2008-1168] XSS in log and useragent parser https://bugs.launchpad.net/bugs/202758 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs