On Wed, Feb 09, 2011 at 09:32:48PM +0000, Steve Kemp wrote: > Package : cgiirc > Vulnerability : cross-site scripting > Problem type : local > Debian-specific: no > CVE ID : CVE-2011-0050 > > Michael Brooks (Sitewatch) discovered a reflective XSS flaw in > cgiirc, a web based IRC client, which could lead to the execution > of arbitrary javascript. > > For the old-stable distribution (lenny), this problem has been fixed in > version 0.5.9-3lenny1. > > For the stable distribution (squeeze), and unstable distribution (sid), > this problem will be fixed shortly.
No sign of this yet on security.debian.org for lenny, but http://packages.qa.debian.org/c/cgiirc.html says that 0.5.9-3lenny1 is in stable-sec (which is of course squeeze-sec now), so it looks like this package went to the wrong distribution (although as both lenny and squeeze had 0.5.9-3 previously this may not be a disaster). Cheers, Dominic. -- Dominic Hargreaves | http://www.larted.org.uk/~dom/ PGP key 5178E2A5 from the.earth.li (keyserver,web,email) -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20110210121700.gz4...@urchin.earth.li
